update Changelog

author: Brent Cook <bcook@openbsd.org> 2017-01-09 03:58:26 -0600
committer: Brent Cook <bcook@openbsd.org> 2017-01-09 03:58:26 -0600
commit: 7acb28a3e740dabae159494fcd60cce76e2544f0 (patch)
tree: 151ff133d0f1e364666d4d80f332e6f5c5790e9e /ChangeLog
parent: c691459502efc76b7fa4478b461ba7ab6c0d48cb (diff)
download: portable-7acb28a3e740dabae159494fcd60cce76e2544f0.tar.gz
portable-7acb28a3e740dabae159494fcd60cce76e2544f0.tar.bz2
portable-7acb28a3e740dabae159494fcd60cce76e2544f0.zip
1 files changed, 39 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 2e3fdc6..9381899 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -28,6 +28,45 @@ history is also available from Git.
 LibreSSL Portable Release Notes:
+2.5.1 - Bug and security fixes, new features, documentation updates
+        * X509_cmp_time() now passes a malformed GeneralizedTime field as an
+          error. Reported by Theofilos Petsios.
+        * Detect zero-length encrypted session data early, instead of when
+          malloc(0) fails or the HMAC check fails. Noted independently by
+          jsing@ and Kurt Cancemi.
+        * Check for and handle failure of HMAC_{Update,Final} or
+          EVP_DecryptUpdate().
+        * Massive update and normalization of manpages, conversion to
+          mandoc format. Many pages were rewritten for clarity and accuracy.
+          Portable doc links are up-to-date with a new conversion tool.
+        * Curve25519 Key Exchange support.
+        * Support for alternate chains for certificate verification.
+        * Code cleanups, CBB conversions, further unification of DTLS/SSL
+          handshake code, further ASN1 macro expansion and removal.
+        * Private symbol are now hidden in libssl and libcryto.
+        * Friendly certificate verification error messages in libtls, peer
+          verification is now always enabled.
+        * Added OSCP stapling support to libtls and netcat.
+        * Avoid a side-channel cache-timing attack that can leak the ECDSA
+          private keys when signing. This is due to BN_mod_inverse() being
+          used without the constant time flag being set. Reported by Cesar
+          Pereida Garcia and Billy Brumley (Tampere University of Technology).
+          The fix was developed by Cesar Pereida Garcia.
+        * iOS and MacOS compatibility updates from Simone Basso and Jacob
+          Berkman.
 2.5.0 - New APIs, bug fixes and improvements
        * libtls now supports ALPN and SNI
author	Brent Cook <bcook@openbsd.org>	2017-01-09 03:58:26 -0600
committer	Brent Cook <bcook@openbsd.org>	2017-01-09 03:58:26 -0600
commit	7acb28a3e740dabae159494fcd60cce76e2544f0 (patch)
tree	151ff133d0f1e364666d4d80f332e6f5c5790e9e /ChangeLog
parent	c691459502efc76b7fa4478b461ba7ab6c0d48cb (diff)
download	portable-7acb28a3e740dabae159494fcd60cce76e2544f0.tar.gz portable-7acb28a3e740dabae159494fcd60cce76e2544f0.tar.bz2 portable-7acb28a3e740dabae159494fcd60cce76e2544f0.zip

diff --git a/ChangeLog b/ChangeLog index 2e3fdc6..9381899 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -28,6 +28,45 @@ history is also available from Git.
28		28
29	LibreSSL Portable Release Notes:	29	LibreSSL Portable Release Notes:
30		30
		31	2.5.1 - Bug and security fixes, new features, documentation updates
		32
		33	* X509_cmp_time() now passes a malformed GeneralizedTime field as an
		34	error. Reported by Theofilos Petsios.
		35
		36	* Detect zero-length encrypted session data early, instead of when
		37	malloc(0) fails or the HMAC check fails. Noted independently by
		38	jsing@ and Kurt Cancemi.
		39
		40	* Check for and handle failure of HMAC_{Update,Final} or
		41	EVP_DecryptUpdate().
		42
		43	* Massive update and normalization of manpages, conversion to
		44	mandoc format. Many pages were rewritten for clarity and accuracy.
		45	Portable doc links are up-to-date with a new conversion tool.
		46
		47	* Curve25519 Key Exchange support.
		48
		49	* Support for alternate chains for certificate verification.
		50
		51	* Code cleanups, CBB conversions, further unification of DTLS/SSL
		52	handshake code, further ASN1 macro expansion and removal.
		53
		54	* Private symbol are now hidden in libssl and libcryto.
		55
		56	* Friendly certificate verification error messages in libtls, peer
		57	verification is now always enabled.
		58
		59	* Added OSCP stapling support to libtls and netcat.
		60
		61	* Avoid a side-channel cache-timing attack that can leak the ECDSA
		62	private keys when signing. This is due to BN_mod_inverse() being
		63	used without the constant time flag being set. Reported by Cesar
		64	Pereida Garcia and Billy Brumley (Tampere University of Technology).
		65	The fix was developed by Cesar Pereida Garcia.
		66
		67	* iOS and MacOS compatibility updates from Simone Basso and Jacob
		68	Berkman.
		69
31	2.5.0 - New APIs, bug fixes and improvements	70	2.5.0 - New APIs, bug fixes and improvements
32		71
33	* libtls now supports ALPN and SNI	72	* libtls now supports ALPN and SNI