diff options
author | Brent Cook <bcook@openbsd.org> | 2017-01-09 03:58:26 -0600 |
---|---|---|
committer | Brent Cook <bcook@openbsd.org> | 2017-01-09 03:58:26 -0600 |
commit | 7acb28a3e740dabae159494fcd60cce76e2544f0 (patch) | |
tree | 151ff133d0f1e364666d4d80f332e6f5c5790e9e /ChangeLog | |
parent | c691459502efc76b7fa4478b461ba7ab6c0d48cb (diff) | |
download | portable-7acb28a3e740dabae159494fcd60cce76e2544f0.tar.gz portable-7acb28a3e740dabae159494fcd60cce76e2544f0.tar.bz2 portable-7acb28a3e740dabae159494fcd60cce76e2544f0.zip |
update Changelog
Diffstat (limited to 'ChangeLog')
-rw-r--r-- | ChangeLog | 39 |
1 files changed, 39 insertions, 0 deletions
@@ -28,6 +28,45 @@ history is also available from Git. | |||
28 | 28 | ||
29 | LibreSSL Portable Release Notes: | 29 | LibreSSL Portable Release Notes: |
30 | 30 | ||
31 | 2.5.1 - Bug and security fixes, new features, documentation updates | ||
32 | |||
33 | * X509_cmp_time() now passes a malformed GeneralizedTime field as an | ||
34 | error. Reported by Theofilos Petsios. | ||
35 | |||
36 | * Detect zero-length encrypted session data early, instead of when | ||
37 | malloc(0) fails or the HMAC check fails. Noted independently by | ||
38 | jsing@ and Kurt Cancemi. | ||
39 | |||
40 | * Check for and handle failure of HMAC_{Update,Final} or | ||
41 | EVP_DecryptUpdate(). | ||
42 | |||
43 | * Massive update and normalization of manpages, conversion to | ||
44 | mandoc format. Many pages were rewritten for clarity and accuracy. | ||
45 | Portable doc links are up-to-date with a new conversion tool. | ||
46 | |||
47 | * Curve25519 Key Exchange support. | ||
48 | |||
49 | * Support for alternate chains for certificate verification. | ||
50 | |||
51 | * Code cleanups, CBB conversions, further unification of DTLS/SSL | ||
52 | handshake code, further ASN1 macro expansion and removal. | ||
53 | |||
54 | * Private symbol are now hidden in libssl and libcryto. | ||
55 | |||
56 | * Friendly certificate verification error messages in libtls, peer | ||
57 | verification is now always enabled. | ||
58 | |||
59 | * Added OSCP stapling support to libtls and netcat. | ||
60 | |||
61 | * Avoid a side-channel cache-timing attack that can leak the ECDSA | ||
62 | private keys when signing. This is due to BN_mod_inverse() being | ||
63 | used without the constant time flag being set. Reported by Cesar | ||
64 | Pereida Garcia and Billy Brumley (Tampere University of Technology). | ||
65 | The fix was developed by Cesar Pereida Garcia. | ||
66 | |||
67 | * iOS and MacOS compatibility updates from Simone Basso and Jacob | ||
68 | Berkman. | ||
69 | |||
31 | 2.5.0 - New APIs, bug fixes and improvements | 70 | 2.5.0 - New APIs, bug fixes and improvements |
32 | 71 | ||
33 | * libtls now supports ALPN and SNI | 72 | * libtls now supports ALPN and SNI |