add 2.5.4 changelog

author: Brent Cook <bcook@openbsd.org> 2017-04-30 20:59:06 -0500
committer: Brent Cook <bcook@openbsd.org> 2017-05-01 00:20:40 -0500
commit: 6374bfa401b3a2b19c41acb805ab27f70a0b8ae6 (patch)
tree: 0b3900faeed42dd6a405dff7c090108ec0aa7f77 /ChangeLog
parent: 7ba183503a3af0f7628d83c64b353307415520ff (diff)
download: portable-6374bfa401b3a2b19c41acb805ab27f70a0b8ae6.tar.gz
portable-6374bfa401b3a2b19c41acb805ab27f70a0b8ae6.tar.bz2
portable-6374bfa401b3a2b19c41acb805ab27f70a0b8ae6.zip
1 files changed, 22 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 08eac86..ce73da7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -28,6 +28,28 @@ history is also available from Git.
 LibreSSL Portable Release Notes:
+2.5.4 - Security Updates
+        * Revert a previous change that forced consistency between return
+          value and error code when specifing a certificate verification
+          callback, since this breaks the documented API. When a user supplied
+          callback always returns 1, and later code checks the error code to
+          potentially abort post verification, this will result in incorrect
+          successul certificate verification.
+        * Switched Linux getrandom() usage to non-blocking mode, continuing to
+          use fallback mechanims if unsuccessful. This works around a design
+          flaw in Linux getrandom(2) where early boot usage in a library makes
+          it impossible to recover if getrandom(2) is not yet initialized.
+        * Fixed a bug caused by the return value being set early to signal
+          successful DTLS cookie validation. This can mask a later failure and
+          result in a positive return value being returned from
+          ssl3_get_client_hello(), when it should return a negative value to
+          propagate the error.
+        * Fixed a build error on non-x86/x86_64 systems running Solaris.
 2.5.3 - OpenBSD 6.1 Release
        * Documentation updates
author	Brent Cook <bcook@openbsd.org>	2017-04-30 20:59:06 -0500
committer	Brent Cook <bcook@openbsd.org>	2017-05-01 00:20:40 -0500
commit	6374bfa401b3a2b19c41acb805ab27f70a0b8ae6 (patch)
tree	0b3900faeed42dd6a405dff7c090108ec0aa7f77 /ChangeLog
parent	7ba183503a3af0f7628d83c64b353307415520ff (diff)
download	portable-6374bfa401b3a2b19c41acb805ab27f70a0b8ae6.tar.gz portable-6374bfa401b3a2b19c41acb805ab27f70a0b8ae6.tar.bz2 portable-6374bfa401b3a2b19c41acb805ab27f70a0b8ae6.zip

diff --git a/ChangeLog b/ChangeLog index 08eac86..ce73da7 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -28,6 +28,28 @@ history is also available from Git.
28		28
29	LibreSSL Portable Release Notes:	29	LibreSSL Portable Release Notes:
30		30
		31	2.5.4 - Security Updates
		32
		33	* Revert a previous change that forced consistency between return
		34	value and error code when specifing a certificate verification
		35	callback, since this breaks the documented API. When a user supplied
		36	callback always returns 1, and later code checks the error code to
		37	potentially abort post verification, this will result in incorrect
		38	successul certificate verification.
		39
		40	* Switched Linux getrandom() usage to non-blocking mode, continuing to
		41	use fallback mechanims if unsuccessful. This works around a design
		42	flaw in Linux getrandom(2) where early boot usage in a library makes
		43	it impossible to recover if getrandom(2) is not yet initialized.
		44
		45	* Fixed a bug caused by the return value being set early to signal
		46	successful DTLS cookie validation. This can mask a later failure and
		47	result in a positive return value being returned from
		48	ssl3_get_client_hello(), when it should return a negative value to
		49	propagate the error.
		50
		51	* Fixed a build error on non-x86/x86_64 systems running Solaris.
		52
31	2.5.3 - OpenBSD 6.1 Release	53	2.5.3 - OpenBSD 6.1 Release
32		54
33	* Documentation updates	55	* Documentation updates