diff options
| -rw-r--r-- | ChangeLog | 27 |
1 files changed, 9 insertions, 18 deletions
| @@ -30,39 +30,30 @@ LibreSSL Portable Release Notes: | |||
| 30 | 30 | ||
| 31 | 2.5.2 - Security features and bugfixes | 31 | 2.5.2 - Security features and bugfixes |
| 32 | 32 | ||
| 33 | * Improved portability of ocspcheck(1) | 33 | * Added the recallocarray(3) memory allocation function, and converted |
| 34 | various places in the library to use it, such as CBB and BUF_MEM_grow. | ||
| 35 | recallocarray(3) is similar to reallocarray. Newly allocated memory | ||
| 36 | is cleared similar to calloc(3). Memory that becomes unallocated | ||
| 37 | while shrinking or moving existing allocations is explicitly | ||
| 38 | discarded by unmapping or clearing to 0 | ||
| 34 | 39 | ||
| 35 | * Fixed assorted memory leaks and error handling. | 40 | * Added new root CAs from SECOM Trust Systems / Security Communication |
| 41 | of Japan. | ||
| 36 | 42 | ||
| 37 | * Removed STREEBOG 512 MAC | 43 | * Added EVP interface for MD5+SHA1 hashes. |
| 38 | |||
| 39 | * Addednew root CAs from SECOM Trust Systems / Security Communication | ||
| 40 | of Japan | ||
| 41 | |||
| 42 | * Added EVP interface for MD5+SHA1 hashes | ||
| 43 | 44 | ||
| 44 | * Fixed DTLS client failures when the server sends a certificate | 45 | * Fixed DTLS client failures when the server sends a certificate |
| 45 | request. | 46 | request. |
| 46 | 47 | ||
| 47 | * Many new regression tests | ||
| 48 | |||
| 49 | * Correct handling of padding when upgrading an SSLv2 challenge into | 48 | * Correct handling of padding when upgrading an SSLv2 challenge into |
| 50 | an SSLv3/TLS connection. | 49 | an SSLv3/TLS connection. |
| 51 | 50 | ||
| 52 | * Added recallocarray(1) memory allocation function, converted various | ||
| 53 | places in the library to use it, such as CBB and BUF_MEM_grow. | ||
| 54 | This function ensures that when a private memory buffer is resized, | ||
| 55 | freed memory is explicitly cleared before being returned to the | ||
| 56 | heap. | ||
| 57 | |||
| 58 | * Allow protocols and ciphers to be set on a TLS config object in | 51 | * Allow protocols and ciphers to be set on a TLS config object in |
| 59 | libtls. | 52 | libtls. |
| 60 | 53 | ||
| 61 | * Improved nc(1) TLS handshake CPU usage and server-side error | 54 | * Improved nc(1) TLS handshake CPU usage and server-side error |
| 62 | reporting. | 55 | reporting. |
| 63 | 56 | ||
| 64 | * Removed handshake digest code and replaced with handshake hash. | ||
| 65 | |||
| 66 | 2.5.1 - Bug and security fixes, new features, documentation updates | 57 | 2.5.1 - Bug and security fixes, new features, documentation updates |
| 67 | 58 | ||
| 68 | * X509_cmp_time() now passes a malformed GeneralizedTime field as an | 59 | * X509_cmp_time() now passes a malformed GeneralizedTime field as an |