1 files changed, 22 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 37ba6cd..84a5c87 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -28,6 +28,28 @@ history is also available from Git.
 LibreSSL Portable Release Notes:
+2.6.2 - Bug fixes
+        * Provide a useful error with libtls if there are no OCSP URLs in a
+          peer certificate.
+        * Keep track of which keypair is in use by a TLS context, fixing a bug
+          where a TLS server with SNI would only return the OCSP staple for the
+          default keypair. Issue reported by William Graeber and confirmed by
+          Andreas Bartelt.
+        * Fixed various issues in the OCSP extension parsing code.
+          The original code incorrectly passes the pointer allocated via
+          CBS_stow() (using malloc()) to a d2i_*() function and then calls
+          free() on the now incremented pointer, most likely resulting in a
+          crash. This issue was reported by Robert Swiecki who found the issue
+          using honggfuzz.
+        * If tls_config_parse_protocols() is called with a NULL pointer,
+          return the default protocols instead of crashing - this makes the
+          behaviour more useful and mirrors what we already do in
+          tls_config_set_ciphers() et al.
 2.6.1 - Code removal, rewrites
        * Added a "-T tlscompat" option to nc(1), which enables the use of all

diff --git a/ChangeLog b/ChangeLog index 37ba6cd..84a5c87 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -28,6 +28,28 @@ history is also available from Git.
28		28
29	LibreSSL Portable Release Notes:	29	LibreSSL Portable Release Notes:
30		30
		31	2.6.2 - Bug fixes
		32
		33	* Provide a useful error with libtls if there are no OCSP URLs in a
		34	peer certificate.
		35
		36	* Keep track of which keypair is in use by a TLS context, fixing a bug
		37	where a TLS server with SNI would only return the OCSP staple for the
		38	default keypair. Issue reported by William Graeber and confirmed by
		39	Andreas Bartelt.
		40
		41	* Fixed various issues in the OCSP extension parsing code.
		42	The original code incorrectly passes the pointer allocated via
		43	CBS_stow() (using malloc()) to a d2i_*() function and then calls
		44	free() on the now incremented pointer, most likely resulting in a
		45	crash. This issue was reported by Robert Swiecki who found the issue
		46	using honggfuzz.
		47
		48	* If tls_config_parse_protocols() is called with a NULL pointer,
		49	return the default protocols instead of crashing - this makes the
		50	behaviour more useful and mirrors what we already do in
		51	tls_config_set_ciphers() et al.
		52
31	2.6.1 - Code removal, rewrites	53	2.6.1 - Code removal, rewrites
32		54
33	* Added a "-T tlscompat" option to nc(1), which enables the use of all	55	* Added a "-T tlscompat" option to nc(1), which enables the use of all