===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/60.html,v
retrieving revision 1.3
retrieving revision 1.4
diff -c -r1.3 -r1.4
*** www/60.html 2016/07/21 09:57:48 1.3
--- www/60.html 2016/07/21 10:40:51 1.4
***************
*** 162,176 ****
!
LibreSSL X.X.X
- User-visible features:
- Code improvements:
--- 162,215 ----
!
LibreSSL 2.4.2
- User-visible features:
! - Fixed some broken manpage links in the install target.
!
- cert.pem has been reorganized and synced with Mozilla's
! certificate store.
!
- Reliability fix, correcting an error when parsing certain ASN.1
! elements over 16k in size.
!
- Implemented the IETF ChaCha20-Poly1305 cipher suites.
!
- Fixed password prompts from
! openssl(1)
! to properly handle ^C.
- Code improvements:
! - Fixed an nginx compatibility issue by adding an
! 'install_sw' build target.
!
- Changed default
! EVP_aead_chacha20_poly1305(3)
! implementation to the IETF version, which is now the default.
!
- Reworked error handling in libtls so that configuration
! errors are more visible.
!
- Added missing error handling around
! bn_wexpand(3)
! calls.
!
- Added
! explicit_bzero(3)
! calls for freed ASN.1 objects.
!
- Fixed X509_*set_object functions to return 0 on allocation
! failure.
!
- Deprecated internal use of
! EVP_[Cipher|Encrypt|Decrypt]_Final.
!
- Fixed a problem that prevents the DSA signing algorithm from running
! in constant time even if the flag BN_FLG_CONSTTIME is set.
!
- Fixed several issues in the OCSP code that could result in the
! incorrect generation and parsing of OCSP requests. This remediates
! a lack of error checking on time parsing in these functions, and
! ensures that only GENERALIZEDTIME formats are accepted for
! OCSP, as per RFC 6960.
!
! - The following CVEs had been fixed:
!
! - CVE-2016-2105—EVP_EncodeUpdate overflow.
!
- CVE-2016-2106—EVP_EncryptUpdate overflow.
!
- CVE-2016-2107—padding oracle in AES-NI CBC MAC check.
!
- CVE-2016-2108—memory corruption in the ASN.1 encoder.
!
- CVE-2016-2109—ASN.1 BIO excessive memory allocation.