| version 1.3, 2016/07/21 09:57:48 |
version 1.4, 2016/07/21 10:40:51 |
|
|
| </ul> |
</ul> |
| </ul> |
</ul> |
| <p> |
<p> |
| <li>LibreSSL X.X.X |
<li>LibreSSL 2.4.2 |
| <ul> |
<ul> |
| <li>User-visible features: |
<li>User-visible features: |
| <ul> |
<ul> |
| <li>... |
<li>Fixed some broken manpage links in the install target. |
| |
<li><tt>cert.pem</tt> has been reorganized and synced with Mozilla's |
| |
certificate store. |
| |
<li>Reliability fix, correcting an error when parsing certain ASN.1 |
| |
elements over 16k in size. |
| |
<li>Implemented the IETF <i>ChaCha20-Poly1305</i> cipher suites. |
| |
<li>Fixed password prompts from |
| |
<a href="http://man.openbsd.org/?query=openssl">openssl(1)</a> |
| |
to properly handle ^C. |
| </ul> |
</ul> |
| <li>Code improvements: |
<li>Code improvements: |
| <ul> |
<ul> |
| <li>... |
<li>Fixed an <i>nginx</i> compatibility issue by adding an |
| |
'<tt>install_sw</tt>' build target. |
| |
<li>Changed default |
| |
<a href="http://man.openbsd.org/?query=EVP_AEAD_CTX_init">EVP_aead_chacha20_poly1305(3)</a> |
| |
implementation to the IETF version, which is now the default. |
| |
<li>Reworked error handling in <tt>libtls</tt> so that configuration |
| |
errors are more visible. |
| |
<li>Added missing error handling around |
| |
<a href="http://man.openbsd.org/?query=bn_dump">bn_wexpand(3)</a> |
| |
calls. |
| |
<li>Added |
| |
<a href="http://man.openbsd.org/?query=bzero">explicit_bzero(3)</a> |
| |
calls for freed ASN.1 objects. |
| |
<li>Fixed <tt>X509_*set_object</tt> functions to return 0 on allocation |
| |
failure. |
| |
<li>Deprecated internal use of |
| |
<a href="http://man.openbsd.org/?query=EVP_EncryptInit">EVP_[Cipher|Encrypt|Decrypt]_Final</a>. |
| |
<li>Fixed a problem that prevents the DSA signing algorithm from running |
| |
in constant time even if the flag <tt>BN_FLG_CONSTTIME</tt> is set. |
| |
<li>Fixed several issues in the OCSP code that could result in the |
| |
incorrect generation and parsing of OCSP requests. This remediates |
| |
a lack of error checking on time parsing in these functions, and |
| |
ensures that only <tt>GENERALIZEDTIME</tt> formats are accepted for |
| |
OCSP, as per <i>RFC 6960</i>. |
| |
</ul> |
| |
<li>The following CVEs had been fixed: |
| |
<ul> |
| |
<li><tt>CVE-2016-2105</tt>—EVP_EncodeUpdate overflow. |
| |
<li><tt>CVE-2016-2106</tt>—EVP_EncryptUpdate overflow. |
| |
<li><tt>CVE-2016-2107</tt>—padding oracle in AES-NI CBC MAC check. |
| |
<li><tt>CVE-2016-2108</tt>—memory corruption in the ASN.1 encoder. |
| |
<li><tt>CVE-2016-2109</tt>—ASN.1 BIO excessive memory allocation. |
| </ul> |
</ul> |
| </ul> |
</ul> |
| <p> |
<p> |
![[BACK]](/icons/back.gif){kind=icon}
Return to 60.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www