===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/60.html,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- www/60.html 2016/07/21 09:57:48 1.3
+++ www/60.html 2016/07/21 10:40:51 1.4
@@ -162,15 +162,54 @@
-
LibreSSL X.X.X
+LibreSSL 2.4.2
- User-visible features:
- - ...
+
- Fixed some broken manpage links in the install target.
+
- cert.pem has been reorganized and synced with Mozilla's
+ certificate store.
+
- Reliability fix, correcting an error when parsing certain ASN.1
+ elements over 16k in size.
+
- Implemented the IETF ChaCha20-Poly1305 cipher suites.
+
- Fixed password prompts from
+ openssl(1)
+ to properly handle ^C.
- Code improvements:
- - ...
+
- Fixed an nginx compatibility issue by adding an
+ 'install_sw' build target.
+
- Changed default
+ EVP_aead_chacha20_poly1305(3)
+ implementation to the IETF version, which is now the default.
+
- Reworked error handling in libtls so that configuration
+ errors are more visible.
+
- Added missing error handling around
+ bn_wexpand(3)
+ calls.
+
- Added
+ explicit_bzero(3)
+ calls for freed ASN.1 objects.
+
- Fixed X509_*set_object functions to return 0 on allocation
+ failure.
+
- Deprecated internal use of
+ EVP_[Cipher|Encrypt|Decrypt]_Final.
+
- Fixed a problem that prevents the DSA signing algorithm from running
+ in constant time even if the flag BN_FLG_CONSTTIME is set.
+
- Fixed several issues in the OCSP code that could result in the
+ incorrect generation and parsing of OCSP requests. This remediates
+ a lack of error checking on time parsing in these functions, and
+ ensures that only GENERALIZEDTIME formats are accepted for
+ OCSP, as per RFC 6960.
+
+ - The following CVEs had been fixed:
+
+ - CVE-2016-2105—EVP_EncodeUpdate overflow.
+
- CVE-2016-2106—EVP_EncryptUpdate overflow.
+
- CVE-2016-2107—padding oracle in AES-NI CBC MAC check.
+
- CVE-2016-2108—memory corruption in the ASN.1 encoder.
+
- CVE-2016-2109—ASN.1 BIO excessive memory allocation.