===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/61.html,v
retrieving revision 1.79
retrieving revision 1.80
diff -u -r1.79 -r1.80
--- www/61.html 2017/04/08 14:53:35 1.79
+++ www/61.html 2017/04/08 15:07:07 1.80
@@ -150,7 +150,7 @@
vio(4) and
vioblk(4) devices.
Support VMs with > 2GB RAM.
- vmd(8) uses
+ vmd(8) uses
pledge(2) and the
fork+exec model.
vm.conf(5)
@@ -364,7 +364,7 @@
Fix vis/unvis of strings in
dhclient(8) leases files.
-
+
Assorted improvements:
@@ -474,7 +474,7 @@
to permit OCSP responses to be stapled to the tls handshake
- nc(1) now also
supports OCSP stapling server side, and will show the stapling information
- client side.
+ client side.
- Both relayd(8) and
httpd(8) support now
TLS session resumption using TLS session tickets.
@@ -538,10 +538,6 @@
possibly resulting in granting access where it was not intended.
- ssh(1), sshd(8): Fix weakness in CBC padding oracle countermeasures
that allowed a variant of the attack fixed in OpenSSH 7.3 to proceed.
-
- sftp-client(1): [portable OpenSSH only] On Cygwin, a client making
- a recursive file transfer could be maniuplated by a hostile server to
- perform a path-traversal attack. creating or modifying files outside
- of the intended target directory.
New/changed features:
@@ -719,191 +715,138 @@
- LibreSSL 2.5.3
-
-
- - libtls now supports ALPN and SNI
-
-
- libtls adds a new callback interface for integrating custom IO
- functions. Thanks to Tobias Pape.
-
-
- libtls now handles 4 cipher suite groups:
-
- - "secure" (TLSv1.2+AEAD+PFS)
-
- "compat" (HIGH:!aNULL)
-
- "legacy" (HIGH:MEDIUM:!aNULL)
-
- "insecure" (ALL:!aNULL:!eNULL)
-
- This allows for flexibility and finer grained control, rather than
- having two extremes (an issue raised by Marko Kreen some time ago).
-
- - Tightened error handling for tls_config_set_ciphers().
-
-
- libtls now always loads CA, key and certificate files at the time the
- configuration function is called. This simplifies code and results in
- a single memory based code path being used to provide data to libssl.
-
-
- Add support for OCSP intermediate certificates.
-
-
- Added functions used by stunnel and exim from BoringSSL - this
- brings in X509_check_host, X509_check_email, X509_check_ip, and
- X509_check_ip_asc.
-
-
- Added initial support for iOS, thanks to Jacob Berkman.
-
-
- Improved behavior of arc4random on Windows when using memory leak
- analysis software.
-
-
- Correctly handle an EOF that occurs prior to the TLS handshake
- completing. Reported by Vasily Kolobkov, based on a diff from Marko
- Kreen.
-
-
- Limit the support of the "backward compatible" ssl2 handshake to
- only be used if TLS 1.0 is enabled.
-
-
- Fix incorrect results in certain cases on 64-bit systems when
- BN_mod_word() can return incorrect results. BN_mod_word() now can
- return an error condition. Thanks to Brian Smith.
-
-
- Added constant-time updates to address CVE-2016-0702
-
-
- Fixed undefined behavior in BN_GF2m_mod_arr()
-
-
- Removed unused Cryptographic Message Support (CMS)
-
-
- More conversions of long long idioms to time_t
-
-
- Improved compatibility by avoiding printing NULL strings with
- printf.
-
-
- Reverted change that cleans up the EVP cipher context in
- EVP_EncryptFinal() and EVP_DecryptFinal(). Some software relies on the
- previous behaviour.
-
-
- Avoid unbounded memory growth in libssl, which can be triggered
- by a TLS client repeatedly renegotiating and sending OCSP Status
- Request TLS extensions.
-
-
- Avoid falling back to a weak digest for (EC)DH when using SNI
- with libssl.
-
-
- X509_cmp_time() now passes a malformed GeneralizedTime field as
- an error. Reported by Theofilos Petsios.
-
-
- Detect zero-length encrypted session data early, instead of when
- malloc(0) fails or the HMAC check fails. Noted independently by
- jsing@ and Kurt Cancemi.
-
-
- Check for and handle failure of HMAC_{Update,Final} or
- EVP_DecryptUpdate().
-
-
- Massive update and normalization of manpages, conversion to
- mandoc format. Many pages were rewritten for clarity and accuracy.
- Portable doc links are up-to-date with a new conversion tool.
-
-
- Curve25519 Key Exchange support.
-
-
- Support for alternate chains for certificate verification.
-
-
- Code cleanups, CBB conversions, further unification of DTLS/SSL
- handshake code, further ASN1 macro expansion and removal.
-
-
- Private symbols are now hidden in libssl and libcrypto.
-
-
- Friendly certificate verification error messages in libtls, peer
- verification is now always enabled.
-
-
- Added OCSP stapling support to libtls and nc.
-
-
- Added ocspcheck utility to validate a certificate against its OCSP
- responder and save the reply for stapling
-
-
- Enhanced regression tests and error handling for libtls.
-
-
- Added explicit constant and non-constant time BN functions,
- defaulting to constant time wherever possible.
-
-
- Moved many leaked implementation details in public structs behind
- opaque pointers.
-
-
- Added ticket support to libtls.
-
-
- Added support for setting the supported EC curves via
- SSL{_CTX}_set1_groups{_list}() - also provide defines for the
- previous SSL{_CTX}_set1_curves{_list} names. This also changes
- the default list of curves to be X25519, P-256 and P-384. All
- other curves must be manually enabled.
-
-
- Added -groups option to openssl(1) s_client for specifying the
- curves to be used in a colon-separated list.
-
-
- Merged client/server version negotiation code paths into one,
- reducing much duplicate code.
-
-
- Removed error function codes from libssl and libcrypto.
-
-
- Fixed an issue where a truncated packet could crash via an OOB
- read.
-
-
- Added SSL_OP_NO_CLIENT_RENEGOTIATION option that disallows
- client-initiated renegotiation. This is the default for libtls
- servers.
-
-
- Avoid a side-channel cache-timing attack that can leak the ECDSA
- private keys when signing. This is due to BN_mod_inverse() being
- used without the constant time flag being set. Reported by Cesar
- Pereida Garcia and Billy Brumley (Tampere University of
- Technology). The fix was developed by Cesar Pereida Garcia.
-
-
- iOS and MacOS compatibility updates from Simone Basso and Jacob
- Berkman.
-
-
- Added the recallocarray(3) memory allocation function, and
- converted various places in the library to use it, such as CBB
- and BUF_MEM_grow. recallocarray(3) is similar to
- reallocarray. Newly allocated memory is cleared similar to
- calloc(3). Memory that becomes unallocated while shrinking or
- moving existing allocations is explicitly discarded by unmapping
- or clearing to 0.
-
-
- Added new root CAs from SECOM Trust Systems / Security
- Communication of Japan.
-
-
- Added EVP interface for MD5+SHA1 hashes.
-
-
- Fixed DTLS client failures when the server sends a certificate
- request.
-
-
- Correct handling of padding when upgrading an SSLv2 challenge
- into an SSLv3/TLS connection.
-
-
- Allow protocols and ciphers to be set on a TLS config object in
- libtls.
-
-
- Improved nc(1) TLS handshake CPU usage and server-side error
- reporting.
-
-
- Add a constant time version of BN_gcd and use it default for
- BN_gcd to avoid the possibility of sidechannel timing attacks
- against RSA private key generation - Thanks to Alejandro
- Cabrera
-
-
+
+ - libtls now supports ALPN and SNI
+
- libtls adds a new callback interface for integrating custom IO
+ functions. Thanks to Tobias Pape.
+
- libtls now handles 4 cipher suite groups:
+
+ - "secure" (TLSv1.2+AEAD+PFS)
+
- "compat" (HIGH:!aNULL)
+
- "legacy" (HIGH:MEDIUM:!aNULL)
+
- "insecure" (ALL:!aNULL:!eNULL)
+
+ This allows for flexibility and finer grained control, rather than
+ having two extremes (an issue raised by Marko Kreen some time ago).
+ - Tightened error handling for tls_config_set_ciphers().
+
- libtls now always loads CA, key and certificate files at the time the
+ configuration function is called. This simplifies code and results in
+ a single memory based code path being used to provide data to libssl.
+
- Add support for OCSP intermediate certificates.
+
- Added functions used by stunnel and exim from BoringSSL - this
+ brings in X509_check_host, X509_check_email, X509_check_ip, and
+ X509_check_ip_asc.
+
- Added initial support for iOS, thanks to Jacob Berkman.
+
- Improved behavior of arc4random on Windows when using memory leak
+ analysis software.
+
- Correctly handle an EOF that occurs prior to the TLS handshake
+ completing. Reported by Vasily Kolobkov, based on a diff from Marko
+ Kreen.
+
- Limit the support of the "backward compatible" ssl2 handshake to
+ only be used if TLS 1.0 is enabled.
+
- Fix incorrect results in certain cases on 64-bit systems when
+ BN_mod_word() can return incorrect results. BN_mod_word() now can
+ return an error condition. Thanks to Brian Smith.
+
- Added constant-time updates to address CVE-2016-0702
+
- Fixed undefined behavior in BN_GF2m_mod_arr()
+
- Removed unused Cryptographic Message Support (CMS)
+
- More conversions of long long idioms to time_t
+
- Improved compatibility by avoiding printing NULL strings with
+ printf.
+
- Reverted change that cleans up the EVP cipher context in
+ EVP_EncryptFinal() and EVP_DecryptFinal(). Some software relies on the
+ previous behaviour.
+
- Avoid unbounded memory growth in libssl, which can be triggered
+ by a TLS client repeatedly renegotiating and sending OCSP Status
+ Request TLS extensions.
+
- Avoid falling back to a weak digest for (EC)DH when using SNI
+ with libssl.
+
- X509_cmp_time() now passes a malformed GeneralizedTime field as
+ an error. Reported by Theofilos Petsios.
+
- Detect zero-length encrypted session data early, instead of when
+ malloc(0) fails or the HMAC check fails.
+
- Check for and handle failure of HMAC_{Update,Final} or
+ EVP_DecryptUpdate().
+
- Massive update and normalization of manpages, conversion to
+ mandoc format. Many pages were rewritten for clarity and accuracy.
+ Portable doc links are up-to-date with a new conversion tool.
+
- Curve25519 Key Exchange support.
+
- Support for alternate chains for certificate verification.
+
- Code cleanups, CBB conversions, further unification of DTLS/SSL
+ handshake code, further ASN1 macro expansion and removal.
+
- Private symbols are now hidden in libssl and libcrypto.
+
- Friendly certificate verification error messages in libtls, peer
+ verification is now always enabled.
+
- Added OCSP stapling support to libtls and nc.
+
- Added ocspcheck utility to validate a certificate against its OCSP
+ responder and save the reply for stapling
+
- Enhanced regression tests and error handling for libtls.
+
- Added explicit constant and non-constant time BN functions,
+ defaulting to constant time wherever possible.
+
- Moved many leaked implementation details in public structs behind
+ opaque pointers.
+
- Added ticket support to libtls.
+
- Added support for setting the supported EC curves via
+ SSL{_CTX}_set1_groups{_list}() - also provide defines for the
+ previous SSL{_CTX}_set1_curves{_list} names. This also changes
+ the default list of curves to be X25519, P-256 and P-384. All
+ other curves must be manually enabled.
+
- Added -groups option to openssl(1) s_client for specifying the
+ curves to be used in a colon-separated list.
+
- Merged client/server version negotiation code paths into one,
+ reducing much duplicate code.
+
- Removed error function codes from libssl and libcrypto.
+
- Fixed an issue where a truncated packet could crash via an OOB
+ read.
+
- Added SSL_OP_NO_CLIENT_RENEGOTIATION option that disallows
+ client-initiated renegotiation. This is the default for libtls
+ servers.
+
- Avoid a side-channel cache-timing attack that can leak the ECDSA
+ private keys when signing. This is due to BN_mod_inverse() being
+ used without the constant time flag being set. Reported by Cesar
+ Pereida Garcia and Billy Brumley (Tampere University of
+ Technology). The fix was developed by Cesar Pereida Garcia.
+
- iOS and MacOS compatibility updates from Simone Basso and Jacob
+ Berkman.
+
- Added the recallocarray(3) memory allocation function, and
+ converted various places in the library to use it, such as CBB
+ and BUF_MEM_grow. recallocarray(3) is similar to
+ reallocarray. Newly allocated memory is cleared similar to
+ calloc(3). Memory that becomes unallocated while shrinking or
+ moving existing allocations is explicitly discarded by unmapping
+ or clearing to 0.
+
- Added new root CAs from SECOM Trust Systems / Security
+ Communication of Japan.
+
- Added EVP interface for MD5+SHA1 hashes.
+
- Fixed DTLS client failures when the server sends a certificate
+ request.
+
- Correct handling of padding when upgrading an SSLv2 challenge
+ into an SSLv3/TLS connection.
+
- Allow protocols and ciphers to be set on a TLS config object in
+ libtls.
+
- Improved nc(1) TLS handshake CPU usage and server-side error
+ reporting.
+
- Add a constant time version of BN_gcd and use it default for
+ BN_gcd to avoid the possibility of sidechannel timing attacks
+ against RSA private key generation - Thanks to Alejandro
+ Cabrera
+
- mandoc 1.14.1