SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for mingw32-libressl-devel-3.1.4-3.245.noarch.rpm :

* Thu Oct 15 2020 Ralf Habacker - Fix building on Leap 42.3
* Thu Sep 10 2020 Jan Engelhardt - Update to release 3.1.4
* TLS 1.3 client improvements:
* Improve client certificate selection to allow EC certificates instead of only RSA certificates.
* Do not error out if a TLSv1.3 server requests an OCSP response as part of a certificate request.
* Fix SSL_shutdown behavior to match the legacy stack. The previous behaviour could cause a hang.
* Fix a memory leak and add a missing error check in the handling of the key update message.
* Fix a memory leak in tls13_record_layer_set_traffic_key.
* Avoid calling freezero with a negative size if a server sends a malformed plaintext of all zeroes.
* Ensure that only PSS may be used with RSA in TLSv1.3 in order to avoid using PKCS1-based signatures.
* Add the P-521 curve to the list of curves supported by default in the client.
* Sat May 23 2020 Jan Engelhardt - Update to release 3.1.2
* A TLS client with peer verification disabled may crash when contacting a server that sends an empty certificate list.
* Sun May 10 2020 Jan Engelhardt - Update to release 3.1.1
* Completed initial TLS 1.3 implementation with a completely new state machine and record layer. TLS 1.3 is now enabled by default for the client side, with the server side to be enabled in a future release. Note that the OpenSSL TLS 1.3 API is not yet visible/available.
* Improved cipher suite handling to automatically include TLSv1.3 cipher suites when they are not explicitly referred to in the cipher string.
* Provided TLSv1.3 cipher suite aliases to match the names used in RFC 8446.
* Added cms subcommand to openssl(1).
* Added -addext option to openssl(1) req subcommand.
* Added -groups option to openssl(1) s_server subcommand.
* Added TLSv1.3 extension types to openssl(1) -tlsextdebug.
* Sun Oct 20 2019 Jan Engelhardt - Update to release 3.0.2
* Use a valid curve when constructing an EC_KEY that looks like X25519. The recent EC group cofactor change results in stricter validation, which causes the EC_GROUP_set_generator() call to fail.
* Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey. (Note that the CMS code is currently disabled).
* Wed May 22 2019 Jan Engelhardt - Update to new upstream release 2.9.2
* Fixed SRTP profile advertisement for DTLS servers.
* Tue Apr 23 2019 Jan Engelhardt - Update to new upstream release 2.9.1
* Added the SM4 block cipher from the Chinese standard GB/T 32907-2016.
* Partial port of the OpenSSL EC_KEY_METHOD API for use by OpenSSH.
* Implemented further missing OpenSSL 1.1 API.
* Added support for XChaCha20 and XChaCha20-Poly1305.
* Added support for AES key wrap constructions via the EVP interface.
* Thu Mar 14 2019 Jan Engelhardt - Update to new upstream release 2.9.0
* CRYPTO_LOCK is now automatically initialized, with the legacy callbacks stubbed for compatibility.
* Added the SM3 hash function from the Chinese standard GB/T 32905-2016.
* Added more OPENSSL_NO_
* macros for compatibility with OpenSSL.
* Added the ability to use the RSA PSS algorithm for handshake signatures.
* Added functionality to derive early, handshake, and application secrets as per RFC8446.
* Added handshake state machine from RFC8446.
* Added support for assembly optimizations on 32-bit ARM ELF targets.
* Improved protection against timing side channels in ECDSA signature generation.
* Coordinate blinding was added to some elliptic curves. This is the last bit of the work by Brumley et al. to protect against the Portsmash vulnerability.
* Mon Dec 24 2018 seanAATTsuspend.net- Update to new upstream release 2.8.3
* Fixed warnings about clock_gettime on Windows VS builds
* Fixed CMake builds on systems where getpagesize is inline
* Implemented coordinate blinding for EC_POINT for portsmash
* Fixed a non-uniformity in getentropy(2) to discard zeroes
* Tue Oct 23 2018 Bernhard Wiedemann - Update extra-symver.diff to fix build with -j1
  
ICM