Hello community, here is the log from the commit of package libressl for openSUSE:Factory checked in at 2016-09-30 15:35:09 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libressl (Old) and /work/SRC/openSUSE:Factory/.libressl.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libressl" Changes: -------- --- /work/SRC/openSUSE:Factory/libressl/libressl.changes 2016-08-10 19:56:15.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.libressl.new/libressl.changes 2016-09-30 15:35:24.000000000 +0200 @@ -1,0 +2,40 @@ +Thu Sep 29 06:10:02 UTC 2016 - jeng...@inai.de + +- Update to new upstream release 2.5.0 +* libtls now supports ALPN and SNI +* libtls adds a new callback interface for integrating custom IO + functions. +* libtls now handles 4 cipher suite groups: "secure" + (TLSv1.2+AEAD+PFS), "compat" (HIGH:!aNULL), "legacy" + (HIGH:MEDIUM:!aNULL), "insecure" (ALL:!aNULL:!eNULL). This + allows for flexibility and finer grained control, rather than + having two extremes. +* libtls now always loads CA, key and certificate files at the + time the configuration function is called. +* Add support for OCSP intermediate certificates. +* Added functions used by stunnel and exim from BoringSSL - this + brings in X509_check_host, X509_check_email, X509_check_ip, and + X509_check_ip_asc. +* Improved behavior of arc4random on Windows when using memory + leak analysis software. +* Correctly handle an EOF that occurs prior to the TLS handshake + completing. +* Limit the support of the "backward compatible" ssl2 handshake + to only be used if TLS 1.0 is enabled. +* Fix incorrect results in certain cases on 64-bit systems when + BN_mod_word() can return incorrect results. BN_mod_word() now + can return an error condition. +* Added constant-time updates to address CVE-2016-0702 +* Fixed undefined behavior in BN_GF2m_mod_arr() +* Removed unused Cryptographic Message Support (CMS) +* More conversions of long long idioms to time_t +* Reverted change that cleans up the EVP cipher context in + EVP_EncryptFinal() and EVP_DecryptFinal(). Some software relies + on the previous behaviour. +* Avoid unbounded memory growth in libssl, which can be triggered + by a TLS client repeatedly renegotiating and sending OCSP + Status Request TLS extensions. +* Avoid falling back to a weak digest for (EC)DH when using SNI + with libssl. + +------------------------------------------------------------------- Old: ---- libressl-2.4.2.tar.gz libressl-2.4.2.tar.gz.asc New: ---- libressl-2.5.0.tar.gz libressl-2.5.0.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libressl.spec ++++++ --- /var/tmp/diff_new_pack.55bbn0/_old 2016-09-30 15:35:26.000000000 +0200 +++ /var/tmp/diff_new_pack.55bbn0/_new 2016-09-30 15:35:26.000000000 +0200 @@ -17,7 +17,7 @@ Name: libressl -Version: 2.4.2 +Version: 2.5.0 Release: 0 Summary: An SSL/TLS protocol implementation License: OpenSSL ++++++ libressl-2.4.2.tar.gz -> libressl-2.5.0.tar.gz ++++++ ++++ 29987 lines of diff (skipped)