commit libressl for openSUSE:Factory
Hello community, here is the log from the commit of package libressl for openSUSE:Factory checked in at 2017-09-04 12:35:18 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libressl (Old) and /work/SRC/openSUSE:Factory/.libressl.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "libressl" Mon Sep 4 12:35:18 2017 rev:32 rq:520239 version:2.6.0 Changes: -------- --- /work/SRC/openSUSE:Factory/libressl/libressl.changes 2017-08-28 15:17:48.111358661 +0200 +++ /work/SRC/openSUSE:Factory/.libressl.new/libressl.changes 2017-09-04 12:35:22.263540013 +0200 @@ -1,0 +2,40 @@ +Fri Sep 1 12:09:37 UTC 2017 - jengelh@inai.de + +- Update to new upstream release 2.6.0 + * Added support for providing CRLs to libtls. Once a CRL is + provided, we enable CRL checking for the full certificate + chain. + * Allow non-compliant clients using IP literal addresses with + SNI to connect to a server using libtls. + * Avoid a potential NULL pointer dereference in + d2i_ECPrivateKey(). + * Added definitions for three OIDs used in EV certificates. + * Plugged a memory leak in tls_ocsp_free. + * Added tls_peer_cert_chain_pem, tls_cert_hash, and + tls_hex_string to libtls, useful in private certificate + validation callbacks. + * Reworked TLS certificate name verification code to more + strictly follow RFC 6125. + * Added tls_keypair_clear_key for clearing key material. + * Removed inconsistent IPv6 handling from + BIO_get_accept_socket, simplified BIO_get_host_ip and + BIO_accept. + * Fixed the openssl(1) ca command so that is generates + certificates with RFC 5280-conformant time. + * Added ASN1_TIME_set_tm to set an asn1 from a struct tm *. + * Added SSL{,_CTX}_set_{min,max}_proto_version() functions. + * Added HKDF (HMAC Key Derivation Function) from BoringSSL + * Providea a tls_unload_file() function that frees the memory + returned from a tls_load_file() call, ensuring that it the + contents become inaccessible. This is specifically needed on + platforms where the library allocators may be different from + the application allocator. + * Perform reference counting for tls_config. This allows + tls_config_free() to be called as soon as it has been passed + to the final tls_configure() call, simplifying lifetime + tracking for the application. + * Moved internal state of SSL and other structures to be + opaque. + * Dropped cipher suites with DSS authentication. + +------------------------------------------------------------------- Old: ---- libressl-2.5.5.tar.gz libressl-2.5.5.tar.gz.asc New: ---- libressl-2.6.0.tar.gz libressl-2.6.0.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libressl.spec ++++++ --- /var/tmp/diff_new_pack.geG2yT/_old 2017-09-04 12:35:23.247401677 +0200 +++ /var/tmp/diff_new_pack.geG2yT/_new 2017-09-04 12:35:23.259399990 +0200 @@ -17,7 +17,7 @@ Name: libressl -Version: 2.5.5 +Version: 2.6.0 Release: 0 Summary: An SSL/TLS protocol implementation License: OpenSSL ++++++ libressl-2.5.5.tar.gz -> libressl-2.6.0.tar.gz ++++++ ++++ 14191 lines of diff (skipped)
participants (1)
-
root@hilbert.suse.de