File polarssl.changes of Package polarssl.5404
-------------------------------------------------------------------
Wed Jul 20 07:58:42 UTC 2016 - mpluskal@suse.com
- Fix for boo#989694 CVE-2015-8036 (heap-based buffer overflow):
* CVE-2015-8036-Add-extra-check-before-integer-conversion.patch
* CVE-2015-8036-Added-bounds-checking-for-TLS-extensions.patch
* CVE-2015-8036-Reordered-extension-fields-and-added-to-Cha.patch
- Refreshe and sync other patches with debian
-------------------------------------------------------------------
Tue Jan 12 09:48:47 UTC 2016 - mpluskal@suse.com
- Add polarssl-CVE-2015-7575.patch - CVE-2015-7575 boo#961284
boo#961290
-------------------------------------------------------------------
Sat Dec 19 08:36:26 UTC 2015 - fisiu@opensuse.org
- Add polarssl-CVE-2015-5291.patch: Remote code execution via session tickets
or SNI: fixes boo#949380, CVE-2015-5291.
-------------------------------------------------------------------
Tue Jan 20 19:33:12 UTC 2015 - fisiu@opensuse.org
- Add polarssl-CVE-2015-1182.patch: Remote attack using crafted certificates:
fix boo#913903, CVE-2015-1182.
-------------------------------------------------------------------
Mon Nov 3 12:25:24 UTC 2014 - fisiu@opensuse.org
- Update to 1.3.9, detailed changes available in ChangeLog file:
* Lowest common hash was selected from signature_algorithms extension in
TLS 1.2: fix boo#903672, CVE-2014-8627.
* Remotely-triggerable memory leak when parsing some X.509 certificates,
CVE-2014-8628.
* Remotely-triggerable memory leak when parsing crafted ClientHello,
CVE-2014-8628.
* Ciphersuites using SHA-256 or SHA-384 now require TLS 1.x.
* Ciphersuites using RSA-PSK key exchange now require TLS 1.x.
* POLARSSL_MPI_MAX_SIZE now defaults to 1024 in order to allow 8192 bits RSA
keys.
* X.509 certificates with more than one AttributeTypeAndValue per
RelativeDistinguishedName are not accepted any more.
- Build with POLARSSL_THREADING_PTHREAD: fix boo#903671.
-------------------------------------------------------------------
Fri Aug 15 17:17:05 UTC 2014 - fisiu@opensuse.org
- Update to 1.3.8, detailed changes available in ChangeLog file:
* Fix length checking for AEAD ciphersuites (found by Codenomicon).
It was possible to crash the server (and client) using crafted messages
when a GCM suite was chosen.
* Add CCM module and cipher mode to Cipher Layer
* Support for CCM and CCM_8 ciphersuites
* Support for parsing and verifying RSASSA-PSS signatures in the X.509
modules (certificates, CRLs and CSRs).
* Blowfish in the cipher layer now supports variable length keys.
* Add example config.h for PSK with CCM, optimized for low RAM usage.
* Optimize for RAM usage in example config.h for NSA Suite B profile.
* Add POLARSSL_REMOVE_ARC4_CIPHERSUITES to allow removing RC4 ciphersuites
from the default list (inactive by default).
* Add server-side enforcement of sent renegotiation requests
(ssl_set_renegotiation_enforced())
* Add SSL_CIPHERSUITES config.h flag to allow specifying a list of
ciphersuites to use and save some memory if the list is small.
-------------------------------------------------------------------
Sat Mar 29 14:01:16 UTC 2014 - fisiu@opensuse.org
- Update to 1.3.5, detailed changes available in ChangeLog file:
* Elliptic Curve Cryptography module added
* Elliptic Curve Diffie Hellman module added
* Ephemeral Elliptic Curve Diffie Hellman support for SSL/TLS
(ECDHE-based ciphersuites)
* Ephemeral Elliptic Curve Digital Signature Algorithm support for SSL/TLS
(ECDSA-based ciphersuites)
* Ability to specify allowed ciphersuites based on the protocol version.
* PSK and DHE-PSK based ciphersuites added
* Memory allocation abstraction layer added
* Buffer-based memory allocator added (no malloc() / free() / HEAP usage)
* Threading abstraction layer added (dummy / pthread / alternate)
* Public Key abstraction layer added
* Parsing Elliptic Curve keys
* Parsing Elliptic Curve certificates
* Support for max_fragment_length extension (RFC 6066)
* Support for truncated_hmac extension (RFC 6066)
* Support for zeros-and-length (ANSI X.923) padding, one-and-zeros
(ISO/IEC 7816-4) padding and zero padding in the cipher layer
* Support for session tickets (RFC 5077)
* Certificate Request (CSR) generation with extensions (key_usage,
ns_cert_type)
* X509 Certificate writing with extensions (basic_constraints,
issuer_key_identifier, etc)
* Optional blinding for RSA, DHM and EC
* Support for multiple active certificate / key pairs in SSL servers for
the same host (Not to be confused with SNI!)
-------------------------------------------------------------------
Wed May 15 12:21:45 UTC 2013 - fisiu@opensuse.org
- Update to 1.2.7:
* Ability to specify allowed ciphersuites based on the protocol
version.
* Default Blowfish keysize is now 128-bits
* Test suites made smaller to accommodate Raspberry Pi
* Fix for MPI assembly for ARM
* GCM adapted to support sizes > 2^29
-------------------------------------------------------------------
Sat Mar 16 16:03:03 UTC 2013 - fisiu@opensuse.org
- Update to 1.2.6:
* Fixed memory leak in ssl_free() and ssl_reset()
* Corrected GCM counter incrementation to use only 32-bits
instead of 128-bits
* Fixed net_bind() for specified IP addresses on little endian
systems
* Fixed assembly code for ARM (Thumb and regular)
* Detailed information available in ChangeLog file.
-------------------------------------------------------------------
Fri Mar 8 13:38:43 UTC 2013 - fisiu@opensuse.org
- Update to 1.2.5
-------------------------------------------------------------------
Sun Jan 29 14:29:51 UTC 2012 - jengelh@medozas.de
- Remove redundant tags/sections per specfile guideline suggestions
-------------------------------------------------------------------
Sat Jun 11 04:46:46 UTC 2011 - crrodriguez@opensuse.org
- Update to version 0.99.5
-------------------------------------------------------------------
Sun Apr 10 19:21:16 UTC 2011 - crrodriguez@opensuse.org
- Initial version
