Merge branch 'development' into dtls

* development:
  Include 1.2.12 release information in ChangeLog
This commit is contained in:
Manuel Pégourié-Gonnard 2014-11-05 16:02:57 +01:00
commit c7647079fa

View file

@ -437,6 +437,33 @@ Security
* RSA blinding on CRT operations to counter timing attacks
(found by Cyril Arnaud and Pierre-Alain Fouque)
= Version 1.2.12 released 2014-10-24
Security
* Remotely-triggerable memory leak when parsing some X.509 certificates
(server is not affected if it doesn't ask for a client certificate).
(Found using Codenomicon Defensics.)
Bugfix
* Fix potential bad read in parsing ServerHello (found by Adrien
Vialletelle).
* ssl_close_notify() could send more than one message in some circumstances
with non-blocking I/O.
* x509_crt_parse() did not increase total_failed on PEM error
* Fix compiler warnings on iOS (found by Sander Niemeijer).
* Don't print uninitialised buffer in ssl_mail_client (found by Marc Abel).
* Fix net_accept() regarding non-blocking sockets (found by Luca Pesce).
* ssl_read() could return non-application data records on server while
renegotation was pending, and on client when a HelloRequest was received.
* Fix warnings from Clang's scan-build (contributed by Alfred Klomp).
Changes
* X.509 certificates with more than one AttributeTypeAndValue per
RelativeDistinguishedName are not accepted any more.
* ssl_read() now returns POLARSSL_ERR_NET_WANT_READ rather than
POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE on harmless alerts.
* Accept spaces at end of line or end of buffer in base64_decode().
= Version 1.2.11 released 2014-07-11
Features
* Entropy module now supports seed writing and reading