Update release notes

[ci skip]

1 files changed, 38 insertions, 15 deletions

diff --git a/news.rst b/news.rst
index 00365bdbf..e088c4bff 100644
--- a/news.rst
+++ b/news.rst
@@ -4,18 +4,24 @@ Release Notes
 Version 2.1.0, Not Yet Released
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-* Fix incorrect truncation in Bcrypt. Passwords in length between 56
-  and 72 characters were truncated at 56 characters. Found and
-  reported by Solar Designer. (CVE-2017-7252)
+* Fix incorrect truncation in Bcrypt. Passwords in length between 56 and 72
+  characters were truncated at 56 characters. Found and reported by Solar Designer.
+  (CVE-2017-7252) (GH #938)
 
 * Correct minimum work factor for Bcrypt password hashes. All other
-  implementations require the work factor be at least 4. Previously
-  Botan simply required it be greater than zero.
+  implementations require the work factor be at least 4. Previously Botan simply
+  required it be greater than zero. (GH #938)
+
+* Converge on a single side channel silent EC blinded multiply algorithm.
+  Uses Montgomery ladder with order/2 bits scalar blinding and point randomization
+  now by default. (GH #893)
 
 * Support a 0-length IV in ChaCha stream cipher. Such an IV is treated
   identically to an 8-byte IV of all zeros.
 
-* New C89 API interfaces for testing key validity. (GH #944)
+* Add new interfaces to the C API including multiple precision integers, key
+  validity tests, extracting algorithm specific key paramters (eg the modulus
+  and public exponent from RSA public keys). GH #899 #944 #946 #961 #964
 
 * The PKCS11 module did not require any external dependencies, so it
   has been enabled by default. The ``-with-pkcs11`` and ``--without-pkcs11``
@@ -56,7 +62,12 @@ Version 2.1.0, Not Yet Released
 * Add command line util ``timing_test`` which enables running
   timing-based side channel analysis of TLS CBC decryption, ECC scalar
   multiplies, OAEP decoding, and other operations which are prone to
-  providing an oracle via side channel.
+  providing an oracle via side channel. This replaces the standalone
+  timing test suite added in 1.11.34, which has been removed.
+
+* Various cleanups and refactorings (GH #965)
+
+* Add wrapper of C++14 make_unique (GH #974)
 
 * Fix pkg-config output when --build-dir was used (GH #936)
 
@@ -68,21 +79,33 @@ Version 2.1.0, Not Yet Released
 * Avoid a GCC warning that triggered on the public key types (GH #849)
 
 * Fix various warnings flagged by pylint and pyflakes linters in
-  configure.py and botan.py (GH #832 #836 #839)
-  
+  configure.py and botan.py (GH #832 #836 #839 #962 #975)
+
+* Improve support for OpenBSD including using getentropy (GH #954)
+  for PRNG seeding, and arc4random to access system RNG (GH #953)
+
+* Add ability to build through CMake. As of now this is only supported
+  for development rather than production builds. (GH #967)
+
 * Rename python wrapper to botan2.py (GH #847)
 
 * Change name constraint test to use a fixed reference time. Test certs have expired.
 
-* Increase miller-rabin iterations for DSA primes (FIPS-186-4) (GH #881)
+* Increase Miller-Rabin iterations for DSA primes to match FIPS 186-4. (GH #881)
 
-* Fix possible ISO 9796-2 padding side channel and add a length check (GH #891)
+* Fix possible ISO 9796-2 padding side channel, and add a missing length check (GH #891)
 
-* In CLI, if system RNG is available prefer it
+* In command line utility, prefer the system RNG if it is available.
 
-* Converge on a single side channel silent EC blinded multiply algorithm.
-  Uses montgomery ladder with order/2 bits scalar blinding and point randomization
-  now by default. (GH #893)
+Version 1.10.16, 2017-04-04
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Fix a bug in X509 DN string comparisons that could result in out of bound
+  reads. This could result in information leakage, denial of service, or
+  potentially incorrect certificate validation results. (CVE-2017-2801)
+
+* Avoid throwing during a destructor since this is undefined in C++11
+  and rarely a good idea. (GH #930)
 
 Version 1.10.15, 2017-01-12
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^