1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
|
Version 1.10.2, 2012-06-17
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Several TLS bugs were fixed in this release, including a major
omission that the renegotiation extension was not being used. As the
1.10 implementation of TLS does not properly support renegotiation,
the approach in this release is simply to send the renegotiation
extension SCSV, which should protect the client against any handshake
splicing. In addition renegotiation attempts are handled properly
instead of causing handshake failures - all hello requests, and all
client hellos after the initial negotiation, are ignored. Some
bugs affecting DSA server authentication were also fixed.
By popular request, ``Pipe::reset`` no longer requires that message
processing be completed, a requirement that caused problems when a
Filter's end_msg call threw an exception, after which point the Pipe
object was no longer usable.
Support for getting entropy using the rdrand instruction introduced in
Intel's Ivy Bridge processors has been added. In previous releases,
the ``CPUID::has_rdrand`` function was checking the wrong cpuid bit,
and would false positive on AMD Bulldozer processors.
An implementation of SRP-6a compatible with the specification in RFC
5054 is now available in ``srp6.h``. In 1.11, this is being used for
TLS-SRP, but may be useful in other environments as well.
An implementation of the Camellia block cipher was added, again largely
for use in TLS.
If ``clock_gettime`` is available on the system, hres_timer will poll all
the available clock types.
AltiVec is now detected on IBM POWER7 processors and on OpenBSD systems.
The OpenBSD support was contributed by Brad Smith.
The Qt mutex wrapper was broken and would not compile with any recent
version of Qt. Taking this as a clear indication that it is not in use,
it has been removed.
Avoid setting the soname on OpenBSD, as it doesn't support it (PR 158)
A compilation problem in the dynamic loader that prevented using
dyn_load under MinGW GCC has been fixed.
A common error for people using MinGW is to target GCC on Windows,
however the 'Windows' target assumes the existence of Visual C++
runtime functions which do not exist in MinGW. Now, configuring for
GCC on Windows will cause the configure.py to warn that likely you
wanted to configure for either MinGW or Cygwin, not the generic
Windows target.
A bug in configure.py would cause it to interpret `--cpu=s390x` as
`s390`. This may have affected other CPUs as well. Now configure.py
searches for an exact match, and only if no exact match is found will
it search for substring matches.
An incompatability in configure.py with the subprocess module included
in Python 3.1 has been fixed (PR 157).
The exception catching syntax of configure.py has been changed to the
Python 3.x syntax. This syntax also works with Python 2.6 and 2.7, but
not with any earlier Python 2 release. A simple search and replace
will allow running it under Python 2.5::
perl -pi -e 's/except (.*) as (.*):/except $1, $2:/g' configure.py
Note that Python 2.4 is not supported at all.
|