Prepare release v3.9.10

2016-09-23 11:40:07 -07:00 · 2016-09-23 11:40:07 -07:00 · 6895803f2b
commit 6895803f2b
parent 049956d852
7 changed files with 95 additions and 7 deletions
--- a/.gitignore
+++ b/.gitignore
@ -19,6 +19,7 @@ config*
 ipch/
 build-aux/
 rpm/spec
+*.rpm
 stamp-h
 cyassl/options.h
 wolfssl/options.h
--- a/39
+++ b/39
@ -35,6 +35,45 @@ before calling wolfSSL_new();  Though it's not recommended.
 *** end Notes ***


+********* wolfSSL (Formerly CyaSSL) Release 3.9.10 (9/23/2016)
+
+Release 3.9.10 of wolfSSL has bug fixes and new features including:
+
+- Default configure option changes:
+  1. DES3 disabled by default
+  2. ECC Supported Curves Extension enabled by default
+  3. New option Extended Master Secret enabled by default
+- Added checking CA certificate path length, and new test certs
+- Fix to DSA pre padding and sanity check on R/S values
+- Added CTX level RNG for single-threaded builds
+- Intel RDSEED enhancements
+- ARMv8 hardware acceleration support for AES-CBC/CTR/GCM, SHA-256
+- Arduino support updates
+- Added the Extended Master Secret TLS extension
+  1. Enabled by default in configure options, API to disable
+  2. Added support for Extended Master Secret to sniffer
+- OCSP fix with issuer key hash, lookup refactor
+- Added support for Frosted OS
+- Added support for DTLS over SCTP
+- Added support for static memory with wolfCrypt
+- Fix to ECC Custom Curve support
+- Support for asynchronous wolfCrypt RSA and TLS client
+- Added distribution build configure option
+- Update the test certificates
+
+This release of wolfSSL fixes medium level security vulnerabilities.  Fixes for
+potential AES, RSA, and ECC side channel leaks is included that a local user
+monitoring the same CPU core cache could exploit.  VM users, hyper-threading
+users, and users where potential attackers have access to the CPU cache will
+need to update if they utilize AES, RSA private keys, or ECC private keys.
+Thanks to Gorka Irazoqui Apecechea and Xiaofei Guo from Intel Corporation for
+the report.  More information will be available on our site:
+
+    https://wolfssl.com/wolfSSL/security/vulnerabilities.php
+
+See INSTALL file for build instructions.
+More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html
+
 ********* wolfSSL (Formerly CyaSSL) Release 3.9.8 (7/29/2016)

 Release 3.9.8 of wolfSSL has bug fixes and new features including:
--- a/README.md
+++ b/README.md
@ -38,6 +38,47 @@ wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
 before calling wolfSSL_new();  Though it's not recommended.
 ```

+
+# wolfSSL (Formerly CyaSSL) Release 3.9.10 (9/23/2016)
+
+## Release 3.9.10 of wolfSSL has bug fixes and new features including:
+
+- Default configure option changes:
+  1. DES3 disabled by default
+  2. ECC Supported Curves Extension enabled by default
+  3. New option Extended Master Secret enabled by default
+- Added checking CA certificate path length, and new test certs
+- Fix to DSA pre padding and sanity check on R/S values
+- Added CTX level RNG for single-threaded builds
+- Intel RDSEED enhancements
+- ARMv8 hardware acceleration support for AES-CBC/CTR/GCM, SHA-256
+- Arduino support updates
+- Added the Extended Master Secret TLS extension
+  1. Enabled by default in configure options, API to disable
+  2. Added support for Extended Master Secret to sniffer
+- OCSP fix with issuer key hash, lookup refactor
+- Added support for Frosted OS
+- Added support for DTLS over SCTP
+- Added support for static memory with wolfCrypt
+- Fix to ECC Custom Curve support
+- Support for asynchronous wolfCrypt RSA and TLS client
+- Added distribution build configure option
+- Update the test certificates
+
+This release of wolfSSL fixes medium level security vulnerabilities.  Fixes for
+potential AES, RSA, and ECC side channel leaks is included that a local user
+monitoring the same CPU core cache could exploit.  VM users, hyper-threading
+users, and users where potential attackers have access to the CPU cache will
+need to update if they utilize AES, RSA private keys, or ECC private keys.
+Thanks to Gorka Irazoqui Apecechea and Xiaofei Guo from Intel Corporation for
+the report.  More information will be available on our site:
+
+https://wolfssl.com/wolfSSL/security/vulnerabilities.php
+
+See INSTALL file for build instructions.
+More info can be found on-line at https://wolfssl.com/wolfSSL/Docs.html
+
+
 # wolfSSL (Formerly CyaSSL) Release 3.9.8 (7/29/2016)

 ##Release 3.9.8 of wolfSSL has bug fixes and new features including:
@ -1451,4 +1492,4 @@ Run the testsuite program
 compatibility functions.


-Please send questions or comments to todd@yassl.com
+Please send questions or comments to todd@wolfssl.com
--- a/configure.ac
+++ b/configure.ac
@ -6,7 +6,7 @@
 #
 #

-AC_INIT([wolfssl],[3.9.9],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com])
+AC_INIT([wolfssl],[3.9.10],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com])

 AC_CONFIG_AUX_DIR([build-aux])

--- a/rpm/spec.in
+++ b/rpm/spec.in
@ -65,11 +65,15 @@ mkdir -p $RPM_BUILD_ROOT/
 %{_docdir}/wolfssl/example/server.c
 %{_docdir}/wolfssl/example/echoclient.c
 %{_docdir}/wolfssl/example/client.c
+%{_docdir}/wolfssl/example/sctp-client.c
+%{_docdir}/wolfssl/example/sctp-server.c
+%{_docdir}/wolfssl/example/sctp-client-dtls.c
+%{_docdir}/wolfssl/example/sctp-server-dtls.c
 %{_docdir}/wolfssl/README.txt
 %{_libdir}/libwolfssl.la
 %{_libdir}/libwolfssl.so
 %{_libdir}/libwolfssl.so.3
-%{_libdir}/libwolfssl.so.3.4.0
+%{_libdir}/libwolfssl.so.3.5.0

 %files devel
 %defattr(-,root,root,-)
@ -200,6 +204,7 @@ mkdir -p $RPM_BUILD_ROOT/
 %{_includedir}/wolfssl/wolfcrypt/md2.h
 %{_includedir}/wolfssl/wolfcrypt/md4.h
 %{_includedir}/wolfssl/wolfcrypt/md5.h
+%{_includedir}/wolfssl/wolfcrypt/mem_track.h
 %{_includedir}/wolfssl/wolfcrypt/memory.h
 %{_includedir}/wolfssl/wolfcrypt/misc.h
 %{_includedir}/wolfssl/wolfcrypt/mpi_class.h
@ -222,7 +227,7 @@ mkdir -p $RPM_BUILD_ROOT/
 %{_includedir}/wolfssl/wolfcrypt/types.h
 %{_includedir}/wolfssl/wolfcrypt/visibility.h
 %{_includedir}/wolfssl/wolfcrypt/wc_encrypt.h
-%{_includedir}/wolfssl/wolfcrypt/mem_track.h
+%{_includedir}/wolfssl/wolfcrypt/wolfevent.h
 %{_includedir}/wolfssl/error-ssl.h
 %{_includedir}/wolfssl/ocsp.h
 %{_includedir}/wolfssl/openssl/asn1.h
@ -269,6 +274,8 @@ mkdir -p $RPM_BUILD_ROOT/
 %{_libdir}/pkgconfig/wolfssl.pc

 %changelog
+* Fri Sep 23 2016 John Safranek <john@wolfssl.com>
+- Add the dtls-sctp example sources
 * Mon Jun 14 2016 Jacob Barthelmeh <jacob@wolfssl.com>
 - Change location for mem_track.h header
 - Added header for cmac.h
--- a/support/wolfssl.pc
+++ b/support/wolfssl.pc
@ -5,6 +5,6 @@ includedir=${prefix}/include

 Name: wolfssl
 Description: wolfssl C library.
-Version: 3.9.9
+Version: 3.9.10
 Libs: -L${libdir} -lwolfssl
 Cflags: -I${includedir}
--- a/wolfssl/version.h
+++ b/wolfssl/version.h
@ -28,8 +28,8 @@
 extern "C" {
 #endif

-#define LIBWOLFSSL_VERSION_STRING "3.9.9"
-#define LIBWOLFSSL_VERSION_HEX 0x03009009
+#define LIBWOLFSSL_VERSION_STRING "3.9.10"
+#define LIBWOLFSSL_VERSION_HEX 0x03009010

 #ifdef __cplusplus
 }