--- gvpe/NEWS	2015/01/29 00:24:21	1.125
+++ gvpe/NEWS	2016/06/30 11:43:38	1.130
@@ -13,11 +13,14 @@
 TODO: if-up &c should not be scripts?
 TODO: ipv6
 TODO: gvpectrl should not use default privatekey,. or maybe document it better
+TODO: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=828336
 	- INCOMPATIBLE CHANGE: core protocol version 1.0.
         - INCOMPATIBLE CHANGE: node sections are now introduced
           with "node nodename", not "node = nodename".
+        - add workaround for temporary/rare ENOBUFS condition.
         - while individual packets couldn't be replayed, a whole session
           could be replayed - this has been fixed by an extra key exchange.
+        - fix a delete vs. delete [] mismatch in the central logging function.
         - in addition to rsa key exchange and authentication, the handshake now
           adds a diffie-hellman key exchange (using curve25119) for perfect
           forward secrecy. mac and cipher keys are derived using HKDF.
@@ -51,6 +54,12 @@
           authentication errors are now being ignored for 3 seconds.
         - log the reason for a conneciton loss.
         - use a (hopefully) constant time memcmp to compare internal secrets.
+        - fix a (harmless) errornous out of bounds stack read that would trigger
+          gcc's -fsanitize=address.
+        - bump old packet window size from 512 to 65536.
+        - update for big changes in openssl 1.1 API, wrap primitives
+          to make further changes easier.
+        - correctly check return values for openssl 1.0.0 and later.
           
 2.25 Sat Jul 13 06:42:33 CEST 2013
 	- INCOMPATIBLE CHANGE: no longer enable udp protocol if no other