Sync with 1.0.1 branch.

(CVE-2011-0014 OCSP stapling fix has been applied to HEAD as well.)
author: Bodo Möller <bodo@openssl.org> 2011-02-08 19:09:08 +0000
committer: Bodo Möller <bodo@openssl.org> 2011-02-08 19:09:08 +0000
commit: c415adc26ffd07c7a9f42e7ec3aff0b404a4ce5f (patch)
tree: d5b8716a008a75946b11415b719c932087795be1 /CHANGES
parent: 9afe95099deec8a6d2fcfde323124c0945ee9b58 (diff)
1 files changed, 29 insertions, 3 deletions
diff --git a/CHANGES b/CHANGES
index 72b5ace4bc..05d95a82d6 100644
--- a/CHANGES
+++ b/CHANGES
@@ -146,7 +146,7 @@
      whose return value is often ignored. 
      [Steve Henson]
   
- Changes between 1.0.0c and 1.0.1  [xx XXX xxxx]
+ Changes between 1.0.0d and 1.0.1  [xx XXX xxxx]
 
   *) Add functions to copy EVP_PKEY_METHOD and retrieve flags and id.
      [Steve Henson]
@@ -185,7 +185,10 @@
        Add command line options to s_client/s_server.
      [Steve Henson]
 
- Changes between 1.0.0c and 1.0.0d [xx XXX xxxx]
+ Changes between 1.0.0c and 1.0.0d [8 Feb 2011]
+
+  *) Fix parsing of OCSP stapling ClientHello extension. CVE-2011-0014
+     [Neel Mehta, Adam Langley, Bodo Moeller (Google)]
 
   *) Fix bug in string printing code: if *any* escaping is enabled we must
      escape the escape character (backslash) or the resulting string is
@@ -1062,11 +1065,34 @@
   *) Change 'Configure' script to enable Camellia by default.
      [NTT]
   
- Changes between 0.9.8o and 0.9.8p [xx XXX xxxx]
+ Changes between 0.9.8q and 0.9.8r [8 Feb 2011]
+
+  *) Fix parsing of OCSP stapling ClientHello extension. CVE-2011-0014
+     [Neel Mehta, Adam Langley, Bodo Moeller (Google)]
+
+  *) Fix bug in string printing code: if *any* escaping is enabled we must
+     escape the escape character (backslash) or the resulting string is
+     ambiguous.
+     [Steve Henson]
+
+ Changes between 0.9.8p and 0.9.8q [2 Dec 2010]
+
+  *) Disable code workaround for ancient and obsolete Netscape browsers
+     and servers: an attacker can use it in a ciphersuite downgrade attack.
+     Thanks to Martin Rex for discovering this bug. CVE-2010-4180
+     [Steve Henson]
+
+  *) Fixed J-PAKE implementation error, originally discovered by
+     Sebastien Martini, further info and confirmation from Stefan
+     Arentz and Feng Hao. Note that this fix is a security fix. CVE-2010-4252
+     [Ben Laurie]
+
+ Changes between 0.9.8o and 0.9.8p [16 Nov 2010]
 
   *) Fix extension code to avoid race conditions which can result in a buffer
      overrun vulnerability: resumed sessions must not be modified as they can
      be shared by multiple threads. CVE-2010-3864
+     [Steve Henson]
 
   *) Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939
      [Steve Henson]
author	Bodo Möller <bodo@openssl.org>	2011-02-08 19:09:08 +0000
committer	Bodo Möller <bodo@openssl.org>	2011-02-08 19:09:08 +0000
commit	c415adc26ffd07c7a9f42e7ec3aff0b404a4ce5f (patch)
tree	d5b8716a008a75946b11415b719c932087795be1 /CHANGES
parent	9afe95099deec8a6d2fcfde323124c0945ee9b58 (diff)