X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=CHANGES;h=6d684ce703a2da324bf5c5fe63de3d27e380db04;hp=803be2de468ea73db8823e23db2bedd5321fb9ca;hb=c2359eb18cc04e606d12c47b19a007ab685f7fc4;hpb=df1ff3f1b3881f9240e0eb4638f605f7f8fa8e4c

diff --git a/CHANGES b/CHANGES
index 803be2de46..6d684ce703 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,33 @@
 
  Changes between 0.9.5 and 0.9.5a  [XX XXX 2000]
 
+  *) Use lock CRYPTO_LOCK_RAND correctly in ssleay_rand_status
+     (the default implementation of RAND_status).
+
+  *) Rename openssl x509 option '-crlext', which was added in 0.9.5,
+     to '-clrext' (= clear extensions), as intended and documented.
+     [Bodo Moeller; inconsistency pointed out by Michael Attili
+     <attili@amaxo.com>]
+
+  *) Fix for HMAC. It wasn't zeroing the rest of the block if the key length
+     was larger than the MD block size.      
+     [Steve Henson, pointed out by Yost William <YostW@tce.com>]
+
+  *) Modernise PKCS12_parse() so it uses STACK_OF(X509) for its ca argument
+     fix a leak when the ca argument was passed as NULL. Stop X509_PUBKEY_set()
+     using the passed key: if the passed key was a private key the result
+     of X509_print(), for example, would be to print out all the private key
+     components.
+     [Steve Henson]
+
+  *) des_quad_cksum() byte order bug fix.
+     [Ulf Möller, using the problem description in krb4-0.9.7, where
+      the solution is attributed to Derrick J Brashear <shadow@DEMENTIA.ORG>]
+
+  *) Fix so V_ASN1_APP_CHOOSE works again: however its use is strongly
+     discouraged.
+     [Steve Henson, pointed out by Brian Korver <briank@cs.stanford.edu>]
+
   *) For easily testing in shell scripts whether some command
      'openssl XXX' exists, the new pseudo-command 'openssl no-XXX'
      returns with exit code 0 iff no command of the given name is available.