X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=CHANGES;h=7005f1cd892fe6e117abc064276c2cd6e1b78741;hp=a0736f43f3391a2dc1361773ee2919b11be20171;hb=7bbd0de88dd179be6171ecf9e190561127cdd15f;hpb=c0b8eb606fc6e31bff2f7ceadcd8441a646fdcee

diff --git a/CHANGES b/CHANGES
index a0736f43f3..7005f1cd89 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,11 @@
 
  Changes between 1.0.0 and 1.1.0  [xx XXX xxxx]
 
+  *) New function OPENSSL_gmtime_diff to find the difference in days
+     and seconds between two tm structures. This will be used to provide
+     additional functionality for ASN1_TIME.
+     [Steve Henson]
+
   *) New -sigopt option to the ca, req and x509 utilities. Additional
      signature parameters can be passed using this option and in
      particular PSS. 
@@ -66,16 +71,6 @@
      multi-process servers.
      [Steve Henson]
 
-  *) Initial TLSv1.1 support. Since TLSv1.1 is very similar to TLS v1.0 only
-     a few changes are required:
-
-       Add SSL_OP_NO_TLSv1_1 flag.
-       Add TLSv1_1 methods.
-       Update version checking logic to handle version 1.1.
-       Add explicit IV handling (ported from DTLS code).
-       Add command line options to s_client/s_server.
-     [Steve Henson]
-
   *) Experiemental password based recipient info support for CMS library:
      implementing RFC3211.
      [Steve Henson]
@@ -98,6 +93,32 @@
      is enable if DEBUG_UNUSED is set. Add to several functions in evp.h
      whose return value is often ignored. 
      [Steve Henson]
+  
+ Changes between 1.0.0 and 1.0.1  [xx XXX xxxx]
+
+  *) Add call to ENGINE_register_all_complete() to
+     ENGINE_load_builtin_engines(), so some implementations get used
+     automatically instead of needing explicit application support.
+     [Steve Henson]
+
+  *) Add support for TLS key exporter as described in RFC5705.
+     [Robin Seggelmann <seggelmann@fh-muenster.de>, Steve Henson]
+
+  *) Initial TLSv1.1 support. Since TLSv1.1 is very similar to TLS v1.0 only
+     a few changes are required:
+
+       Add SSL_OP_NO_TLSv1_1 flag.
+       Add TLSv1_1 methods.
+       Update version checking logic to handle version 1.1.
+       Add explicit IV handling (ported from DTLS code).
+       Add command line options to s_client/s_server.
+     [Steve Henson]
+
+ Changes between 1.0.0 and 1.0.0a  [xx XXX xxxx]
+  
+  *) Check return value of int_rsa_verify in pkey_rsa_verifyrecover 
+     (CVE-2010-1633)
+     [Steve Henson, Peter-Michael Hager <hager@dortmund.net>]
 
  Changes between 0.9.8n and 1.0.0  [xx XXX xxxx]
 
@@ -942,6 +963,10 @@
   
  Changes between 0.9.8n and 0.9.8o [xx XXX xxxx]
 
+  *) Correct a typo in the CMS ASN1 module which can result in invalid memory
+     access or freeing data twice (CVE-2010-0742)
+     [Steve Henson, Ronald Moesbergen <intercommit@gmail.com>]
+
   *) Add SHA2 algorithms to SSL_library_init(). SHA2 is becoming far more
      common in certificates and some applications which only call
      SSL_library_init and not OpenSSL_add_all_algorithms() will fail.