X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=CHANGES;h=7c44f0d9899e59450f397cec5ca2efb6939f61d0;hp=bc985c517b710677d4c0f0dab4557226575a0bea;hb=7edfe6745670d2f4d53d96f268f2dba11326a51c;hpb=e49af2ac380cbf8d4361be6fb548b7773e5bd810

diff --git a/CHANGES b/CHANGES
index bc985c517b..7c44f0d989 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,10 @@
 
  Changes between 1.0.1 and 1.1.0  [xx XXX xxxx]
 
+  *) If a candidate issuer certificate is already part of the constructed
+     path ignore it: new debug notification X509_V_ERR_PATH_LOOP for this case.
+     [Steve Henson]
+
   *) Improve forward-security support: add functions
 
        void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx, int (*cb)(SSL *ssl, int is_forward_secure))
@@ -123,7 +127,10 @@
      whose return value is often ignored. 
      [Steve Henson]
   
- Changes between 1.0.0b and 1.0.1  [xx XXX xxxx]
+ Changes between 1.0.0c and 1.0.1  [xx XXX xxxx]
+
+  *) Add functions to copy EVP_PKEY_METHOD and retrieve flags and id.
+     [Steve Henson]
 
   *) Add EC_GFp_nistp224_method(), a 64-bit optimized implementation for
      elliptic curve NIST-P224 with constant-time single point multiplication on
@@ -159,7 +166,25 @@
        Add command line options to s_client/s_server.
      [Steve Henson]
 
- Changes between 1.0.0a and 1.0.0b  [xx XXX xxxx]
+ Changes between 1.0.0c and 1.0.0d [xx XXX xxxx]
+
+  *) Fix bug in string printing code: if *any* escaping is enabled we must
+     escape the escape character (backslash) or the resulting string is
+     ambiguous.
+     [Steve Henson]
+
+ Changes between 1.0.0b and 1.0.0c  [2 Dec 2010]
+
+  *) Fixed J-PAKE implementation error, originally discovered by
+     Sebastien Martini, further info and confirmation from Stefan
+     Arentz and Feng Hao. Note that this fix is a security fix. CVE-2010-4252
+     [Ben Laurie]
+
+ Changes between 1.0.0a and 1.0.0b  [16 Nov 2010]
+
+  *) Fix extension code to avoid race conditions which can result in a buffer
+     overrun vulnerability: resumed sessions must not be modified as they can
+     be shared by multiple threads. CVE-2010-3864
 
   *) Fix WIN32 build system to correctly link an ENGINE directory into
      a DLL. 
@@ -1014,6 +1039,10 @@
   
  Changes between 0.9.8o and 0.9.8p [xx XXX xxxx]
 
+  *) Fix extension code to avoid race conditions which can result in a buffer
+     overrun vulnerability: resumed sessions must not be modified as they can
+     be shared by multiple threads. CVE-2010-3864
+
   *) Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939
      [Steve Henson]