X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=CHANGES;h=fab83ce003980ee41047a301de5c97159ada6e63;hp=12a797eee534c623e49e8a7b004733c84d726f24;hb=0cc0db32e31934a86ded458660a65b076f882ea8;hpb=76ec9151d12c53edf15d11f0a7c9658450af2cba

diff --git a/CHANGES b/CHANGES
index 12a797eee5..fab83ce003 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,21 @@
 
  Changes between 0.9.8k and 1.0  [xx XXX xxxx]
 
+  *) The function EVP_PKEY_sign() returns <=0 on error: check return code
+     correctly.
+     [Julia Lawall <julia@diku.dk>]
+
+  *) Update verify callback code in apps/s_cb.c and apps/verify.c, it
+     needlessly dereferenced structures, used obsolete functions and
+     didn't handle all updated verify codes correctly.
+     [Steve Henson]
+
+  *) Delete MD2 from algorithm tables. This follows the recommendation in 
+     several standards that it is not used in new applications due to
+     several cryptographic weaknesses. The algorithm is also disabled in
+     the default configuration.
+     [Steve Henson]
+
   *) In BIO_pop() and BIO_push() use the ctrl argument (which was NULL) to
      indicate the initial BIO being pushed or popped. This makes it possible
      to determine whether the BIO is the one explicitly called or as a result
@@ -808,6 +823,26 @@
 
  Changes between 0.9.8k and 0.9.8l  [xx XXX xxxx]
 
+  *) The functions ENGINE_ctrl(), OPENSSL_isservice(),
+     CMS_get1_RecipientRequest() and RAND_bytes() can return <=0 on error
+     fixes for a few places where the return code is not checked
+     correctly.
+     [Julia Lawall <julia@diku.dk>]
+
+  *) Add --strict-warnings option to Configure script to include devteam
+     warnings in other configurations.
+     [Steve Henson]
+
+  *) Add support for --libdir option and LIBDIR variable in makefiles. This
+     makes it possible to install openssl libraries in locations which 
+     have names other than "lib", for example "/usr/lib64" which some
+     systems need.
+     [Steve Henson, based on patch from Jeremy Utley]
+
+  *) Don't allow the use of leading 0x80 in OIDs. This is a violation of
+     X690 8.9.12 and can produce some misleading textual output of OIDs.
+     [Steve Henson, reported by Dan Kaminsky]
+
   *) Add compression id to {d2i,i2d}_SSL_SESSION so it is correctly saved
      and restored.
      [Steve Henson]