X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=NEWS;h=854d25cc992b7a8634f797827121fd9327c55e67;hp=9db4561701e0b01c0f32dde109821bad5d52a01d;hb=66d3e7481eb2e1415f0f42b4f979bd64b564f698;hpb=3ba25ee86a3758cc659c954b59718d8397030768

diff --git a/NEWS b/NEWS
index 9db4561701..854d25cc99 100644
--- a/NEWS
+++ b/NEWS
@@ -9,6 +9,50 @@
 
       o New library section OCSP.
       o Complete haul-over of the ASN.1 library section.
+      o Support for external crypto devices ('engine') is no longer
+        a separate distribution.
+
+  Changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b:
+
+      o Security fix: PRNG improvements.
+      o Security fix: RSA OAEP check.
+      o Security fix: Reinsert and fix countermeasure to Bleichbacher's
+        attack.
+      o MIPS bug fix in BIGNUM.
+      o Bug fix in "openssl enc".
+      o Bug fix in X.509 printing routine.
+      o Bug fix in DSA verification routine and DSA S/MIME verification.
+      o Bug fix to make PRNG thread-safe.
+      o Bug fix in RAND_file_name().
+      o Bug fix in compatibility mode trust settings.
+      o Bug fix in blowfish EVP.
+      o Increase default size for BIO buffering filter.
+      o Compatibility fixes in some scripts.
+
+  Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.6a:
+
+      o Security fix: change behavior of OpenSSL to avoid using
+        environment variables when running as root.
+      o Security fix: check the result of RSA-CRT to reduce the
+        possibility of deducing the private key from an incorrectly
+        calculated signature.
+      o Security fix: prevent Bleichenbacher's DSA attack.
+      o Security fix: Zero the premaster secret after deriving the
+        master secret in DH ciphersuites.
+      o Reimplement SSL_peek(), which had various problems.
+      o Compatibility fix: the function des_encrypt() renamed to
+        des_encrypt1() to avoid clashes with some Unixen libc.
+      o Bug fixes for Win32, HP/UX and Irix.
+      o Bug fixes in BIGNUM, SSL, PKCS#7, PKCS#12, X.509, CONF and
+        memory checking routines.
+      o Bug fixes for RSA operations in threaded enviroments.
+      o Bug fixes in misc. openssl applications.
+      o Remove a few potential memory leaks.
+      o Add tighter checks of BIGNUM routines.
+      o Shared library support has been reworked for generality.
+      o More documentation.
+      o New function BN_rand_range().
+      o Add "-rand" option to openssl s_client and s_server.
 
   Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6:
 
@@ -19,9 +63,12 @@
       o New 'rsautl' application, low level RSA utility.
       o MD4 now included.
       o Bugfix for SSL rollback padding check.
-      o Support for external crypto devices.
+      o Support for external crypto devices [1].
       o Enhanced EVP interface.
 
+    [1] The support for external crypto devices is currently a separate
+        distribution.  See the file README.ENGINE.
+
   Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a:
 
       o Bug fixes for Win32, SuSE Linux, NeXTSTEP and FreeBSD 2.2.8