X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=NEWS;h=c3f749778e7f55b9be474c65001c917076f1eb69;hp=240bd0a0018b38e7b0208968bb6e464571ae2a1a;hb=d356dc561925ec9cecc58a69e2280c18a49ec41a;hpb=eb64a6c6762652a5a293819f6934046e8a148c5e

diff --git a/NEWS b/NEWS
index 240bd0a001..c3f749778e 100644
--- a/NEWS
+++ b/NEWS
@@ -5,14 +5,19 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
-  Major changes between OpenSSL 1.0.2g and OpenSSL 1.1.0 [in pre-release]
+  Major changes between OpenSSL 1.0.2h and OpenSSL 1.1.0 [in pre-release]
 
+      o Copyright text was shrunk to a boilerplate that points to the license
+      o "shared" builds are now the default when possible
+      o Added support for "pipelining"
+      o Added the AFALG engine
+      o New threading API implemented
       o Support for ChaCha20 and Poly1305 added to libcrypto and libssl
       o Support for extended master secret
       o CCM ciphersuites
       o Reworked test suite, now based on perl, Test::Harness and Test::More
-      o Various libcrypto structures made opaque including: BIGNUM, EVP_MD,
-        EVP_MD_CTX, HMAC_CTX, EVP_CIPHER and EVP_CIPHER_CTX.
+      o *Most* libcrypto and libssl structures were made opaque including:
+        <TBA>
       o libssl internal structures made opaque
       o SSLv2 support removed
       o Kerberos ciphersuite support removed
@@ -40,6 +45,20 @@
       o Extended SSL_CONF support using configuration files
       o KDF algorithm support. Implement TLS PRF as a KDF.
       o Support for Certificate Transparency
+      o HKDF support.
+
+  Major changes between OpenSSL 1.0.2g and OpenSSL 1.0.2h [3 May 2016]
+
+      o Prevent padding oracle in AES-NI CBC MAC check (CVE-2016-2107)
+      o Fix EVP_EncodeUpdate overflow (CVE-2016-2105)
+      o Fix EVP_EncryptUpdate overflow (CVE-2016-2106)
+      o Prevent ASN.1 BIO excessive memory allocation (CVE-2016-2109)
+      o EBCDIC overread (CVE-2016-2176)
+      o Modify behavior of ALPN to invoke callback after SNI/servername
+        callback, such that updates to the SSL_CTX affect ALPN.
+      o Remove LOW from the DEFAULT cipher list.  This removes singles DES from
+        the default.
+      o Only remove the SSLv2 methods with the no-ssl2-method option.
 
   Major changes between OpenSSL 1.0.2f and OpenSSL 1.0.2g [1 Mar 2016]