PR: 2314

[openssl.git] / CHANGES

diff --git a/CHANGES b/CHANGES
index 114f339e2968c599df817bc7b6a8d041fc0fb767..2944acae7568b8b926c46c473cb700bb856de1dd 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -2,7 +2,7 @@
  OpenSSL CHANGES
  _______________
 
- Changes between 1.0.0 and 1.1.0  [xx XXX xxxx]
+ Changes between 1.0.1 and 1.1.0  [xx XXX xxxx]
 
   *) Improve forward-security support: add functions
 
@@ -123,7 +123,7 @@
      whose return value is often ignored. 
      [Steve Henson]
   
- Changes between 1.0.0a and 1.0.1  [xx XXX xxxx]
+ Changes between 1.0.0b and 1.0.1  [xx XXX xxxx]
 
   *) Add EC_GFp_nistp224_method(), a 64-bit optimized implementation for
      elliptic curve NIST-P224 with constant-time single point multiplication on
@@ -173,6 +173,9 @@
 
  Changes between 0.9.8n and 1.0.0  [29 Mar 2010]
 
+  *) Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939
+     [Steve Henson]
+
   *) Add "missing" function EVP_CIPHER_CTX_copy(). This copies a cipher
      context. The operation can be customised via the ctrl mechanism in
      case ENGINEs want to include additional functionality.
@@ -1014,6 +1017,11 @@
   
  Changes between 0.9.8o and 0.9.8p [xx XXX xxxx]
 
+  *) Don't reencode certificate when calculating signature: cache and use
+     the original encoding instead. This makes signature verification of
+     some broken encodings work correctly.
+     [Steve Henson]
+
   *) ec2_GF2m_simple_mul bugfix: compute correct result if the output EC_POINT
      is also one of the inputs.
      [Emilia Käsper <emilia.kasper@esat.kuleuven.be> (Google)]