Updatde from stable branch.

[openssl.git] / CHANGES

diff --git a/CHANGES b/CHANGES
index 74da83b5326bca18378298fe6576b0fe36aecfbb..dce8985ad8c6630b78a061d972e6a2d1d85ffeae 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -727,16 +727,26 @@
   *) Change 'Configure' script to enable Camellia by default.
      [NTT]
 
- Changes between 0.9.8i and 0.9.8j  [xx XXX xxxx]
-  
-  *) Update Configure code and WIN32 build scripts to support experimental
-     code. This is surrounded by OPENSSL_EXPERIMENTAL_FOO and not compiled
-     in by default. Using the configuration option "enable-experimental-foo"
-     enables it. Use this option for JPAKE.
-     [Steve Henson]
+ Changes between 0.9.8i and 0.9.8j  [07 Jan 2009]
+
+  *) Properly check EVP_VerifyFinal() and similar return values
+     (CVE-2008-5077).
+     [Ben Laurie, Bodo Moeller, Google Security Team]
+
+  *) Allow the CHIL engine to be loaded, whether the application is
+     multithreaded or not. (This does not release the developer from the
+     obligation to set up the dynamic locking callbacks.)
+     [Sander Temme <sander@temme.net>]
+
+  *) Use correct exit code if there is an error in dgst command.
+     [Steve Henson; problem pointed out by Roland Dirlewanger]
+
+  *) Tweak Configure so that you need to say "experimental-jpake" to enable
+     JPAKE, and need to use -DOPENSSL_EXPERIMENTAL_JPAKE in applications.
+     [Bodo Moeller]
 
-  *) Add JPAKE support, including demo authentication in s_client and
-     s_server.
+  *) Add experimental JPAKE support, including demo authentication in
+     s_client and s_server.
      [Ben Laurie]
 
   *) Set the comparison function in v3_addr_canonize().