X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=CHANGES;h=10b23debee31b8a33a82f48d9684ce081478554c;hp=103517a700cf0ab9ff1d1f853776cadfab568200;hb=f1e6643751d1f6a30bd63c4dab7c0a10a9bc9ec5;hpb=08b977b5a5e1e0dbf62737d159e810434a6b80ce

diff --git a/CHANGES b/CHANGES
index 103517a700..10b23debee 100644
--- a/CHANGES
+++ b/CHANGES
@@ -41,8 +41,10 @@
  Changes between 0.9.6d and 0.9.7  [XX xxx 2002]
 
   *) Make object definitions compliant to LDAP (RFC2256): SN is the short
-     form for "surname", serialNumber has no short form (Michael Bell
-     <michael.bell@rz.hu-berlin.de>).
+     form for "surname", serialNumber has no short form.
+     Use "mail" as the short name for "rfc822Mailbox" according to RFC2798;
+     therefore remove "mail" short name for "internet 7".
+     Some more OID additions. (Michael Bell <michael.bell@rz.hu-berlin.de>)
      [Lutz Jaenicke]
 
   *) Add an "init" command to the ENGINE config module and auto initialize
@@ -1625,6 +1627,33 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
 
  Changes between 0.9.6c and 0.9.6d  [XX xxx 2002]
 
+  *) Check various X509_...() return values in apps/req.c.
+     [Nils Larsch <nla@trustcenter.de>]
+
+  *) Fix BASE64 decode (EVP_DecodeUpdate) for data with CR/LF ended lines:
+     an end-of-file condition would erronously be flagged, when the CRLF
+     was just at the end of a processed block. The bug was discovered when
+     processing data through a buffering memory BIO handing the data to a
+     BASE64-decoding BIO. Bug fund and patch submitted by Pavel Tsekov
+     <ptsekov@syntrex.com> and Nedelcho Stanev.
+     [Lutz Jaenicke]
+
+  *) Implement a countermeasure against a vulnerability recently found
+     in CBC ciphersuites in SSL 3.0/TLS 1.0: Send an empty fragment
+     before application data chunks to avoid the use of known IVs
+     with data potentially chosen by the attacker.
+     [Bodo Moeller]
+
+  *) Fix length checks in ssl3_get_client_hello().
+     [Bodo Moeller]
+
+  *) TLS/SSL library bugfix: use s->s3->in_read_app_data differently
+     to prevent ssl3_read_internal() from incorrectly assuming that
+     ssl3_read_bytes() found application data while handshake
+     processing was enabled when in fact s->s3->in_read_app_data was
+     merely automatically cleared during the initial handshake.
+     [Bodo Moeller; problem pointed out by Arne Ansper <arne@ats.cyber.ee>]
+
   *) Fix object definitions for Private and Enterprise: they were not
      recognized in their shortname (=lowercase) representation. Extend
      obj_dat.pl to issue an error when using undefined keywords instead