X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=CHANGES;h=d5142beebbc7855c872907806553b98a981779a2;hp=797c02118c11938899035b19b58ce9ae72034c1c;hb=dcca7b13e9066443237dd3001ae52fd103151c98;hpb=a4339ea3ba045b7da038148f0d48ce25f2996971

diff --git a/CHANGES b/CHANGES
index 797c02118c..d5142beebb 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,35 @@
 
  Changes between 1.0.2 and 1.1.0  [xx XXX xxxx]
 
+  *) Harmonize version and its documentation. -f flag is used to display
+     compilation flags.
+     [mancha <mancha1@zoho.com>]
+
+  *) Fix eckey_priv_encode so it immediately returns an error upon a failure
+     in i2d_ECPrivateKey.
+     [mancha <mancha1@zoho.com>]
+
+  *) Fix some double frees. These are not thought to be exploitable.
+     [mancha <mancha1@zoho.com>]
+
+  *) A missing bounds check in the handling of the TLS heartbeat extension
+     can be used to reveal up to 64k of memory to a connected client or
+     server.
+
+     Thanks for Neel Mehta of Google Security for discovering this bug and to
+     Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for
+     preparing the fix (CVE-2014-0160)
+     [Adam Langley, Bodo Moeller]
+
+  *) Fix for the attack described in the paper "Recovering OpenSSL
+     ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
+     by Yuval Yarom and Naomi Benger. Details can be obtained from:
+     http://eprint.iacr.org/2014/140
+
+     Thanks to Yuval Yarom and Naomi Benger for discovering this
+     flaw and to Yuval Yarom for supplying a fix (CVE-2014-0076)
+     [Yuval Yarom and Naomi Benger]
+
   *) Use algorithm specific chains in SSL_CTX_use_certificate_chain_file():
      this fixes a limiation in previous versions of OpenSSL.
      [Steve Henson]
@@ -282,23 +311,13 @@
      to be resent. (CVE-2013-6450)
      [Steve Henson]
 
-  *) TLS pad extension: draft-agl-tls-padding-02
+  *) TLS pad extension: draft-agl-tls-padding-03
 
      Workaround for the "TLS hang bug" (see FAQ and PR#2771): if the
      TLS client Hello record length value would otherwise be > 255 and
      less that 512 pad with a dummy extension containing zeroes so it
      is at least 512 bytes long.
 
-     To enable it use an unused extension number (for example chrome uses
-     35655) using:
-
-     e.g. -DTLSEXT_TYPE_padding=35655
-
-     Since the extension is ignored the actual number doesn't matter as long
-     as it doesn't clash with any existing extension.
-
-     This will be updated when the extension gets an official number.
-
      [Adam Langley, Steve Henson]
 
   *) Add functions to allocate and set the fields of an ECDSA_METHOD
@@ -2029,6 +2048,10 @@
      This fixes a DoS attack. (CVE-2013-0166)
      [Steve Henson]
 
+  *) Return an error when checking OCSP signatures when key is NULL.
+     This fixes a DoS attack. (CVE-2013-0166)
+     [Steve Henson]
+
   *) Call OCSP Stapling callback after ciphersuite has been chosen, so
      the right response is stapled. Also change SSL_get_certificate()
      so it returns the certificate actually sent.