X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=CHANGES;h=f4dee4f0e04ca6f7687dcf3b2b4b6910727e3ce8;hp=81cd6c5a7feba439b0c4a7fd038a66d85e3a5950;hb=7242cd8f8f862a5e7f7eddb34b7ffc0a0d38df4b;hpb=f2e5ca84d4d218a29e2c960d9b23a40d8236cd06

diff --git a/CHANGES b/CHANGES
index 81cd6c5a7f..f4dee4f0e0 100644
--- a/CHANGES
+++ b/CHANGES
@@ -3,6 +3,51 @@
 
  Changes between 0.9.6 and 0.9.7  [xx XXX 2000]
 
+  *) Don't use getenv in library functions when run as setuid/setgid.
+     New function OPENSSL_issetugid().
+     [Ulf Moeller]
+
+  *) Make all configuration macros available for application by making
+     sure they are available in opensslconf.h, by giving them names starting
+     with "OPENSSL_" to avoid conflicts with other packages and by making
+     sure e_os2.h will cover all platform-specific cases together with
+     opensslconf.h.
+     Additionally, it is now possible to define configuration/platform-
+     specific names (called "system identities").  In the C code, these
+     are prefixed with "OPENSSL_SYSNAME_".  e_os2.h will create another
+     macro with the name beginning with "OPENSSL_SYS_", which is determined
+     from "OPENSSL_SYSNAME_*" or compiler-specific macros depending on
+     what is available.
+     [Richard Levitte]
+
+  *) New option -set_serial to 'req' and 'x509' this allows the serial
+     number to use to be specified on the command line. Previously self
+     signed certificates were hard coded with serial number 0 and the 
+     CA options of 'x509' had to use a serial number in a file which was
+     auto incremented.
+     [Steve Henson]
+
+  *) Avoid false positives in memory leak detection code (crypto/mem_dbg.c)
+     due to incorrect handling of multi-threading:
+
+     1. Fix timing glitch in the MemCheck_off() portion of CRYPTO_mem_ctrl().
+
+     2. Fix logical glitch in is_MemCheck_on() aka CRYPTO_is_mem_check_on().
+
+     3. Count how many times MemCheck_off() has been called so that
+        nested use can be treated correctly.  This also avoids 
+        inband-signalling in the previous code (which relied on the
+        assumption that thread ID 0 is impossible).
+     [Bodo Moeller]
+
+  *) New options to 'ca' utility to support V2 CRL entry extensions.
+     Currently CRL reason, invalidity date and hold instruction are
+     supported. Add new CRL extensions to V3 code and some new objects.
+     [Steve Henson]
+
+  *) Add "-rand" option also to s_client and s_server.
+     [Lutz Jaenicke]
+
   *) New function EVP_CIPHER_CTX_set_padding() this is used to
      disable standard block padding (aka PKCS#5 padding) in the EVP
      API, which was previously mandatory. This means that the data is