Loading NEWS +33 −84 Original line number Diff line number Diff line Loading @@ -5,7 +5,23 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. Major changes between OpenSSL 1.0.1j and OpenSSL 1.0.2 [in beta]: Major changes between OpenSSL 1.0.2 and OpenSSL 1.0.2a [under development] o OpenSSL 1.0.2 ClientHello sigalgs DoS fix (CVE-2015-0291) o Multiblock corrupted pointer fix (CVE-2015-0290) o Segmentation fault in DTLSv1_listen fix (CVE-2015-0207) o Segmentation fault in ASN1_TYPE_cmp fix (CVE-2015-0286) o Segmentation fault for invalid PSS parameters fix (CVE-2015-0208) o ASN.1 structure reuse memory corruption fix (CVE-2015-0287) o PKCS7 NULL pointer dereferences fix (CVE-2015-0289) o DoS via reachable assert in SSLv2 servers fix (CVE-2015-0293) o Empty CKE with client auth and DHE fix (CVE-2015-1787) o Handshake with unseeded PRNG fix (CVE-2015-0285) o Use After Free following d2i_ECPrivatekey error fix (CVE-2015-0209) o X509_to_X509_REQ NULL pointer deref fix (CVE-2015-0288) o Removed the export ciphers from the DEFAULT ciphers Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.2 [22 Jan 2015]: o Suite B support for TLS 1.2 and DTLS 1.2 o Support for DTLS 1.2 Loading @@ -16,6 +32,21 @@ o ALPN support. o CMS support for RSA-PSS, RSA-OAEP, ECDH and X9.42 DH. Major changes between OpenSSL 1.0.1k and OpenSSL 1.0.1l [15 Jan 2015] o Build fixes for the Windows and OpenVMS platforms Major changes between OpenSSL 1.0.1j and OpenSSL 1.0.1k [8 Jan 2015] o Fix for CVE-2014-3571 o Fix for CVE-2015-0206 o Fix for CVE-2014-3569 o Fix for CVE-2014-3572 o Fix for CVE-2015-0204 o Fix for CVE-2015-0205 o Fix for CVE-2014-8275 o Fix for CVE-2014-3570 Major changes between OpenSSL 1.0.1i and OpenSSL 1.0.1j [15 Oct 2014] o Fix for CVE-2014-3513 Loading @@ -39,6 +70,7 @@ o Fix for CVE-2014-0224 o Fix for CVE-2014-0221 o Fix for CVE-2014-0198 o Fix for CVE-2014-0195 o Fix for CVE-2014-3470 o Fix for CVE-2010-5298 Loading Loading @@ -98,23 +130,6 @@ o Preliminary FIPS capability for unvalidated 2.0 FIPS module. o SRP support. Major changes between OpenSSL 1.0.0k and OpenSSL 1.0.0l [6 Jan 2014] o Fix for DTLS retransmission bug CVE-2013-6450 Major changes between OpenSSL 1.0.0j and OpenSSL 1.0.0k [5 Feb 2013]: o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169 o Fix OCSP bad key DoS attack CVE-2013-0166 Major changes between OpenSSL 1.0.0i and OpenSSL 1.0.0j [10 May 2012]: o Fix DTLS record length checking bug CVE-2012-2333 Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.0i [19 Apr 2012]: o Fix for ASN1 overflow bug CVE-2012-2110 Major changes between OpenSSL 1.0.0g and OpenSSL 1.0.0h [12 Mar 2012]: o Fix for CMS/PKCS#7 MMA CVE-2012-0884 Loading Loading @@ -187,72 +202,6 @@ o Opaque PRF Input TLS extension support. o Updated time routines to avoid OS limitations. Major changes between OpenSSL 0.9.8y and OpenSSL 0.9.8za [5 Jun 2014]: o Fix for CVE-2014-0224 o Fix for CVE-2014-0221 o Fix for CVE-2014-0195 o Fix for CVE-2014-3470 o Fix for CVE-2014-0076 o Fix for CVE-2010-5298 o Fix to TLS alert handling. Major changes between OpenSSL 0.9.8x and OpenSSL 0.9.8y [5 Feb 2013]: o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169 o Fix OCSP bad key DoS attack CVE-2013-0166 Major changes between OpenSSL 0.9.8w and OpenSSL 0.9.8x [10 May 2012]: o Fix DTLS record length checking bug CVE-2012-2333 Major changes between OpenSSL 0.9.8v and OpenSSL 0.9.8w [23 Apr 2012]: o Fix for CVE-2012-2131 (corrected fix for 0.9.8 and CVE-2012-2110) Major changes between OpenSSL 0.9.8u and OpenSSL 0.9.8v [19 Apr 2012]: o Fix for ASN1 overflow bug CVE-2012-2110 Major changes between OpenSSL 0.9.8t and OpenSSL 0.9.8u [12 Mar 2012]: o Fix for CMS/PKCS#7 MMA CVE-2012-0884 o Corrected fix for CVE-2011-4619 o Various DTLS fixes. Major changes between OpenSSL 0.9.8s and OpenSSL 0.9.8t [18 Jan 2012]: o Fix for DTLS DoS issue CVE-2012-0050 Major changes between OpenSSL 0.9.8r and OpenSSL 0.9.8s [4 Jan 2012]: o Fix for DTLS plaintext recovery attack CVE-2011-4108 o Fix policy check double free error CVE-2011-4109 o Clear block padding bytes of SSL 3.0 records CVE-2011-4576 o Only allow one SGC handshake restart for SSL/TLS CVE-2011-4619 o Check for malformed RFC3779 data CVE-2011-4577 Major changes between OpenSSL 0.9.8q and OpenSSL 0.9.8r [8 Feb 2011]: o Fix for security issue CVE-2011-0014 Major changes between OpenSSL 0.9.8p and OpenSSL 0.9.8q [2 Dec 2010]: o Fix for security issue CVE-2010-4180 o Fix for CVE-2010-4252 Major changes between OpenSSL 0.9.8o and OpenSSL 0.9.8p [16 Nov 2010]: o Fix for security issue CVE-2010-3864. Major changes between OpenSSL 0.9.8n and OpenSSL 0.9.8o [1 Jun 2010]: o Fix for security issue CVE-2010-0742. o Various DTLS fixes. o Recognise SHA2 certificates if only SSL algorithms added. o Fix for no-rc4 compilation. o Chil ENGINE unload workaround. Major changes between OpenSSL 0.9.8m and OpenSSL 0.9.8n [24 Mar 2010]: o CFB cipher definition fixes. Loading Loading
NEWS +33 −84 Original line number Diff line number Diff line Loading @@ -5,7 +5,23 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. Major changes between OpenSSL 1.0.1j and OpenSSL 1.0.2 [in beta]: Major changes between OpenSSL 1.0.2 and OpenSSL 1.0.2a [under development] o OpenSSL 1.0.2 ClientHello sigalgs DoS fix (CVE-2015-0291) o Multiblock corrupted pointer fix (CVE-2015-0290) o Segmentation fault in DTLSv1_listen fix (CVE-2015-0207) o Segmentation fault in ASN1_TYPE_cmp fix (CVE-2015-0286) o Segmentation fault for invalid PSS parameters fix (CVE-2015-0208) o ASN.1 structure reuse memory corruption fix (CVE-2015-0287) o PKCS7 NULL pointer dereferences fix (CVE-2015-0289) o DoS via reachable assert in SSLv2 servers fix (CVE-2015-0293) o Empty CKE with client auth and DHE fix (CVE-2015-1787) o Handshake with unseeded PRNG fix (CVE-2015-0285) o Use After Free following d2i_ECPrivatekey error fix (CVE-2015-0209) o X509_to_X509_REQ NULL pointer deref fix (CVE-2015-0288) o Removed the export ciphers from the DEFAULT ciphers Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.2 [22 Jan 2015]: o Suite B support for TLS 1.2 and DTLS 1.2 o Support for DTLS 1.2 Loading @@ -16,6 +32,21 @@ o ALPN support. o CMS support for RSA-PSS, RSA-OAEP, ECDH and X9.42 DH. Major changes between OpenSSL 1.0.1k and OpenSSL 1.0.1l [15 Jan 2015] o Build fixes for the Windows and OpenVMS platforms Major changes between OpenSSL 1.0.1j and OpenSSL 1.0.1k [8 Jan 2015] o Fix for CVE-2014-3571 o Fix for CVE-2015-0206 o Fix for CVE-2014-3569 o Fix for CVE-2014-3572 o Fix for CVE-2015-0204 o Fix for CVE-2015-0205 o Fix for CVE-2014-8275 o Fix for CVE-2014-3570 Major changes between OpenSSL 1.0.1i and OpenSSL 1.0.1j [15 Oct 2014] o Fix for CVE-2014-3513 Loading @@ -39,6 +70,7 @@ o Fix for CVE-2014-0224 o Fix for CVE-2014-0221 o Fix for CVE-2014-0198 o Fix for CVE-2014-0195 o Fix for CVE-2014-3470 o Fix for CVE-2010-5298 Loading Loading @@ -98,23 +130,6 @@ o Preliminary FIPS capability for unvalidated 2.0 FIPS module. o SRP support. Major changes between OpenSSL 1.0.0k and OpenSSL 1.0.0l [6 Jan 2014] o Fix for DTLS retransmission bug CVE-2013-6450 Major changes between OpenSSL 1.0.0j and OpenSSL 1.0.0k [5 Feb 2013]: o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169 o Fix OCSP bad key DoS attack CVE-2013-0166 Major changes between OpenSSL 1.0.0i and OpenSSL 1.0.0j [10 May 2012]: o Fix DTLS record length checking bug CVE-2012-2333 Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.0i [19 Apr 2012]: o Fix for ASN1 overflow bug CVE-2012-2110 Major changes between OpenSSL 1.0.0g and OpenSSL 1.0.0h [12 Mar 2012]: o Fix for CMS/PKCS#7 MMA CVE-2012-0884 Loading Loading @@ -187,72 +202,6 @@ o Opaque PRF Input TLS extension support. o Updated time routines to avoid OS limitations. Major changes between OpenSSL 0.9.8y and OpenSSL 0.9.8za [5 Jun 2014]: o Fix for CVE-2014-0224 o Fix for CVE-2014-0221 o Fix for CVE-2014-0195 o Fix for CVE-2014-3470 o Fix for CVE-2014-0076 o Fix for CVE-2010-5298 o Fix to TLS alert handling. Major changes between OpenSSL 0.9.8x and OpenSSL 0.9.8y [5 Feb 2013]: o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169 o Fix OCSP bad key DoS attack CVE-2013-0166 Major changes between OpenSSL 0.9.8w and OpenSSL 0.9.8x [10 May 2012]: o Fix DTLS record length checking bug CVE-2012-2333 Major changes between OpenSSL 0.9.8v and OpenSSL 0.9.8w [23 Apr 2012]: o Fix for CVE-2012-2131 (corrected fix for 0.9.8 and CVE-2012-2110) Major changes between OpenSSL 0.9.8u and OpenSSL 0.9.8v [19 Apr 2012]: o Fix for ASN1 overflow bug CVE-2012-2110 Major changes between OpenSSL 0.9.8t and OpenSSL 0.9.8u [12 Mar 2012]: o Fix for CMS/PKCS#7 MMA CVE-2012-0884 o Corrected fix for CVE-2011-4619 o Various DTLS fixes. Major changes between OpenSSL 0.9.8s and OpenSSL 0.9.8t [18 Jan 2012]: o Fix for DTLS DoS issue CVE-2012-0050 Major changes between OpenSSL 0.9.8r and OpenSSL 0.9.8s [4 Jan 2012]: o Fix for DTLS plaintext recovery attack CVE-2011-4108 o Fix policy check double free error CVE-2011-4109 o Clear block padding bytes of SSL 3.0 records CVE-2011-4576 o Only allow one SGC handshake restart for SSL/TLS CVE-2011-4619 o Check for malformed RFC3779 data CVE-2011-4577 Major changes between OpenSSL 0.9.8q and OpenSSL 0.9.8r [8 Feb 2011]: o Fix for security issue CVE-2011-0014 Major changes between OpenSSL 0.9.8p and OpenSSL 0.9.8q [2 Dec 2010]: o Fix for security issue CVE-2010-4180 o Fix for CVE-2010-4252 Major changes between OpenSSL 0.9.8o and OpenSSL 0.9.8p [16 Nov 2010]: o Fix for security issue CVE-2010-3864. Major changes between OpenSSL 0.9.8n and OpenSSL 0.9.8o [1 Jun 2010]: o Fix for security issue CVE-2010-0742. o Various DTLS fixes. o Recognise SHA2 certificates if only SSL algorithms added. o Fix for no-rc4 compilation. o Chil ENGINE unload workaround. Major changes between OpenSSL 0.9.8m and OpenSSL 0.9.8n [24 Mar 2010]: o CFB cipher definition fixes. Loading
Richard Levitte <levitte@openssl.org>Richard Levitte <levitte@openssl.org>