Commit 480af99e authored by Bodo Möller's avatar Bodo Möller
Browse files

Make CHANGES in CVS head consistent with the CHANGES files in the 

branches.

This means that http://www.openssl.org/news/changelog.html will
finally describe 0.9.8l.
parent f2334630

CHANGES

+39 −29
Original line number Diff line number Diff line
@@ -2,7 +2,7 @@ 
 OpenSSL CHANGES

 _______________



 Changes between 1.0 and 1.1  [xx XXX xxxx]

 Changes between 1.0.0 and 1.1.0  [xx XXX xxxx]



  *) Split password based encryption into PBES2 and PBKDF2 functions. This

     neatly separates the code into cipher and PBE sections and is required
@@ -23,7 +23,7 @@ 
     whose return value is often ignored. 

     [Steve Henson]



 Changes between 0.9.8l and 1.0  [xx XXX xxxx]

 Changes between 0.9.8m (?) and 1.0.0  [xx XXX xxxx]



  *) Add load_crls() function to apps tidying load_certs() too. Add option

     to verify utility to allow additional CRLs to be included.
@@ -42,10 +42,7 @@ 
     didn't handle all updated verify codes correctly.

     [Steve Henson]



  *) Delete MD2 from algorithm tables. This follows the recommendation in 

     several standards that it is not used in new applications due to

     several cryptographic weaknesses. The algorithm is also disabled in

     the default configuration.

  *) Disable MD2 in the default configuration.

     [Steve Henson]



  *) In BIO_pop() and BIO_push() use the ctrl argument (which was NULL) to
@@ -58,9 +55,9 @@ 
     or they could free up already freed BIOs.

     [Steve Henson]



  *) Rename uni2asc and asc2uni functions to OPENSSL_uni2asc and

     OPENSSL_asc2uni the original names were too generic and cause name

     clashes on Netware.

  *) Extend the uni2asc/asc2uni => OPENSSL_uni2asc/OPENSSL_asc2uni

     renaming to all platforms (within the 0.9.8 branch, this was

     done conditionally on Netware platforms to avoid a name clash).

     [Guenter <lists@gknw.net>]



  *) Add ECDHE and PSK support to DTLS.
@@ -850,7 +847,7 @@ 
  *) Change 'Configure' script to enable Camellia by default.

     [NTT]



 Changes between 0.9.8l and 0.9.8m  [xx XXX xxxx]

 Changes between 0.9.8l (?) and 0.9.8m (?)  [xx XXX xxxx]



  *) Implement

     https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt. Re-enable
@@ -891,10 +888,21 @@ 
     X690 8.9.12 and can produce some misleading textual output of OIDs.

     [Steve Henson, reported by Dan Kaminsky]



  *) Delete MD2 from algorithm tables. This follows the recommendation in

     several standards that it is not used in new applications due to

     several cryptographic weaknesses. For binary compatibility reasons

     the MD2 API is still compiled in by default.

     [Steve Henson]



  *) Add compression id to {d2i,i2d}_SSL_SESSION so it is correctly saved

     and restored.

     [Steve Henson]



  *) Rename uni2asc and asc2uni functions to OPENSSL_uni2asc and

     OPENSSL_asc2uni conditionally on Netware platforms to avoid a name

     clash.

     [Guenter <lists@gknw.net>]



  *) Fix the server certificate chain building code to use X509_verify_cert(),

     it used to have an ad-hoc builder which was unable to cope with anything

     other than a simple chain.
@@ -913,7 +921,7 @@ 
     left. Additionally every future messege was buffered, even if the

     sequence number made no sense and would be part of another handshake.

     So only messages with sequence numbers less than 10 in advance will be

     buffered.

     buffered.  (CVE-2009-1378)

     [Robin Seggelmann, discovered by Daniel Mentz] 	



  *) Records are buffered if they arrive with a future epoch to be
@@ -922,10 +930,11 @@ 
     a DOS attack with sending records with future epochs until there is no

     memory left. This patch adds the pqueue_size() function to detemine

     the size of a buffer and limits the record buffer to 100 entries.

     (CVE-2009-1377)

     [Robin Seggelmann, discovered by Daniel Mentz] 	



  *) Keep a copy of frag->msg_header.frag_len so it can be used after the

     parent structure is freed.

     parent structure is freed.  (CVE-2009-1379)

     [Daniel Mentz] 	



  *) Handle non-blocking I/O properly in SSL_shutdown() call.
@@ -934,6 +943,16 @@ 
  *) Add 2.5.4.* OIDs

     [Ilya O. <vrghost@gmail.com>]



 Changes between 0.9.8k and 0.9.8l  [5 Nov 2009]



  *) Disable renegotiation completely - this fixes a severe security

     problem (CVE-2009-3555) at the cost of breaking all

     renegotiation. Renegotiation can be re-enabled by setting

     SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION in s3->flags at

     run-time. This is really not recommended unless you know what

     you're doing.

     [Ben Laurie]



 Changes between 0.9.8j and 0.9.8k  [25 Mar 2009]



  *) Don't set val to NULL when freeing up structures, it is freed up by
@@ -1018,6 +1037,10 @@ 


 Changes between 0.9.8h and 0.9.8i  [15 Sep 2008]



  *) Fix NULL pointer dereference if a DTLS server received

     ChangeCipherSpec as first record (CVE-2009-1386).

     [PR #1679]



  *) Fix a state transitition in s3_srvr.c and d1_srvr.c

     (was using SSL3_ST_CW_CLNT_HELLO_B, should be ..._ST_SW_SRVR_...).

     [Nagendra Modadugu]
@@ -2421,19 +2444,6 @@ 
     differing sizes.

     [Richard Levitte]



 Changes between 0.9.7m and 0.9.7n  [xx XXX xxxx]



  *) In the SSL/TLS server implementation, be strict about session ID

     context matching (which matters if an application uses a single

     external cache for different purposes).  Previously,

     out-of-context reuse was forbidden only if SSL_VERIFY_PEER was

     set.  This did ensure strict client verification, but meant that,

     with applications using a single external cache for quite

     different requirements, clients could circumvent ciphersuite

     restrictions for a given session ID context by starting a session

     in a different context.

     [Bodo Moeller]



 Changes between 0.9.7l and 0.9.7m  [23 Feb 2007]



  *) Cleanse PEM buffers before freeing them since they may contain