Fix intendation

[oweals/openssl.git] / CHANGES

diff --git a/CHANGES b/CHANGES
index 443c3d84c0d33e26d9b70645d0701ca06314ad2d..30f9cbdf50cb972a993188260393ecb5536e24c3 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -2,7 +2,25 @@
  OpenSSL CHANGES
  _______________
 
- Changes between 0.9.8h and 0.9.8i  [xx XXX xxxx]
+ Changes between 0.9.8i and 0.9.8j  [xx XXX xxxx]
+
+  *)
+
+ Changes between 0.9.8h and 0.9.8i  [15 Sep 2008]
+
+  *) Fix a state transitition in s3_srvr.c and d1_srvr.c
+     (was using SSL3_ST_CW_CLNT_HELLO_B, should be ..._ST_SW_SRVR_...).
+     [Nagendra Modadugu]
+
+  *) The fix in 0.9.8c that supposedly got rid of unsafe
+     double-checked locking was incomplete for RSA blinding,
+     addressing just one layer of what turns out to have been
+     doubly unsafe triple-checked locking.
+
+     So now fix this for real by retiring the MONT_HELPER macro
+     in crypto/rsa/rsa_eay.c.
+
+     [Bodo Moeller; problem pointed out by Marius Schilder]
 
   *) Various precautionary measures:
 
@@ -20,6 +38,10 @@
 
      [Neel Mehta, Bodo Moeller]
 
+  *) Allow engines to be "soft loaded" - i.e. optionally don't die if
+     the load fails. Useful for distros.
+     [Ben Laurie and the FreeBSD team]
+
   *) Add support for Local Machine Keyset attribute in PKCS#12 files.
      [Steve Henson]
 
@@ -38,28 +60,14 @@
      This work was sponsored by Logica.
      [Steve Henson]
 
-  *) Allow engines to be "soft loaded" - i.e. optionally don't die if
-     the load fails. Useful for distros.
-     [Ben Laurie and the FreeBSD team]
+  *) Fix bug in X509_ATTRIBUTE creation: dont set attribute using
+     ASN1_TYPE_set1 if MBSTRING flag set. This bug would crash certain
+     attribute creation routines such as certifcate requests and PKCS#12
+     files.
+     [Steve Henson]
 
  Changes between 0.9.8g and 0.9.8h  [28 May 2008]
 
-  *) Various precautionary measures:
-
-     - Avoid size_t integer overflow in HASH_UPDATE (md32_common.h).
-
-     - Avoid a buffer overflow in d2i_SSL_SESSION() (ssl_asn1.c).
-       (NB: This would require knowledge of the secret session ticket key
-       to exploit, in which case you'd be SOL either way.)
-
-     - Change bn_nist.c so that it will properly handle input BIGNUMs
-       outside the expected range.
-
-     - Enforce the 'num' check in BN_div() (bn_div.c) for non-BN_DEBUG
-       builds.
-
-     [Neel Mehta, Bodo Moeller]
-
   *) Fix flaw if 'Server Key exchange message' is omitted from a TLS
      handshake which could lead to a cilent crash as found using the
      Codenomicon TLS test suite (CVE-2008-1672)