Make it possible to override CC.

[oweals/openssl.git] / CHANGES

diff --git a/CHANGES b/CHANGES
index 9d6229b925be596c20e918dde985c45fd39cfdf8..dfcb97f81ead2f5739d85db6e3284b945a7640a4 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -2,7 +2,21 @@
  OpenSSL CHANGES
  _______________
 
- Changes between 0.9.8i and 0.9.8j  [xx XXX xxxx]
+ Changes between 0.9.8j and 0.9.8k  [xx XXX xxxx]
+
+  *) Allow CC in the environment to override the automatically chosen
+     compiler. Note that nothing is done to ensure flags work with the
+     chosen compiler.
+     [Ben Laurie]
+
+ Changes between 0.9.8i and 0.9.8j  [07 Jan 2009]
+
+  *) Properly check EVP_VerifyFinal() and similar return values
+     (CVE-2008-5077).
+     [Ben Laurie, Bodo Moeller, Google Security Team]
+
+  *) Enable TLS extensions by default.
+     [Ben Laurie]
 
   *) Allow the CHIL engine to be loaded, whether the application is
      multithreaded or not. (This does not release the developer from the
@@ -12,8 +26,12 @@
   *) Use correct exit code if there is an error in dgst command.
      [Steve Henson; problem pointed out by Roland Dirlewanger]
 
-  *) Add JPAKE support, including demo authentication in s_client and
-     s_server.
+  *) Tweak Configure so that you need to say "experimental-jpake" to enable
+     JPAKE, and need to use -DOPENSSL_EXPERIMENTAL_JPAKE in applications.
+     [Bodo Moeller]
+
+  *) Add experimental JPAKE support, including demo authentication in
+     s_client and s_server.
      [Ben Laurie]
 
   *) Set the comparison function in v3_addr_canonize().