X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=CHANGES;h=06bfdd299c94058e3f9223c9e22c9fa1b4154d3c;hb=c5fbf8c1ba4e116ab7efc5487a0ce8518718bbd7;hp=a3a713a7ac3f19b7cc458d255e79ed067bc36f23;hpb=a523276786b8f8ae9ab331a19deeef71a2e463dc;p=oweals%2Fopenssl.git diff --git a/CHANGES b/CHANGES index a3a713a7ac..06bfdd299c 100644 --- a/CHANGES +++ b/CHANGES @@ -2,7 +2,61 @@ OpenSSL CHANGES _______________ - Changes between 0.9.8f and 0.9.8g [xx XXX xxxx] + Changes between 0.9.8g and 0.9.8h [xx XXX xxxx] + + *) Backport of CMS code to OpenSSL 0.9.8. This differs from the 0.9.9 + implemention in the following ways: + + Lack of EVP_PKEY_ASN1_METHOD means algorithm parameters have to be + hard coded. + + Lack of BER streaming support means one pass streaming processing is + only supported if data is detached: setting the streaming flag is + ignored for embedded content. + + CMS support is disabled by default and must be explicitly enabled + with the enable-cms configuration option. + [Steve Henson] + + *) Zlib compression BIO. This is a filter BIO which compressed and + uncompresses any data passed through it. + [Steve Henson] + + *) Add AES_wrap_key() and AES_unwrap_key() functions to implement + RFC3394 compatible AES key wrapping. + [Steve Henson] + + *) Add utility functions to handle ASN1 structures. ASN1_STRING_set0(): + sets string data without copying. X509_ALGOR_set0() and + X509_ALGOR_get0(): set and retrieve X509_ALGOR (AlgorithmIdentifier) + data. Attribute function X509at_get0_data_by_OBJ(): retrieves data + from an X509_ATTRIBUTE structure optionally checking it occurs only + once. ASN1_TYPE_set1(): set and ASN1_TYPE structure copying supplied + data. + [Steve Henson] + + *) Fix BN flag handling in RSA_eay_mod_exp() and BN_MONT_CTX_set() + to get the expected BN_FLG_CONSTTIME behavior. + [Bodo Moeller (Google)] + + *) Netware support: + + - fixed wrong usage of ioctlsocket() when build for LIBC BSD sockets + - fixed do_tests.pl to run the test suite with CLIB builds too (CLIB_OPT) + - added some more tests to do_tests.pl + - fixed RunningProcess usage so that it works with newer LIBC NDKs too + - removed usage of BN_LLONG for CLIB builds to avoid runtime dependency + - added new Configure targets netware-clib-bsdsock, netware-clib-gcc, + netware-clib-bsdsock-gcc, netware-libc-bsdsock-gcc + - various changes to netware.pl to enable gcc-cross builds on Win32 + platform + - changed crypto/bio/b_sock.c to work with macro functions (CLIB BSD) + - various changes to fix missing prototype warnings + - fixed x86nasm.pl to create correct asm files for NASM COFF output + - added AES, WHIRLPOOL and CPUID assembler code to build files + - added missing AES assembler make rules to mk1mf.pl + - fixed order of includes in apps/ocsp.c so that e_os.h settings apply + [Guenter Knauf ] *) Implement certificate status request TLS extension defined in RFC3546. A client can set the appropriate parameters and receive the encoded @@ -11,6 +65,15 @@ to s_client and s_server. [Steve Henson] + Changes between 0.9.8f and 0.9.8g [19 Oct 2007] + + *) Fix various bugs: + + Binary incompatibility of ssl_ctx_st structure + + DTLS interoperation with non-compliant servers + + Don't call get_session_cb() without proposed session + + Fix ia64 assembler code + [Andy Polyakov, Steve Henson] + Changes between 0.9.8e and 0.9.8f [11 Oct 2007] *) DTLS Handshake overhaul. There were longstanding issues with @@ -167,6 +230,10 @@ authentication-only ciphersuites. [Bodo Moeller] + *) Update the SSL_get_shared_ciphers() fix CVE-2006-3738 which was + not complete and could lead to a possible single byte overflow + (CVE-2007-5135) [Ben Laurie] + Changes between 0.9.8d and 0.9.8e [23 Feb 2007] *) Since AES128 and AES256 (and similarly Camellia128 and