X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=CHANGES;h=0a087c149df639a0d9b3aaa2a12c589df3a2fdbf;hb=570006f3a2b327d6092566f0a45265251e393823;hp=41e23dc9cac6c98a16c9347b44f0ba2d82903899;hpb=e710de12ce27e5f1620eee974b1a45cfb7139ada;p=oweals%2Fopenssl.git

diff --git a/CHANGES b/CHANGES
index 41e23dc9ca..0a087c149d 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,7 +2,20 @@
  OpenSSL CHANGES
  _______________
 
- Changes between 0.9.8i and 0.9.9  [xx XXX xxxx]
+ Changes between 0.9.8j and 0.9.9  [xx XXX xxxx]
+
+  *) Type-checked OBJ_bsearch. Also some constification necessitated
+     by type-checking.  Still to come: TXT_DB, bsearch(?),
+     OBJ_bsearch_ex, qsort, CRYPTO_EX_DATA, ASN1_VALUE, ASN1_STRING,
+     CONF_VALUE.  [Ben Laurie]
+
+  *) New function OPENSSL_gmtime_adj() to add a specific number of days and
+     seconds to a tm structure directly, instead of going through OS
+     specific date routines. This avoids any issues with OS routines such
+     as the year 2038 bug. New *_adj() functions for ASN1 time structures
+     and X509_time_adj_ex() to cover the extended range. The existing
+     X509_time_adj() is still usable and will no longer have any date issues.
+     [Steve Henson]
 
   *) Delta CRL support. New use deltas option which will attempt to locate
      and search any appropriate delta CRLs available.
@@ -703,7 +716,20 @@
   *) Change 'Configure' script to enable Camellia by default.
      [NTT]
 
- Changes between 0.9.8h and 0.9.8i  [xx XXX xxxx]
+ Changes between 0.9.8i and 0.9.8j  [xx XXX xxxx]
+
+  *) Change the server-side SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG behavior
+     to ensure that even with this option, only ciphersuites in the
+     server's preference list will be accepted.  (Note that the option
+     applies only when resuming a session, so the earlier behavior was
+     just about the algorithm choice for symmetric cryptography.)
+     [Bodo Moeller]
+
+ Changes between 0.9.8h and 0.9.8i  [15 Sep 2008]
+
+  *) Fix a state transitition in s3_srvr.c and d1_srvr.c
+     (was using SSL3_ST_CW_CLNT_HELLO_B, should be ..._ST_SW_SRVR_...).
+     [Nagendra Modadugu]
 
   *) The fix in 0.9.8c that supposedly got rid of unsafe
      double-checked locking was incomplete for RSA blinding,
@@ -731,6 +757,10 @@
 
      [Neel Mehta, Bodo Moeller]
 
+  *) Allow engines to be "soft loaded" - i.e. optionally don't die if
+     the load fails. Useful for distros.
+     [Ben Laurie and the FreeBSD team]
+
   *) Add support for Local Machine Keyset attribute in PKCS#12 files.
      [Steve Henson]
 
@@ -749,11 +779,11 @@
      This work was sponsored by Logica.
      [Steve Henson]
 
->>> Note: this change doesn't apply to the 0.9.9-dev branch (yet).
-  *) Allow engines to be "soft loaded" - i.e. optionally don't die if
-     the load fails. Useful for distros.
-     [Ben Laurie and the FreeBSD team]
-<<<
+  *) Fix bug in X509_ATTRIBUTE creation: dont set attribute using
+     ASN1_TYPE_set1 if MBSTRING flag set. This bug would crash certain
+     attribute creation routines such as certifcate requests and PKCS#12
+     files.
+     [Steve Henson]
 
  Changes between 0.9.8g and 0.9.8h  [28 May 2008]