X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=CHANGES;h=2cb84d4507cb0e4784f928d3542dc89b90bd8ad7;hb=cd5e2b0a689a7b22bd470e70ed0b8c84305d6d03;hp=09c17f70f4314c4be29044e85eda80a68ca0b123;hpb=25ccb5896bbf28b74d4d72010948b0ac7d141622;p=oweals%2Fopenssl.git

diff --git a/CHANGES b/CHANGES
index 09c17f70f4..2cb84d4507 100644
--- a/CHANGES
+++ b/CHANGES
@@ -9,6 +9,29 @@
 
  Changes between 1.1.1c and 1.1.1d [xx XXX xxxx]
 
+  *) Correct the extended master secret constant on EBCDIC systems. Without this
+     fix TLS connections between an EBCDIC system and a non-EBCDIC system that
+     negotiate EMS will fail. Unfortunately this also means that TLS connections
+     between EBCDIC systems with this fix, and EBCDIC systems without this
+     fix will fail if they negotiate EMS.
+     [Matt Caswell]
+
+  *) Use Windows installation paths in the mingw builds
+
+     Mingw isn't a POSIX environment per se, which means that Windows
+     paths should be used for installation.
+     (CVE-2019-1552)
+     [Richard Levitte]
+
+  *) Changed DH parameters to generate the order q subgroup instead of 2q.
+     Previously generated DH parameters are still accepted by DH_check
+     but DH_generate_key works around that by clearing bit 0 of the
+     private key for those. This avoids leaking bit 0 of the private key.
+     [Bernd Edlinger]
+
+  *) Significantly reduce secure memory usage by the randomness pools.
+     [Paul Dale]
+
   *) Revert the DEVRANDOM_WAIT feature for Linux systems
 
      The DEVRANDOM_WAIT feature added a select() call to wait for the
@@ -346,7 +369,7 @@
         SSL_set_ciphersuites()
      [Matt Caswell]
 
-  *) Memory allocation failures consistenly add an error to the error
+  *) Memory allocation failures consistently add an error to the error
      stack.
      [Rich Salz]