X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=CHANGES;h=30f9cbdf50cb972a993188260393ecb5536e24c3;hb=736a77f27584c52000f87b7135f613b2fdbe5669;hp=5761f74d609d5b6b6bf36eceaaadd812ed42918a;hpb=dd6e90465dc48bff95eb6c5123dcae5cedd32cca;p=oweals%2Fopenssl.git

diff --git a/CHANGES b/CHANGES
index 5761f74d60..30f9cbdf50 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,7 +2,45 @@
  OpenSSL CHANGES
  _______________
 
- Changes between 0.9.8h and 0.9.8i  [xx XXX xxxx]
+ Changes between 0.9.8i and 0.9.8j  [xx XXX xxxx]
+
+  *)
+
+ Changes between 0.9.8h and 0.9.8i  [15 Sep 2008]
+
+  *) Fix a state transitition in s3_srvr.c and d1_srvr.c
+     (was using SSL3_ST_CW_CLNT_HELLO_B, should be ..._ST_SW_SRVR_...).
+     [Nagendra Modadugu]
+
+  *) The fix in 0.9.8c that supposedly got rid of unsafe
+     double-checked locking was incomplete for RSA blinding,
+     addressing just one layer of what turns out to have been
+     doubly unsafe triple-checked locking.
+
+     So now fix this for real by retiring the MONT_HELPER macro
+     in crypto/rsa/rsa_eay.c.
+
+     [Bodo Moeller; problem pointed out by Marius Schilder]
+
+  *) Various precautionary measures:
+
+     - Avoid size_t integer overflow in HASH_UPDATE (md32_common.h).
+
+     - Avoid a buffer overflow in d2i_SSL_SESSION() (ssl_asn1.c).
+       (NB: This would require knowledge of the secret session ticket key
+       to exploit, in which case you'd be SOL either way.)
+
+     - Change bn_nist.c so that it will properly handle input BIGNUMs
+       outside the expected range.
+
+     - Enforce the 'num' check in BN_div() (bn_div.c) for non-BN_DEBUG
+       builds.
+
+     [Neel Mehta, Bodo Moeller]
+
+  *) Allow engines to be "soft loaded" - i.e. optionally don't die if
+     the load fails. Useful for distros.
+     [Ben Laurie and the FreeBSD team]
 
   *) Add support for Local Machine Keyset attribute in PKCS#12 files.
      [Steve Henson]
@@ -22,6 +60,12 @@
      This work was sponsored by Logica.
      [Steve Henson]
 
+  *) Fix bug in X509_ATTRIBUTE creation: dont set attribute using
+     ASN1_TYPE_set1 if MBSTRING flag set. This bug would crash certain
+     attribute creation routines such as certifcate requests and PKCS#12
+     files.
+     [Steve Henson]
+
  Changes between 0.9.8g and 0.9.8h  [28 May 2008]
 
   *) Fix flaw if 'Server Key exchange message' is omitted from a TLS