X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=NEWS;h=3db8ea95ad1a9a012ad9710c1480467556adc84e;hb=491734eb21c29807ff64fddf273f073b6bafb0b0;hp=d5f8a5ae784990704cb2f8fb61251069de02031c;hpb=d8faad27b70ccab9aad1a4af815f4d07cc5da1b5;p=oweals%2Fopenssl.git diff --git a/NEWS b/NEWS index d5f8a5ae78..3db8ea95ad 100644 --- a/NEWS +++ b/NEWS @@ -5,8 +5,69 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. - Major changes between OpenSSL 0.9.8k and OpenSSL 1.0: + Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.1: + o TLS/DTLS heartbeat support. + o SCTP support. + o RFC 5705 TLS key material exporter. + o RFC 5764 DTLS-SRTP negotiation. + o Next Protocol Negotiation. + o PSS signatures in certificates, requests and CRLs. + o Support for password based recipient info for CMS. + o Support TLS v1.2 and TLS v1.1. + o Preliminary FIPS capability for unvalidated 2.0 FIPS module. + o SRP support. + + Major changes between OpenSSL 1.0.0g and OpenSSL 1.0.0h: + + o Fix for CMS/PKCS#7 MMA CVE-2012-0884 + o Corrected fix for CVE-2011-4619 + o Various DTLS fixes. + + Major changes between OpenSSL 1.0.0f and OpenSSL 1.0.0g: + + o Fix for DTLS DoS issue CVE-2012-0050 + + Major changes between OpenSSL 1.0.0e and OpenSSL 1.0.0f: + + o Fix for DTLS plaintext recovery attack CVE-2011-4108 + o Clear block padding bytes of SSL 3.0 records CVE-2011-4576 + o Only allow one SGC handshake restart for SSL/TLS CVE-2011-4619 + o Check parameters are not NULL in GOST ENGINE CVE-2012-0027 + o Check for malformed RFC3779 data CVE-2011-4577 + + Major changes between OpenSSL 1.0.0d and OpenSSL 1.0.0e: + + o Fix for CRL vulnerability issue CVE-2011-3207 + o Fix for ECDH crashes CVE-2011-3210 + o Protection against EC timing attacks. + o Support ECDH ciphersuites for certificates using SHA2 algorithms. + o Various DTLS fixes. + + Major changes between OpenSSL 1.0.0c and OpenSSL 1.0.0d: + + o Fix for security issue CVE-2011-0014 + + Major changes between OpenSSL 1.0.0b and OpenSSL 1.0.0c: + + o Fix for security issue CVE-2010-4180 + o Fix for CVE-2010-4252 + o Fix mishandling of absent EC point format extension. + o Fix various platform compilation issues. + o Corrected fix for security issue CVE-2010-3864. + + Major changes between OpenSSL 1.0.0a and OpenSSL 1.0.0b: + + o Fix for security issue CVE-2010-3864. + o Fix for CVE-2010-2939 + o Fix WIN32 build system for GOST ENGINE. + + Major changes between OpenSSL 1.0.0 and OpenSSL 1.0.0a: + + o Fix for security issue CVE-2010-1633. + o GOST MAC and CFB fixes. + + Major changes between OpenSSL 0.9.8n and OpenSSL 1.0.0: o RFC3280 path validation: sufficient to process PKITS tests. o Integrated support for PVK files and keyblobs. @@ -29,6 +90,48 @@ o Opaque PRF Input TLS extension support. o Updated time routines to avoid OS limitations. + Major changes between OpenSSL 0.9.8q and OpenSSL 0.9.8r: + + o Fix for security issue CVE-2011-0014 + + Major changes between OpenSSL 0.9.8p and OpenSSL 0.9.8q: + + o Fix for security issue CVE-2010-4180 + o Fix for CVE-2010-4252 + + Major changes between OpenSSL 0.9.8o and OpenSSL 0.9.8p: + + o Fix for security issue CVE-2010-3864. + + Major changes between OpenSSL 0.9.8n and OpenSSL 0.9.8o: + + o Fix for security issue CVE-2010-0742. + o Various DTLS fixes. + o Recognise SHA2 certificates if only SSL algorithms added. + o Fix for no-rc4 compilation. + o Chil ENGINE unload workaround. + + Major changes between OpenSSL 0.9.8m and OpenSSL 0.9.8n: + + o CFB cipher definition fixes. + o Fix security issues CVE-2010-0740 and CVE-2010-0433. + + Major changes between OpenSSL 0.9.8l and OpenSSL 0.9.8m: + + o Cipher definition fixes. + o Workaround for slow RAND_poll() on some WIN32 versions. + o Remove MD2 from algorithm tables. + o SPKAC handling fixes. + o Support for RFC5746 TLS renegotiation extension. + o Compression memory leak fixed. + o Compression session resumption fixed. + o Ticket and SNI coexistence fixes. + o Many fixes to DTLS handling. + + Major changes between OpenSSL 0.9.8k and OpenSSL 0.9.8l: + + o Temporary work around for CVE-2009-3555: disable renegotiation. + Major changes between OpenSSL 0.9.8j and OpenSSL 0.9.8k: o Fix various build issues.