X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=NEWS;h=b9ea61239f09c20ac0d866e1acefd43d62cf0011;hb=58eef36b4de649a6decb3e6870d793fba5cc698c;hp=9db4561701e0b01c0f32dde109821bad5d52a01d;hpb=3ba25ee86a3758cc659c954b59718d8397030768;p=oweals%2Fopenssl.git

diff --git a/NEWS b/NEWS
index 9db4561701..b9ea61239f 100644
--- a/NEWS
+++ b/NEWS
@@ -5,10 +5,30 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
-  Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.7:
-
-      o New library section OCSP.
-      o Complete haul-over of the ASN.1 library section.
+  Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.6a:
+
+      o Security fix: change behavior of OpenSSL to avoid using
+        environment variables when running as root.
+      o Security fix: check the result of RSA-CRT to reduce the
+        possibility of deducing the private key from an incorrectly
+        calculated signature.
+      o Security fix: prevent Bleichenbacher's DSA attack.
+      o Security fix: Zero the premaster secret after deriving the
+        master secret in DH ciphersuites.
+      o Reimplement SSL_peek(), which had various problems.
+      o Compatibility fix: the function des_encrypt() renamed to
+        des_encrypt1() to avoid clashes with some Unixen libc.
+      o Bug fixes for Win32, HP/UX and Irix.
+      o Bug fixes in BIGNUM, SSL, PKCS#7, PKCS#12, X.509, CONF and
+        memory checking routines.
+      o Bug fixes for RSA operations in threaded enviroments.
+      o Bug fixes in misc. openssl applications.
+      o Remove a few potential memory leaks.
+      o Add tighter checks of BIGNUM routines.
+      o Shared library support has been reworked for generality.
+      o More documentation.
+      o New function BN_rand_range().
+      o Add "-rand" option to openssl s_client and s_server.
 
   Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6:
 
@@ -19,9 +39,12 @@
       o New 'rsautl' application, low level RSA utility.
       o MD4 now included.
       o Bugfix for SSL rollback padding check.
-      o Support for external crypto devices.
+      o Support for external crypto devices [1].
       o Enhanced EVP interface.
 
+    [1] The support for external crypto devices is currently a separate
+        distribution.  See the file README.ENGINE.
+
   Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a:
 
       o Bug fixes for Win32, SuSE Linux, NeXTSTEP and FreeBSD 2.2.8