From: Richard Levitte <levitte@openssl.org>
Date: Wed, 28 Mar 2001 13:35:48 +0000 (+0000)
Subject: Add news section for OpenSSL 0.9.6a.  Please add what's missing
X-Git-Tag: OpenSSL_0_9_6a-beta3~15
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=0e810cf6b00734fdf53c280436f14c86929f4302;p=oweals%2Fopenssl.git

Add news section for OpenSSL 0.9.6a.  Please add what's missing
---

diff --git a/NEWS b/NEWS
index 7cf95cfb0b..9e08814c71 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,28 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
+  Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.6a:
+
+      o Security fix: change behavior of OpenSSL to avoid using
+        environment variables when running as root.
+      o Security fix: check the result of RSA-CRT to reduce the
+        possibility of deducing the private key from an incorrectly
+        calculated signature.
+      o Security fix: prevent Bleichenbacher's DSA attack.
+      o Security fix: Zero the premaster secret after deriving the
+        master secret in DH ciphersuites.
+      o Bug fixes for Win32, HP/UX and Irix.
+      o Bug fixes in BIGNUM, SSL, PKCS#7, PKCS#12, X.509, CONF and
+        memory checking routines.
+      o Bug fixes for RSA operations in threaded enviroments.
+      o Bug fixes in misc. openssl applications.
+      o Remove a few potential memory leaks.
+      o Add tighter checks of BIGNUM routines.
+      o Shared library support has been reworked for generality.
+      o More documentation.
+      o New function BN_rand_range()
+      o Add "-rand" option to openssl s_client and s_server.
+
   Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6:
 
       o Some documentation for BIO and SSL libraries.