generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Sync CHANGES and NEWS files.

Browse Source 
(Various changes from the master branch are now in the 1.0.2 branch too.)
This commit is contained in:
Bodo Moeller 2013-09-16 14:55:03 +02:00
parent ca567a03ad
commit 4dc836773e
2 changed files with 446 additions and 241 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

662
CHANGES
View File

File diff suppressed because it is too large Load Diff

25
NEWS
View File

@ -5,10 +5,17 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
Major changes between OpenSSL 1.0.1d and OpenSSL 1.0.1e:
o Corrected fix for CVE-2013-0169
Major changes between OpenSSL 1.0.1c and OpenSSL 1.0.1d:
o Fix renegotiation in TLS 1.1, 1.2 by using the correct TLS version.
o Include the fips configuration module.
o Fix OCSP bad key DoS attack CVE-2013-0166
o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169
o Fix for TLS AESNI record handling flaw CVE-2012-2686
Major changes between OpenSSL 1.0.1b and OpenSSL 1.0.1c:
@ -40,6 +47,15 @@
o Preliminary FIPS capability for unvalidated 2.0 FIPS module.
o SRP support.
Major changes between OpenSSL 1.0.0j and OpenSSL 1.0.0k:
o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169
o Fix OCSP bad key DoS attack CVE-2013-0166
Major changes between OpenSSL 1.0.0i and OpenSSL 1.0.0j:
o Fix DTLS record length checking bug CVE-2012-2333
Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.0i:
o Fix for ASN1 overflow bug CVE-2012-2110
@ -116,6 +132,15 @@
o Opaque PRF Input TLS extension support.
o Updated time routines to avoid OS limitations.
Major changes between OpenSSL 0.9.8x and OpenSSL 0.9.8y:
o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169
o Fix OCSP bad key DoS attack CVE-2013-0166
Major changes between OpenSSL 0.9.8w and OpenSSL 0.9.8x:
o Fix DTLS record length checking bug CVE-2012-2333
Major changes between OpenSSL 0.9.8v and OpenSSL 0.9.8w:
o Fix for CVE-2012-2131 (corrected fix for 0.9.8 and CVE-2012-2110)