From 426821600510392878978b083a95d1bdf5528fac Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Mon, 9 Dec 2013 23:53:28 +0000 Subject: [PATCH] Add release dates to NEWS --- NEWS | 114 +++++++++++++++++++++++++++++------------------------------ 1 file changed, 57 insertions(+), 57 deletions(-) diff --git a/NEWS b/NEWS index 0de954cf4e..8aa8ea8a31 100644 --- a/NEWS +++ b/NEWS @@ -5,34 +5,34 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. - Major changes between OpenSSL 0.9.8x and OpenSSL 0.9.8y: + Major changes between OpenSSL 0.9.8x and OpenSSL 0.9.8y [5 Feb 2013]: o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169 o Fix OCSP bad key DoS attack CVE-2013-0166 - Major changes between OpenSSL 0.9.8w and OpenSSL 0.9.8x: + Major changes between OpenSSL 0.9.8w and OpenSSL 0.9.8x [10 May 2012]: o Fix DTLS record length checking bug CVE-2012-2333 - Major changes between OpenSSL 0.9.8v and OpenSSL 0.9.8w: + Major changes between OpenSSL 0.9.8v and OpenSSL 0.9.8w [23 Apr 2012]: o Fix for CVE-2012-2131 (corrected fix for 0.9.8 and CVE-2012-2110) - Major changes between OpenSSL 0.9.8u and OpenSSL 0.9.8v: + Major changes between OpenSSL 0.9.8u and OpenSSL 0.9.8v [19 Apr 2012]: o Fix for ASN1 overflow bug CVE-2012-2110 - Major changes between OpenSSL 0.9.8t and OpenSSL 0.9.8u: + Major changes between OpenSSL 0.9.8t and OpenSSL 0.9.8u [12 Mar 2012]: o Fix for CMS/PKCS#7 MMA CVE-2012-0884 o Corrected fix for CVE-2011-4619 o Various DTLS fixes. - Major changes between OpenSSL 0.9.8s and OpenSSL 0.9.8t: + Major changes between OpenSSL 0.9.8s and OpenSSL 0.9.8t [18 Jan 2012]: o Fix for DTLS DoS issue CVE-2012-0050 - Major changes between OpenSSL 0.9.8r and OpenSSL 0.9.8s: + Major changes between OpenSSL 0.9.8r and OpenSSL 0.9.8s [4 Jan 2012]: o Fix for DTLS plaintext recovery attack CVE-2011-4108 o Fix policy check double free error CVE-2011-4109 @@ -40,20 +40,20 @@ o Only allow one SGC handshake restart for SSL/TLS CVE-2011-4619 o Check for malformed RFC3779 data CVE-2011-4577 - Major changes between OpenSSL 0.9.8q and OpenSSL 0.9.8r: + Major changes between OpenSSL 0.9.8q and OpenSSL 0.9.8r [8 Feb 2011]: o Fix for security issue CVE-2011-0014 - Major changes between OpenSSL 0.9.8p and OpenSSL 0.9.8q: + Major changes between OpenSSL 0.9.8p and OpenSSL 0.9.8q [2 Dec 2010]: o Fix for security issue CVE-2010-4180 o Fix for CVE-2010-4252 - Major changes between OpenSSL 0.9.8o and OpenSSL 0.9.8p: + Major changes between OpenSSL 0.9.8o and OpenSSL 0.9.8p [16 Nov 2010]: o Fix for security issue CVE-2010-3864. - Major changes between OpenSSL 0.9.8n and OpenSSL 0.9.8o: + Major changes between OpenSSL 0.9.8n and OpenSSL 0.9.8o [1 Jun 2010]: o Fix for security issue CVE-2010-0742. o Various DTLS fixes. @@ -61,12 +61,12 @@ o Fix for no-rc4 compilation. o Chil ENGINE unload workaround. - Major changes between OpenSSL 0.9.8m and OpenSSL 0.9.8n: + Major changes between OpenSSL 0.9.8m and OpenSSL 0.9.8n [24 Mar 2010]: o CFB cipher definition fixes. o Fix security issues CVE-2010-0740 and CVE-2010-0433. - Major changes between OpenSSL 0.9.8l and OpenSSL 0.9.8m: + Major changes between OpenSSL 0.9.8l and OpenSSL 0.9.8m [25 Feb 2010]: o Cipher definition fixes. o Workaround for slow RAND_poll() on some WIN32 versions. @@ -78,33 +78,33 @@ o Ticket and SNI coexistence fixes. o Many fixes to DTLS handling. - Major changes between OpenSSL 0.9.8k and OpenSSL 0.9.8l: + Major changes between OpenSSL 0.9.8k and OpenSSL 0.9.8l [5 Nov 2009]: o Temporary work around for CVE-2009-3555: disable renegotiation. - Major changes between OpenSSL 0.9.8j and OpenSSL 0.9.8k: + Major changes between OpenSSL 0.9.8j and OpenSSL 0.9.8k [25 Mar 2009]: o Fix various build issues. o Fix security issues (CVE-2009-0590, CVE-2009-0591, CVE-2009-0789) - Major changes between OpenSSL 0.9.8i and OpenSSL 0.9.8j: + Major changes between OpenSSL 0.9.8i and OpenSSL 0.9.8j [7 Jan 2009]: o Fix security issue (CVE-2008-5077) o Merge FIPS 140-2 branch code. - Major changes between OpenSSL 0.9.8g and OpenSSL 0.9.8h: + Major changes between OpenSSL 0.9.8g and OpenSSL 0.9.8h [28 May 2008]: o CryptoAPI ENGINE support. o Various precautionary measures. o Fix for bugs affecting certificate request creation. o Support for local machine keyset attribute in PKCS#12 files. - Major changes between OpenSSL 0.9.8f and OpenSSL 0.9.8g: + Major changes between OpenSSL 0.9.8f and OpenSSL 0.9.8g [19 Oct 2007]: o Backport of CMS functionality to 0.9.8. o Fixes for bugs introduced with 0.9.8f. - Major changes between OpenSSL 0.9.8e and OpenSSL 0.9.8f: + Major changes between OpenSSL 0.9.8e and OpenSSL 0.9.8f [11 Oct 2007]: o Add gcc 4.2 support. o Add support for AES and SSE2 assembly lanugauge optimization @@ -115,23 +115,23 @@ o RFC4507bis support. o TLS Extensions support. - Major changes between OpenSSL 0.9.8d and OpenSSL 0.9.8e: + Major changes between OpenSSL 0.9.8d and OpenSSL 0.9.8e [23 Feb 2007]: o Various ciphersuite selection fixes. o RFC3779 support. - Major changes between OpenSSL 0.9.8c and OpenSSL 0.9.8d: + Major changes between OpenSSL 0.9.8c and OpenSSL 0.9.8d [28 Sep 2006]: o Introduce limits to prevent malicious key DoS (CVE-2006-2940) o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343) o Changes to ciphersuite selection algorithm - Major changes between OpenSSL 0.9.8b and OpenSSL 0.9.8c: + Major changes between OpenSSL 0.9.8b and OpenSSL 0.9.8c [5 Sep 2006]: o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339 o New cipher Camellia - Major changes between OpenSSL 0.9.8a and OpenSSL 0.9.8b: + Major changes between OpenSSL 0.9.8a and OpenSSL 0.9.8b [4 May 2006]: o Cipher string fixes. o Fixes for VC++ 2005. @@ -141,12 +141,12 @@ o Built in dynamic engine compilation support on Win32. o Fixes auto dynamic engine loading in Win32. - Major changes between OpenSSL 0.9.8 and OpenSSL 0.9.8a: + Major changes between OpenSSL 0.9.8 and OpenSSL 0.9.8a [11 Oct 2005]: o Fix potential SSL 2.0 rollback, CVE-2005-2969 o Extended Windows CE support - Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.8: + Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.8 [5 Jul 2005]: o Major work on the BIGNUM library for higher efficiency and to make operations more streamlined and less contradictory. This @@ -220,36 +220,36 @@ o Added initial support for Win64. o Added alternate pkg-config files. - Major changes between OpenSSL 0.9.7l and OpenSSL 0.9.7m: + Major changes between OpenSSL 0.9.7l and OpenSSL 0.9.7m [23 Feb 2007]: o FIPS 1.1.1 module linking. o Various ciphersuite selection fixes. - Major changes between OpenSSL 0.9.7k and OpenSSL 0.9.7l: + Major changes between OpenSSL 0.9.7k and OpenSSL 0.9.7l [28 Sep 2006]: o Introduce limits to prevent malicious key DoS (CVE-2006-2940) o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343) - Major changes between OpenSSL 0.9.7j and OpenSSL 0.9.7k: + Major changes between OpenSSL 0.9.7j and OpenSSL 0.9.7k [5 Sep 2006]: o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339 - Major changes between OpenSSL 0.9.7i and OpenSSL 0.9.7j: + Major changes between OpenSSL 0.9.7i and OpenSSL 0.9.7j [4 May 2006]: o Visual C++ 2005 fixes. o Update Windows build system for FIPS. - Major changes between OpenSSL 0.9.7h and OpenSSL 0.9.7i: + Major changes between OpenSSL 0.9.7h and OpenSSL 0.9.7i [14 Oct 2005]: o Give EVP_MAX_MD_SIZE it's old value, except for a FIPS build. - Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.7h: + Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.7h [11 Oct 2005]: o Fix SSL 2.0 Rollback, CVE-2005-2969 o Allow use of fixed-length exponent on DSA signing o Default fixed-window RSA, DSA, DH private-key operations - Major changes between OpenSSL 0.9.7f and OpenSSL 0.9.7g: + Major changes between OpenSSL 0.9.7f and OpenSSL 0.9.7g [11 Apr 2005]: o More compilation issues fixed. o Adaptation to more modern Kerberos API. @@ -258,7 +258,7 @@ o More constification. o Added processing of proxy certificates (RFC 3820). - Major changes between OpenSSL 0.9.7e and OpenSSL 0.9.7f: + Major changes between OpenSSL 0.9.7e and OpenSSL 0.9.7f [22 Mar 2005]: o Several compilation issues fixed. o Many memory allocation failure checks added. @@ -266,12 +266,12 @@ o Mandatory basic checks on certificates. o Performance improvements. - Major changes between OpenSSL 0.9.7d and OpenSSL 0.9.7e: + Major changes between OpenSSL 0.9.7d and OpenSSL 0.9.7e [25 Oct 2004]: o Fix race condition in CRL checking code. o Fixes to PKCS#7 (S/MIME) code. - Major changes between OpenSSL 0.9.7c and OpenSSL 0.9.7d: + Major changes between OpenSSL 0.9.7c and OpenSSL 0.9.7d [17 Mar 2004]: o Security: Fix Kerberos ciphersuite SSL/TLS handshaking bug o Security: Fix null-pointer assignment in do_change_cipher_spec() @@ -279,14 +279,14 @@ o Multiple X509 verification fixes o Speed up HMAC and other operations - Major changes between OpenSSL 0.9.7b and OpenSSL 0.9.7c: + Major changes between OpenSSL 0.9.7b and OpenSSL 0.9.7c [30 Sep 2003]: o Security: fix various ASN1 parsing bugs. o New -ignore_err option to OCSP utility. o Various interop and bug fixes in S/MIME code. o SSL/TLS protocol fix for unrequested client certificates. - Major changes between OpenSSL 0.9.7a and OpenSSL 0.9.7b: + Major changes between OpenSSL 0.9.7a and OpenSSL 0.9.7b [10 Apr 2003]: o Security: counter the Klima-Pokorny-Rosa extension of Bleichbacher's attack @@ -297,7 +297,7 @@ o ASN.1: treat domainComponent correctly. o Documentation: fixes and additions. - Major changes between OpenSSL 0.9.7 and OpenSSL 0.9.7a: + Major changes between OpenSSL 0.9.7 and OpenSSL 0.9.7a [19 Feb 2003]: o Security: Important security related bugfixes. o Enhanced compatibility with MIT Kerberos. @@ -308,7 +308,7 @@ o SSL/TLS: now handles manual certificate chain building. o SSL/TLS: certain session ID malfunctions corrected. - Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.7: + Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.7 [30 Dec 2002]: o New library section OCSP. o Complete rewrite of ASN1 code. @@ -354,23 +354,23 @@ o SSL/TLS: add callback to retrieve SSL/TLS messages. o SSL/TLS: support AES cipher suites (RFC3268). - Major changes between OpenSSL 0.9.6j and OpenSSL 0.9.6k: + Major changes between OpenSSL 0.9.6j and OpenSSL 0.9.6k [30 Sep 2003]: o Security: fix various ASN1 parsing bugs. o SSL/TLS protocol fix for unrequested client certificates. - Major changes between OpenSSL 0.9.6i and OpenSSL 0.9.6j: + Major changes between OpenSSL 0.9.6i and OpenSSL 0.9.6j [10 Apr 2003]: o Security: counter the Klima-Pokorny-Rosa extension of Bleichbacher's attack o Security: make RSA blinding default. o Build: shared library support fixes. - Major changes between OpenSSL 0.9.6h and OpenSSL 0.9.6i: + Major changes between OpenSSL 0.9.6h and OpenSSL 0.9.6i [19 Feb 2003]: o Important security related bugfixes. - Major changes between OpenSSL 0.9.6g and OpenSSL 0.9.6h: + Major changes between OpenSSL 0.9.6g and OpenSSL 0.9.6h [5 Dec 2002]: o New configuration targets for Tandem OSS and A/UX. o New OIDs for Microsoft attributes. @@ -384,25 +384,25 @@ o Fixes for smaller building problems. o Updates of manuals, FAQ and other instructive documents. - Major changes between OpenSSL 0.9.6f and OpenSSL 0.9.6g: + Major changes between OpenSSL 0.9.6f and OpenSSL 0.9.6g [9 Aug 2002]: o Important building fixes on Unix. - Major changes between OpenSSL 0.9.6e and OpenSSL 0.9.6f: + Major changes between OpenSSL 0.9.6e and OpenSSL 0.9.6f [8 Aug 2002]: o Various important bugfixes. - Major changes between OpenSSL 0.9.6d and OpenSSL 0.9.6e: + Major changes between OpenSSL 0.9.6d and OpenSSL 0.9.6e [30 Jul 2002]: o Important security related bugfixes. o Various SSL/TLS library bugfixes. - Major changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d: + Major changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d [9 May 2002]: o Various SSL/TLS library bugfixes. o Fix DH parameter generation for 'non-standard' generators. - Major changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c: + Major changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c [21 Dec 2001]: o Various SSL/TLS library bugfixes. o BIGNUM library fixes. @@ -415,7 +415,7 @@ Broadcom and Cryptographic Appliance's keyserver [in 0.9.6c-engine release]. - Major changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b: + Major changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b [9 Jul 2001]: o Security fix: PRNG improvements. o Security fix: RSA OAEP check. @@ -432,7 +432,7 @@ o Increase default size for BIO buffering filter. o Compatibility fixes in some scripts. - Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.6a: + Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.6a [5 Apr 2001]: o Security fix: change behavior of OpenSSL to avoid using environment variables when running as root. @@ -457,7 +457,7 @@ o New function BN_rand_range(). o Add "-rand" option to openssl s_client and s_server. - Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6: + Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6 [10 Oct 2000]: o Some documentation for BIO and SSL libraries. o Enhanced chain verification using key identifiers. @@ -472,7 +472,7 @@ [1] The support for external crypto devices is currently a separate distribution. See the file README.ENGINE. - Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a: + Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a [1 Apr 2000]: o Bug fixes for Win32, SuSE Linux, NeXTSTEP and FreeBSD 2.2.8 o Shared library support for HPUX and Solaris-gcc @@ -481,7 +481,7 @@ o New 'rand' application o New way to check for existence of algorithms from scripts - Major changes between OpenSSL 0.9.4 and OpenSSL 0.9.5: + Major changes between OpenSSL 0.9.4 and OpenSSL 0.9.5 [25 May 2000]: o S/MIME support in new 'smime' command o Documentation for the OpenSSL command line application @@ -517,7 +517,7 @@ o Enhanced support for Alpha Linux o Experimental MacOS support - Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4: + Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4 [9 Aug 1999]: o Transparent support for PKCS#8 format private keys: these are used by several software packages and are more secure than the standard @@ -528,7 +528,7 @@ o New pipe-like BIO that allows using the SSL library when actual I/O must be handled by the application (BIO pair) - Major changes between OpenSSL 0.9.2b and OpenSSL 0.9.3: + Major changes between OpenSSL 0.9.2b and OpenSSL 0.9.3 [24 May 1999]: o Lots of enhancements and cleanups to the Configuration mechanism o RSA OEAP related fixes o Added `openssl ca -revoke' option for revoking a certificate @@ -542,7 +542,7 @@ o Sparc assembler bignum implementation, optimized hash functions o Option to disable selected ciphers - Major changes between OpenSSL 0.9.1c and OpenSSL 0.9.2b: + Major changes between OpenSSL 0.9.1c and OpenSSL 0.9.2b [22 Mar 1999]: o Fixed a security hole related to session resumption o Fixed RSA encryption routines for the p < q case o "ALL" in cipher lists now means "everything except NULL ciphers" @@ -564,7 +564,7 @@ o Lots of memory leak fixes. o Lots of bug fixes. - Major changes between SSLeay 0.9.0b and OpenSSL 0.9.1c: + Major changes between SSLeay 0.9.0b and OpenSSL 0.9.1c [23 Dec 1998]: o Integration of the popular NO_RSA/NO_DSA patches o Initial support for compression inside the SSL record layer o Added BIO proxy and filtering functionality