'[CVS] OpenSSL: BRANCH_OpenSSL_0_9_8k: openssl/ CHANGES'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openssl-cvs
Subject:    [CVS] OpenSSL: BRANCH_OpenSSL_0_9_8k: openssl/ CHANGES
From:       "Bodo Moeller" <bodo () openssl ! org>
Date:       2009-11-26 18:39:22
Message-ID: 20091126183922.F1D961EAE895 () master ! openssl ! org
[Download RAW message or body]

  OpenSSL CVS Repository
  http://cvs.openssl.org/
  ____________________________________________________________________________

  Server: cvs.openssl.org                  Name:   Bodo Moeller
  Root:   /v/openssl/cvs                   Email:  bodo@openssl.org
  Module: openssl                          Date:   26-Nov-2009 19:39:22
  Branch: BRANCH_OpenSSL_0_9_8k            Handle: 2009112618392100

  Modified files:           (Branch: BRANCH_OpenSSL_0_9_8k)
    openssl                 CHANGES

  Log:
    Import corrected CHANGES file from OpenSSL_0_9_8-stable (as far as
    applicable for this branch)

  Summary:
    Revision    Changes     Path
    1.1238.2.145.2.3+4  -13     openssl/CHANGES
  ____________________________________________________________________________

  patch -p0 <<'@@ .'
  Index: openssl/CHANGES
  ============================================================================
  $ cvs diff -u -r1.1238.2.145.2.2 -r1.1238.2.145.2.3 CHANGES
  --- openssl/CHANGES	5 Nov 2009 16:08:52 -0000	1.1238.2.145.2.2
  +++ openssl/CHANGES	26 Nov 2009 18:39:21 -0000	1.1238.2.145.2.3
  @@ -96,6 +96,10 @@
   
    Changes between 0.9.8h and 0.9.8i  [15 Sep 2008]
   
  +  *) Fix NULL pointer dereference if a DTLS server received
  +     ChangeCipherSpec as first record (CVE-2009-1386).
  +     [PR #1679]
  +
     *) Fix a state transitition in s3_srvr.c and d1_srvr.c
        (was using SSL3_ST_CW_CLNT_HELLO_B, should be ..._ST_SW_SRVR_...).
        [Nagendra Modadugu]
  @@ -1499,19 +1503,6 @@
        differing sizes.
        [Richard Levitte]
   
  - Changes between 0.9.7m and 0.9.7n  [xx XXX xxxx]
  -
  -  *) In the SSL/TLS server implementation, be strict about session ID
  -     context matching (which matters if an application uses a single
  -     external cache for different purposes).  Previously,
  -     out-of-context reuse was forbidden only if SSL_VERIFY_PEER was
  -     set.  This did ensure strict client verification, but meant that,
  -     with applications using a single external cache for quite
  -     different requirements, clients could circumvent ciphersuite
  -     restrictions for a given session ID context by starting a session
  -     in a different context.
  -     [Bodo Moeller]
  -
    Changes between 0.9.7l and 0.9.7m  [23 Feb 2007]
   
     *) Cleanse PEM buffers before freeing them since they may contain 
  @@ .
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
CVS Repository Commit List                     openssl-cvs@openssl.org
Automated List Manager                           majordomo@openssl.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic