From 13738d5fa162c48ecf80e625660767ebf9f729f9 Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Mon, 7 Apr 2014 21:56:34 +0100
Subject: [PATCH] update CHANGES

---
 CHANGES | 58 +++++++++++++++++++++++++++++----------------------------
 1 file changed, 30 insertions(+), 28 deletions(-)

diff --git a/CHANGES b/CHANGES
index 8f01731293..c63fa17b9d 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,39 +2,12 @@
  OpenSSL CHANGES
  _______________
 
- Changes between 1.0.1f and 1.0.2 [xx XXX xxxx]
-
-  *) A missing bounds check in the handling of the TLS heartbeat extension
-     can be used to reveal up to 64k of memory to a connected client or
-     server.
-
-     Thanks for Neel Mehta of Google Security for discovering this bug and to
-     Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for
-     preparing the fix (CVE-2014-0160)
-     [Adam Langley, Bodo Moeller]
-
-  *) Fix for the attack described in the paper "Recovering OpenSSL
-     ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
-     by Yuval Yarom and Naomi Benger. Details can be obtained from:
-     http://eprint.iacr.org/2014/140
-
-     Thanks to Yuval Yarom and Naomi Benger for discovering this
-     flaw and to Yuval Yarom for supplying a fix (CVE-2014-0076)
-     [Yuval Yarom and Naomi Benger]
+ Changes between 1.0.1g and 1.0.2 [xx XXX xxxx]
 
   *) Use algorithm specific chains in SSL_CTX_use_certificate_chain_file():
      this fixes a limiation in previous versions of OpenSSL.
      [Steve Henson]
 
-  *) TLS pad extension: draft-agl-tls-padding-03
-
-     Workaround for the "TLS hang bug" (see FAQ and PR#2771): if the
-     TLS client Hello record length value would otherwise be > 255 and
-     less that 512 pad with a dummy extension containing zeroes so it
-     is at least 512 bytes long.
-
-     [Adam Langley, Steve Henson]
-
   *) Extended RSA OAEP support via EVP_PKEY API. Options to specify digest,
      MGF1 digest and OAEP label.
      [Steve Henson]
@@ -307,6 +280,35 @@
      certificates.
      [Steve Henson]
 
+ Changes between 1.0.1f and 1.0.1g [7 Apr 2014]
+
+  *) A missing bounds check in the handling of the TLS heartbeat extension
+     can be used to reveal up to 64k of memory to a connected client or
+     server.
+
+     Thanks for Neel Mehta of Google Security for discovering this bug and to
+     Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for
+     preparing the fix (CVE-2014-0160)
+     [Adam Langley, Bodo Moeller]
+
+  *) Fix for the attack described in the paper "Recovering OpenSSL
+     ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
+     by Yuval Yarom and Naomi Benger. Details can be obtained from:
+     http://eprint.iacr.org/2014/140
+
+     Thanks to Yuval Yarom and Naomi Benger for discovering this
+     flaw and to Yuval Yarom for supplying a fix (CVE-2014-0076)
+     [Yuval Yarom and Naomi Benger]
+
+  *) TLS pad extension: draft-agl-tls-padding-03
+
+     Workaround for the "TLS hang bug" (see FAQ and PR#2771): if the
+     TLS client Hello record length value would otherwise be > 255 and
+     less that 512 pad with a dummy extension containing zeroes so it
+     is at least 512 bytes long.
+
+     [Adam Langley, Steve Henson]
+
  Changes between 1.0.1e and 1.0.1f [6 Jan 2014]
 
   *) Fix for TLS record tampering bug. A carefully crafted invalid 
-- 
2.40.0