CHANGES.md: update for 3.2.6

3.2.6 CHANGES.md includes the following:
 * https://github.com/openssl/openssl/pull/28198
 * https://github.com/openssl/openssl/pull/28398
 * https://github.com/openssl/openssl/pull/28411
 * https://github.com/openssl/openssl/pull/28449

Release: Yes
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>

diff --git a/CHANGES.md b/CHANGES.md
index 8a868609d150ac431245c8a891f267902b16686d..1b4ea7aef84fde369b77189fba2ae123f324e8c5 100644 (file)
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -74,6 +74,27 @@ OpenSSL 3.2
 
    *Stanislav Fort*
 
+ * Avoided a potential race condition introduced in 3.2.5, where
+   `OSSL_STORE_CTX` kept open during lookup while potentially being used
+   by multiple threads simultaneously, that could lead to potential crashes
+   when multiple concurrent TLS connections are served.
+
+   *Matt Caswell*
+
+ * Secure memory allocation calls are no longer used for HMAC keys.
+
+   *Dr Paul Dale*
+
+ * `openssl req` no longer generates certificates with an empty extension list
+   when SKID/AKID are set to `none` during generation.
+
+   *David Benjamin*
+
+ * The man page date is now derived from the release date provided
+   in `VERSION.dat` and not the current date for the released builds.
+
+   *Enji Cooper*
+
  * Hardened the provider implementation of the RSA public key "encrypt"
    operation to add a missing check that the caller-indicated output buffer
    size is at least as large as the byte count of the RSA modulus.  The issue