Harmonize with OpenSSL_1_0_1-stable version of CHANGES.

CHANGES

@@ -105,7 +105,7 @@
      whose return value is often ignored. 
      [Steve Henson]
   
- Changes between 1.0.0 and 1.0.1  [xx XXX xxxx]
+ Changes between 1.0.0a and 1.0.1  [xx XXX xxxx]
 
   *) Add call to ENGINE_register_all_complete() to
      ENGINE_load_builtin_engines(), so some implementations get used
@@ -127,18 +127,17 @@
 
  Changes between 1.0.0a and 1.0.0b  [xx XXX xxxx]
 
-
   *) Fix WIN32 build system to correctly link an ENGINE directory into
      a DLL. 
      [Steve Henson]
 
- Changes between 1.0.0 and 1.0.0a  [xx XXX xxxx]
-  
+ Changes between 1.0.0 and 1.0.0a  [01 Jun 2010]
+
   *) Check return value of int_rsa_verify in pkey_rsa_verifyrecover 
      (CVE-2010-1633)
      [Steve Henson, Peter-Michael Hager <hager@dortmund.net>]
 
- Changes between 0.9.8n and 1.0.0  [xx XXX xxxx]
+ Changes between 0.9.8n and 1.0.0  [29 Mar 2010]
 
   *) Add "missing" function EVP_CIPHER_CTX_copy(). This copies a cipher
      context. The operation can be customised via the ctrl mechanism in
@@ -979,7 +978,10 @@
   *) Change 'Configure' script to enable Camellia by default.
      [NTT]
   
- Changes between 0.9.8n and 0.9.8o [xx XXX xxxx]
+ Changes between 0.9.8n and 0.9.8o [01 Jun 2010]
+
+  [NB: OpenSSL 0.9.8o and later 0.9.8 patch levels were released after
+  OpenSSL 1.0.0.]
 
   *) Correct a typo in the CMS ASN1 module which can result in invalid memory
      access or freeing data twice (CVE-2010-0742)
@@ -990,6 +992,12 @@
      SSL_library_init and not OpenSSL_add_all_algorithms() will fail.
      [Steve Henson]
 
+  *) VMS fixes: 
+     Reduce copying into .apps and .test in makevms.com
+     Don't try to use blank CA certificate in CA.com
+     Allow use of C files from original directories in maketests.com
+     [Steven M. Schweda" <sms@antinode.info>]
+
  Changes between 0.9.8m and 0.9.8n [24 Mar 2010]
 
   *) When rejecting SSL/TLS records due to an incorrect version number, never
@@ -998,8 +1006,8 @@
      - OpenSSL 0.9.8f if 'short' is longer than 16 bits,
      the previous behavior could result in a read attempt at NULL when
      receiving specific incorrect SSL/TLS records once record payload
-     protection is active.  (CVE-2010-####)
-     [Bodo Moeller, Adam Langley]
+     protection is active.  (CVE-2010-0740)
+     [Bodo Moeller, Adam Langley <agl@chromium.org>]
 
   *) Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL 
      could be crashed if the relevant tables were not present (e.g. chrooted).