--- pgp/doc/changes.doc	2018/04/24 16:43:56	1.1.1.1
+++ pgp/doc/changes.doc	2018/04/24 16:44:55	1.1.1.2
@@ -2,6 +2,55 @@
 the newfor22.doc through newfor26.doc, starting with the most recent
 information first]
 
+Changes for PGP 2.6.2
+
+- Some people reported a "bug" that you could stick an extra paragraph
+  in the beginning of a clear-signed message and PGP would still report
+  a good signature.  PGP allows comment "headers" before ASCII-armor
+  blocks (like the Version: header that's there for debugging
+  purposes), terminated, as with e-mail and usenet messages, by a blank
+  line.  These headers are just window dressing; PGP ignores them.  So
+  this is actually a "feature"; the bug is that people think it's part
+  of the signed message.  There are a number of ways to fake the
+  visual appearance of a blank line using common file-viewing
+  utilities, a blank line is easy to miss even if you know about it,
+  and headers are not presently used in clear-signed messages.  So now
+  headers are forbidden at the beginning of a clear-signed message.
+  Also, PGP enforces an RFC-822-like syntax on header lines before ASCII
+  armor.
+  Note that in no case has PGP's output ever been compromised; the problem
+  arises only if people see the "good signature" message but try to read
+  the input directly to see what was signed.
+- Closed files properly in a number of error situations, which also helps
+  PGP run under OS/2. (Contributed by John Frickson)
+- Improved OS/2 makefile target.
+- Added a few contributed makefile entries (hpux9, amix, encore, machten)
+- Fixed MAX_BIT_PRECISION to 2048.
+- Changed the +'s printed during prime generation (to indicate that a
+  candidate prime just passed a Fermat test) to *'s, since some people's
+  modems go into command mode when fed slow strings of +'s.
+- Added a copyright notice for RSAREF.
+- Updated the manual-checking error message to tell people that they
+  can find a simple fix if they RTFM.  Hopefully this will further
+  encourage people to complain to whoever distributed PGP without the
+  manual instead of just getting frustrated.
+- Fixed (at long last) PGP's table of file extensions to know that
+  gzip is .gz, and not .z. (Which was the preferred form some time ago.)
+- Fixed a bug in key editing with the public and secret keyrings in
+  different directories.  The old code was assuming they were in the same
+  directory, which used to be a safe assumption, but no more.
+- Fixed a problem with access() on VMS returning failure when fed a
+  directory that exists.
+- Enlarged randseed.bin to hold more entropy, and arranged for it to be
+  saved on each invocation of PGP so the entropy from keystrokes while
+  not encrypting would be available for future use.  See the comment in
+  random.c for implementation details.
+- A problem checking separate signatures on files with upper-128
+  characters has been fixed.  PGP was assuming that since MS-DOS uses
+  CRLF line endings, files for signature testing are already in canonical
+  test format.  This is not true if upper-128 characters are in use.
+- Got rid of pkcs_compat as redundant.
+
 Changes to PGP 2.6.1
 
 PGP 2.6.1 is a bugfix release of PGP 2.6. It fixes many bugs that have been