3.0.2 changelog

author: Brent Cook <busterb@gmail.com> 2019-10-15 14:28:46 -0500
committer: Brent Cook <busterb@gmail.com> 2019-10-27 06:07:59 -0500
commit: f490e28bd85f877748ef8e01bec34e75356ddd29 (patch)
tree: 06fbe45f859691fc3e4ac52679196c56dba1074a
parent: 6de156f87cb127e1540c2c3be8070523c69b827e (diff)
download: portable-f490e28bd85f877748ef8e01bec34e75356ddd29.tar.gz
portable-f490e28bd85f877748ef8e01bec34e75356ddd29.tar.bz2
portable-f490e28bd85f877748ef8e01bec34e75356ddd29.zip
1 files changed, 15 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 36ed3d0..3062fc4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -28,6 +28,21 @@ history is also available from Git.
 LibreSSL Portable Release Notes:
+3.0.2 - Stable release
+        * Use a valid curve when constructing an EC_KEY that looks like X25519.
+          The recent EC group cofactor change results in stricter validation,
+          which causes the EC_GROUP_set_generator() call to fail.
+          Issue reported and fix tested by rsadowski@
+        * Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey.
+          (Note that the CMS code is currently disabled)
+          Port of Edlinger's Fix for CVE-2019-1563 from OpenSSL 1.1.1 (old license) 
+        * Avoid a path traversal bug in s_server on Windows when run with the -WWW
+          or -HTTP options, due to incomplete path check logic.
+          Issue reported and fix tested by Jobert Abma
 3.0.1 - Development release
        * Ported Billy Brumley's fix for CVE-2019-1547 in OpenSSL 1.1.1. If a NULL
author	Brent Cook <busterb@gmail.com>	2019-10-15 14:28:46 -0500
committer	Brent Cook <busterb@gmail.com>	2019-10-27 06:07:59 -0500
commit	f490e28bd85f877748ef8e01bec34e75356ddd29 (patch)
tree	06fbe45f859691fc3e4ac52679196c56dba1074a
parent	6de156f87cb127e1540c2c3be8070523c69b827e (diff)
download	portable-f490e28bd85f877748ef8e01bec34e75356ddd29.tar.gz portable-f490e28bd85f877748ef8e01bec34e75356ddd29.tar.bz2 portable-f490e28bd85f877748ef8e01bec34e75356ddd29.zip

diff --git a/ChangeLog b/ChangeLog index 36ed3d0..3062fc4 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -28,6 +28,21 @@ history is also available from Git.
28		28
29	LibreSSL Portable Release Notes:	29	LibreSSL Portable Release Notes:
30		30
		31	3.0.2 - Stable release
		32
		33	* Use a valid curve when constructing an EC_KEY that looks like X25519.
		34	The recent EC group cofactor change results in stricter validation,
		35	which causes the EC_GROUP_set_generator() call to fail.
		36	Issue reported and fix tested by rsadowski@
		37
		38	* Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey.
		39	(Note that the CMS code is currently disabled)
		40	Port of Edlinger's Fix for CVE-2019-1563 from OpenSSL 1.1.1 (old license)
		41
		42	* Avoid a path traversal bug in s_server on Windows when run with the -WWW
		43	or -HTTP options, due to incomplete path check logic.
		44	Issue reported and fix tested by Jobert Abma
		45
31	3.0.1 - Development release	46	3.0.1 - Development release
32		47
33	* Ported Billy Brumley's fix for CVE-2019-1547 in OpenSSL 1.1.1. If a NULL	48	* Ported Billy Brumley's fix for CVE-2019-1547 in OpenSSL 1.1.1. If a NULL