3.0.2 changelogv3.0.2

author: Brent Cook <busterb@gmail.com> 2019-10-15 14:28:46 -0500
committer: Brent Cook <busterb@gmail.com> 2019-10-15 14:28:46 -0500
commit: 9371ddb5525f69f43a328419d09eb49a439d7c0f (patch)
tree: 5cb521211e6acb66e8dfb78416aaa2979ce68a1b
parent: d27b19deaf22c308f7ce28eaf5dfda4712ed4bd3 (diff)
download: portable-3.0.2.tar.gz
portable-3.0.2.tar.bz2
portable-3.0.2.zip
1 files changed, 15 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 36ed3d0..3062fc4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -28,6 +28,21 @@ history is also available from Git.
 LibreSSL Portable Release Notes:
+3.0.2 - Stable release
+        * Use a valid curve when constructing an EC_KEY that looks like X25519.
+          The recent EC group cofactor change results in stricter validation,
+          which causes the EC_GROUP_set_generator() call to fail.
+          Issue reported and fix tested by rsadowski@
+        * Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey.
+          (Note that the CMS code is currently disabled)
+          Port of Edlinger's Fix for CVE-2019-1563 from OpenSSL 1.1.1 (old license) 
+        * Avoid a path traversal bug in s_server on Windows when run with the -WWW
+          or -HTTP options, due to incomplete path check logic.
+          Issue reported and fix tested by Jobert Abma
 3.0.1 - Development release
        * Ported Billy Brumley's fix for CVE-2019-1547 in OpenSSL 1.1.1. If a NULL
author	Brent Cook <busterb@gmail.com>	2019-10-15 14:28:46 -0500
committer	Brent Cook <busterb@gmail.com>	2019-10-15 14:28:46 -0500
commit	9371ddb5525f69f43a328419d09eb49a439d7c0f (patch)
tree	5cb521211e6acb66e8dfb78416aaa2979ce68a1b
parent	d27b19deaf22c308f7ce28eaf5dfda4712ed4bd3 (diff)
download	portable-3.0.2.tar.gz portable-3.0.2.tar.bz2 portable-3.0.2.zip

diff --git a/ChangeLog b/ChangeLog index 36ed3d0..3062fc4 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -28,6 +28,21 @@ history is also available from Git.
28		28
29	LibreSSL Portable Release Notes:	29	LibreSSL Portable Release Notes:
30		30
		31	3.0.2 - Stable release
		32
		33	* Use a valid curve when constructing an EC_KEY that looks like X25519.
		34	The recent EC group cofactor change results in stricter validation,
		35	which causes the EC_GROUP_set_generator() call to fail.
		36	Issue reported and fix tested by rsadowski@
		37
		38	* Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey.
		39	(Note that the CMS code is currently disabled)
		40	Port of Edlinger's Fix for CVE-2019-1563 from OpenSSL 1.1.1 (old license)
		41
		42	* Avoid a path traversal bug in s_server on Windows when run with the -WWW
		43	or -HTTP options, due to incomplete path check logic.
		44	Issue reported and fix tested by Jobert Abma
		45
31	3.0.1 - Development release	46	3.0.1 - Development release
32		47
33	* Ported Billy Brumley's fix for CVE-2019-1547 in OpenSSL 1.1.1. If a NULL	48	* Ported Billy Brumley's fix for CVE-2019-1547 in OpenSSL 1.1.1. If a NULL