diff options
| -rw-r--r-- | ChangeLog | 15 |
1 files changed, 15 insertions, 0 deletions
| @@ -28,6 +28,21 @@ history is also available from Git. | |||
| 28 | 28 | ||
| 29 | LibreSSL Portable Release Notes: | 29 | LibreSSL Portable Release Notes: |
| 30 | 30 | ||
| 31 | 3.0.2 - Stable release | ||
| 32 | |||
| 33 | * Use a valid curve when constructing an EC_KEY that looks like X25519. | ||
| 34 | The recent EC group cofactor change results in stricter validation, | ||
| 35 | which causes the EC_GROUP_set_generator() call to fail. | ||
| 36 | Issue reported and fix tested by rsadowski@ | ||
| 37 | |||
| 38 | * Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey. | ||
| 39 | (Note that the CMS code is currently disabled) | ||
| 40 | Port of Edlinger's Fix for CVE-2019-1563 from OpenSSL 1.1.1 (old license) | ||
| 41 | |||
| 42 | * Avoid a path traversal bug in s_server on Windows when run with the -WWW | ||
| 43 | or -HTTP options, due to incomplete path check logic. | ||
| 44 | Issue reported and fix tested by Jobert Abma | ||
| 45 | |||
| 31 | 3.0.1 - Development release | 46 | 3.0.1 - Development release |
| 32 | 47 | ||
| 33 | * Ported Billy Brumley's fix for CVE-2019-1547 in OpenSSL 1.1.1. If a NULL | 48 | * Ported Billy Brumley's fix for CVE-2019-1547 in OpenSSL 1.1.1. If a NULL |