factotum/libressl-portable
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

3.0.2 changelog

Browse Source
This commit is contained in:
Brent Cook 2019-10-15 14:28:46 -05:00
parent 6de156f87c
commit f490e28bd8
1 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
ChangeLog
View File

@ -28,6 +28,21 @@ history is also available from Git.
LibreSSL Portable Release Notes: LibreSSL Portable Release Notes:
3.0.2 - Stable release
* Use a valid curve when constructing an EC_KEY that looks like X25519.
The recent EC group cofactor change results in stricter validation,
which causes the EC_GROUP_set_generator() call to fail.
Issue reported and fix tested by rsadowski@
* Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey.
(Note that the CMS code is currently disabled)
Port of Edlinger's Fix for CVE-2019-1563 from OpenSSL 1.1.1 (old license)
* Avoid a path traversal bug in s_server on Windows when run with the -WWW
or -HTTP options, due to incomplete path check logic.
Issue reported and fix tested by Jobert Abma
3.0.1 - Development release 3.0.1 - Development release
* Ported Billy Brumley's fix for CVE-2019-1547 in OpenSSL 1.1.1. If a NULL * Ported Billy Brumley's fix for CVE-2019-1547 in OpenSSL 1.1.1. If a NULL