git log --oneline --reverse --no-abbrev-commit OpenSSL_1_0_2u..OpenSSL_1_0_2za
12ad22dd16ffe47f8cde3cddb84a160e8cdb3e30 (refs/pull/10665/head, OpenSSL_1_0_2-stable) Prepare for 1.0.2v-dev
6950a8d6a2e6933bb32ae8ed345f1441ee63ef8c Implement blinding for EC scalar multiplication
9b561f657634f275c37b43f5417fc697632d816c Update CHANGES and NEWS for the 1.02v release
a0038dd58d742b3437c43337516a19c0e8c46c84 Update copyright year
3f9c9c6ee9c792fa2819007777149f889090e540 (tag: OpenSSL_1_0_2v) Prepare for 1.0.2v release
653394aed1dcece30af6987cc1821399c9e12ddb Prepare for 1.0.2w-dev
258aa8181ec01ae2e955318385d1bdd99d37a848 Move the static "DH" ciphersuites into the "weak-ssl-ciphers" list
3e5a7e8d8a5c52f89e2a85df6d9dad305149b1f3 Make SSL_OP_SINGLE_ECDH_USE the default and mandatory
5a9d51bc1eef03ad238f6fb0d4e8dce8c1a818a6 Update copyright year
51fe13e340561da2a51870785c8f0818872fc1bc (tag: OpenSSL_1_0_2w) Prepare for 1.0.2w release
4e09a3f55d53f4b65df34c62854a5232348d8c92 Prepare for 1.0.2x-dev
33282fd31a3353bc479c02a12281307e5835bc0a DirectoryString is a CHOICE type and therefore uses explicit tagging
2154ab83e14ede338d2ede9bbe5cdfce5d5a6c9e Correctly compare EdiPartyName in GENERAL_NAME_cmp()
601021f28e621034d7990482f49e236f7a5bea5f Check that multi-strings/CHOICE types don't use implicit tagging
3cc8c260fbe52bf5ac654b266c07f6dc7c2b7d87 Complain if we are attempting to encode with an invalid ASN.1 template
8093d2491e9000d3b9d880070f970ceb2d591455 Add a test for GENERAL_NAME_cmp
411ae4f03c15f538fb416367d0ab36662b91a3a1 Add a test for encoding/decoding using an invalid ASN.1 Template
9e565d0640493cb51af9fa10b9fbf4cf5372aa00 Update CHANGES and NEWS for new release
15a48d2094e225015aedeed07c5ee79e8094eaa9 Update copyright year
61f86186e00aee7745f639962abb2c7ac762757d make update
fa174e280f15db2093c026a7e15433b5e5c65a76 (tag: OpenSSL_1_0_2x) Prepare for 1.0.2x release
4fa51c34a911cae8e7d4a49ec4469229096e34c9 Prepare for 1.0.2y-dev
d029cd33ccaad89cb700181abe17955982e21e4a Ensure SRP BN_mod_exp follows the constant time path
8252ee4d90f3f2004d3d0aeeed003ad49c9a7807 Fix Null pointer deref in X509_issuer_and_serial_hash()
30919ab80a478f2d81f2e9acdcca3fa4740cd547 Fix the RSA_SSLV23_PADDING padding type
9b1129239f3ebb1d1c98ce9ed41d5c9476c47cb2 Don't overflow the output length in EVP_CipherUpdate calls
4e4fa8c54788797517d40ac3edb0565cdb5058c4 Updates CHANGES and NEWS for new release
80c82b831c39e10da8e2c899402cd8382a95cbdf Update copyright year
924fdf1fbec0f305dbf77c9d9250fdf9080aef88 (tag: OpenSSL_1_0_2y) Prepare for 1.0.2y release
9fa004a899aa7a1cb2ce8651c57dfbe45e29dc70 Prepare for 1.0.2za-dev
433ad3400d5bf0a6a03a4ef6387c34501d7ff93b Fix i2v_GENERAL_NAME to not assume NUL terminated strings
28115d1170e5400c4b4ff246aaff73d39364dbda Fix POLICYINFO printing to not assume NUL terminated strings
0833e3b0b7c905370700d5f7e31c9a35de68250e Fix printing of PROXY_CERT_INFO_EXTENSION to not assume NUL terminated strings
d10667a39939ba8cb5f43bcce384ba458ce2bb07 Fix the name constraints code to not assume NUL terminated strings
46c5cfe501b9e8c838c4f3e90ff5547e8c754241 Fix append_ia5 function to not assume NUL terminated strings
792082baf191d1e588ff8219453a51f6f78f70d5 Fix NETSCAPE_SPKI_print function to not assume NUL terminated strings
ccb0a11145ee72b042d10593a64eaf9e8a55ec12 Fix a read buffer overrun in X509_CERT_AUX_print()
0bc58d7759be985928c0676e1b938c749c37f97a Update CHANGES and NEWS for new release
4ee19e30050fbbf9cf6d6f0a3e125cbb7e3bad09 Update copyright year
ca24b3e8a88d02094d26bb72c50267ae4da4ca2a Run make update
11e489b8da357feab83bb6f819eaf7f1d909a617 (tag: OpenSSL_1_0_2za) Prepare for 1.0.2za release

6950a8d6a2e6933bb32ae8ed345f1441ee63ef8c Implement blinding for EC scalar multiplication
CVE-2020-1968 258aa8181ec01ae2e955318385d1bdd99d37a848 Move the static "DH" ciphersuites into the "weak-ssl-ciphers" list
CVE-2020-1968 3e5a7e8d8a5c52f89e2a85df6d9dad305149b1f3 Make SSL_OP_SINGLE_ECDH_USE the default and mandatory
CVE-2020-1971 33282fd31a3353bc479c02a12281307e5835bc0a DirectoryString is a CHOICE type and therefore uses explicit tagging
CVE-2020-1971 2154ab83e14ede338d2ede9bbe5cdfce5d5a6c9e Correctly compare EdiPartyName in GENERAL_NAME_cmp()
CVE-2020-1971 601021f28e621034d7990482f49e236f7a5bea5f Check that multi-strings/CHOICE types don't use implicit tagging
CVE-2020-1971 3cc8c260fbe52bf5ac654b266c07f6dc7c2b7d87 Complain if we are attempting to encode with an invalid ASN.1 template
CVE-2020-1971 8093d2491e9000d3b9d880070f970ceb2d591455 Add a test for GENERAL_NAME_cmp
CVE-2020-1971 411ae4f03c15f538fb416367d0ab36662b91a3a1 Add a test for encoding/decoding using an invalid ASN.1 Template
d029cd33ccaad89cb700181abe17955982e21e4a Ensure SRP BN_mod_exp follows the constant time path
CVE-2021-23841 8252ee4d90f3f2004d3d0aeeed003ad49c9a7807 Fix Null pointer deref in X509_issuer_and_serial_hash()
CVE-2021-23839 30919ab80a478f2d81f2e9acdcca3fa4740cd547 Fix the RSA_SSLV23_PADDING padding type
CVE-2021-23840 9b1129239f3ebb1d1c98ce9ed41d5c9476c47cb2 Don't overflow the output length in EVP_CipherUpdate calls
CVE-2021-3712 433ad3400d5bf0a6a03a4ef6387c34501d7ff93b Fix i2v_GENERAL_NAME to not assume NUL terminated strings
CVE-2021-3712 28115d1170e5400c4b4ff246aaff73d39364dbda Fix POLICYINFO printing to not assume NUL terminated strings
CVE-2021-3712 0833e3b0b7c905370700d5f7e31c9a35de68250e Fix printing of PROXY_CERT_INFO_EXTENSION to not assume NUL terminated strings
CVE-2021-3712 d10667a39939ba8cb5f43bcce384ba458ce2bb07 Fix the name constraints code to not assume NUL terminated strings
CVE-2021-3712 46c5cfe501b9e8c838c4f3e90ff5547e8c754241 Fix append_ia5 function to not assume NUL terminated strings
CVE-2021-3712 792082baf191d1e588ff8219453a51f6f78f70d5 Fix NETSCAPE_SPKI_print function to not assume NUL terminated strings
CVE-2021-3712 ccb0a11145ee72b042d10593a64eaf9e8a55ec12 Fix a read buffer overrun in X509_CERT_AUX_print()