Update CHANGES and NEWS for the new release

 Changes between 1.1.1c and 1.1.1d [xx XXX xxxx]

  *) Fixed a fork protection issue. OpenSSL 1.1.1 introduced a rewritten random

     number generator (RNG). This was intended to include protection in the

     event of a fork() system call in order to ensure that the parent and child

     processes did not share the same RNG state. However this protection was not

     being used in the default case.

     A partial mitigation for this issue is that the output from a high

     precision timer is mixed into the RNG state so the likelihood of a parent

     and child process sharing state is significantly reduced.

     If an application already calls OPENSSL_init_crypto() explicitly using

     OPENSSL_INIT_ATFORK then this problem does not occur at all.

     (CVE-2019-1549)

     [Matthias St. Pierre]

  *) Fixed a padding oracle in PKCS7_decrypt() and CMS_decrypt(). In situations

     where an attacker receives automated notification of the success or failure

     of a decryption attempt an attacker, after sending a very large number of

     messages to be decrypted, can recover a CMS/PKCS7 transported encryption

     key or decrypt any RSA encrypted message that was encrypted with the public

     RSA key, using a Bleichenbacher padding oracle attack. Applications are not

     affected if they use a certificate together with the private RSA key to the

     CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info

     to decrypt.

     (CVE-2019-1563)

     [Bernd Edlinger]

  *) For built-in EC curves, ensure an EC_GROUP built from the curve name is

     used even when parsing explicit parameters, when loading a serialized key

     or calling `EC_GROUP_new_from_ecpkparameters()`/

     was decided to revert this feature and leave it up to the OS

     resp. the platform maintainer to ensure a proper initialization

     during early boot time.

     [Matthias St. Pierre]

 Changes between 1.1.1b and 1.1.1c [28 May 2019]

  Major changes between OpenSSL 1.1.1c and OpenSSL 1.1.1d [under development]

      o

      o Fixed a fork protection issue (CVE-2019-1549)

      o Fixed a padding oracle in PKCS7_decrypt() and CMS_decrypt()

        (CVE-2019-1563)

      o For built-in EC curves, ensure an EC_GROUP built from the curve name is

        used even when parsing explicit parameters

      o Compute ECC cofactors if not provided during EC_GROUP construction

        (CVE-2019-1547)

      o Early start up entropy quality from the DEVRANDOM seed source has been

        improved for older Linux systems

      o Correct the extended master secret constant on EBCDIC systems

      o Use Windows installation paths in the mingw builds (CVE-2019-1552)

      o Changed DH_check to accept parameters with order q and 2q subgroups

      o Significantly reduce secure memory usage by the randomness pools

      o Revert the DEVRANDOM_WAIT feature for Linux systems

  Major changes between OpenSSL 1.1.1b and OpenSSL 1.1.1c [28 May 2019]