From 3fb985fd04611082bbfc3622a078e8c5e5edb378 Mon Sep 17 00:00:00 2001
From: Rich Salz <rsalz@akamai.com>
Date: Thu, 29 Apr 2021 16:22:30 -0400
Subject: Allow absolute paths to be set

It was a mistake to allow relative paths for include files (just
like root shouldn't have "." in its PATH), but we probably can't
change it now. Add a new pragma "abspath" that someone can put
in the system-wide config file to require absolute paths.

Also update the config documentation to better explain how file
inclusion works.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15090)
---
 CHANGES.md | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'CHANGES.md')

diff --git a/CHANGES.md b/CHANGES.md
index 0e7b09432b..1d2bfd5d63 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -23,6 +23,11 @@ OpenSSL 3.0
 
 ### Changes between 1.1.1 and 3.0 [xx XXX xxxx]
 
+ * Add ".pragma abspath:true" to prevent relative file inclusion in
+   config files.
+
+   * Rich Salz *
+
  * OpenSSL includes a cryptographic module that is intended to be FIPS 140-2
    validated. The module is implemented as an OpenSSL provider, the so-called
    FIPS provider. A list of all changes related to the FIPS provider would go
-- 
cgit v1.2.3