BSDSec

deadsimple BSD Security Advisories and Announcements

LibreSSL 2.1.3 released

We have released LibreSSL 2.1.3, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon.

This release enhances security, OS and software compatibility,
including:

* Fixes for various memory leaks in DTLS, including those for
  CVE-2015-0206.

* Application-Layer Protocol Negotiation (ALPN) support.

* Simplfied and refactored SSL/DTLS handshake code.

* SHA256 Camellia cipher suites for TLS 1.2 from RFC 5932.

* Earlier libtls support for non-blocking sockets and randomized
  session ID contexts. Work is ongoing with this library - feedback
  and potential use-cases are welcome.

* Support building Windows DLLs.  Thanks to Jan Engelhard.

* Packaged config wrapper for better compatibility with OpenSSL-based
  build systems.  Thanks to @technion from github.

* Ensure the stack is marked non-executable for assembly sections.
  Thanks to Anthony G. Bastile.

* Extra compiler hardening flags are enabled by default where
  applicable.  Thanks to Jim Barlow.

* Initial HP-UX support. Thanks to Kinichiro Inoguchi.

* Initial NetBSD support. Thanks to @gitisihara from github.

The release hash file is now signed both with signify (SHA256.sig)
and gpg (SHA256.asc) for convenience, and if you like, double
verification.

The LibreSSL project continues improvement of the codebase to reflect
modern, safe programming practices. We welcome feedback and improvements
from the broader community. Thanks to all of the contributors who
helped make this release possible.