BSDSec

deadsimple BSD Security Advisories and Announcements

LibreSSL 2.1.5 released

We have released LibreSSL 2.1.5, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon.

This release is relatively small, focused on bug fixes before 2.2.x
development begins along-side OpenBSD 5.8.

This or earlier LibreSSL releases may also address issues that are to be
revealed by The OpenSSL Project Team on the 19th of March, 2015.

The LibreSSL team is not typically apprised of OpenSSL-related security
issues in advance. We will address any previously-unknown issues that
are found to affect LibreSSL in future releases.

Issues addressed since 2.1.4:

* Fix incorrect comparison function in openssl(1) certhash command.
  Thanks to Christian Neukirchen / Void Linux.

* Windows port improvements and bug fixes.
  - Removed a dependency on libgcc in 32-bit dynamic libraries.
  - Correct a hang in openssl(1) reading from stdin on an connection.
  - Initialize winsock in openssl(1) earlier, allow 'openssl ocsp' and
    any other network-related commands to function properly.

* Reject all server DH keys smaller than 1024 bits.

The LibreSSL project continues improvement of the codebase to reflect modern,
safe programming practices. We welcome feedback and improvements from the
broader community. Thanks to all of the contributors who helped make this
release possible.