BSDSec

deadsimple BSD Security Advisories and Announcements

LibreSSL 2.7.3 Released

We have released LibreSSL 2.7.3, which will be arriving in the LibreSSL
directory of your local OpenBSD mirror soon. This is the first bugfix
release from the 2.7 series, which includes the following changes from 2.7.2:

 * Removed incorrect NULL checks in DH_set0_key(). Reported by Ondrej Sury.

 * Limited tls_config_clear_keys() to only clear private keys.
   This was inadvertently clearing the keypair, which includes the OCSP staple
   and pubkey hash - if an application called tls_configure() followed by
   tls_config_clear_keys(), this would prevent OCSP staples from working.

 * Fixed an issue normalizing CPU architecture in the configure script,
   which disabled assembly optimizations on platforms that get detected
   as 'amd64', opposed to 'x86_64'.

The LibreSSL project continues improvement of the codebase to reflect modern,
safe programming practices. We welcome feedback and improvements from the
broader community. Thanks to all of the contributors who helped make this
release possible.