BSDSec

deadsimple BSD Security Advisories and Announcements

LibreSSL 2.8.3 released

16 December, 2018 by busterb@gmail.com | openbsd 

We have released LibreSSL 2.8.3, which will be arriving in the LibreSSL
directory of your local OpenBSD mirror soon. This is the first stable update
from the 2.8 series.

It includes the following changes:

  * Fixed warnings about clock_gettime on Windows Visual Studio builds.

  * Fixed CMake builds on systems where getpagesize is defined as an
    inline function.

  * Implemented coordinate blinding for EC_POINT as an additional
    mitigation for the portsmash vulnerability.

  * Fixed a non-uniformity in getentropy(2) emulation where a block of
    all zeroes would be discarded.

The LibreSSL project continues improvement of the codebase to reflect modern,
safe programming practices. We welcome feedback and improvements from the
broader community. Thanks to all of the contributors who helped make this
release possible.