We have released LibreSSL 2.0.5, which should be arriving in the
LibreSSL directory of an OpenBSD mirror near you.
This version forward-ports security fixes from OpenSSL 1.0.1i,
including fixes for the following CVEs:
CVE-2014-3506
CVE-2014-3507
CVE-2014-3508 (partially vulnerable)
CVE-2014-3509
We have released LibreSSL 2.1.2, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon.
This release greatly improves performance, interoperability and portability,
while continuing to be easy to build and integrate into your software projects.
This release includes:
OpenNTPD 5.7p1 has just been released. It will be available from the mirrors
listed at http://www.openntpd.org/ shortly.
OpenNTPD is a FREE, secure, and easy to use implementation of the Network Time
Protocol. It provides the ability to sync the local clock to remote NTP servers
and can act as NTP
We have released LibreSSL 2.1.3, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon.
This release enhances security, OS and software compatibility,
including:
* Fixes for various memory leaks in DTLS, including those for
CVE-2015-0206.
* Application-Layer Protoc
OpenNTPD 5.7p3 has just been released. It will be available from the mirrors
listed at http://www.openntpd.org/ shortly.
OpenNTPD is a FREE, secure, and easy to use implementation of the Network Time
Protocol. It provides the ability to sync the local clock to remote NTP servers
and can act as NTP
We have released LibreSSL 2.1.4, which will be arriving in the LibreSSL
directory of your local OpenBSD mirror soon.
This release adds a number of new security features, makes building
privilege-separated programs simpler, and improves the libtls API.
This release also includes a binary package f
We have released LibreSSL 2.1.5, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon.
This release is relatively small, focused on bug fixes before 2.2.x
development begins along-side OpenBSD 5.8.
This or earlier LibreSSL releases may also address issues that are to
We have released LibreSSL 2.1.6, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon.
This release primarily addresses a number of security issues in
coordination with the OpenSSL project.
Fixes for the following issues are integrated into LibreSSL 2.1.6:
*
OpenNTPD 5.7p4 has just been released. It will be available from the mirrors
listed at http://www.openntpd.org/ shortly.
OpenNTPD is a FREE, secure, and easy to use implementation of the Network Time
Protocol. It provides the ability to sync the local clock to remote NTP servers
and can act as NTP
We have released LibreSSL 2.2.0, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon.
This release is the first from the OpenBSD 5.8 development tree and
features mainly on build system improvements and new OS support.
We have also released LibreSSL 2.1.7, which con
We have released LibreSSL 2.2.1, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon.
This release continues from the OpenBSD 5.8 development tree, featuring
expanded OS support, code improvements, and feature removal. Also note
that SSLv3 support has not been remove
We have released LibreSSL 2.2.2, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon.
This release marks the end of the OpenBSD 5.8 development cycle,
featuring expanded portable build support, code improvements, removal of
obsolete workarounds.
SSLv3 deprecation co
We have released LibreSSL 2.3.0, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon.
This release is the first snapshot based on the development OpenBSD 5.9
branch. As such, it is likely to change more compared to the stable
2.2.x and 2.1.x branches. The ABI/API for
We have released LibreSSL 2.3.1, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon.
This release is the second snapshot based on the development OpenBSD 5.9
branch. It is still likely to change more compared to the 2.2.x and
2.1.x branches. The ABI/API for the Libr
We have released LibreSSL 2.2.5 and 2.1.9, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon.
This release is based on the stable OpenBSD 5.8 and 5.7 branches, which
include two fixes from the Dec 3, 2015 OpenSSL release:
- CVE-2015-3194 - NULL pointer dereferen
We have released a number of LibreSSL updates, which will be arriving in
the LibreSSL directory of your local OpenBSD mirror soon.
LibreSSL 2.2.6 and 2.1.10 contain a single change to deprecate use of
the SSL_OP_SINGLE_DH_USE flag. It is now enabled unconditionally.
Thanks to Antonio Sanso for the
We have released LibreSSL 2.3.3, which will be arriving in the LibreSSL
directory of your local OpenBSD mirror soon.
This release marks the beginning of stable 2.3.x branch, with all
API/ABI changes now moving to the 2.4.x development branch. LibreSSL 2.3.3
is identical to the version that will be
OpenNTPD 5.9p1 has just been released. t will be available from the
mirrors listed at http://www.openntpd.org/ shortly.
OpenNTPD is a FREE, secure, and easy to use implementation of the
Network Time Protocol. It provides the ability to sync the local clock
to remote NTP servers and can act as NTP
A bug in the previous libcrypto errata caused an error when reading
ASN.1 elements over 16kb.
Patches for OpenBSD are available. Updated LibreSSL-portable releases
will be available later.
http://ftp.openbsd.org/pub/OpenBSD/patches/5.9/common/009_crypto.patch.sig
http://ftp.openbsd.org/pub/OpenB
OpenNTPD 6.0p1 has just been released. It will be available from the mirrors
listed at http://www.openntpd.org/ shortly.
OpenNTPD is a FREE, secure, and easy to use implementation of the Network Time
Protocol. It provides the ability to sync the local clock to remote NTP servers
and can act as NTP
We have released a first development snapshot of LibreSSL 2.4.0 along
with two stable builds, 2.3.5 and 2.2.8. These should be arriving in
the LibreSSL directory of your local OpenBSD mirror soon.
The 2.3.5 and 2.2.8 releases contain a reliability fix, correcting an
error when parsing certain ASN.
We have released LibreSSL 2.4.2 and 2.3.7, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon.
LibreSSL 2.4.2 is based on the new OpenBSD 6.0 release branch, and is
now the current stable version. LibreSSL 2.3.7 is based on the previous
OpenBSD 5.9 release, and will
LibreSSL portable versions 2.3.7 and 2.4.3 are now released, along with
the newest development version 2.5.0, and will be available at a mirror
near you.
The following issues were fixed in all of the releases:
* Avoid unbounded memory growth in libssl, which can be triggered by a
TLS client
We have released LibreSSL 2.3.9 and 2.4.4, which are availeble in the
LibreSSL directory of your local OpenBSD mirror. Both include the following
reliability change:
* Avoid continual processing of an unlimited number of TLS records,
which can cause a denial-of-service condition. CVE-201
We have released LibreSSL 2.5.1 along with stable versions 2.4.5 and
2.3.10. These will be arriving in the LibreSSL directory of your local
OpenBSD mirror soon.
All of the releases contain the following updates:
* Avoid a side-channel cache-timing attack that can leak the ECDSA
private
We have released LibreSSL 2.5.2, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon. It includes the following
changes:
* Added the recallocarray(3) memory allocation function, and converted
various places in the library to use it, such as CBB and BUF_MEM_
We have released LibreSSL 2.5.4, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon. It includes the
following changes:
* Reverted a previous change that forced consistency between return
value and error code when specifing a certificate verification
callb
We have released LibreSSL 2.5.5 and 2.6.0, which is available in the
LibreSSL directory of your local OpenBSD mirror. LibreSSL 2.5.5 is
derived from the stable branch tracking OpenBSD 6.1. LibreSSL 2.6.0 is
the first release from the development branch that eventually
ship with OpenBSD 6.2.
LibreS
We have made two new portable OpenNTPD releases today. These should be
arriving soon in the OpenNTPD directory of an OpenBSD mirror near you.
OpenNTPD 6.1p1 represents the version shipped with OpenBSD 6.1. It
provides a number of new features and reliability improvements.
OpenNTPD 6.2p1 is the fi
We have released LibreSSL 2.6.1, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon. This is the second
development release from the 2.6 series, which will eventually be part of
OpenBSD 6.2. It includes the following changes:
* Added a "-T tlscompat" option to nc(1
We have released LibreSSL 2.6.2, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon. This is the third
development release from the 2.6 series, which will eventually be part of
OpenBSD 6.2. It includes the following fixes:
* Provide a useful error with libtls if t
OpenNTPD 6.2p3 has just been released, which is based on the OpenBSD 6.2
release.
It will be available from the mirrors listed at http://www.openntpd.org/
shortly.
OpenNTPD is a FREE, secure, and easy to use implementation of the Network Time
Protocol. It provides the ability to sync the local c
We have released LibreSSL 2.6.3, based on OpenBSD 6.2, which will be the new
stable release series. LibreSSL 2.4.x support has also ended. LibreSSL 2.6.3
contains the following changes from the previous stable release:
* Added support for providing CRLs to libtls - once a CRL is provided via
t
We have released LibreSSL 2.6.4, the first stable maintenance release from the
2.6.x series. It contains the following changes from the 2.6.3 release:
* Made tls_config_parse_protocols() work correctly when passed a NULL
pointer for a protocol string. Issue found by semarie@, who also
pr
We have released LibreSSL 2.7.0, which you can now download from
LibreSSL directory of your local OpenBSD mirror. This is the first
release from the 2.7 series, which will be part of OpenBSD 6.3.
It includes the following changes:
* Added support for many OpenSSL 1.0.2 and 1.1 APIs, based on
We have released LibreSSL 2.7.1, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon. This is the second
release from the 2.7 series, which will be part of OpenBSD 6.3.
It includes the following changes from 2.7.0
* Fixed a bug in int_x509_param_set_hosts, calling
We have released LibreSSL 2.7.2, which will be arriving in the LibreSSL
directory of your local OpenBSD mirror soon. LibreSSL 2.7.2 is the first
stable release from the 2.7 series, and is also included with OpenBSD 6.3.
It includes the following changes from 2.7.1
* Updated and added extensive n
We have released LibreSSL 2.7.3, which will be arriving in the LibreSSL
directory of your local OpenBSD mirror soon. This is the first bugfix
release from the 2.7 series, which includes the following changes from 2.7.2:
* Removed incorrect NULL checks in DH_set0_key(). Reported by Ondrej Sury.
We have released LibreSSL 2.7.4 and 2.6.5, security updates for the
current stable release branches. They contain the following changes:
* Avoid a timing side-channel leak when generating DSA and ECDSA
signatures. This is caused by an attempt to do fast modular
arithmetic, which introduc
We have released LibreSSL 2.8.0, which is available from your local
OpenBSD mirror.
This is the first development release from the 2.8 series, which will
eventually be part of OpenBSD 6.4. It includes the following changes:
* Extensive documentation updates and additional API history.
* Fixed
We have released LibreSSL 2.8.1, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon.
This is the second development release from the 2.8 series, which will
eventually be part of OpenBSD 6.4. It includes the following changes:
* Added Wycheproof test vectors for E
We would like to announce that we have released LibreSSL 2.8.2, which is
available in the LibreSSL directory of your local OpenBSD mirror. This
announcement comes a few days after it was first available on October
18th, 2018, along with OpenBSD 6.4. This is the first stable release from
the 2.8 ser
We have released LibreSSL 2.9.0, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon.
This is the first development release from the 2.9 series, which will
eventually be part of OpenBSD 6.5. It includes the following changes:
* CRYPTO_LOCK is now automatically ini
We have released LibreSSL 2.8.3, which will be arriving in the LibreSSL
directory of your local OpenBSD mirror soon. This is the first stable update
from the 2.8 series.
It includes the following changes:
* Fixed warnings about clock_gettime on Windows Visual Studio builds.
* Fixed CMake bui
We have released LibreSSL 2.7.5, a stable update for the
2.7.x series. It contains the following changes:
* Fixed warnings about clock_gettime on Windows Visual Studio builds.
* Fixed CMake builds on systems where getpagesize is defined as an
inline function.
* Fixed manpage installati
We have released LibreSSL 2.9.1, which will be arriving in the LibreSSL
directory of your local OpenBSD mirror soon. This is the first stable release
from the 2.9 series, which is also included with OpenBSD 6.5
It includes the following changes and improvements from LibreSSL 2.8.x:
* API and Doc
We have released LibreSSL 2.9.2, which will be arriving in the LibreSSL
directory of your local OpenBSD mirror soon.
It includes the following changes:
* Fixed portable builds with older versions of MacOS,
Android targets < API 21, and Solaris 10.
* Fixed SRTP profile advertisement for D
We have released LibreSSL 3.0.0, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon.
This is the first development release from the 3.0.x series, which will
eventually be part of OpenBSD 6.6. It includes the following changes:
* Completed the port of RSA_METHOD a
We have released LibreSSL 3.0.1, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon.
This is the second development release from the 3.0 series, which will
eventually be part of OpenBSD 6.6. It includes the following changes:
* Ported Billy Brumley's fix for CVE-2
We have released LibreSSL 3.0.2, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon.
This is the first stable release from the 3.0 series, which is included
with OpenBSD 6.6. It includes the following changes:
* Use a valid curve when constructing an EC_KEY that l
We have released LibreSSL 3.1.0, which will be arriving in the LibreSSL
directory of your local OpenBSD mirror soon.
The signify signing key has been rotated this time around, and the public key
for future releases should appear as follows, while the GPG key remains the
same (releases are verifiab
We have released LibreSSL 3.1.1, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon.
This is the first stable release from the 3.1 series, which is included
with OpenBSD 6.7. It includes the following changes from 3.0:
* New Features
- Completed initial TLS 1.3
We have released LibreSSL 3.1.2, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon.
It includes the following fix:
* A TLS client with peer verification disabled may crash when
contacting a server that sends an empty certificate list.
The LibreSSL project c
We have released LibreSSL 3.2.0, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon.
This is the first development release from the 3.2.x series, which will
eventually be part of OpenBSD 6.8. It includes the following changes:
* Enable TLS 1.3 server side in a
We have released LibreSSL 3.1.3, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon.
It includes the following fix:
* libcrypto may fail to build a valid certificate chain due to
expired untrusted issuer certificates.
The LibreSSL project continues impro
We have released LibreSSL 3.1.4, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon.
It includes the following interoperability and bug fixes for the
TLSv1.3 client:
* Improve client certificate selection to allow EC certificates
instead of only RSA certi
We have released LibreSSL 3.2.1, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon.
This is the second development release from the 3.2.x series, which will
eventually be part of OpenBSD 6.8. It includes the following changes:
* Propagate alerts from the read
We have released LibreSSL 3.2.2, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon.
This is the first stable release from the 3.2 series, which is included
with OpenBSD 6.8. It includes the following changes from LibreSSL 3.2.1:
* This is the first stable rele
We have released LibreSSL 3.3.0, which will be arriving in the LibreSSL
directory of your local OpenBSD mirror soon.
This is the first development release from the 3.3.x series, which will
eventually be part of OpenBSD 6.9. It includes the following changes:
* Make openssl(1) s_server ignore -4
OpenNTPD 6.8p1 has been released, and is now available from your local
OpenBSD mirror. This is the first stable release based on OpenBSD 6.8.
It includes the following changes since OpenNTPD 6.2p3:
* The ntpd daemon now gets and sets the clock in a secure way when booting
even when a bat
We have released LibreSSL 3.3.1, 3.2.3, and 3.1.5, which will be arriving
in the LibreSSL directory of your local OpenBSD mirror soon.
It includes the following security fix:
* Malformed ASN.1 in a certificate revocation list or a timestamp
response token can lead to a NULL pointer dere
We have released LibreSSL 3.2.4, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon.
It includes the following bug and interoperability fixes:
* Switch back to certificate verification code from LibreSSL 3.1.x. The
new verifier is not bug compatible with
We have released LibreSSL 3.2.5, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon.
It includes the following bug fix:
* A TLS client using session resumption may cause a use-after-free.
The LibreSSL project continues improvement of the codebase to reflect mod
We have released LibreSSL 3.3.2, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon. This is the last
development release for the 3.3.x branch before it is declared stable, and we
appreciate additional testing and feedback.
It includes the following changes:
* Th
We have released LibreSSL 3.3.3, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon. This is the first
stable release for the 3.3.x branch, which is based on OpenBSD 6.9.
Other than the version number, it is identical to LibreSSL 3.3.2.
It includes the following ch
We have released LibreSSL 3.2.6 and 3.3.4, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon.
They both include the following fixes:
* In LibreSSL, printing a certificate can result in a crash in
X509_CERT_AUX_print(). Thanks to Ingo Schwarze.
* Ensure GN
We have released LibreSSL 3.4.0, a development release for
the 3.4.x branch. Important new features have been enabled in this
release, and we appreciate additional testing and feedback before the
final release, coming soon with OpenBSD 7.0.
It includes the following changes (additional details in
We have released LibreSSL 3.3.5 and 3.2.7, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon.
It includes the following fixes:
* A stack overread could occur when checking X.509 name constraints.
From GoldBinocle on GitHub.
* Enable X509_V_FLAG_TRUSTED_FI
We have released LibreSSL 3.4.1, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon. This is the
first stable release for the 3.4.x branch, also available with OpenBSD 7.0.
It includes the following changes from LibreSSL 3.3.x
* New Features
- Added support f
We have released LibreSSL 3.4.2, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon.
It includes the following security fix
* In some situations the X.509 verifier would discard an error on an
unverified certificate chain, resulting in an authentication bypas
We have released LibreSSL 3.5.0, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon. This is a
development release for the 3.5.x branch, and we appreciate additional testing
and feedback before the final release coming soon with OpenBSD 7.1.
It includes the followin
We have released LibreSSL 3.3.6, 3.4.3, and 3.5.1, which will be
arriving in the LibreSSL directory of your local OpenBSD mirror soon.
They include the following security fix:
* A malicious certificate can cause an infinite loop.
Reported by and fix from Tavis Ormandy and David Benjamin
We have released LibreSSL 3.5.2, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon. This is the
first stable release for the 3.5.x branch, also available with OpenBSD 7.1
It includes the following changes from LibreSSL 3.4.x
* New Features
- The RFC 3779 API w
We have released LibreSSL 3.5.3, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon.
It includes the following reliability fix:
* Fix d2i_ASN1_OBJECT(). A confusion of two CBS resulted in advancing
the passed *der_in pointer incorrectly. Thanks to Aram Sargsy
We have released LibreSSL 3.6.0, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon. This is a
development release for the 3.6.x branch, and we appreciate additional testing
and feedback before the final release coming soon with OpenBSD 7.2.
It includes the followin
We have released LibreSSL 3.6.1, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon. This is the first
stable portable LibreSSL release from the OpenBSD 7.2 branch.
It includes the following fixes from LibreSSL 3.6.0:
- Custom verification callbacks could cause th
We have released LibreSSL 3.7.0, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon. This is a
development release from the 3.7.x branch, which will eventually ship
with OpenBSD 7.3.
It includes the following changes:
* Internal improvements
- Remove dependen
We have released LibreSSL 3.5.4 and 3.6.2, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon.
They include the following security fix:
* A malicious certificate revocation list or timestamp response token
would allow an attacker to read arbitrary memory.
Li
We have released LibreSSL 3.7.1, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon. This is the final
development release for the 3.7.x branch, and we appreciate additional testing
and feedback before the stable release coming soon with OpenBSD 7.3
It includes the
We have released LibreSSL 3.7.2, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon. This is the
first stable release for the 3.7.x branch, also available with OpenBSD 7.3
It includes the following changes from the 3.6.x series
* Portable changes
- Moved offi
We have released LibreSSL 3.6.3 and 3.7.3, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon.
They include the following fixes:
* Bug fix
- Hostflags in the verify parameters would not propagate from an
SSL_CTX to newly created SSL.
* Reliability fix
We have released LibreSSL 3.8.0, which will be arriving in the LibreSSL
directory of your local OpenBSD mirror soon. This is a development
release for the 3.8.x branch, so we appreciate early testing and
feedback.
It includes the following changes:
* Portable changes
- Extended the endian.h
We have released LibreSSL 3.8.1, which will be arriving in the LibreSSL
directory of your local OpenBSD mirror soon. This is a development release for
the 3.8.x branch, so we appreciate early testing and feedback.
It includes the following changes:
* Portable changes
- Applications bundled
We have released LibreSSL 3.9.0, which will be arriving in the LibreSSL
directory of your local OpenBSD mirror soon. This is a development release for
the 3.9.x branch, so we appreciate early testing and feedback.
It includes the following changes:
* Portable changes
- libcrypto no longer e
We have released LibreSSL 3.8.3, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon. This is the
second stable release for the 3.8.x branch.
It includes the following changes from LibreSSL 3.8.2
* Portable changes
- Removed assert pop-ups with Windows d
We have released LibreSSL 3.8.4 and 3.9.1 which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon. LibreSSL 3.9.1 is
the first stable release for the 3.9.x branch, and will also be
available with OpenBSD 7.5.
Both releases include the following changes from the previous
We have released LibreSSL 3.9.2, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon.
It includes the following change from LibreSSL 3.9.1:
* Bugfixes
- OpenBSD 7.5 errata 003. A missing bounds check could lead to a crash
due to dereferencing a zero-sized a
88 matches
Mail list logo
