We have released LibreSSL 3.8.2, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon. This is the
first stable release for the 3.8.x branch, also available with OpenBSD 7.4
It includes the following changes from LibreSSL 3.8.1
* Portable changes
- Fixed processor detection for CMake targets.
Thanks to @jiegec from github.
- Enabled building oscpcheck with MSVC.
Thanks to @FtZPetruska from github.
- Improve CMake package detection and installation.
Thanks to @mark-groundctl from github.
- Fixed assembly optimizations on x64 Windows targets.
- Allow disabling warnings about WINCRYPT overrides.
- Use system arc4random on FreeBSD 12 and newer.
* Documentation improvements
- Documented the RFC 3779 API.
* Compatibility changes
- Restrict the RFC 3779 code to IPv4 and IPv6. It was not written
to be able to deal with anything else.
- Fixed EVP_CIPHER_CTX_iv_length() to return what was set with
EVP_CTRL_AEAD_SET_IVLEN or one of its aliases.
* Bug fixes
- Fixed EVP_PKEY_get{0,1}_RSA for RSA-PSS.
- Plug a potential memory leak in ASN1_TIME_normalize().
- Avoid memory leak in EVP_CipherInit().
- Redirect EVP_PKEY_get1_* through their get0 siblings.
- Fixed a use of uninitialized in i2r_IPAddrBlocks().
- Rewrote CMS_SignerInfo_{sign,verify}().
- Further cleanup and refactoring in the EC code.
- Allow IP addresses to be specified in a URI.
- Fixed a copy-paste error in ASN1_TIME_compare() that could lead
to two UTCTimes or two GeneralizedTimes incorrectly being compared
as equal.
The LibreSSL project continues improvement of the codebase to reflect modern,
safe programming practices. We welcome feedback and improvements from the
broader community. Thanks to all of the contributors who helped make this
release possible.