<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div></div><div>see <<a href="https://trac.macports.org/ticket/55264#comment:3">https://trac.macports.org/ticket/55264#comment:3</a>></div><div><br>On Mar 24, 2018, at 03:49, Jan Stary <<a href="mailto:hans@stare.cz">hans@stare.cz</a>> wrote:<br><br></div><blockquote type="cite"><div><span>Hi Jeremy,</span><br><span></span><br><span>what is the plan really with libressl and libressl-devel?</span><br><span>We have 2.5.5 in security/libressl, 2.6.2 in security/libressl-devel,</span><br><span>and now 2.7.1 is out.</span><br><span></span><br><span>I would just prepare an udate of libressl to 2.7.1,</span><br><span>but I want to as kfirst: why do we have "devel".</span><br><span>LibreSSL themselves make no such distinction,</span><br><span>these are just "releases".</span><br><span></span><br><span>    Jan</span><br><span></span><br><span></span><br><span>PS: specific MacOS fixes here</span><br><span></span><br><span>On Mar 23 20:17:39, <a href="mailto:busterb@gmail.com">busterb@gmail.com</a> wrote:</span><br><blockquote type="cite"><span>We have released LibreSSL 2.7.1, which will be arriving in the</span><br></blockquote><blockquote type="cite"><span>LibreSSL directory of your local OpenBSD mirror soon. This is the second</span><br></blockquote><blockquote type="cite"><span>release from the 2.7 series, which will be part of OpenBSD 6.3.</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>It includes the following changes from 2.7.0</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span> * Fixed a bug in int_x509_param_set_hosts, calling strlen() if name</span><br></blockquote><blockquote type="cite"><span>   length provided is 0 to match the OpenSSL behaviour. Issue noticed</span><br></blockquote><blockquote type="cite"><span>   by Christian Heimes <<a href="mailto:christian@python.org">christian@python.org</a>></span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span> * Fixed builds macOS 10.11 and older.</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>LibreSSL 2.7.1 also includes:</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span> * Added support for many OpenSSL 1.0.2 and 1.1 APIs, based on</span><br></blockquote><blockquote type="cite"><span>   observations of real-world usage in applications. These are</span><br></blockquote><blockquote type="cite"><span>   implemented in parallel with existing OpenSSL 1.0.1 APIs - visibility</span><br></blockquote><blockquote type="cite"><span>   changes have not been made to existing structs, allowing code written</span><br></blockquote><blockquote type="cite"><span>   for older OpenSSL APIs to continue working.</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span> * Extensive corrections, improvements, and additions to the</span><br></blockquote><blockquote type="cite"><span>   API documentation, including new public APIs from OpenSSL that had</span><br></blockquote><blockquote type="cite"><span>   no pre-existing documentation.</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span> * Added support for automatic library initialization in libcrypto,</span><br></blockquote><blockquote type="cite"><span>   libssl, and libtls. Support for pthread_once or a compatible</span><br></blockquote><blockquote type="cite"><span>   equivalent is now required of the target operating system. As a</span><br></blockquote><blockquote type="cite"><span>   side-effect, minimum Windows support is Vista or higher.</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span> * Converted more packet handling methods to CBB, which improves</span><br></blockquote><blockquote type="cite"><span>   resiliency when generating TLS messages.</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span> * Completed TLS extension handling rewrite, improving consistency of</span><br></blockquote><blockquote type="cite"><span>   checks for malformed and duplicate extensions.</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span> * Rewrote ASN1_TYPE_{get,set}_octetstring() using templated ASN.1.</span><br></blockquote><blockquote type="cite"><span>   This removes the last remaining use of the old M_ASN1_* macros</span><br></blockquote><blockquote type="cite"><span>   (asn1_mac.h) from API that needs to continue to exist.</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span> * Added support for client-side session resumption in libtls.</span><br></blockquote><blockquote type="cite"><span>   A libtls client can specify a session file descriptor (a regular</span><br></blockquote><blockquote type="cite"><span>   file with appropriate ownership and permissions) and libtls will</span><br></blockquote><blockquote type="cite"><span>   manage reading and writing of session data across TLS handshakes.</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span> * Improved support for strict alignment on ARMv7 architectures,</span><br></blockquote><blockquote type="cite"><span>   conditionally enabling assembly in those cases.</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span> * Fixed a memory leak in libtls when reusing a tls_config.</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span> * Merged more DTLS support into the regular TLS code path, removing</span><br></blockquote><blockquote type="cite"><span>   duplicated code.</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span> * Many improvements to Windows Cmake-based builds and tests,</span><br></blockquote><blockquote type="cite"><span>   especially when targeting Visual Studio.</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>Thanks for all of the testing, suggestions, and updates from the porting</span><br></blockquote><blockquote type="cite"><span>community. We look forward to releasing a final stable version in a few</span><br></blockquote><blockquote type="cite"><span>weeks.</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>The LibreSSL project continues improvement of the codebase to reflect modern,</span><br></blockquote><blockquote type="cite"><span>safe programming practices. We welcome feedback and improvements from the</span><br></blockquote><blockquote type="cite"><span>broader community. Thanks to all of the contributors who helped make this</span><br></blockquote><blockquote type="cite"><span>release possible.</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote></div></blockquote></body></html>