[MacPorts] #55264: libressl @2.5.5: update to 2.6.5

MacPorts noreply at macports.org
Wed Jan 9 03:47:08 UTC 2019

#55264: libressl @2.5.5: update to 2.6.5
  Reporter:  l2dy      |      Owner:  jeremyhu
      Type:  update    |     Status:  new
  Priority:  Normal    |  Milestone:
 Component:  ports     |    Version:
Resolution:            |   Keywords:  security
      Port:  libressl  |

Comment (by l2dy):

 Replying to [comment:3 jeremyhu]:
 > Yes, I wanted to hold off on doing any libressl update until we came to
 a solution for #54744 because it's always a PITA to revvupgrade-rebuild
 everything ;)

 It's been more than a year since the last `libressl` update. We really
 shouldn't hold this off much longer.

 Credits: openSUSE-SU-2018:2597-1

 >  This update for libressl to version 2.8.0 fixes the following issues:
 >  Security issues fixed:
 >  - CVE-2018-12434: Avoid a timing side-channel leak when generating DSA
 >    ECDSA signatures. (`boo#1097779`)
 >  - Reject excessively large primes in DH key generation.
 >  - CVE-2018-8970: Fixed a bug in int_x509_param_set_hosts, calling
 >    if name length provided is 0 to match the OpenSSL behaviour.
 >    (`boo#1086778`)
 >  - Fixed an out-of-bounds read and crash in DES-fcrypt (`boo#1065363`)

Ticket URL: <https://trac.macports.org/ticket/55264#comment:23>
MacPorts <https://www.macports.org/>
Ports system for macOS

More information about the macports-tickets mailing list