[MacPorts] #64841: libressl: update to 3.4.3 (was: update libressl to 3.4.3)

MacPorts noreply at macports.org
Thu Mar 17 01:30:23 UTC 2022 

#64841: libressl: update to 3.4.3
-----------------------+----------------------
  Reporter:  artkiver  |      Owner:  jeremyhu
      Type:  update    |     Status:  assigned
  Priority:  Normal    |  Milestone:
 Component:  ports     |    Version:
Resolution:            |   Keywords:  haspatch
      Port:  libressl  |
-----------------------+----------------------
Changes (by ryandesign):

 * status:  new => assigned
 * owner:  (none) => jeremyhu
 * keywords:   => haspatch
 * port:   => libressl


Old description:

> Similar to ticket https://trac.macports.org/ticket/64839 LibreSSL
> (stable, as related to OpenBSD 7.0) was updated to version 3.4.3 on March
> 15th, 2022.
>
> Release notes are available here:
> https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.4.3-relnotes.txt
>
> Salient security fix related excerpt:
>
> " * A malicious certificate can cause an infinite loop.
> Reported by and fix from Tavis Ormandy and David Benjamin, Google."
>
> I already submitted a PR for libressl-devel to bring it to 3.5.1. I won't
> be submitted a diff or PR for 3.3.6 (also released on March 15th, 2022,
> addressing the same security fix) because that is tied more to OpenBSD
> 6.9 and the OpenBSD development team only "supporting" two older releases
> due to constraints with developer resources.

New description:

 Similar to ticket #64839 LibreSSL (stable, as related to OpenBSD 7.0) was
 updated to version 3.4.3 on March 15th, 2022.

 Release notes are available here:
 https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.4.3-relnotes.txt

 Salient security fix related excerpt:

 " * A malicious certificate can cause an infinite loop.
 Reported by and fix from Tavis Ormandy and David Benjamin, Google."

 I already submitted a PR for libressl-devel to bring it to 3.5.1. I won't
 be submitted a diff or PR for 3.3.6 (also released on March 15th, 2022,
 addressing the same security fix) because that is tied more to OpenBSD 6.9
 and the OpenBSD development team only "supporting" two older releases due
 to constraints with developer resources.

--

-- 
Ticket URL: <https://trac.macports.org/ticket/64841#comment:2>
MacPorts <https://www.macports.org/>
Ports system for macOS

More information about the macports-tickets mailing list