LibreSSL 2.7.1 Released

Jan Stary hans at stare.cz
Sat Mar 24 09:49:03 UTC 2018 

Hi Jeremy,

what is the plan really with libressl and libressl-devel?
We have 2.5.5 in security/libressl, 2.6.2 in security/libressl-devel,
and now 2.7.1 is out.

I would just prepare an udate of libressl to 2.7.1,
but I want to as kfirst: why do we have "devel".
LibreSSL themselves make no such distinction,
these are just "releases".

	Jan


PS: specific MacOS fixes here

On Mar 23 20:17:39, busterb at gmail.com wrote:
> We have released LibreSSL 2.7.1, which will be arriving in the
> LibreSSL directory of your local OpenBSD mirror soon. This is the second
> release from the 2.7 series, which will be part of OpenBSD 6.3.
> 
> It includes the following changes from 2.7.0
> 
>  * Fixed a bug in int_x509_param_set_hosts, calling strlen() if name
>    length provided is 0 to match the OpenSSL behaviour. Issue noticed
>    by Christian Heimes <christian at python.org>
> 
>  * Fixed builds macOS 10.11 and older.
> 
> LibreSSL 2.7.1 also includes:
> 
>  * Added support for many OpenSSL 1.0.2 and 1.1 APIs, based on
>    observations of real-world usage in applications. These are
>    implemented in parallel with existing OpenSSL 1.0.1 APIs - visibility
>    changes have not been made to existing structs, allowing code written
>    for older OpenSSL APIs to continue working.
> 
>  * Extensive corrections, improvements, and additions to the
>    API documentation, including new public APIs from OpenSSL that had
>    no pre-existing documentation.
> 
>  * Added support for automatic library initialization in libcrypto,
>    libssl, and libtls. Support for pthread_once or a compatible
>    equivalent is now required of the target operating system. As a
>    side-effect, minimum Windows support is Vista or higher.
> 
>  * Converted more packet handling methods to CBB, which improves
>    resiliency when generating TLS messages.
> 
>  * Completed TLS extension handling rewrite, improving consistency of
>    checks for malformed and duplicate extensions.
> 
>  * Rewrote ASN1_TYPE_{get,set}_octetstring() using templated ASN.1.
>    This removes the last remaining use of the old M_ASN1_* macros
>    (asn1_mac.h) from API that needs to continue to exist.
> 
>  * Added support for client-side session resumption in libtls.
>    A libtls client can specify a session file descriptor (a regular
>    file with appropriate ownership and permissions) and libtls will
>    manage reading and writing of session data across TLS handshakes.
> 
>  * Improved support for strict alignment on ARMv7 architectures,
>    conditionally enabling assembly in those cases.
> 
>  * Fixed a memory leak in libtls when reusing a tls_config.
> 
>  * Merged more DTLS support into the regular TLS code path, removing
>    duplicated code.
> 
>  * Many improvements to Windows Cmake-based builds and tests,
>    especially when targeting Visual Studio.
> 
> Thanks for all of the testing, suggestions, and updates from the porting
> community. We look forward to releasing a final stable version in a few
> weeks.
> 
> The LibreSSL project continues improvement of the codebase to reflect modern,
> safe programming practices. We welcome feedback and improvements from the
> broader community. Thanks to all of the contributors who helped make this
> release possible.
>

More information about the macports-users mailing list