LibreSSL 2.7.1 Released
Ken Cunningham
ken.cunningham.webuse at gmail.com
Sat Mar 24 15:23:25 UTC 2018
see <https://trac.macports.org/ticket/55264#comment:3>
> On Mar 24, 2018, at 03:49, Jan Stary <hans at stare.cz> wrote:
>
> Hi Jeremy,
>
> what is the plan really with libressl and libressl-devel?
> We have 2.5.5 in security/libressl, 2.6.2 in security/libressl-devel,
> and now 2.7.1 is out.
>
> I would just prepare an udate of libressl to 2.7.1,
> but I want to as kfirst: why do we have "devel".
> LibreSSL themselves make no such distinction,
> these are just "releases".
>
> Jan
>
>
> PS: specific MacOS fixes here
>
>> On Mar 23 20:17:39, busterb at gmail.com wrote:
>> We have released LibreSSL 2.7.1, which will be arriving in the
>> LibreSSL directory of your local OpenBSD mirror soon. This is the second
>> release from the 2.7 series, which will be part of OpenBSD 6.3.
>>
>> It includes the following changes from 2.7.0
>>
>> * Fixed a bug in int_x509_param_set_hosts, calling strlen() if name
>> length provided is 0 to match the OpenSSL behaviour. Issue noticed
>> by Christian Heimes <christian at python.org>
>>
>> * Fixed builds macOS 10.11 and older.
>>
>> LibreSSL 2.7.1 also includes:
>>
>> * Added support for many OpenSSL 1.0.2 and 1.1 APIs, based on
>> observations of real-world usage in applications. These are
>> implemented in parallel with existing OpenSSL 1.0.1 APIs - visibility
>> changes have not been made to existing structs, allowing code written
>> for older OpenSSL APIs to continue working.
>>
>> * Extensive corrections, improvements, and additions to the
>> API documentation, including new public APIs from OpenSSL that had
>> no pre-existing documentation.
>>
>> * Added support for automatic library initialization in libcrypto,
>> libssl, and libtls. Support for pthread_once or a compatible
>> equivalent is now required of the target operating system. As a
>> side-effect, minimum Windows support is Vista or higher.
>>
>> * Converted more packet handling methods to CBB, which improves
>> resiliency when generating TLS messages.
>>
>> * Completed TLS extension handling rewrite, improving consistency of
>> checks for malformed and duplicate extensions.
>>
>> * Rewrote ASN1_TYPE_{get,set}_octetstring() using templated ASN.1.
>> This removes the last remaining use of the old M_ASN1_* macros
>> (asn1_mac.h) from API that needs to continue to exist.
>>
>> * Added support for client-side session resumption in libtls.
>> A libtls client can specify a session file descriptor (a regular
>> file with appropriate ownership and permissions) and libtls will
>> manage reading and writing of session data across TLS handshakes.
>>
>> * Improved support for strict alignment on ARMv7 architectures,
>> conditionally enabling assembly in those cases.
>>
>> * Fixed a memory leak in libtls when reusing a tls_config.
>>
>> * Merged more DTLS support into the regular TLS code path, removing
>> duplicated code.
>>
>> * Many improvements to Windows Cmake-based builds and tests,
>> especially when targeting Visual Studio.
>>
>> Thanks for all of the testing, suggestions, and updates from the porting
>> community. We look forward to releasing a final stable version in a few
>> weeks.
>>
>> The LibreSSL project continues improvement of the codebase to reflect modern,
>> safe programming practices. We welcome feedback and improvements from the
>> broader community. Thanks to all of the contributors who helped make this
>> release possible.
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macports.org/pipermail/macports-users/attachments/20180324/5c791c7b/attachment.html>
More information about the macports-users
mailing list