LibreSSL 2.7.1 Released

Ken Cunningham ken.cunningham.webuse at gmail.com
Sat Mar 24 15:23:25 UTC 2018


see <https://trac.macports.org/ticket/55264#comment:3>

> On Mar 24, 2018, at 03:49, Jan Stary <hans at stare.cz> wrote:
> 
> Hi Jeremy,
> 
> what is the plan really with libressl and libressl-devel?
> We have 2.5.5 in security/libressl, 2.6.2 in security/libressl-devel,
> and now 2.7.1 is out.
> 
> I would just prepare an udate of libressl to 2.7.1,
> but I want to as kfirst: why do we have "devel".
> LibreSSL themselves make no such distinction,
> these are just "releases".
> 
>    Jan
> 
> 
> PS: specific MacOS fixes here
> 
>> On Mar 23 20:17:39, busterb at gmail.com wrote:
>> We have released LibreSSL 2.7.1, which will be arriving in the
>> LibreSSL directory of your local OpenBSD mirror soon. This is the second
>> release from the 2.7 series, which will be part of OpenBSD 6.3.
>> 
>> It includes the following changes from 2.7.0
>> 
>> * Fixed a bug in int_x509_param_set_hosts, calling strlen() if name
>>   length provided is 0 to match the OpenSSL behaviour. Issue noticed
>>   by Christian Heimes <christian at python.org>
>> 
>> * Fixed builds macOS 10.11 and older.
>> 
>> LibreSSL 2.7.1 also includes:
>> 
>> * Added support for many OpenSSL 1.0.2 and 1.1 APIs, based on
>>   observations of real-world usage in applications. These are
>>   implemented in parallel with existing OpenSSL 1.0.1 APIs - visibility
>>   changes have not been made to existing structs, allowing code written
>>   for older OpenSSL APIs to continue working.
>> 
>> * Extensive corrections, improvements, and additions to the
>>   API documentation, including new public APIs from OpenSSL that had
>>   no pre-existing documentation.
>> 
>> * Added support for automatic library initialization in libcrypto,
>>   libssl, and libtls. Support for pthread_once or a compatible
>>   equivalent is now required of the target operating system. As a
>>   side-effect, minimum Windows support is Vista or higher.
>> 
>> * Converted more packet handling methods to CBB, which improves
>>   resiliency when generating TLS messages.
>> 
>> * Completed TLS extension handling rewrite, improving consistency of
>>   checks for malformed and duplicate extensions.
>> 
>> * Rewrote ASN1_TYPE_{get,set}_octetstring() using templated ASN.1.
>>   This removes the last remaining use of the old M_ASN1_* macros
>>   (asn1_mac.h) from API that needs to continue to exist.
>> 
>> * Added support for client-side session resumption in libtls.
>>   A libtls client can specify a session file descriptor (a regular
>>   file with appropriate ownership and permissions) and libtls will
>>   manage reading and writing of session data across TLS handshakes.
>> 
>> * Improved support for strict alignment on ARMv7 architectures,
>>   conditionally enabling assembly in those cases.
>> 
>> * Fixed a memory leak in libtls when reusing a tls_config.
>> 
>> * Merged more DTLS support into the regular TLS code path, removing
>>   duplicated code.
>> 
>> * Many improvements to Windows Cmake-based builds and tests,
>>   especially when targeting Visual Studio.
>> 
>> Thanks for all of the testing, suggestions, and updates from the porting
>> community. We look forward to releasing a final stable version in a few
>> weeks.
>> 
>> The LibreSSL project continues improvement of the codebase to reflect modern,
>> safe programming practices. We welcome feedback and improvements from the
>> broader community. Thanks to all of the contributors who helped make this
>> release possible.
>> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macports.org/pipermail/macports-users/attachments/20180324/5c791c7b/attachment.html>


More information about the macports-users mailing list