Re: LibreSSL 2.7.1 Released

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: LibreSSL 2.7.1 Released

Jan Stary
Hi Jeremy,

what is the plan really with libressl and libressl-devel?
We have 2.5.5 in security/libressl, 2.6.2 in security/libressl-devel,
and now 2.7.1 is out.

I would just prepare an udate of libressl to 2.7.1,
but I want to as kfirst: why do we have "devel".
LibreSSL themselves make no such distinction,
these are just "releases".

        Jan


PS: specific MacOS fixes here

On Mar 23 20:17:39, [hidden email] wrote:

> We have released LibreSSL 2.7.1, which will be arriving in the
> LibreSSL directory of your local OpenBSD mirror soon. This is the second
> release from the 2.7 series, which will be part of OpenBSD 6.3.
>
> It includes the following changes from 2.7.0
>
>  * Fixed a bug in int_x509_param_set_hosts, calling strlen() if name
>    length provided is 0 to match the OpenSSL behaviour. Issue noticed
>    by Christian Heimes <[hidden email]>
>
>  * Fixed builds macOS 10.11 and older.
>
> LibreSSL 2.7.1 also includes:
>
>  * Added support for many OpenSSL 1.0.2 and 1.1 APIs, based on
>    observations of real-world usage in applications. These are
>    implemented in parallel with existing OpenSSL 1.0.1 APIs - visibility
>    changes have not been made to existing structs, allowing code written
>    for older OpenSSL APIs to continue working.
>
>  * Extensive corrections, improvements, and additions to the
>    API documentation, including new public APIs from OpenSSL that had
>    no pre-existing documentation.
>
>  * Added support for automatic library initialization in libcrypto,
>    libssl, and libtls. Support for pthread_once or a compatible
>    equivalent is now required of the target operating system. As a
>    side-effect, minimum Windows support is Vista or higher.
>
>  * Converted more packet handling methods to CBB, which improves
>    resiliency when generating TLS messages.
>
>  * Completed TLS extension handling rewrite, improving consistency of
>    checks for malformed and duplicate extensions.
>
>  * Rewrote ASN1_TYPE_{get,set}_octetstring() using templated ASN.1.
>    This removes the last remaining use of the old M_ASN1_* macros
>    (asn1_mac.h) from API that needs to continue to exist.
>
>  * Added support for client-side session resumption in libtls.
>    A libtls client can specify a session file descriptor (a regular
>    file with appropriate ownership and permissions) and libtls will
>    manage reading and writing of session data across TLS handshakes.
>
>  * Improved support for strict alignment on ARMv7 architectures,
>    conditionally enabling assembly in those cases.
>
>  * Fixed a memory leak in libtls when reusing a tls_config.
>
>  * Merged more DTLS support into the regular TLS code path, removing
>    duplicated code.
>
>  * Many improvements to Windows Cmake-based builds and tests,
>    especially when targeting Visual Studio.
>
> Thanks for all of the testing, suggestions, and updates from the porting
> community. We look forward to releasing a final stable version in a few
> weeks.
>
> The LibreSSL project continues improvement of the codebase to reflect modern,
> safe programming practices. We welcome feedback and improvements from the
> broader community. Thanks to all of the contributors who helped make this
> release possible.
>
Reply | Threaded
Open this post in threaded view
|

Re: LibreSSL 2.7.1 Released

Ken Cunningham

On Mar 24, 2018, at 03:49, Jan Stary <[hidden email]> wrote:

Hi Jeremy,

what is the plan really with libressl and libressl-devel?
We have 2.5.5 in security/libressl, 2.6.2 in security/libressl-devel,
and now 2.7.1 is out.

I would just prepare an udate of libressl to 2.7.1,
but I want to as kfirst: why do we have "devel".
LibreSSL themselves make no such distinction,
these are just "releases".

   Jan


PS: specific MacOS fixes here

On Mar 23 20:17:39, [hidden email] wrote:
We have released LibreSSL 2.7.1, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon. This is the second
release from the 2.7 series, which will be part of OpenBSD 6.3.

It includes the following changes from 2.7.0

* Fixed a bug in int_x509_param_set_hosts, calling strlen() if name
  length provided is 0 to match the OpenSSL behaviour. Issue noticed
  by Christian Heimes <[hidden email]>

* Fixed builds macOS 10.11 and older.

LibreSSL 2.7.1 also includes:

* Added support for many OpenSSL 1.0.2 and 1.1 APIs, based on
  observations of real-world usage in applications. These are
  implemented in parallel with existing OpenSSL 1.0.1 APIs - visibility
  changes have not been made to existing structs, allowing code written
  for older OpenSSL APIs to continue working.

* Extensive corrections, improvements, and additions to the
  API documentation, including new public APIs from OpenSSL that had
  no pre-existing documentation.

* Added support for automatic library initialization in libcrypto,
  libssl, and libtls. Support for pthread_once or a compatible
  equivalent is now required of the target operating system. As a
  side-effect, minimum Windows support is Vista or higher.

* Converted more packet handling methods to CBB, which improves
  resiliency when generating TLS messages.

* Completed TLS extension handling rewrite, improving consistency of
  checks for malformed and duplicate extensions.

* Rewrote ASN1_TYPE_{get,set}_octetstring() using templated ASN.1.
  This removes the last remaining use of the old M_ASN1_* macros
  (asn1_mac.h) from API that needs to continue to exist.

* Added support for client-side session resumption in libtls.
  A libtls client can specify a session file descriptor (a regular
  file with appropriate ownership and permissions) and libtls will
  manage reading and writing of session data across TLS handshakes.

* Improved support for strict alignment on ARMv7 architectures,
  conditionally enabling assembly in those cases.

* Fixed a memory leak in libtls when reusing a tls_config.

* Merged more DTLS support into the regular TLS code path, removing
  duplicated code.

* Many improvements to Windows Cmake-based builds and tests,
  especially when targeting Visual Studio.

Thanks for all of the testing, suggestions, and updates from the porting
community. We look forward to releasing a final stable version in a few
weeks.

The LibreSSL project continues improvement of the codebase to reflect modern,
safe programming practices. We welcome feedback and improvements from the
broader community. Thanks to all of the contributors who helped make this
release possible.

Reply | Threaded
Open this post in threaded view
|

Re: LibreSSL 2.7.1 Released

Ryan Schmidt-24
In reply to this post by Jan Stary
On Mar 24, 2018, at 04:49, Jan Stary wrote:

> what is the plan really with libressl and libressl-devel?
> We have 2.5.5 in security/libressl, 2.6.2 in security/libressl-devel,
> and now 2.7.1 is out.
>
> I would just prepare an udate of libressl to 2.7.1,
> but I want to as kfirst: why do we have "devel".
> LibreSSL themselves make no such distinction,
> these are just "releases".

I've answered that question before...

https://lists.macports.org/pipermail/macports-dev/2018-January/037191.html