pkgsrc/security/libressl
ryoon 4090f04985 Update to 2.7.4
Changelog:
2.7.4
We have released LibreSSL 2.7.4, a security update for the
2.7.x series. It contains the following changes:

  * Avoid a timing side-channel leak when generating DSA and ECDSA
    signatures. This is caused by an attempt to do fast modular
    arithmetic, which introduces branches that leak information
    regarding secret values. Issue identified and reported by Keegan
    Ryan of NCC Group.

  * Reject excessively large primes in DH key generation. Problem
    reported by Guido Vranken to OpenSSL
    (https://github.com/openssl/openssl/pull/6457) and based on his
    diff.

2.7.3
We have released LibreSSL 2.7.3, which will be arriving in the LibreSSL
directory of your local OpenBSD mirror soon. This is the first bugfix
release from the 2.7 series, which includes the following changes from 2.7.2:

 * Removed incorrect NULL checks in DH_set0_key(). Reported by Ondrej Sury.

 * Limited tls_config_clear_keys() to only clear private keys.
   This was inadvertently clearing the keypair, which includes the OCSP staple
   and pubkey hash - if an application called tls_configure() followed by
   tls_config_clear_keys(), this would prevent OCSP staples from working.

 * Fixed an issue normalizing CPU architecture in the configure script,
   which disabled assembly optimizations on platforms that get detected
   as 'amd64', opposed to 'x86_64'.

2.7.2
ve released LibreSSL 2.7.2, which will be arriving in the LibreSSL
directory of your local OpenBSD mirror soon. This is the first stable release
from the 2.7 series, which is also included with OpenBSD 6.3.

It includes the following changes from 2.7.1

 * Updated and added extensive new HISTORY sections to API manuals.

 * Added support for shared library builds with CMake on all supported
   platforms. Note that some of the CMake options have changed, consult
   the README for details.

LibreSSL 2.7.2 also includes:

 * Added support for many OpenSSL 1.0.2 and 1.1 APIs, based on
   observations of real-world usage in applications. These are
   implemented in parallel with existing OpenSSL 1.0.1 APIs - visibility
   changes have not been made to existing structs, allowing code written
   for older OpenSSL APIs to continue working.

 * Extensive corrections, improvements, and additions to the
   API documentation, including new public APIs from OpenSSL that had
   no pre-existing documentation.

 * Added support for automatic library initialization in libcrypto,
   libssl, and libtls. Support for pthread_once or a compatible
   equivalent is now required of the target operating system. As a
   side-effect, minimum Windows support is Vista or higher.

 * Converted more packet handling methods to CBB, which improves
   resiliency when generating TLS messages.

 * Completed TLS extension handling rewrite, improving consistency of
   checks for malformed and duplicate extensions.

 * Rewrote ASN1_TYPE_{get,set}_octetstring() using templated ASN.1.
   This removes the last remaining use of the old M_ASN1_* macros
   (asn1_mac.h) from API that needs to continue to exist.

 * Added support for client-side session resumption in libtls.
   A libtls client can specify a session file descriptor (a regular
   file with appropriate ownership and permissions) and libtls will
   manage reading and writing of session data across TLS handshakes.

 * Improved support for strict alignment on ARMv7 architectures,
   conditionally enabling assembly in those cases.

 * Fixed a memory leak in libtls when reusing a tls_config.

 * Merged more DTLS support into the regular TLS code path, removing
   duplicated code.

 * Many improvements to Windows Cmake-based builds and tests,
   especially when targeting Visual Studio.

2.7.1
We have released LibreSSL 2.7.1, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon. This is the second
release from the 2.7 series, which will be part of OpenBSD 6.3.

It includes the following changes from 2.7.0

 * Fixed a bug in int_x509_param_set_hosts, calling strlen() if name
   length provided is 0 to match the OpenSSL behaviour. Issue noticed
   by Christian Heimes <christian@python.org>

 * Fixed builds macOS 10.11 and older.

LibreSSL 2.7.1 also includes:

 * Added support for many OpenSSL 1.0.2 and 1.1 APIs, based on
   observations of real-world usage in applications. These are
   implemented in parallel with existing OpenSSL 1.0.1 APIs - visibility
   changes have not been made to existing structs, allowing code written
   for older OpenSSL APIs to continue working.

 * Extensive corrections, improvements, and additions to the
   API documentation, including new public APIs from OpenSSL that had
   no pre-existing documentation.

 * Added support for automatic library initialization in libcrypto,
   libssl, and libtls. Support for pthread_once or a compatible
   equivalent is now required of the target operating system. As a
   side-effect, minimum Windows support is Vista or higher.

 * Converted more packet handling methods to CBB, which improves
   resiliency when generating TLS messages.

 * Completed TLS extension handling rewrite, improving consistency of
   checks for malformed and duplicate extensions.

 * Rewrote ASN1_TYPE_{get,set}_octetstring() using templated ASN.1.
   This removes the last remaining use of the old M_ASN1_* macros
   (asn1_mac.h) from API that needs to continue to exist.

 * Added support for client-side session resumption in libtls.
   A libtls client can specify a session file descriptor (a regular
   file with appropriate ownership and permissions) and libtls will
   manage reading and writing of session data across TLS handshakes.

 * Improved support for strict alignment on ARMv7 architectures,
   conditionally enabling assembly in those cases.

 * Fixed a memory leak in libtls when reusing a tls_config.

 * Merged more DTLS support into the regular TLS code path, removing
   duplicated code.

 * Many improvements to Windows Cmake-based builds and tests,
   especially when targeting Visual Studio.

2.7.0
We have released LibreSSL 2.7.0, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon. This is the first
release from the 2.7 series, which will be part of OpenBSD 6.3.
It includes the following changes:

 * Added support for many OpenSSL 1.0.2 and 1.1 APIs, based on
   observations of real-world usage in applications. These are
   implemented in parallel with existing OpenSSL 1.0.1 APIs - visibility
   changes have not been made to existing structs, allowing code written
   for older OpenSSL APIs to continue working.

 * Extensive corrections, improvements, and additions to the
   API documentation, including new public APIs from OpenSSL that had
   no pre-existing documentation.

 * Added support for automatic library initialization in libcrypto,
   libssl, and libtls. Support for pthread_once or a compatible
   equivalent is now required of the target operating system. As a
   side-effect, minimum Windows support is Vista or higher.

 * Converted more packet handling methods to CBB, which improves
   resiliency when generating TLS messages.

 * Completed TLS extension handling rewrite, improving consistency of
   checks for malformed and duplicate extensions.

 * Rewrote ASN1_TYPE_{get,set}_octetstring() using templated ASN.1.
   This removes the last remaining use of the old M_ASN1_* macros
   (asn1_mac.h) from API that needs to continue to exist.

 * Added support for client-side session resumption in libtls.
   A libtls client can specify a session file descriptor (a regular
   file with appropriate ownership and permissions) and libtls will
   manage reading and writing of session data across TLS handshakes.

 * Improved support for strict alignment on ARMv7 architectures,
   conditionally enabling assembly in those cases.

 * Fixed a memory leak in libtls when reusing a tls_config.

 * Merged more DTLS support into the regular TLS code path, removing
   duplicated code.

 * Many improvements to Windows Cmake-based builds and tests,
   especially when targeting Visual Studio.
2018-06-21 23:10:50 +00:00
..
patches libressl: Leave pkgsrc to handle security features. 2018-02-02 13:46:00 +00:00
buildlink3.mk
DESCR
distinfo Update to 2.7.4 2018-06-21 23:10:50 +00:00
Makefile Update to 2.7.4 2018-06-21 23:10:50 +00:00
PLIST Update to 2.7.4 2018-06-21 23:10:50 +00:00