Opened 3 years ago
Closed 3 years ago
#64841 closed update (fixed)
libressl: update to 3.4.3
Reported by: | artkiver (グレェ) | Owned by: | jeremyhu (Jeremy Huddleston Sequoia) |
---|---|---|---|
Priority: | Normal | Milestone: | |
Component: | ports | Version: | |
Keywords: | haspatch | Cc: | |
Port: | libressl |
Description (last modified by ryandesign (Ryan Carsten Schmidt))
Similar to ticket #64839 LibreSSL (stable, as related to OpenBSD 7.0) was updated to version 3.4.3 on March 15th, 2022.
Release notes are available here: https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.4.3-relnotes.txt
Salient security fix related excerpt:
" * A malicious certificate can cause an infinite loop. Reported by and fix from Tavis Ormandy and David Benjamin, Google."
I already submitted a PR for libressl-devel to bring it to 3.5.1. I won't be submitted a diff or PR for 3.3.6 (also released on March 15th, 2022, addressing the same security fix) because that is tied more to OpenBSD 6.9 and the OpenBSD development team only "supporting" two older releases due to constraints with developer resources.
Attachments (1)
Change History (4)
Changed 3 years ago by artkiver (グレェ)
Attachment: | libressl3.4.3.diff added |
---|
comment:1 Changed 3 years ago by artkiver (グレェ)
GitHub PR is here: https://github.com/macports/macports-ports/pull/14279
comment:2 Changed 3 years ago by ryandesign (Ryan Carsten Schmidt)
Description: | modified (diff) |
---|---|
Keywords: | haspatch added |
Owner: | set to jeremyhu |
Port: | libressl added |
Status: | new → assigned |
Summary: | update libressl to 3.4.3 → libressl: update to 3.4.3 |
comment:3 Changed 3 years ago by artkiver (グレェ)
Resolution: | → fixed |
---|---|
Status: | assigned → closed |
diff to update the libressl Portfile from version 3.4.2 to 3.4.3