Opened 2 years ago
Last modified 2 years ago
#64841 closed update
update libressl to 3.4.3 — at Initial Version
| Reported by: | artkiver (グレェ) | Owned by: | |
|---|---|---|---|
| Priority: | Normal | Milestone: | |
| Component: | ports | Version: | |
| Keywords: | haspatch | Cc: | |
| Port: | libressl |
Description
Similar to ticket https://trac.macports.org/ticket/64839 LibreSSL (stable, as related to OpenBSD 7.0) was updated to version 3.4.3 on March 15th, 2022.
Release notes are available here: https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.4.3-relnotes.txt
Salient security fix related excerpt:
" * A malicious certificate can cause an infinite loop. Reported by and fix from Tavis Ormandy and David Benjamin, Google."
I already submitted a PR for libressl-devel to bring it to 3.5.1. I won't be submitted a diff or PR for 3.3.6 (also released on March 15th, 2022, addressing the same security fix) because that is tied more to OpenBSD 6.9 and the OpenBSD development team only "supporting" two older releases due to constraints with developer resources.
diff to update the libressl Portfile from version 3.4.2 to 3.4.3