OpenBSD Journal

LibreSSL 2.1.0 Released

Contributed by tbert on from the still-polishing-that-turd dept.

Bob Beck (beck@) has announced the release of LibreSSL 2.1.0:

We have released LibreSSL 2.1.0 - which should be arriving in the
LIbreSSL directory of an OpenBSD mirror near you very soon.

This release continues on with further work from after OpenBSD 5.6
code freeze. Our intention is to finalize LibreSSL 2.1 with OpenBSD
5.7

As noted before, we welcome feedback from the broader community.

Enjoy,

-Bob

(Comments are closed)


Comments
  1. By Anonymous Coward (17.39.114.192) on

    Could somebody provide a Link to the Changes, the Changelog is useless and the webcvs-link at the LibreSSL-Page redirects you to the main webcvs-website for OpenBSD....

    Is it so hard to provide a direct working Link...? I downloaded the archiv via GPRS now (so it aint fast to get it) because I found no Changelog online and in this file I get told to read the OpenBSD CVS-Logs.....

    Comments
    1. By journeysquid (Tor) on http://www.openbsd.com/donations.html

      > Could somebody provide a Link to the Changes

      Nope, but this is a start:

      http://www.freshbsd.org/search?project=openbsd&q=libressl

    2. By Marc Espie (espie) on

      > Could somebody provide a Link to the Changes, the Changelog is useless and the webcvs-link at the LibreSSL-Page redirects you to the main webcvs-website for OpenBSD....
      >
      > Is it so hard to provide a direct working Link...? I downloaded the archiv via GPRS now (so it aint fast to get it) because I found no Changelog online and in this file I get told to read the OpenBSD CVS-Logs.....

      Dude, libressl is part of OpenBSD, as far as development goes.
      We have limited resources, so stop whining. What do you prefer ? that we use those resources doing MORE development work, or waste time trying to make nice and tidy and shiny separate logs ?

      Comments
      1. By Anonymous Coward (151.193.120.17) on

        > > Could somebody provide a Link to the Changes, the Changelog is useless and the webcvs-link at the LibreSSL-Page redirects you to the main webcvs-website for OpenBSD....
        > >
        > > Is it so hard to provide a direct working Link...? I downloaded the archiv via GPRS now (so it aint fast to get it) because I found no Changelog online and in this file I get told to read the OpenBSD CVS-Logs.....
        >
        > Dude, libressl is part of OpenBSD, as far as development goes.
        > We have limited resources, so stop whining. What do you prefer ? that we use those resources doing MORE development work, or waste time trying to make nice and tidy and shiny separate logs ?

        Miod I think he/she got a valid point.

        If you release a new version of a software and it adds/removes functionality or it could impact (code changes) existing functionality it would be nice to know what to test/look for.

        Example: I need functionality X and I update LibreSSL and it got removed wich bricks my Setups....

        That kind of overview would be nice. Especialy in a security critical piece of Software. OpenSSH gets developed inside OpenBSD as well and there you find the time to write such stuff down.... so that excuse falls a littlebit short if it comes to SSL.

        Also Ted asked for feedback: I would like to see a summary of the Changes too.

      2. By Marc Espie (espie) on

        > > Could somebody provide a Link to the Changes, the Changelog is useless and the webcvs-link at the LibreSSL-Page redirects you to the main webcvs-website for OpenBSD....
        > >
        > > Is it so hard to provide a direct working Link...? I downloaded the archiv via GPRS now (so it aint fast to get it) because I found no Changelog online and in this file I get told to read the OpenBSD CVS-Logs.....
        >
        > Dude, libressl is part of OpenBSD, as far as development goes.
        > We have limited resources, so stop whining. What do you prefer ? that we use those resources doing MORE development work, or waste time trying to make nice and tidy and shiny separate logs ?

        Sorry about that... I should have phrased that comment more carefully.
        In general, in other parts of OpenBSD, we're a bit under-staffed and overworked.


        It seems that other comments already gave a positive answer to your request, of which I wasn't aware...

      3. By Theo de Raadt (199.185.136.55) on

        > Dude, libressl is part of OpenBSD, as far as development goes.

        libressl is a subgroup of OpenBSD developers. Marc Espie is not a member of this subgroup, does not work in this area, and probably should not speak for them. Even I am a minor member of that group, and will be cautious below.

        > We have limited resources, so stop whining.

        I think that is a very wrong message.

        Development is proceeding at the correct, careful pace. The integration into OpenBSD is extremely good, lots of thought going into it. The -portable release has an excellent build infrastructure, but the distribution of it (as github, and a signed tgz) is still a little weak. The web site is finally getting some focus this week, because the communication needs to improve.

        As to the lack of a Changelog? There has not been a lot of focus on this. It sounds like some people want to solve this in some way, so the OP is right to bring up the gap.

        > What do you prefer ? that we use those resources doing MORE development work, or waste time trying to make nice and tidy and shiny separate logs ?

        That is too harsh. LibreSSL's code is strong, but the public face is weak and does not need bad PR from inside our midst.

        *I* often want Changelog types of information from other projects, and other OpenBSD and OpenBSD-subprojects do create them in various forms. LibreSSL needs some form of this.

        Comments
        1. By Sebastian Rother (17.39.114.192) on

          > > Dude, libressl is part of OpenBSD, as far as development goes.
          >
          > libressl is a subgroup of OpenBSD developers. Marc Espie is not a member of this subgroup, does not work in this area, and probably should not speak for them. Even I am a minor member of that group, and will be cautious below.
          >
          > > We have limited resources, so stop whining.
          >
          > I think that is a very wrong message.
          >
          > Development is proceeding at the correct, careful pace. The integration into OpenBSD is extremely good, lots of thought going into it. The -portable release has an excellent build infrastructure, but the distribution of it (as github, and a signed tgz) is still a little weak. The web site is finally getting some focus this week, because the communication needs to improve.
          >
          > As to the lack of a Changelog? There has not been a lot of focus on this. It sounds like some people want to solve this in some way, so the OP is right to bring up the gap.
          >
          > > What do you prefer ? that we use those resources doing MORE development work, or waste time trying to make nice and tidy and shiny separate logs ?
          >
          > That is too harsh. LibreSSL's code is strong, but the public face is weak and does not need bad PR from inside our midst.
          >
          > *I* often want Changelog types of information from other projects, and other OpenBSD and OpenBSD-subprojects do create them in various forms. LibreSSL needs some form of this.
          >


          Thank you Theo!

        2. By Marc Espie (espie) on

          > > Dude, libressl is part of OpenBSD, as far as development goes.
          >
          > libressl is a subgroup of OpenBSD developers. Marc Espie is not a member of this subgroup, does not work in this area, and probably should not speak for them. Even I am a minor member of that group, and will be cautious below.


          Indeed. Blame dayjob for grumpy feelings. My comment was out-of-line. I apologize to the libressl subgroup, who have been doing top-notch work. I obviously do not speak for them.


          Sometimes, lack of progress on other things (bugs in dpb, limitations in the pkgtools...), because braincells are busy doing stupid non OpenBSD things, tends to frustrate beyond belief, especially as there are still oodles of things to do in *my* area of involvement in OpenBSD...

          Comments
          1. By Anonymous Coward (10.1.0.4) on

            >
            > especially as there are still oodles of things to do in *my* area of involvement in OpenBSD...

            Marc, you have done amazing things in your area of involvement. Thank you for you contribution to the project.

    3. By Anonymous Coward (74.194.158.26) on

      If you prefer it, we keep the github mirror up-to-date as well. It can sometimes be easier to follow since it only mirrors portions of the tree relevant to LibreSSL.

      https://github.com/libressl-portable/openbsd/

      For the changes since the 2.0.5 release, try:

      git log --since=2014-08-08

      One interesting note about this release from a portable point of view: if built with Linux kernel 3.17 or later, will take advantage of the new getrandom syscall.

      Comments
      1. By Brent Cook (bcook) on

        > If you prefer it, we keep the github mirror up-to-date as well. It can sometimes be easier to follow since it only mirrors portions of the tree relevant to LibreSSL.
        >
        > https://github.com/libressl-portable/openbsd/
        >
        > For the changes since the 2.0.5 release, try:
        >
        > git log --since=2014-08-08
        >
        > One interesting note about this release from a portable point of view: if built with Linux kernel 3.17 or later, will take advantage of the new getrandom syscall.

        ^ was from me. For LibreSSL portable, the things I hope to finish during the 2.1.x series is integration of assembly support, upgrading to the new mandoc manpage format, and optional building of the new ressl SSL API.

      2. By Anonymous Coward (2001:4b10:1002:cc05:6d50:baf:b875:acf3) on

        It's a good idea to have a separate changelog/release notes file (as a porter I find them very helpful) but these things take time to write and involve a bit of a different skill set than hacking on the small details of the code. If somebody wants this enough and has time, perhaps they'd like to submit a diff to add a file covering past releases (git history, plus.html, @ValhallaSSL are good information sources, but are a bit more detailed than really needed here). This would both give information for past releases, and provide a place that makes it easier to add notes in the future.

  2. By ian kremlin (128.230.184.88) ian@kremlin.cc on kremlin.cc

    awesome! super excited, thanks for all your hard work. one question, will the ressl API be finalized in 5.7?

    Comments
    1. By Anonymous Coward (74.12.197.9) on

      > awesome! super excited, thanks for all your hard work. one question, will the ressl API be finalized in 5.7?

      Finalized is such a strong word.

      That seems unlikely, but perhaps ressl 1.

      Just look at what has happened with PF since 3.0, it has been redone so many times and in so many ways that it resembles the original PF to about the same degree it resembles IPF.

      Finalizing things in the software world take time, but it will probably be closer to stable.

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]