OpenBSD Journal

LibreSSL 3.5.0 development branch released

Contributed by grey on from the Development branches of Transport Layer Series of tubes dept.

As of February 24th, 2022, LibreSSL's development branch has been updated to version 3.5.0.

The complete release notes may be viewed here:

https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.5.0-relnotes.txt

There is a lot there which would be best to read in its entirety rather than attempting to summarize here. However, for the sake of emphatic repetition and encouragement from the community at large, this quote seems salient and worth sharing: 
This is a development release for the 3.5.x branch, and we appreciate additional testing
and feedback before the final release coming soon with OpenBSD 7.1.

(Comments are closed)

Comments

  1. By grey (grey) on

    For what it's worth, for those who are stuck on macOS, I also submitted a PR to MacPorts to update their libressl-devel port (which was still at 2.9.2).

    The PR can be viewed here:

    https://github.com/macports/macports-ports/pull/14166
    Though, at the time of this writing is has not been merged despite no immediate conflicts being observable.

    However, anecdotally, I did encounter a couple of issues with other MacPorts once using LibreSSL 3.5.0. Namely: libevent and kerberos5 seem to have issues with building and installing. Thankfully, the OpenSSH though it defaults to a variant which uses kerberos5, can be installed without that variant with no issues. Meanwhile, the only MacPort I personally have on my test system which uses libevent as a dependency at this time, is tmux, and it seems to install and function OK despite the error with installing libevent after LibreSSL 3.5.0 is installed as well.

    I realize this isn't specifically OpenBSD nor LibreSSL related, but for those who want additional insights into porting OpenBSD and LibreSSL related code to other projects, the MacPorts Trac where I document such issues in a bit more depth is viewable here:

    https://trac.macports.org/ticket/64747

    You can also take my diff and apply it yourselves if you don't want to wait on MacPorts to merge my PR (albeit, typically their hesitation seems to be for reasons related to things unrelated to the diffs themselves, such as how the commit was merged or branched or maybe some excruciatingly pedantic commentary on my commit messages and such which reads more like pointless tone policing or bike shedding to me. However, MacPorts is not my project after all, so I do my best to comply, even if it means PRs are not merged for months after my initial tests and submissions)

    Of course, if you are worried about any of that, none of those MacPorts default to LibreSSL currently, which seems a shame. However, if you use the libressl MacPort (as contrasted with the MacPort: libressl-devel) that has at least been updated to version 3.4.2 since December of last year due to some modest effort on my part and no build nor install issues arise with libevent, nor the default kerberos5 variant of OpenSSH in such instances.

    Of course, if you are using OpenBSD, none of these are issues whatsoever and you can expect the latest and greatest code by default.

    Comments

Latest Articles

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]