Changes since v4.3.0:
wolfSSL Release 4.4.0 (04/22/2020)
If you have questions about this release, feel free to contact us on our
info@ address.
Release 4.4.0 of wolfSSL embedded TLS has bug fixes and new features including:
New Feature Additions
* Hexagon support.
* DSP builds to offload ECC verify operations.
* Certificate Manager callback support.
* New APIs for running updates to ChaCha20/Poly1305 AEAD.
* Support for use with Apache.
* Add support for IBM s390x.
* PKCS8 support for ED25519.
* OpenVPN support.
* Add P384 curve support to SP.
* Add BIO and EVP API.
* Add AES-OFB mode.
* Add AES-CFB mode.
* Add Curve448, X448, and Ed448.
* Add Renesas Synergy S7G2 build and hardware acceleration.
Fixes
* Fix for RSA public encrypt / private sign with RSA key sizes over 2048-bit.
* Correct misspellings.
* Secure renegotiation fix.
* Fix memory leak when using ATECC and non-SECP256R1 curves for sign, verify,
or shared secret.
* Fix for K64 MMCAU with WOLFSSL_SMALL_STACK_CACHE.
* Fix the RSA verify only build.
* Fix in SP C implementation for small stack.
* Fix using the auth key id extension is set, hash might not be present.
* Fix when flattening certificate structure to include the subject alt names.
* Fixes for building with ECC sign/verify only.
* Fix for ECC and no cache resistance.
* Fix memory leak in DSA.
* Fix build on minGW.
* Fix PemToDer() call in ProcessBuffer() to set more than ECC.
* Fix for using RSA without SHA-512.
* Add some close tags to the echoserver HTTP example output.
* Miscellaneous fixes and updates for static analysis reports.
* Fixes for time structure support.
* Fixes for VxWorks support.
* Fixes for Async crypto support.
* Fix cache resist compile to work with SP C code.
* Fixes for Curve25519 x64 asm.
* Fix for SP x64 div.
* Fix for DTLS edge case where CCS and Finished come out of order and the
retransmit pool gets flushed.
* Fix for infinite loop in SHA-1 with small inputs. Thanks to Peter W.
* Fix for FIPS Hmac where wc_HmacInit() isn't used. wc_HmacSetKey() needs
to initialize the Hmac structure. Type is set to NONE, and checked against
NONE, not 0.
* Fixes for SP RSA private operations.
* Fixes for Xilinx SDK and Zynq UltraScale+ MPSoC
* Fix leak when building with HAVE_AESGCM and NO_AES_DECRYPT. Thanks G.G.
* Fixes for building ECC without ASN.
* Fix for async TLSv1.3 issues.
* Fix wc_KeyPemToDer() with PKCS1 and empty key.
* Omit -fomit-frame-pointer from CFLAGS in configure.ac.
Improvements/Optimizations
* Qt 5.12 and 5.13 support.
* Added more digest types to Cryptocell RSA sign/verify.
* Some memory usage improvements.
* Speed improvements for mp_rand.
* Improvements to CRL and OCSP support.
* Refactor Poly1305 AEAD/MAC to reduce duplicate code.
* Add blinding to RSA key gen.
* Improvements to blinding.
* Improvement and expansion of OpenSSL Compatibility Layer.
* Improvements to ChaCha20.
* Improvements to X.509 processing.
* Improvements to ECC support.
* Improvement in detecting 64-bit support.
* Refactor to combine duplicate ECC parameter parsing code.
* Improve keyFormat to be set by algId and let later key parsing produce fail.
* Add test cases for 3072-bit and 4096-bit RSA keys.
* Improve signature wrapper and DH test cases.
* Improvements to the configure.ac script.
* Added constant time RSA q modinv p.
* Improve performance of SP Intel 64-bit asm.
* Added a few more functions to the ABI list.
* Improve TLS bidirectional shutdown behavior.
* OpenSSH 8.1 support.
* Improve performance of RSA/DH operations on x64.
* Add support for PKCS7/CMS Enveloped data with fragmented encrypted content.
* Example linker description for FIPS builds to enforce object ordering.
* C# wrapper improvements. Added TLS client example and TLSv1.3 methods.
* Allow setting MTU in DTLS.
* Improve PKCS12 create for outputting encrypted bundles.
* Constant time EC map to affine for private operations.
* Improve performance of RSA public key ops with TFM.
* Smaller table version of AES encrypt/decrypt.
* Support IAR with position independent code (ROPI).
* Improve speed of AArch64 assembly.
* Support AES-CTR with AES-NI.
* Support AES-CTR on esp32.
* Add a no malloc option for small SP math.
This release of wolfSSL includes fixes for 2 security vulnerabilities.
* For fast math, use a constant time modular inverse when mapping to affine
when operation involves a private key - keygen, calc shared secret, sign.
Thank you to Alejandro Cabrera Aldaya, Cesar Pereida García and
Billy Bob Brumley from the Network and Information Security Group (NISEC)
at Tampere University for the report.
* Change constant time and cache resistant ECC mulmod. Ensure points being
operated on change to make constant time. Thank you to Pietro Borrello at
Sapienza University of Rome.
For additional vulnerability information visit the vulnerability page at
https://www.wolfssl.com/docs/security-vulnerabilities/
See INSTALL file for build instructions.
More info can be found on-line at https://wolfssl.com/wolfSSL/Docs.html
While here use python3 for it as it now works.
Two slave ports have been marked broken :
u-boot-pandaboard and u-boot-duovero
Both of those boards have ~0 users in FreeBSD so if you are one of
those raise your hand.
[BUGFIX] Federation: Register federation metrics
[BUGFIX] PromQL: Fix panic in parser error handling
[BUGFIX] Rules: Fix reloads hanging when deleting a rule group
that is being evaluated
[BUGFIX] TSDB: Fix a memory leak when prometheus starts with an empty TSDB WAL
[BUGFIX] TSDB: Make isolation more robust to panics in web handlers
PR: 245845
Submitted by: David O'Rourke <dor.bsd@xm0.uk> (maintainer)
Relnotes: https://github.com/prometheus/prometheus/releases/tag/v2.17.2
The generated pre-install scripts isn't pkg -r friendly for all
ports that have USERS/GROUPS with an homedir, fix that.
Reviewed by: bapt
Approved by: portmgr (bapt)
Differential Revision: https://reviews.freebsd.org/D24531
clang 8 doesn't have full support for powerpc, powerpc64 or powerpcspe, so use
GCC there.
On powerpc64 elfv2, the default is to build for elfv1, so pass a flag to fix it.
MFH: 2020Q2 (fix build blanket)
KDE's April 2020 Apps Update
A new bundle of KDE applications is here! In these releases, you can expect to
find more features, stability improvements, and more user-friendly tools that
will help you work more effectively.
There are dozens of changes to look forward to in most of your favorite
applications. Take Dolphin, for example. Windows Samba shares are now fully
discoverable.
On the topic of playing music: the Elisa music player is adding features by
leaps and bounds. This release brings a new “Now Playing” view, easy
accessibility through the system tray, and an option to minimize the playlist
whenever you want. Thanks to the recently-added visual shuffle mode, it’s much
easier to rearrange your music in the playlists.
These are just the highlights of what’s new in KDE’s applications this month.
Read on to find out about everything we’ve prepared for you.
Announcement:
https://kde.org/announcements/releases/2020-04-apps-update/
- Add workaround to fix build when CC/CXX have "clang" in them [1]
- Respect AR to fix build with external toolchains [2]
- Force rebuild all consumers to catch regressions early
Changes: https://blog.rust-lang.org/2020/04/23/Rust-1.43.0.html
PR: 238556 [1], 245583 [2]
Reported by: Matthias Apitz <guru@unixarea.de> [1], Greg V <greg@unrelenting.technology> [2]
Tested by: mikael, pkubaj, tobik
With hat: rust
Differential Revision: https://reviews.freebsd.org/D24521
* Set both ports as DEPRECATED after r532664 and r532683 because they're
obsolete now.
Don't set an expiration date yet as both ports are still used by
net-mgmt/netbox and a few more ports still need to be switched from
Django 1.11 to Django 2.2.
* Also assign the port to Django 2.2 because Django 1.11 is End-of-Life
since April.
* Remove superfluous USES=gettext because gettext is already pulled in by
Python itself (via the NLS option). Although the package contains some
localized .po files, Django needs Python's gettext API to work with those
files.
* Clean up CONFLICTS_INSTALL as www/py-dj21-django-mptt no longer exists in
the Ports tree.
Changelog:
https://github.com/django-mptt/django-mptt/compare/0.9.1...0.11.0
PR: 245472
Approved by: maintainer timeout (14 days)
<ChangeLog>
*) Feature: added js_import directive.
*) Feature: added support for multi-value headers in r.headersOut.
*) Improvement: iteration over r.headersOut with special headers.
*) Improvement: iteration over r.headersOut with duplicates.
*) Change: r.responseBody property handler now returns "undefined"
instead of throwing an exception if response body is not available.
Core:
*) Feature: added script arguments support in CLI.
*) Feature: converting externals values to native js objects.
*) Bugfix: fixed NULL-pointer dereference in "__proto__" property
handler.
*) Bugfix: fixed handling of no-newline at the end of the script.
*) Bugfix: fixed RegExp() constructor with empty pattern and
non-empty flags.
*) Bugfix: fixed String.prototype.replace() when function
returns non-string.
*) Bugfix: fixed reading of pseudofiles in "fs".
</ChangeLog>
clang 8 doesn't have full support for powerpc, powerpc64 or powerpcspe, so use GCC there.
On powerpc64 elfv2, the default is to build for elfv1, so pass a flag to fix it.
MFH: 2020Q2 (fix build blanket)
- Switch to new upstream Python3 fork at GitHub[1]
- Remove patches not applicable anymore[1]
- Transfer maintainership to submitter[1]
- Update version in the port source so as to be consistent[1]
- Depend on Python 3.7+ as it's a Python 3 fork
PR: 245738
Submitted by: Stefan Ehmann <shoesoft@gmx.net>[1]
* Also assign the port to Django 2.2 because Django 1.11 is End-of-Life
since April.
* Do the the same for its dependencies and bump PORTREVISION
accordingly. [1] [2]
Changelog:
https://github.com/divio/django-filer/blob/1.7.0/CHANGELOG.rst
PR: 245470, 245472 [1] 245473 [2]
Approved by: maintainer timeout (14 days) [1],
Kevin Golding (maintainer) [2]