Summary: | OpenSSL 1.1 in the base system | ||
---|---|---|---|
Product: | Base System | Reporter: | Rodney W. Grimes <rgrimes> |
Component: | bin | Assignee: | Gordon Tetlow <gordon> |
Status: | Closed FIXED | ||
Severity: | Affects Many People | CC: | brnrd, cem, emaste, jhb, jkim, rgrimes, sigsys |
Priority: | --- | ||
Version: | CURRENT | ||
Hardware: | Any | ||
OS: | Any | ||
Bug Depends on: | |||
Bug Blocks: | 228911 |
Description
Rodney W. Grimes
2018-06-12 08:00:49 UTC
Added depends on for Bug #228865 where I'm recording fall-out with OpenSSL 1.1 in ports. Added Jung-uk to CC, hope that's OK. (In reply to Bernard Spil from comment #1) Adding jkim or others is what these are for, if they do not want to be cc:'ed they can remove themselves easy enough. Thank you for the added dependency as well. Yeah, this will need an exp-run since it changes the (IIRC) DH API, if not others. When you have a base patch ready, please request an exp-run to portmgr@ I am adding Allan Jude's email summarizing core@'s meeting. Re: OpenSSL As discussed in the core@ call today, we recommend that the best way forward on this issue is to: 1) Use this bug to track the progress of the issue: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=228912 2) Get a preview version of the OpenSSL 1.1.1(pre whatever) patches ASAP for people to start testing with 3) Request an exp-run with that patch to determine what ports breaks with the newer version of OpenSSL in base. There is a bug tracking this already from the ports side: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=228865 but we feel it is important to give the ports people as much time as possible to resolve the issues ahead of the release. 4) Get things merged into -current ASAP to provide as much time as possible to work out the issues ahead of the release. Even if that means committing 1.1.1pre-8, and then updating to the final 1.1.1 release closer to the final release of 12.0 Is there anything core@ can do to help? (In reply to Rodney W. Grimes from comment #5) > 2) Get a preview version of the OpenSSL 1.1.1(pre whatever) patches ASAP > for people to start testing with Related PR: 230679 See also https://reviews.freebsd.org/D15791 Status update: in the projects/openssl111 branch base system dependencies have been addressed except for heimdal, in review https://reviews.freebsd.org/D17276 openssl111 project branch merged to head in r339270 https://reviews.freebsd.org/rS339270 1.1.1 shipped in 12.0. Remove the ports bug so this can be closed. |