Date: Sat, 28 Jan 2023 16:34:14 +0900 (JST) From: Yasuhiro Kimura <yasu@FreeBSD.org> To: freebsd-current@freebsd.org Subject: Version of OpenSSL included in upcoming 14.0-RELEASE Message-ID: <20230128.163414.1398367828069957995.yasu@FreeBSD.org>
next in thread | raw e-mail | index | archive | help
Dear developers of base system, Though release process of 13.2-RELEASE has just started, please let me talk about one more next one. According to the initial schedule of 14.0-RELEASE, release process will start on April 25 and 14.0-RELEASE will be released on July 17. https://www.freebsd.org/releases/14.0R/schedule/ So it means release process will start about 3 months later and 14.0-RELEASE will be released about 5.5 months later. And I would like to ask a question. Is it planned (or considered, scheduled, etc.) to upgrade version of OpenSSL included in 14-CURRENT from 1.1.1 to 3.0? According to the "Release Strategy" page of upstream (https://www.openssl.org/policies/releasestrat.html), OpenSSL 1.1.1 will reach its EoL on September 11, 2023 and OpenSSL 3.0 will be supported until September 7, 2026. Since EoL of OpenSSL 1.1.1 is only after 2 months of the release of 14.0-RELEASE, it doesn't seems realistic to include OpenSSL 1.1.1 in 14.0-RELEASE and upgrading to OpenSSL 3.0 is inevitable. Though I'm not familiar with the incompatibility between OpenSSL 1.1.1 and 3.0, I believe it is too optimistic to regard that build of 14-CURRENT succeeds without any error just by updating /usr/src/crypto/openssl from 1.1.1 to 3.0. So it will take for a while (a few weeks?) to finish it. And it also affects build of ports. To be honest, it is rather my main concern as ports committer. I checked Bugzilla and found following PR. Bug 258413 [exp-run] OpenSSL 3.0 upgrade https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=258413 Though it intends to check how many ports fails to be built if security/openssl is updated to 3.0 and 'DEFAULT_VERSIONS+= openssl' is set in /etc/make.conf, it is also applicable to after OpenSSL in 14-CURRENT is updated to 3.0. And according to the result of exp-run, it doesn't seem to be easy job to adapt ports tree to OpenSSL 3.0. So it probably will take longer than updating base system. And considering these points, 3 months are not necessarily so long. So I asked a question as above. Please let me know current status about it. Best Regards. --- Yasuhiro Kimura
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20230128.163414.1398367828069957995.yasu>