From nobody Tue Oct 17 06:41:35 2023 X-Original-To: freebsd-ports@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4S8ksl5r6xz4x8Z6 for ; Tue, 17 Oct 2023 06:41:47 +0000 (UTC) (envelope-from xavier@groumpf.org) Received: from aragorn.amdh.fr (aragorn.groumpf.org [176.31.180.205]) by mx1.freebsd.org (Postfix) with ESMTP id 4S8ksj1xfJz4LwB for ; Tue, 17 Oct 2023 06:41:45 +0000 (UTC) (envelope-from xavier@groumpf.org) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=groumpf.org header.s=dkim header.b=FBfzxRRn; spf=pass (mx1.freebsd.org: domain of xavier@groumpf.org designates 176.31.180.205 as permitted sender) smtp.mailfrom=xavier@groumpf.org; dmarc=none Received: from numenor.groumpf.org (unknown [82.64.247.11]) by aragorn.amdh.fr (Postfix) with ESMTP id D576120012F5E for ; Tue, 17 Oct 2023 08:41:37 +0200 (CEST) Received: from numenor.groumpf.org (localhost [127.0.0.1]) by numenor.groumpf.org (Postfix) with ESMTP id 94FA01C1049 for ; Tue, 17 Oct 2023 08:41:37 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groumpf.org; h= content-transfer-encoding:content-type:content-type:in-reply-to :from:from:content-language:references:subject:subject :user-agent:mime-version:date:date:message-id:received:received; s=dkim; t=1697524895; x=1698388896; bh=EsQwpsVq9V9+/q8SWh8scLoZ m7wR8yAkmgyDQFUCw9E=; b=FBfzxRRn1uQJIFr7ioOzgnhgwz/SUnPgImvN8I+D xeZhpwbd48qw3YJ7zWIKDBf5qfmHILBV5tS/sIOCnwN2rWefR8nldSsuwgeae5lW /HUunQ03RWEei+Z7g0exNJ8DjHgY3MjizmcDspIAH+nx/fJn3Flsl4PDYKlRUTM5 i3rD7NcrHVl43qwlpvaVFDRxUp44IJ+OWLigx/Bi4x84F5Wx1qW4R/0UspyWWJGP I6krxjpUIBYL+0jDR9S4u+TmaDxg6VMhBSVOibMyvcoFm/veSUbUNa+hRLVVZXC9 LEjf0jnLFZYuy7PtxQAIHKFKXGgRMeYQP/IE3AjuQZav0meTjLDNSckvXfadzx1d Nyb+U/LzeTpqjf/UrRyo5FBwS84YIJChJXc11NIsC1WCZZkZ+WxUWRq451W7V1VK nU0G4SLNdoiWZoqAXlksv87sCDd4cpV7wrjVD04QmdVofdfXGLlqqFiCxksxzUJo 55aLQDczGGkfV/RLrQFaaLm0rdpE+HlDAmCvog3xp6542c8mZ5qf+ggMsgATlzOJ 984lZkYwjLLJAsQjOFZQRIaCaD11L1CAs5YZcfdEvX9NUhJSoi0LwopFL4zr9XUK e50aCgpEzWqzI8tX+C7rJUGjTkPYeV5tG4TaP35nFXnz9BZz3Z/oDv9Swgyd1kc5 lZw= Received: from numenor.groumpf.org ([127.0.0.1]) by numenor.groumpf.org (ns3.groumpf.org [127.0.0.1]) (amavisd-new, port 10024) with LMTP id Z4jC8AXGJXtS for ; Tue, 17 Oct 2023 08:41:35 +0200 (CEST) Received: from [192.168.100.30] (imladris.groumpf.org [192.168.100.30]) by numenor.groumpf.org (Postfix) with ESMTPSA id 994421C10F0 for ; Tue, 17 Oct 2023 08:41:35 +0200 (CEST) Message-ID: <9e2b9b33-0ef5-49d6-8580-fd01518044cf@groumpf.org> Date: Tue, 17 Oct 2023 08:41:35 +0200 List-Id: Porting software to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-ports List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-ports@freebsd.org X-BeenThere: freebsd-ports@freebsd.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: HEADS-UP: security/openssl switching to 3.0 branch To: freebsd-ports@freebsd.org References: <92667a5ea6afeab7ce9c55528af34f49@freebsd.org> <48b835a442707d7b8db4f4b270c12897@freebsd.org> Content-Language: fr, en-US From: Xavier Humbert In-Reply-To: <48b835a442707d7b8db4f4b270c12897@freebsd.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spamd-Bar: --- X-Spamd-Result: default: False [-3.39 / 15.00]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-1.000]; R_SPF_ALLOW(-0.20)[+ip4:176.31.180.205]; R_DKIM_ALLOW(-0.20)[groumpf.org:s=dkim]; RCVD_NO_TLS_LAST(0.10)[]; MIME_GOOD(-0.10)[text/plain]; XM_UA_NO_VERSION(0.01)[]; MIME_TRACE(0.00)[0:+]; FROM_EQ_ENVFROM(0.00)[]; MLMMJ_DEST(0.00)[freebsd-ports@freebsd.org]; DKIM_TRACE(0.00)[groumpf.org:+]; DMARC_NA(0.00)[groumpf.org]; RCVD_VIA_SMTP_AUTH(0.00)[]; ASN(0.00)[asn:16276, ipnet:176.31.0.0/16, country:FR]; FROM_HAS_DN(0.00)[]; ARC_NA(0.00)[]; RCVD_COUNT_THREE(0.00)[4]; TO_MATCH_ENVRCPT_ALL(0.00)[]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-ports@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; MID_RHS_MATCH_FROM(0.00)[] X-Rspamd-Queue-Id: 4S8ksj1xfJz4LwB Hi Bernard, To be clear, if one wants to keep old openssl11, add DEFAULT_VERSIONS+= ssl=openssl111 to make .conf Am I right ? Xavier Le 10/15/23 12:41, Bernard Spil a écrit : > On 2023-10-06 11:43, Bernard Spil wrote: >> Hi all, >> >> In line with FreeBSD 14.0 that has OpenSSL 3.0 in base, all ports are >> expected to work with this version. >> >> The following changes will be made between first Release Candidate >> (RC) and actual RELEASE of FreeBSD 14.0: >> >> security/openssl    updated from 1.1.1w to 3.0.11 >> security/openssl30  removed >> security/openssl111 created with version (1.1.1w) >> UPDATING            an entry about updating all ports for the >> SHLIBVER bump will be added >> MOVED               an entry for security/openssl30 with target >> security/openssl will be created >> >> The security/openssl111 port will be marked "DEPRECATED" in line with >> statements from the OpenSSL project about the End-of-Life for the >> 1.1.1 branch. No "EXPIRATION_DATE" will be set for now. >> >> With kind regards, Bernard Spil > > Hi all, > > DEFAULT_VERSIONS+= openssl is now OpenSSL 3.0.11 (openssl-3.0.11,1) > > Quick search in ports tree uncovers the following ports that seem to > require 1.1.1. I'm chasing them down and adapting the BROKEN_SSL > versions, but not making them require openssl111 at the moment. Expect > a commit soon. > > audio/umurmur/Makefile:31:BROKEN_SSL=   openssl30 openssl31 > audio/murmur/Makefile:17:BROKEN_SSL=    openssl30 openssl31 > audio/spotify-tui/Makefile:294:BROKEN_SSL=      base openssl30 openssl31 > net/gq/Makefile:48:BROKEN_SSL=  base openssl openssl30 openssl31 > mail/enma/Makefile:19:BROKEN_SSL=       openssl30 openssl31 > sysutils/vector/Makefile:568:BROKEN_SSL=        base openssl30 openssl31 > sysutils/flowgger/Makefile:18:#BROKEN_SSL=      openssl30 openssl31 > www/castor/Makefile:133:BROKEN_SSL=     base openssl30 openssl31 > www/rearx/Makefile:177:BROKEN_SSL=      base openssl30 openssl31 > net-im/telegram-desktop/Makefile:16:BROKEN_SSL= openssl30 openssl31 > archivers/xar/Makefile:18:BROKEN_SSL=   openssl30 openssl31 > devel/kore/Makefile:13:BROKEN_SSL=      openssl30 openssl31 > devel/gbump/Makefile:20:BROKEN_SSL=     openssl30 openssl31 > devel/gbump/Makefile:69:BROKEN_SSL=     base openssl30 openssl31 > devel/ptlib/Makefile:17:BROKEN_SSL=     openssl30 openssl31 > security/pkcs11-tools/Makefile:16:BROKEN_SSL=   libressl openssl30 > openssl31 > security/pkcs11-tools/Makefile:18:BROKEN_SSL_REASON_openssl30= error: > undefined symbol: EVP_PKEY_* > security/p5-Filter-Crypto/Makefile:19:BROKEN_SSL=       openssl30 > openssl31 > security/krb5-119/Makefile:28:BROKEN_SSL=       openssl30 openssl31 > security/proxytunnel/Makefile:18:BROKEN_SSL=    openssl30 openssl31 > security/py-nassl/Makefile:14:BROKEN_SSL=       openssl30 openssl31 > security/gost-engine/Makefile:69:BROKEN_SSL+=   openssl30 # openssl31 > -- Xavier HUMBERT - Unix/Win/MacOSX Sysadmin/Network Engineer https://www.amdh.fr