From owner-freebsd-security@freebsd.org Tue Dec 15 00:37:27 2020 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 00A294CB8B1 for ; Tue, 15 Dec 2020 00:37:26 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: from kib.kiev.ua (kib.kiev.ua [IPv6:2001:470:d5e7:1::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4CvzqV4t3Lz4bCv; Tue, 15 Dec 2020 00:37:26 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: from tom.home (kib@localhost [127.0.0.1]) by kib.kiev.ua (8.16.1/8.16.1) with ESMTPS id 0BF0bCtw083633 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO); Tue, 15 Dec 2020 02:37:15 +0200 (EET) (envelope-from kostikbel@gmail.com) DKIM-Filter: OpenDKIM Filter v2.10.3 kib.kiev.ua 0BF0bCtw083633 Received: (from kostik@localhost) by tom.home (8.16.1/8.16.1/Submit) id 0BF0bCVh083632; Tue, 15 Dec 2020 02:37:12 +0200 (EET) (envelope-from kostikbel@gmail.com) X-Authentication-Warning: tom.home: kostik set sender to kostikbel@gmail.com using -f Date: Tue, 15 Dec 2020 02:37:12 +0200 From: Konstantin Belousov To: John Baldwin Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-20:33.openssl Message-ID: References: <20201209230300.03251CA1@freefall.freebsd.org> <20201211064628.GM31099@funkthat.com> <813a04a4-e07a-9608-40a5-cc8e339351eb@FreeBSD.org> <20201213005708.GU31099@funkthat.com> <63bb8800-e756-9b9b-0ec3-8f91097b6738@FreeBSD.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <63bb8800-e756-9b9b-0ec3-8f91097b6738@FreeBSD.org> X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED,BAYES_00, DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD,FREEMAIL_FROM, NML_ADSP_CUSTOM_MED autolearn=no autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on tom.home X-Rspamd-Queue-Id: 4CvzqV4t3Lz4bCv X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Dec 2020 00:37:27 -0000 On Mon, Dec 14, 2020 at 11:44:27AM -0800, John Baldwin wrote: > If we import 3.0.0 into, say, 13.2, then when 13.0/13.1 are EOLd we are > no longer having to maintain 1.1.1 in 13. If people want to keep older > applications built on unsupported releases still working without > recompiling, etc. they will have to manage that themselves. Currently > we don't support 12.0 on the 12.x branch for example. What do you mean by 'not supported'? Don't we put large efforts into keeping ABI backward compatible to allow to run _any_ binary built early ? The only exception I can think of is that we allow ABI mistakes on HEAD to be fixed in non-backward compatible way. But for 12.0-built binaries, we offer full support. In fact it is the easiest case, if comparing e.g. with binaries built against older branches. It is possible to bump dso version on stable branch, which I believe was already done several times. In this case, we provided compatXx- for stable/X branch, which contiained shared objects with previous versions.