On 12/14/20 4:37 PM, Konstantin Belousov wrote:
> On Mon, Dec 14, 2020 at 11:44:27AM -0800, John Baldwin wrote:
>> If we import 3.0.0 into, say, 13.2, then when 13.0/13.1 are EOLd we are
>> no longer having to maintain 1.1.1 in 13. If people want to keep older
>> applications built on unsupported
On Mon, Dec 14, 2020 at 11:44:27AM -0800, John Baldwin wrote:
> If we import 3.0.0 into, say, 13.2, then when 13.0/13.1 are EOLd we are
> no longer having to maintain 1.1.1 in 13. If people want to keep older
> applications built on unsupported releases still working without
> recompiling, etc.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
=
FreeBSD-SA-20:33.opensslSecurity Advisory
The FreeBSD Project
Topic:
As a party with a vested interest in FIPS, you can guess were I stand on
replacing OpenSSL with some other crypto engine in FreeBSD. ;)
We are currently building FreeBSD 11.4 against a copy of the latest OpenSSL
1.0.2 release by diverting the build to a separate part of our source tree in
On 12/12/20 4:57 PM, John-Mark Gurney wrote:
> John Baldwin wrote this message on Sat, Dec 12, 2020 at 11:40 -0800:
>> On 12/10/20 10:46 PM, John-Mark Gurney wrote:
>>> I have not heard if OpenSSL has bother to address the breakage of
>>> /dev/crypto that also recently came up, but it does appear
On 20. 12. 14., Ed Maste wrote:
> On Mon, 14 Dec 2020 at 11:46, Ed Maste wrote:
>>
>> On Thu, 10 Dec 2020 at 10:43, Wall, Stephen wrote:
>>>
A query: am I right that the patch doesn’t bump the OpenSSL version to
1.1.1.i ?
>>>
>>> That is correct.
>>
>> Further to that, OpenSSL 1.1.1i
On Mon, 14 Dec 2020 at 11:46, Ed Maste wrote:
>
> On Thu, 10 Dec 2020 at 10:43, Wall, Stephen wrote:
> >
> > > A query: am I right that the patch doesn’t bump the OpenSSL version to
> > > 1.1.1.i ?
> >
> > That is correct.
>
> Further to that, OpenSSL 1.1.1i includes some additional, minor
>
On Thu, 10 Dec 2020 at 10:43, Wall, Stephen wrote:
>
> > A query: am I right that the patch doesn’t bump the OpenSSL version to
> > 1.1.1.i ?
>
> That is correct.
Further to that, OpenSSL 1.1.1i includes some additional, minor
changes beyond the vulnerability fix. 1.1.1i is now in HEAD (as of
On Wed, 9 Dec 2020 at 18:03, FreeBSD Security Advisories
wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> =
> FreeBSD-SA-20:33.opensslSecurity Advisory
>
Benjamin Kaduk wrote this message on Sat, Dec 12, 2020 at 18:07 -0800:
> On Sat, Dec 12, 2020 at 04:57:08PM -0800, John-Mark Gurney wrote:
> >
> > If FreeBSD is going to continue to use OpenSSL, better testing needs to
> > be done to figure out such breakage earliers, and how to not have them
> >
On Sun, Dec 13, 2020 at 12:12:08PM +, John Long via freebsd-security wrote:
> Hi Guys,
>
> What about adopting OpenBSD's libressl? I was expecting it to take a
> long time to be compatible but from my uneducated point of view it
> looks like they did an incredible job. I think everything on
Hi Guys,
What about adopting OpenBSD's libressl? I was expecting it to take a
long time to be compatible but from my uneducated point of view it
looks like they did an incredible job. I think everything on OpenBSD
uses it.
I was running OpenBSD until I put FreeBSD 12.2 on a new box, so I
haven't
On 12/12/20 7:18 PM, Benjamin Kaduk wrote:
Having two different instances of libcrypto in the same address space is
generally asking for trouble
Of course.
That's why I was always wary about switching to a newer/shinier OpenSSL
from ports (wihtout eradicating the old one from base).
You are
On Sat, Dec 12, 2020 at 04:57:08PM -0800, John-Mark Gurney wrote:
>
> If FreeBSD is going to continue to use OpenSSL, better testing needs to
> be done to figure out such breakage earliers, and how to not have them
> go undetected for so long.
I don't think anyone would argue against increasing
John Baldwin wrote this message on Sat, Dec 12, 2020 at 11:40 -0800:
> On 12/10/20 10:46 PM, John-Mark Gurney wrote:
> > FreeBSD Security Advisories wrote this message on Wed, Dec 09, 2020 at
> > 23:03 +:
> >> versions included in FreeBSD 12.x. This vulnerability is also known to
> >> affect
On Sat, Dec 12, 2020 at 11:40:13AM -0800, John Baldwin wrote:
> On 12/10/20 10:46 PM, John-Mark Gurney wrote:
> > FreeBSD Security Advisories wrote this message on Wed, Dec 09, 2020 at
> > 23:03 +:
> >> versions included in FreeBSD 12.x. This vulnerability is also known to
> >> affect
On 12/10/20 10:46 PM, John-Mark Gurney wrote:
> FreeBSD Security Advisories wrote this message on Wed, Dec 09, 2020 at 23:03
> +:
>> versions included in FreeBSD 12.x. This vulnerability is also known to
>> affect OpenSSL versions included in FreeBSD 11.4. However, the OpenSSL
>> project is
On Sat, Dec 12, 2020 at 11:21:14AM +0100, Andrea Venturoli wrote:
> On 12/11/20 9:23 PM, Benjamin Kaduk wrote:
>
> > It would be useful to give more specifics on the failures, as there's a few
> > classes of things that can go wrong.
>
> I thought this would be OT in this thread, but I'll gladly
On Fri, Dec 11, 2020 at 01:36:13PM +0100, Tomasz CEDRO wrote:
> On Fri, Dec 11, 2020 at 12:44 PM Franco Fichtner wrote:
> > > On 11. Dec 2020, at 12:38 PM, Martin Simmons wrote:
> > >> On Thu, 10 Dec 2020 22:46:28 -0800, John-Mark Gurney said:
> > >> What are peoples thoughts on how to
On 12/11/20 9:23 PM, Benjamin Kaduk wrote:
It would be useful to give more specifics on the failures, as there's a few
classes of things that can go wrong.
I thought this would be OT in this thread, but I'll gladly comply :)
It doesn't look like openssl from
ports attempts to support the
On Fri, Dec 11, 2020 at 1:57 PM Franco Fichtner wrote:
> > On 11. Dec 2020, at 1:36 PM, Tomasz CEDRO wrote:
> > On Fri, Dec 11, 2020 at 12:44 PM Franco Fichtner wrote:
> >>> On 11. Dec 2020, at 12:38 PM, Martin Simmons wrote:
> On Thu, 10 Dec 2020 22:46:28 -0800, John-Mark Gurney said:
>
On Fri, Dec 11, 2020 at 12:44 PM Franco Fichtner wrote:
> > On 11. Dec 2020, at 12:38 PM, Martin Simmons wrote:
> >> On Thu, 10 Dec 2020 22:46:28 -0800, John-Mark Gurney said:
> >> What are peoples thoughts on how to address the support mismatch between
> >> FreeBSD and OpenSSL? And how to
On Fri, Dec 11, 2020 at 02:35:42PM -0800, John-Mark Gurney wrote:
> Benjamin Kaduk wrote this message on Fri, Dec 11, 2020 at 12:38 -0800:
> > On Thu, Dec 10, 2020 at 10:46:28PM -0800, John-Mark Gurney wrote:
> > > FreeBSD Security Advisories wrote this message on Wed, Dec 09, 2020 at
> > > 23:03
On Sat, Dec 12, 2020 at 05:11:07AM +0200, Konstantin Belousov wrote:
> On Fri, Dec 11, 2020 at 06:42:13PM -0800, Gordon Tetlow via freebsd-security
> wrote:
> > On Fri, Dec 11, 2020 at 02:35:42PM -0800, John-Mark Gurney wrote:
> > > Benjamin Kaduk wrote this message on Fri, Dec 11, 2020 at 12:38
On Fri, Dec 11, 2020 at 06:42:13PM -0800, Gordon Tetlow via freebsd-security
wrote:
> On Fri, Dec 11, 2020 at 02:35:42PM -0800, John-Mark Gurney wrote:
> > Benjamin Kaduk wrote this message on Fri, Dec 11, 2020 at 12:38 -0800:
> > > On Thu, Dec 10, 2020 at 10:46:28PM -0800, John-Mark Gurney
On Fri, Dec 11, 2020 at 02:35:42PM -0800, John-Mark Gurney wrote:
> Benjamin Kaduk wrote this message on Fri, Dec 11, 2020 at 12:38 -0800:
> > On Thu, Dec 10, 2020 at 10:46:28PM -0800, John-Mark Gurney wrote:
> > > FreeBSD Security Advisories wrote this message on Wed, Dec 09, 2020 at
> > > 23:03
Benjamin Kaduk wrote this message on Fri, Dec 11, 2020 at 12:38 -0800:
> On Thu, Dec 10, 2020 at 10:46:28PM -0800, John-Mark Gurney wrote:
> > FreeBSD Security Advisories wrote this message on Wed, Dec 09, 2020 at
> > 23:03 +:
> > > versions included in FreeBSD 12.x. This vulnerability is
Hi Ben,
> On 11. Dec 2020, at 9:13 PM, Benjamin Kaduk wrote:
>
> Could you please clarify what you mean by "second tier crypto" and "first
> tier crypto"? I'm having a hard time understanding this statement.
Sorry for being unclear.
First tier = base system crypto for ports
Second tier =
Hi John-Mark,
On Thu, Dec 10, 2020 at 10:46:28PM -0800, John-Mark Gurney wrote:
> FreeBSD Security Advisories wrote this message on Wed, Dec 09, 2020 at 23:03
> +:
> > versions included in FreeBSD 12.x. This vulnerability is also known to
> > affect OpenSSL versions included in FreeBSD
On Fri, Dec 11, 2020 at 11:11:54AM +0100, Andrea Venturoli wrote:
> On 12/10/20 12:03 AM, FreeBSD Security Advisories wrote:
>
> > Note: The OpenSSL project has published publicly available patches for
> > versions included in FreeBSD 12.x. This vulnerability is also known to
> > affect OpenSSL
Hi Franco,
On Fri, Dec 11, 2020 at 01:28:43PM +0100, Franco Fichtner wrote:
>
> > On 11. Dec 2020, at 13:20, Martin Simmons wrote:
> >
> >
> > I'm talking about the binary packages from pkg.FreeBSD.org. Don't they
> > always
> > use the base OpenSSL at the moment?
>
> Yes, and if it would
Robert Schulze wrote this message on Fri, Dec 11, 2020 at 10:14 +0100:
> Hi,
>
> Am 11.12.20 um 07:46 schrieb John-Mark Gurney:
> >
> > Assuming 13 releases w/ OpenSSL, we'll be even in a worse situation
> > than we are now. OpenSSL 3.0.0 has no support commitment announced
> > yet, and
> On Fri, 11 Dec 2020 13:28:43 +0100, Franco Fichtner said:
>
> > On 11. Dec 2020, at 13:20, Martin Simmons wrote:
> >
> >
> >>
> >> On Fri, 11 Dec 2020 12:44:17 +0100, Franco Fichtner said:
> >>
> On 11. Dec 2020, at 12:38 PM, Martin Simmons
> wrote:
> >>>
>
> On 11. Dec 2020, at 1:36 PM, Tomasz CEDRO wrote:
>
> On Fri, Dec 11, 2020 at 12:44 PM Franco Fichtner wrote:
>>> On 11. Dec 2020, at 12:38 PM, Martin Simmons wrote:
On Thu, 10 Dec 2020 22:46:28 -0800, John-Mark Gurney said:
What are peoples thoughts on how to address the
> On 11. Dec 2020, at 13:20, Martin Simmons wrote:
>
>
>>
>> On Fri, 11 Dec 2020 12:44:17 +0100, Franco Fichtner said:
>>
On 11. Dec 2020, at 12:38 PM, Martin Simmons wrote:
>>>
On Thu, 10 Dec 2020 22:46:28 -0800, John-Mark Gurney said:
What are peoples
> On Fri, 11 Dec 2020 12:44:17 +0100, Franco Fichtner said:
>
> > On 11. Dec 2020, at 12:38 PM, Martin Simmons wrote:
> >
> >> On Thu, 10 Dec 2020 22:46:28 -0800, John-Mark Gurney said:
> >>
> >> What are peoples thoughts on how to address the support mismatch between
> >> FreeBSD and
> On Wed, 9 Dec 2020 23:03:00 + (UTC), FreeBSD Security Advisories
> said:
>
> Note: The OpenSSL project has published publicly available patches for
> versions included in FreeBSD 12.x. This vulnerability is also known to
> affect OpenSSL versions included in FreeBSD 11.4.
> On 11. Dec 2020, at 12:38 PM, Martin Simmons wrote:
>
>> On Thu, 10 Dec 2020 22:46:28 -0800, John-Mark Gurney said:
>>
>> What are peoples thoughts on how to address the support mismatch between
>> FreeBSD and OpenSSL? And how to address it?
>
> Maybe it would help a little if the
> On Thu, 10 Dec 2020 22:46:28 -0800, John-Mark Gurney said:
>
> What are peoples thoughts on how to address the support mismatch between
> FreeBSD and OpenSSL? And how to address it?
Maybe it would help a little if the packages on pkg.FreeBSD.org all used the
pkg version of OpenSSL?
Andrea Venturoli wrote on 2020-12-11:
> On 12/10/20 12:03 AM, FreeBSD Security Advisories wrote:
>
> > Note: The OpenSSL project has published publicly available patches for
> > versions included in FreeBSD 12.x. This vulnerability is also known to
> > affect OpenSSL versions included in
On 12/10/20 12:03 AM, FreeBSD Security Advisories wrote:
Note: The OpenSSL project has published publicly available patches for
versions included in FreeBSD 12.x. This vulnerability is also known to
affect OpenSSL versions included in FreeBSD 11.4. However, the OpenSSL
project is only giving
Hi,
Am 11.12.20 um 07:46 schrieb John-Mark Gurney:
>
> Assuming 13 releases w/ OpenSSL, we'll be even in a worse situation
> than we are now. OpenSSL 3.0.0 has no support commitment announced
> yet, and sticking with 1.1.1 for 13 will put us even in a worse
> situation than we are today.
>
>
FreeBSD Security Advisories wrote this message on Wed, Dec 09, 2020 at 23:03
+:
> versions included in FreeBSD 12.x. This vulnerability is also known to
> affect OpenSSL versions included in FreeBSD 11.4. However, the OpenSSL
> project is only giving patches for that version to premium
> A query: am I right that the patch doesn’t bump the OpenSSL version to
> 1.1.1.i ?
That is correct.
- Steve Wall
___
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail
Hi,
> On 9 Dec 2020, at 23:03, FreeBSD Security Advisories
> wrote:
>
> Signed PGP part
> =
> FreeBSD-SA-20:33.opensslSecurity Advisory
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
=
FreeBSD-SA-20:33.opensslSecurity Advisory
The FreeBSD Project
Topic:
46 matches
Mail list logo
