Re: upgrade to openssl 3.0.0

FYSA `postfix +tls` must also be updated after the jump to OpenSSL 3. Please see https://github.com/macports/macports-ports/pull/12856.

Re: upgrade to openssl 3.0.0

Admittedly, I didn’t do much (or any) of the actual work… Just thought it was a good idea to mention this on the mailing list as it seems that GitHub only tags the first 50 maintainers and there are more here ;) Anyway, regarding the FIPS provides, I opened a PR (https://github.com/macports/ma

Re: upgrade to openssl 3.0.0

Well thanks, Rene! I’m so glad to see this is actually happening now, after a momentary delay. I think my comment about enabling the openssl3 FIPS mode was somehow missed; it has to be specifically turned on in openssl3, but it does allow more things to work with openssl3 I believe. Ken

Re: upgrade to openssl 3.0.0

Dear all, Chris has done the work to add the openssl3 port and openssl-1.0 PortGroup to ease the transition towards openssl v3. There is now an open PR (https://github.com/macports/macports-ports/pull/12807 ) to switch en masse the defa

Re: upgrade to openssl 3.0.0

https://github.com/macports/macports-ports/pull/12514 > On 6 Oct 2021, at 5:46 pm, Christopher Jones wrote: > > I’m working on the basic changes to implement my suggestion at the moment. > Once that is there testing specific ports again

Re: upgrade to openssl 3.0.0

I’m working on the basic changes to implement my suggestion at the moment. Once that is there testing specific ports against version 3 ’the canaries’ will be trivial. more in a bit. > On 6 Oct 2021, at 5:40 pm, Ken Cunningham > wrote: > > For whoever gets up the enthusiasm to take on the stor

Re: upgrade to openssl 3.0.0

For whoever gets up the enthusiasm to take on the storm of nay-sayers: Although I found about 90% of the 100 or so ports I tried built without any changes against openssl 3.0.0 (rust, cargo, qt5, qt4-mac, etc, etc), and the rest were easy < 5 min fixes to use our openssl11 port, I noted in the ope

Re: upgrade to openssl 3.0.0

On Mon, 4 Oct 2021, Christopher Jones wrote: On 4 Oct 2021, at 5:54 pm, Ken Cunningham wrote: I was hoping to move this along for the overwhelming benefit of the license, but TBH the push-back so far is 99.99% negative about moving to openssl 3.0.0 this year, so too controversial for me to

Re: upgrade to openssl 3.0.0

> On 5 Oct 2021, at 20:10, Daniel J. Luke wrote: > > I suspect if we wait, we'll just end up doing this same thing later - so > might as well get it over with now. The sooner we get to a state where > (mostly) things all work with the latest openssl, the better. Just my tuppence: While I usua

Re: upgrade to openssl 3.0.0

On Oct 4, 2021, at 12:54 PM, Ken Cunningham wrote: > I was hoping to move this along for the overwhelming benefit of the license, > but TBH the push-back so far is 99.99% negative about moving to openssl 3.0.0 > this year, so too controversial for me to get involved with. I'll sit back > for s

Re: upgrade to openssl 3.0.0

talled into a non-default prefix. Creating the PG and adding it >> >>>> to 758 ports might be work enough, but then finding the right way to >> >>>> force all 758 ports to build properly against an openssl that is not >> >>>> in the default prefi

Re: upgrade to openssl 3.0.0

it to > >>>> use an older openssl appears both the better option and lot less > >>>> work (assuming most ports do build against openssl 3.0.0, which > >>>> seems to be the case so far). Some will disagree, but I put it to > >>>> you that it is go

Re: upgrade to openssl 3.0.0

better option and lot less > >>>> work (assuming most ports do build against openssl 3.0.0, which > >>>> seems to be the case so far). Some will disagree, but I put it to > >>>> you that it is going to be far less work in the end to force a few % > >>>

Re: upgrade to openssl 3.0.0

s were added to the old_openssl PortGroup to allow most ports to be forced to the alternate openssl with minimal fuss. Add the PortGroup, spec the branch, and choose the method, for the most part. If this plan holds, I would anticipate that we move ports that we find need to stay on openssl 1

Re: upgrade to openssl 3.0.0

;> will need to stay with openssl 1.1.1 for a while until patched or updated >>> (or forever). That will require both forcing those ports to find an >>> alternate openssl installation, and also (the tricky part) forcing them to >>> ignore the openssl in the default prefi

Re: upgrade to openssl 3.0.0

s to a specific alternate >>>> openssl than force all of them, all the time, forever. >>>> >>>> Most things I have attempted to rebuild over the past few days have >>>> rebuilt without any issues, but a few things don’t build with openssl >>&g

Re: upgrade to openssl 3.0.0

l 1.1.1 >> tucked away in a subdir, much like we have openssl10, and a few new options >> were added to the old_openssl PortGroup to allow most ports to be forced to >> the alternate openssl with minimal fuss. Add the PortGroup, spec the branch, >> and choose the method, for

Re: upgrade to openssl 3.0.0

sl with minimal fuss. Add the PortGroup, spec the branch, > and choose the method, for the most part. > > If this plan holds, I would anticipate that we move ports that we find need > to stay on openssl 1.1.1 to openssl11 using the old_openssl PortGroup soon or > now, before we up

Re: upgrade to openssl 3.0.0

All the pythons build against openssl 3.0.0, so that python issue with all it's trail-down conflicts will disappear with the upgrade and python revbump. A very very large % of ports do as well (and those that don't now soon will, as everyone moves to openssl 3.0.0 as the default, which homebrew

Re: upgrade to openssl 3.0.0

That was also the Blender devs' claim, which I assume is why they decided it wasn't necessary to include the GPL-OpenSSL exception text, since any licensing conflicts would self-resolve once Blender starts using OpenSSL 3.0. But currently, their pre-built release binary downloads and compiles OpenS

Re: upgrade to openssl 3.0.0

Blender is GPL-2+, which means it can be distributed when linked with OpenSSL 3.0, since GPL-3 is compatible with Apache-2. - Josh On 2021-10-3 05:09 , Jason Liu wrote: I hope the question that I'm about to ask doesn't induce "Inception"-style migraines, but since it directly relates to one of

Re: upgrade to openssl 3.0.0

the > branch, and choose the method, for the most part. > > If this plan holds, I would anticipate that we move ports that we find > need to stay on openssl 1.1.1 to openssl11 using the old_openssl PortGroup > soon or now, before we upgrade to openssl 3.0.0 to minimize fuss. Then once >

upgrade to openssl 3.0.0

the PortGroup, spec the branch, and choose the method, for the most part. If this plan holds, I would anticipate that we move ports that we find need to stay on openssl 1.1.1 to openssl11 using the old_openssl PortGroup soon or now, before we upgrade to openssl 3.0.0 to minimize fuss. Then once