Re: HEADS-UP: security/openssl switching to 3.0 branch

From: Xavier Humbert <xavier_at_groumpf.org>
Date: Tue, 17 Oct 2023 06:41:35 UTC
Hi Bernard,

To be clear, if one wants to keep old openssl11, add

DEFAULT_VERSIONS+= ssl=openssl111

to make .conf

Am I right ?

Xavier

Le 10/15/23 12:41, Bernard Spil a écrit :
> On 2023-10-06 11:43, Bernard Spil wrote:
>> Hi all,
>>
>> In line with FreeBSD 14.0 that has OpenSSL 3.0 in base, all ports are 
>> expected to work with this version.
>>
>> The following changes will be made between first Release Candidate 
>> (RC) and actual RELEASE of FreeBSD 14.0:
>>
>> security/openssl    updated from 1.1.1w to 3.0.11
>> security/openssl30  removed
>> security/openssl111 created with version (1.1.1w)
>> UPDATING            an entry about updating all ports for the 
>> SHLIBVER bump will be added
>> MOVED               an entry for security/openssl30 with target 
>> security/openssl will be created
>>
>> The security/openssl111 port will be marked "DEPRECATED" in line with 
>> statements from the OpenSSL project about the End-of-Life for the 
>> 1.1.1 branch. No "EXPIRATION_DATE" will be set for now.
>>
>> With kind regards, Bernard Spil <brnrd@FreeBSD.org>
>
> Hi all,
>
> DEFAULT_VERSIONS+= openssl is now OpenSSL 3.0.11 (openssl-3.0.11,1)
>
> Quick search in ports tree uncovers the following ports that seem to 
> require 1.1.1. I'm chasing them down and adapting the BROKEN_SSL 
> versions, but not making them require openssl111 at the moment. Expect 
> a commit soon.
>
> audio/umurmur/Makefile:31:BROKEN_SSL=   openssl30 openssl31
> audio/murmur/Makefile:17:BROKEN_SSL=    openssl30 openssl31
> audio/spotify-tui/Makefile:294:BROKEN_SSL=      base openssl30 openssl31
> net/gq/Makefile:48:BROKEN_SSL=  base openssl openssl30 openssl31
> mail/enma/Makefile:19:BROKEN_SSL=       openssl30 openssl31
> sysutils/vector/Makefile:568:BROKEN_SSL=        base openssl30 openssl31
> sysutils/flowgger/Makefile:18:#BROKEN_SSL=      openssl30 openssl31
> www/castor/Makefile:133:BROKEN_SSL=     base openssl30 openssl31
> www/rearx/Makefile:177:BROKEN_SSL=      base openssl30 openssl31
> net-im/telegram-desktop/Makefile:16:BROKEN_SSL= openssl30 openssl31
> archivers/xar/Makefile:18:BROKEN_SSL=   openssl30 openssl31
> devel/kore/Makefile:13:BROKEN_SSL=      openssl30 openssl31
> devel/gbump/Makefile:20:BROKEN_SSL=     openssl30 openssl31
> devel/gbump/Makefile:69:BROKEN_SSL=     base openssl30 openssl31
> devel/ptlib/Makefile:17:BROKEN_SSL=     openssl30 openssl31
> security/pkcs11-tools/Makefile:16:BROKEN_SSL=   libressl openssl30 
> openssl31
> security/pkcs11-tools/Makefile:18:BROKEN_SSL_REASON_openssl30= error: 
> undefined symbol: EVP_PKEY_*
> security/p5-Filter-Crypto/Makefile:19:BROKEN_SSL=       openssl30 
> openssl31
> security/krb5-119/Makefile:28:BROKEN_SSL=       openssl30 openssl31
> security/proxytunnel/Makefile:18:BROKEN_SSL=    openssl30 openssl31
> security/py-nassl/Makefile:14:BROKEN_SSL=       openssl30 openssl31
> security/gost-engine/Makefile:69:BROKEN_SSL+=   openssl30 # openssl31
>
-- 
Xavier HUMBERT - Unix/Win/MacOSX Sysadmin/Network Engineer
https://www.amdh.fr