Re: git: b077aed33b7b - main - Merge OpenSSL 3.0.9
- In reply to: Ed Maste : "git: b077aed33b7b - main - Merge OpenSSL 3.0.9"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 29 Jun 2023 12:47:19 UTC
On Sat, 24 Jun 2023 01:19:54 +0200, Ed Maste wrote: > > The branch main has been updated by emaste: > > URL: https://cgit.FreeBSD.org/src/commit/?id=b077aed33b7b6aefca7b17ddb250cf521f938613 > > commit b077aed33b7b6aefca7b17ddb250cf521f938613 > Merge: b08ee10c0646 b84c4564effd > Author: Pierre Pronchery <pierre@freebsdfoundation.org> > AuthorDate: 2023-06-23 22:53:35 +0000 > Commit: Ed Maste <emaste@FreeBSD.org> > CommitDate: 2023-06-23 22:53:36 +0000 > > Merge OpenSSL 3.0.9 > > Migrate to OpenSSL 3.0 in advance of FreeBSD 14.0. OpenSSL 1.1.1 (the > version we were previously using) will be EOL as of 2023-09-11. > > Most of the base system has already been updated for a seamless switch > to OpenSSL 3.0. For many components we've added > `-DOPENSSL_API_COMPAT=0x10100000L` to CFLAGS to specify the API version, > which avoids deprecation warnings from OpenSSL 3.0. Changes have also > been made to avoid OpenSSL APIs that were already deprecated in OpenSSL > 1.1.1. The process of updating to contemporary APIs can continue after > this merge. > > Additional changes are still required for libarchive and Kerberos- > related libraries or tools; workarounds will immediately follow this > commit. Fixes are in progress in the upstream projects and will be > incorporated when those are next updated. > > There are some performance regressions in benchmarks (certain tests in > `openssl speed`) and in some OpenSSL consumers in ports (e.g. haproxy). > Investigation will continue for these. > > Netflix's testing showed no functional regression and a rather small, > albeit statistically significant, increase in CPU consumption with > OpenSSL 3.0. > > Thanks to ngie@ and des@ for updating base system components, to > antoine@ and bofh@ for ports exp-runs and port fixes/workarounds, and to > Netflix and everyone who tested prior to commit or contributed to this > update in other ways. > > PR: 271615 > PR: 271656 [exp-run] > Relnotes: Yes > Sponsored by: The FreeBSD Foundation > > ObsoleteFiles.inc | 48 + I guess some files should be removed from ObsoleteFiles.inc. (patch attached) -- Herbert diff --git a/ObsoleteFiles.inc b/ObsoleteFiles.inc index 25a1ce080c39..79088dcabaa6 100644 --- a/ObsoleteFiles.inc +++ b/ObsoleteFiles.inc @@ -9631,22 +9631,17 @@ OLD_FILES+=usr/share/openssl/man/man3/RAND_SSLeay.3.gz OLD_FILES+=usr/share/openssl/man/man3/RSA_PKCS1_SSLeay.3.gz OLD_FILES+=usr/share/openssl/man/man3/RSA_null_method.3.gz OLD_FILES+=usr/share/openssl/man/man3/SSL.3.gz -OLD_FILES+=usr/share/openssl/man/man3/SSL_CTX_get_ex_new_index.3.gz OLD_FILES+=usr/share/openssl/man/man3/SSL_CTX_need_tmp_rsa.3.gz OLD_FILES+=usr/share/openssl/man/man3/SSL_CTX_set_custom_cli_ext.3.gz OLD_FILES+=usr/share/openssl/man/man3/SSL_CTX_set_default_read_ahead.3.gz -OLD_FILES+=usr/share/openssl/man/man3/SSL_CTX_set_ecdh_auto.3.gz OLD_FILES+=usr/share/openssl/man/man3/SSL_CTX_set_tmp_rsa.3.gz OLD_FILES+=usr/share/openssl/man/man3/SSL_CTX_set_tmp_rsa_callback.3.gz -OLD_FILES+=usr/share/openssl/man/man3/SSL_SESSION_get_ex_new_index.3.gz OLD_FILES+=usr/share/openssl/man/man3/SSL_add_session.3.gz OLD_FILES+=usr/share/openssl/man/man3/SSL_flush_sessions.3.gz OLD_FILES+=usr/share/openssl/man/man3/SSL_get_accept_state.3.gz -OLD_FILES+=usr/share/openssl/man/man3/SSL_get_ex_new_index.3.gz OLD_FILES+=usr/share/openssl/man/man3/SSL_get_msg_callback_arg.3.gz OLD_FILES+=usr/share/openssl/man/man3/SSL_need_tmp_rsa.3.gz OLD_FILES+=usr/share/openssl/man/man3/SSL_remove_session.3.gz -OLD_FILES+=usr/share/openssl/man/man3/SSL_set_ecdh_auto.3.gz OLD_FILES+=usr/share/openssl/man/man3/SSL_set_tmp_rsa.3.gz OLD_FILES+=usr/share/openssl/man/man3/SSL_set_tmp_rsa_callback.3.gz OLD_FILES+=usr/share/openssl/man/man3/SSLeay.3.gz