From nobody Thu Jun 08 17:13:00 2023 X-Original-To: freebsd-ports@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QcW4q4zmDz4c5gm; Thu, 8 Jun 2023 17:13:15 +0000 (UTC) (envelope-from carpeddiem@gmail.com) Received: from mail-lj1-f171.google.com (mail-lj1-f171.google.com [209.85.208.171]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4QcW4n6JNVz3Qh9; Thu, 8 Jun 2023 17:13:13 +0000 (UTC) (envelope-from carpeddiem@gmail.com) Authentication-Results: mx1.freebsd.org; dkim=none; spf=pass (mx1.freebsd.org: domain of carpeddiem@gmail.com designates 209.85.208.171 as permitted sender) smtp.mailfrom=carpeddiem@gmail.com; dmarc=none Received: by mail-lj1-f171.google.com with SMTP id 38308e7fff4ca-2b1aecef94fso8208241fa.3; Thu, 08 Jun 2023 10:13:13 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686244391; x=1688836391; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=HvGs+Rb3KUBWag4xO6E/vNKtQ9seLfR11VouXLdHFfc=; b=eagwB09hizlUVB5sLmjQFDDHrb75UzqSZYVMNBgF1tawCPzspdkjl83aQZcmKYM537 0wcExBPkgf5y5QMUQPVJTcW3cRgnLIxhgNpBw0M0WeFk6iIiOFzkXX8zTQgINLsz7mhX u87z6z5M584VgIRoeqW6aDeHhUrcz551/fmhN6yeI343Py4/kidG2QZKat4/BOUAMHW5 HqdmmwSkXD5ZQbC2LcZ8KytL4qSkNW3PzIAq4Et3EbDa4bwzjtK4xv2bv8VY/pGiKzVI kEyWjIVhXx5D5wkmzEBdY+wCXlfJAV/68dxqhHQjJBuPeHtunoDM19WMQYaIslx4w406 zsTA== X-Gm-Message-State: AC+VfDySqg/6KYpngA0e1SEEzFtKARHWJtghdR4QTapnWoOYKAa3EK75 bf/Od0PjYus0zhhmcJVBF7p81kKaO7nkgHL/x/8sowshb4U= X-Google-Smtp-Source: ACHHUZ6xa7uF+mPTy2JUUM+/kOuWDl40LsP6n8A0l+m73oSGV5y/8snRUylBGCP9VeQfpOaLdt+w586bnTpjRw+CJCs= X-Received: by 2002:a2e:9907:0:b0:2a7:6e85:e287 with SMTP id v7-20020a2e9907000000b002a76e85e287mr3963851lji.45.1686244391245; Thu, 08 Jun 2023 10:13:11 -0700 (PDT) List-Id: Porting software to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-ports List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-ports@freebsd.org X-BeenThere: freebsd-ports@freebsd.org MIME-Version: 1.0 From: Ed Maste Date: Thu, 8 Jun 2023 13:13:00 -0400 Message-ID: Subject: OpenSSL 3.0 in the base system update To: FreeBSD Current , FreeBSD Ports Content-Type: text/plain; charset="UTF-8" X-Spamd-Result: default: False [-3.00 / 15.00]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-1.000]; FORGED_SENDER(0.30)[emaste@freebsd.org,carpeddiem@gmail.com]; R_SPF_ALLOW(-0.20)[+ip4:209.85.128.0/17:c]; MIME_GOOD(-0.10)[text/plain]; MLMMJ_DEST(0.00)[freebsd-current@freebsd.org,freebsd-ports@freebsd.org]; RWL_MAILSPIKE_POSSIBLE(0.00)[209.85.208.171:from]; ARC_NA(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US]; FREEMAIL_ENVFROM(0.00)[gmail.com]; RCVD_IN_DNSWL_NONE(0.00)[209.85.208.171:from]; BLOCKLISTDE_FAIL(0.00)[209.85.208.171:server fail]; FROM_NEQ_ENVFROM(0.00)[emaste@freebsd.org,carpeddiem@gmail.com]; FROM_HAS_DN(0.00)[]; FREEFALL_USER(0.00)[carpeddiem]; RCPT_COUNT_TWO(0.00)[2]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DMARC_NA(0.00)[freebsd.org]; RCVD_TLS_LAST(0.00)[]; TO_DN_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-Rspamd-Queue-Id: 4QcW4n6JNVz3Qh9 X-Spamd-Bar: -- X-ThisMailContainsUnwantedMimeParts: N As previously mentioned[1] FreeBSD 14.0 will include OpenSSL 3.0. We expect to merge the update to main in the near future (within the next week or two) and are ready for wider testing. Supported by the FreeBSD Foundation, Pierre Pronchery has been working on the update in the src tree, with assistance from Enji Cooper (ngie@), and me (emaste@). Thanks to Antoine Brodin (antoine@) and Muhammad Moinur Rahman (bofh@) for ports exp-runs and fixes/workarounds and to Dag-Erling (des@) for updating ldns in the base system. ## Base system compatibility status Most of the base system is ready for a seamless switch to OpenSSL 3.0. For several components we've added `-DOPENSSL_API_COMPAT=0x10100000L` to CFLAGS to specify the API version, which avoids deprecation warnings from OpenSSL 3.0. Changes have also been made to avoid OpenSSL APIs already deprecated in OpenSSL 1.1. We can continue the process of updating to contemporary APIs after OpenSSL 3.0 is in the tree. Additional changes are still required for libarchive and seven Kerberos-related libraries or tools. Workarounds are ready to go along with the OpenSSL 3 import, and proper fixes are in progress in the upstream projects. A segfault from `openssl x509` in the i386 ports exp-run is under investigation and needs to be addressed prior to the merge. ## Ports compatibility With bofh@'s recent www/node18 and www/node20 patches the ports tree is in reasonable shape for OpenSSL 3.0 in the base system. The exp-run (link below) has a list of the failing ports, and I've emailed all of the maintainers as a heads-up. None of the remaining failures are responsible for a large number of skipped ports (i.e., the failures are either leaf ports or are responsible for only a small number of skipped ports). I expect that some or many of these will need to be addressed after the change lands in the src tree. ## Call for testing We welcome feedback from anyone willing to test the work in progress. Pierre's update can be obtained from the pull request[2] or by fetching the branch[3]. If desired I will provide a large diff against main. ## Links - Base system OpenSSL 3.0 update tracking PR: https://bugs.freebsd.org/271615 - Ports exp-run with OpenSSL 3.0 in the base system: https://bugs.freebsd.org/271656 [1] https://lists.freebsd.org/archives/freebsd-current/2023-May/003609.html [2] https://github.com/freebsd/freebsd-src/pull/760 [3] https://github.com/khorben/freebsd-src/tree/khorben/openssl-3.0.9