Plan for OpenSSL in stable/10?

Fri Jan 27 21:51:51 UTC 2017

Er, which three symbols?  I'm not sure that I'm reading the tool properly;
e.g., the 1.0.2 line has "4 removed", which seems to be comparing to
1.0.1u, which is not a fair comparison -- some symbols were added during
the 1.0.1 series, e.g., for CVE fixes, that were also added to the 1.0.2
series, but were not present in 1.0.2<no-letter>.

(BTW I posted to upstream about this at
https://mta.openssl.org/pipermail/openssl-dev/2017-January/009042.html)

-Ben

On Thu, Jan 26, 2017 at 02:10:55PM -0800, Xin LI wrote:
> They are not compatible:
> https://abi-laboratory.pro/tracker/timeline/openssl/
> 
> (3 missing symbols needs to be fixed, and we need to verify if the result
> is still compatible; the usage of these missing symbols should be quite
> rare, though).
> 
> On Thu, Jan 26, 2017 at 1:48 PM, Oliver Pinter <
> oliver.pinter at hardenedbsd.org> wrote:
> 
> > On 1/13/17, Benjamin Kaduk <kaduk at mit.edu> wrote:
> > > On Thu, Jan 12, 2017 at 10:57:20PM +0100, Dimitry Andric wrote:
> > >> On 12 Jan 2017, at 19:02, Eric van Gyzen <vangyzen at FreeBSD.org> wrote:
> > >> >
> > >> > Has anyone had time to discuss and form a plan for OpenSSL in
> > >> > stable/10,
> > >> > now that 1.0.1 is end-of-life?  I don't recall seeing any public
> > >> > discussion or announcement; forgive me if I missed it.
> > >>
> > >> Would updating to 1.0.2 change the API and/or ABI?
> > >
> > > IIRC upstream claims that it is ABI and API compatible, but they were
> > less
> > > good about enforcing that rigorously back then than they are now, so
> > maybe
> > > some things slipped through the cracks.
> > >
> >
> > Is there any news regards to these questions?
> >
> > > -Ben
> > > _______________________________________________
> > > freebsd-security at freebsd.org mailing list
> > > https://lists.freebsd.org/mailman/listinfo/freebsd-security
> > > To unsubscribe, send any mail to "freebsd-security-unsubscribe@
> > freebsd.org"
> > >
> >