FreeBSD Security Advisory FreeBSD-SA-20:33.openssl
Martin Simmons
martin at lispworks.com
Fri Dec 11 16:05:01 UTC 2020
>>>>> On Fri, 11 Dec 2020 13:28:43 +0100, Franco Fichtner said:
>
> > On 11. Dec 2020, at 13:20, Martin Simmons <martin at lispworks.com> wrote:
> >
> >
> >>
> >>>>>> On Fri, 11 Dec 2020 12:44:17 +0100, Franco Fichtner said:
> >>
> >>>> On 11. Dec 2020, at 12:38 PM, Martin Simmons <martin at lispworks.com> wrote:
> >>>
> >>>>>>>> On Thu, 10 Dec 2020 22:46:28 -0800, John-Mark Gurney said:
> >>>>
> >>>> What are peoples thoughts on how to address the support mismatch between
> >>>> FreeBSD and OpenSSL? And how to address it?
> >>>
> >>> Maybe it would help a little if the packages on pkg.FreeBSD.org all used the
> >>> pkg version of OpenSSL? Currently, it looks like you have build your own
> >>> ports if you want that.
> >>
> >> This pretty much breaks LibreSSL ports usage for binary package consumers.
> >
> > I'm talking about the binary packages from pkg.FreeBSD.org. Don't they always
> > use the base OpenSSL at the moment?
>
> Yes, and if it would be built against ports OpenSSL you can no longer build against LibreSSL locally.
>
> In OPNsense we do build against ports OpenSSL for upgrade ease, but we also offer a second set of packages for LibreSSL.
>
> For the normal FreeBSD user defaulting packages against OpenSSL from ports would be severely limiting their capability to deviate from this with one-off builds and most cannot or will not run their own poudriere batch.
OK, I see what you mean now. The underlying problem is that it is impossible
to install packages/ports for OpenSSL and LibreSSL at the same time.
__Martin
More information about the freebsd-security
mailing list