FreeBSD Security Advisory FreeBSD-SA-20:33.openssl

Martin Simmons martin at lispworks.com
Fri Dec 11 16:05:01 UTC 2020


>>>>> On Fri, 11 Dec 2020 13:28:43 +0100, Franco Fichtner said:
> 
> > On 11. Dec 2020, at 13:20, Martin Simmons <martin at lispworks.com> wrote:
> > 
> > 
> >> 
> >>>>>> On Fri, 11 Dec 2020 12:44:17 +0100, Franco Fichtner said:
> >> 
> >>>> On 11. Dec 2020, at 12:38 PM, Martin Simmons <martin at lispworks.com> wrote:
> >>> 
> >>>>>>>> On Thu, 10 Dec 2020 22:46:28 -0800, John-Mark Gurney said:
> >>>> 
> >>>> What are peoples thoughts on how to address the support mismatch between
> >>>> FreeBSD and OpenSSL?  And how to address it?
> >>> 
> >>> Maybe it would help a little if the packages on pkg.FreeBSD.org all used the
> >>> pkg version of OpenSSL?  Currently, it looks like you have build your own
> >>> ports if you want that.
> >> 
> >> This pretty much breaks LibreSSL ports usage for binary package consumers.
> > 
> > I'm talking about the binary packages from pkg.FreeBSD.org.  Don't they always
> > use the base OpenSSL at the moment?
> 
> Yes, and if it would be built against ports OpenSSL you can no longer build against LibreSSL locally.
> 
> In OPNsense we do build against ports OpenSSL for upgrade ease, but we also offer a second set of packages for LibreSSL.
> 
> For the normal FreeBSD user defaulting packages against OpenSSL from ports would be severely limiting their capability to deviate from this with one-off builds and most cannot or will not run their own poudriere batch.

OK, I see what you mean now.  The underlying problem is that it is impossible
to install packages/ports for OpenSSL and LibreSSL at the same time.

__Martin


More information about the freebsd-security mailing list