-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 OpenSSL 1.0.1c will be merged to head today. There will be several important changes to note. - - Several crypto/engine modules will be added or enabled by default to closely match OpenSSL default, e.g., Camellia (crypto), SEED (crypto), CHIL (engine), GOST (engine), etc. - - MD2 will be removed because a) it is disabled by default and b) we removed it from libmd. - - Optimized amd64 asm files will be added and enabled by default. - - Optimized i386 asm files will be updated and new files will be added. - - opensslconf.h for amd64 and i386 will be merged. Unfortunately, library versions will be bumped, i.e., libcrypto.so.6 -> libcrypto.so.7 libssl.so.6 -> libssl.so.7 Therefore, all binaries depending on these need to be recompiled. Also, you may have to merge your /etc/ssl/openssl.conf changes. Jung-uk Kim -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk//EckACgkQmlay1b9qnVN0PQCgwtUHNK7iEdKpTi3TmWD5W4UK smUAnAxcPa+OtZQe4HKifeaVm+ybdRIH =T9Oc -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2012-07-12 14:04:58 -0400, Jung-uk Kim wrote:> - Several crypto/engine modules will be added or enabled by default > to closely match OpenSSL default, e.g., Camellia (crypto), SEED > (crypto), CHIL (engine), GOST (engine), etc.Actually, CHIL is already enabled. My bad. Jung-uk Kim -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk//F6wACgkQmlay1b9qnVMnhQCghxsNSDCr3sbM+6PEenB4nTh2 3/YAoJ5EiSCzQhTKBJQ4bbWd0mVGZqbk =hYlB -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2012-07-12 14:04:58 -0400, Jung-uk Kim wrote:> OpenSSL 1.0.1c will be merged to head today. There will be > several important changes to note. > > - Several crypto/engine modules will be added or enabled by default > to closely match OpenSSL default, e.g., Camellia (crypto), SEED > (crypto), GOST (engine), etc. - MD2 will be removed because a) it > is disabled by default and b) we removed it from libmd. - Optimized > amd64 asm files will be added and enabled by default. - Optimized > i386 asm files will be updated and new files will be added. - > opensslconf.h for amd64 and i386 will be merged. > > Unfortunately, library versions will be bumped, i.e., > > libcrypto.so.6 -> libcrypto.so.7 libssl.so.6 -> libssl.so.7 > > Therefore, all binaries depending on these need to be recompiled. > Also, you may have to merge your /etc/ssl/openssl.conf changes.FYI, OpenSSL 1.0.1c import is complete now. Please let me know if you have any problem. Cheers, Jung-uk Kim -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk//Zb0ACgkQmlay1b9qnVMDXACgxjHtAdhyLasffkaqX/Jl9hHX He0An2EjtcRoNsHfTX/ZwZ+iHz2VW2Iq =mHkt -----END PGP SIGNATURE-----
On Thu, Jul 12, 2012 at 08:03:09PM -0400, Jung-uk Kim wrote:> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 2012-07-12 14:04:58 -0400, Jung-uk Kim wrote: > > OpenSSL 1.0.1c will be merged to head today. There will be > > several important changes to note. > > > > - Several crypto/engine modules will be added or enabled by default > > to closely match OpenSSL default, e.g., Camellia (crypto), SEED > > (crypto), GOST (engine), etc. - MD2 will be removed because a) it > > is disabled by default and b) we removed it from libmd. - Optimized > > amd64 asm files will be added and enabled by default. - Optimized > > i386 asm files will be updated and new files will be added. -How did the asm files were generated (I am sure they are generated) ?> > opensslconf.h for amd64 and i386 will be merged. > > > > Unfortunately, library versions will be bumped, i.e., > > > > libcrypto.so.6 -> libcrypto.so.7 libssl.so.6 -> libssl.so.7 > > > > Therefore, all binaries depending on these need to be recompiled. > > Also, you may have to merge your /etc/ssl/openssl.conf changes. > > FYI, OpenSSL 1.0.1c import is complete now. Please let me know if you > have any problem. > > Cheers, > > Jung-uk Kim > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.19 (FreeBSD) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAk//Zb0ACgkQmlay1b9qnVMDXACgxjHtAdhyLasffkaqX/Jl9hHX > He0An2EjtcRoNsHfTX/ZwZ+iHz2VW2Iq > =mHkt > -----END PGP SIGNATURE----- > _______________________________________________ > freebsd-current@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org"-------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 196 bytes Desc: not available Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20120713/9f1cd389/attachment.pgp
On 07/12/2012 05:03 PM, Jung-uk Kim wrote:> FYI, OpenSSL 1.0.1c import is complete now. Please let me know if you > have any problem.Sorry if I missed it, but did you bump OSVERSION for this change? If not, could you? It would be helpful for dealing with ports stuff, especially USE_OPENSSL. Doug
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2012-07-13 05:55:04 -0400, Doug Barton wrote:> On 07/12/2012 05:03 PM, Jung-uk Kim wrote: >> FYI, OpenSSL 1.0.1c import is complete now. Please let me know >> if you have any problem. > > Sorry if I missed it, but did you bump OSVERSION for this change? > If not, could you? It would be helpful for dealing with ports > stuff, especially USE_OPENSSL.Yes, it was bumped with the commit. Jung-uk Kim -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAlAAREwACgkQmlay1b9qnVNpkgCffS1dK8lvKRBXpxeebRGcx/kE UYIAoMxzzJUcx2JvTY996Vm4eHHriXVt =NvEB -----END PGP SIGNATURE-----
On 07/13/2012 08:52 AM, Jung-uk Kim wrote:> On 2012-07-13 05:55:04 -0400, Doug Barton wrote: >> On 07/12/2012 05:03 PM, Jung-uk Kim wrote: >>> FYI, OpenSSL 1.0.1c import is complete now. Please let me know >>> if you have any problem. > >> Sorry if I missed it, but did you bump OSVERSION for this change? >> If not, could you? It would be helpful for dealing with ports >> stuff, especially USE_OPENSSL. > > Yes, it was bumped with the commit.Thanks, and again, sorry I missed it.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2012-07-13 04:00:14 -0400, Konstantin Belousov wrote:> How did the asm files were generated (I am sure they are generated) > ?Yes, they are all re-generated. Mostly, it is described in FREEBSD-upgrade file: http://svnweb.freebsd.org/base/vendor-crypto/openssl/dist/FREEBSD-upgrade?view=markup&pathrev=238384 Basically, it goes something like this: cd ${SRCDIR}/secure/lib/libcrypto make -f Makefile.asm all mv *.[Ss] ${MACHINE_CPUARCH} make -f Makefile.asm clean Jung-uk Kim -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAlAAa2MACgkQmlay1b9qnVMBtACgoxxI+jmAmhcpLnbozW3y2LNd /bUAnjeZ8f9K2ccwTDgicwLBLYUw+Mlp =Gy0L -----END PGP SIGNATURE-----
Will port also be MFCed to 9-RELENG and 9.1-RELEASE? Do not want to have to go to -CURRENT to get latest OpenSSL. --Brett Glass
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2012-07-13 15:03:39 -0400, Brett Glass wrote:> Will port also be MFCed to 9-RELENG and 9.1-RELEASE? Do not want > to have to go to -CURRENT to get latest OpenSSL.Sorry, we have no plan to MFC this to stable branches because of API and feature changes. However, you may need OpenSSL from ports tree, which has the same version ATM. Jung-uk Kim -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAlAAfowACgkQmlay1b9qnVO6FQCePL/lmITYUw5xmI4weIX+NOtE ASYAoJBeDaIxmj2wG4j7keczkhU62WAS =Ed5I -----END PGP SIGNATURE-----