Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-dev

From: robbat2@g.o
To: gentoo-dev@l.g.o
Cc: pr@g.o, base-system@g.o, "Robin H. Johnson" <robbat2@g.o>
Subject: [gentoo-dev] [PATCH] 2021-10-17-openssl-bindist-removal: openssl USE=bindist removal
Date: Sun, 17 Oct 2021 23:33:44
Message-Id: 20211017233317.25729-1-robbat2@gentoo.org
1 From: "Robin H. Johnson" <robbat2@g.o>
2
3 Signed-off-by: Robin H. Johnson <robbat2@g.o>
4 ---
5 .../2021-10-17-openssl-bindist-removal.en.txt | 38 +++++++++++++++++++
6 1 file changed, 38 insertions(+)
7 create mode 100644 2021-10-17-openssl-bindist-removal/2021-10-17-openssl-bindist-removal.en.txt
8
9 diff --git 2021-10-17-openssl-bindist-removal/2021-10-17-openssl-bindist-removal.en.txt 2021-10-17-openssl-bindist-removal/2021-10-17-openssl-bindist-removal.en.txt
10 new file mode 100644
11 index 0000000..ca6c6e6
12 --- /dev/null
13 +++ 2021-10-17-openssl-bindist-removal/2021-10-17-openssl-bindist-removal.en.txt
14 @@ -0,0 +1,38 @@
15 +Title: dev-libs/openssl USE=bindist removal
16 +Author: Robin H. Johnson <robbat2@g.o>
17 +Posted: 2021-10-17
18 +Revision: 1
19 +News-Item-Format: 2.0
20 +Display-If-Installed: dev-libs/openssl[bindist]
21 +
22 +On 2021-11-19, the base-system team will remove USE=bindist
23 +behavior from dev-libs/openssl, per bug #762850 [1].
24 +
25 +Users should not experience any ABI incompatibilities that
26 +require recompilation when moving from
27 +dev-libs/openssl[bindist] to dev-libs/openssl[-bindist].
28 +
29 +However, moving back in future may recompile if any binaries
30 +of their systems depend on the additional symbols available
31 +with USE=-bindist.
32 +
33 +USE=bindist on dev-libs/openssl historically applied RedHat
34 +work, called hobble-openssl [2], that was intended to make
35 +OpenSSL "safe" to distribute with regards to various
36 +patents, in the opinion of RedHat's legal counsel. The
37 +hobble-openssl, in it's last iterations, it greatly
38 +restricted which parts of EC (elliptic curve) were available
39 +[3][4]
40 +
41 +Debian & Ubuntu do not apply any similar behavior, and
42 +Gentoo intends to follow Debian's lead with regards to
43 +OpenSSL hobble-openssl moving forward.
44 +
45 +[1] https://bugs.gentoo.org/762850
46 +[2] Multiple files:
47 + https://src.fedoraproject.org/rpms/openssl/blob/rawhide/f/hobble-openssl
48 + https://src.fedoraproject.org/rpms/openssl/blob/rawhide/f/ectest.c
49 + https://src.fedoraproject.org/rpms/openssl/blob/rawhide/f/ec_curve.c
50 + https://src.fedoraproject.org/rpms/openssl/blob/rawhide/f/0011-Remove-EC-curves.patch
51 +[3] https://archives.gentoo.org/gentoo-dev/message/f0d16240bb0dd1ff38fb5223bec810ab
52 +[4] https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening#system-wide-crypto-policies_using-the-system-wide-cryptographic-policies
53 --
54 2.33.1

Replies

Subject Author
Re: [gentoo-dev] [PATCH] 2021-10-17-openssl-bindist-removal: openssl USE=bindist removal "Robin H. Johnson" <robbat2@g.o>
Report Message
Find on MARC Find on Google Groups