diff options
author | Repository mirror & CI <repomirrorci@gentoo.org> | 2021-10-22 19:06:29 +0000 |
---|---|---|
committer | Repository mirror & CI <repomirrorci@gentoo.org> | 2021-10-22 19:06:29 +0000 |
commit | 5836a105dec7c709f3206b9d013b664ac237bc54 (patch) | |
tree | 195dcb313155d41659dec2874168c15783c345a5 /metadata/news | |
parent | Merge updates from master (diff) | |
parent | 2021-10-17-openssl-bindist-removal: openssl USE=bindist removal (diff) | |
download | gentoo-5836a105dec7c709f3206b9d013b664ac237bc54.tar.gz gentoo-5836a105dec7c709f3206b9d013b664ac237bc54.tar.bz2 gentoo-5836a105dec7c709f3206b9d013b664ac237bc54.zip |
Merge commit 'e91fb8d1fae984eead80975412f3a1029ac099ab'
Diffstat (limited to 'metadata/news')
-rw-r--r-- | metadata/news/2021-10-17-openssl-bindist-removal/2021-10-17-openssl-bindist-removal.en.txt | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/metadata/news/2021-10-17-openssl-bindist-removal/2021-10-17-openssl-bindist-removal.en.txt b/metadata/news/2021-10-17-openssl-bindist-removal/2021-10-17-openssl-bindist-removal.en.txt new file mode 100644 index 000000000000..ca6c6e651348 --- /dev/null +++ b/metadata/news/2021-10-17-openssl-bindist-removal/2021-10-17-openssl-bindist-removal.en.txt @@ -0,0 +1,38 @@ +Title: dev-libs/openssl USE=bindist removal +Author: Robin H. Johnson <robbat2@gentoo.org> +Posted: 2021-10-17 +Revision: 1 +News-Item-Format: 2.0 +Display-If-Installed: dev-libs/openssl[bindist] + +On 2021-11-19, the base-system team will remove USE=bindist +behavior from dev-libs/openssl, per bug #762850 [1]. + +Users should not experience any ABI incompatibilities that +require recompilation when moving from +dev-libs/openssl[bindist] to dev-libs/openssl[-bindist]. + +However, moving back in future may recompile if any binaries +of their systems depend on the additional symbols available +with USE=-bindist. + +USE=bindist on dev-libs/openssl historically applied RedHat +work, called hobble-openssl [2], that was intended to make +OpenSSL "safe" to distribute with regards to various +patents, in the opinion of RedHat's legal counsel. The +hobble-openssl, in it's last iterations, it greatly +restricted which parts of EC (elliptic curve) were available +[3][4] + +Debian & Ubuntu do not apply any similar behavior, and +Gentoo intends to follow Debian's lead with regards to +OpenSSL hobble-openssl moving forward. + +[1] https://bugs.gentoo.org/762850 +[2] Multiple files: + https://src.fedoraproject.org/rpms/openssl/blob/rawhide/f/hobble-openssl + https://src.fedoraproject.org/rpms/openssl/blob/rawhide/f/ectest.c + https://src.fedoraproject.org/rpms/openssl/blob/rawhide/f/ec_curve.c + https://src.fedoraproject.org/rpms/openssl/blob/rawhide/f/0011-Remove-EC-curves.patch +[3] https://archives.gentoo.org/gentoo-dev/message/f0d16240bb0dd1ff38fb5223bec810ab +[4] https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening#system-wide-crypto-policies_using-the-system-wide-cryptographic-policies |