Hey all,
I normally wouldn't forward an email from a FreeBSD mailing list to
the HardenedBSD Users' mailing list, but I think this one warrants it.
The part I think will impact HardenedBSD's users the most is OpenSSL.
The ZFS stuff is mostly worked out (though I was bit by it pretty hard
recently.)
There's an interesting play between base and ports, especially with
regards to providers of
libcrypto.so/libssl.so (OpenSSL, LibreSSL,
etc.) Even though the announcement discusses FreeBSD's 14.0 release
schedule, there is also an impact to HardenedBSD 13-STABLE users
(and, obviously, 14-CURRENT).
FreeBSD has its work cut out for it. I think they're going in the
right direction so far (it appears they will indeed adopt OpenSSL 3 in
base prior to 14.0-RELEASE landing.)
While I'm confident in FreeBSD to complete the work with quality, I
suspect there may be cobwebs and oddities that may cause issues during
this transitional work. There may still be considerable fallout, given
the size and complexity of the task at hand.
So, this email is to serve as a heads up. Hopefully the pain will be
minimal (if at all.)
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
----- Forwarded message from Glen Barber <
g...@freebsd.org> -----
Date: Mon, 1 May 2023 18:14:49 +0000
From: Glen Barber <
g...@freebsd.org>
To:
freebs...@freebsd.org,
freebsd...@freebsd.org
Cc:
freebsd...@freebsd.org, FreeBSD Release Engineering Team
<
r...@freebsd.org>, FreeBSD Security Team <
sec...@freebsd.org>
Subject: Delay in 14.0-RELEASE cycle and blocking items
According to the 14.0-RELEASE schedule, the code slush in main and the
freeze to the KBI for 14.0 was scheduled for April 25, 2023. As some of
you may have noticed, that did not happen.
First, and most importantly for 14.0, is the status of the OpenSSL
update to version 3. This in itself is reason to delay the schedule
until some tangible progress has been made. Yes, some have expressed
interest in helping in this area, however at this moment, this is the
key blocker.
Second is the status of the branch and how it pertains to the recent
upstream merge from OpenZFS. Although block_cloning is disabled by
default, there have been other regressions discovered (and fixed), but
as a whole, I do not feel that we have a solid understanding of the
regressions about which we do not know.
There is no feasible way we are going to make the branch point of
stable/14 in time, with that scheduled for May 12, 2023 with the above
points. That said, this is not an all-inclusive list, but the more
major items on our radar at the moment.
A more up-to-date schedule for the 14.0 release will be published in the
near future, though nothing is yet set in stone.
Thank you for your patience, and for any help in getting us through
these outstanding items.
Glen
On behalf of: re@
----- End forwarded message -----