On Tue, Sep 10, 2024 at 12:14:58PM +0200, Neal Gompa wrote: > On Fri, Sep 1, 2023 at 6:11 AM Neal Gompa <[email protected]> wrote: > > > > I'm bumping this thread again to ask if we can make everyone's lives > > easier by dropping all the hobbling we do today to OpenSSL, nettle, > > etc.. We *definitely* don't need it now at this point, so it's just > > needless work that creates a lot of second-order pain for people (such > > as library bindings for other programming languages). > > The annual bump on this thread to once again ask if we can make > progress on this issue. It's a pain and I really don't think we have > any reason to keep doing it anymore.
It appears the maintainers of openssl & nettle have *already* removed hobbling from Fedora In netle dist-git: commit 478b2083882071d9102297b4f0c022f65d567b1e Author: Daiki Ueno <[email protected]> Date: Thu Aug 22 14:25:26 2024 +0900 Switch from hobbling to patching to disable algorithms Previously, certain algorithms, such as smaller ECC curves, were "hobbled" using the hobble-nettle script. It is now allowed to include the algorithm implementation in the source package, though we still want to disable them at build time. This patch switches to using a patch-based approach to disable them. That way, the packaging process is simplified as well as the integrity of upstream release can be checked using %gpgverify. Signed-off-by: Daiki Ueno <[email protected]> And in openssl dist-git: commit 477bb5e652b21c76dccaf690d2327af8f86bd16f Author: Sahana Prasad <[email protected]> Date: Tue Mar 14 17:07:58 2023 +0100 - Upload new upstream sources without manually hobbling them. - Remove the hobbling script as it is redundant. It is now allowed to ship the sources of patented EC curves, however it is still made unavailable to use by compiling with the 'no-ec2m' Configure option. The additional forbidden curves such as P-160, P-192, wap-tls curves are manually removed by updating 0011-Remove-EC-curves.patch. - Apply the changes to ec_curve.c and ectest.c as a new patch 0010-Add-changes-to-ectest-and-eccurve.patch instead of replacing them. - Modify 0011-Remove-EC-curves.patch to allow Brainpool curves. - Modify 0011-Remove-EC-curves.patch to allow code under macro OPENSSL_NO_EC2M. ┊ Resolves: rhbz#2130618, rhbz#2141672 Signed-off-by: Sahana Prasad <[email protected]> With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| -- _______________________________________________ legal mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
