Re: [kde-freebsd] PR 210053
On Sun, 05 Jun 2016 16:49:20 +0200 Ralf Nolden wrote: > > Hi Alonso, > > thanks for the info. On the Qt side (where it appears as a problem in > QtNetwork) we've added now a patch to only support openssl. The usability of > libressl and the support for that can be argued about, however, I think we > should at least write up some advisory what is used where so people know how > to treat problems with Qt-related software in case of security advisories. > > If the use of libressl instead of openssl can be made optional by an option > and keep the defaults at openssl, I'm fine with any patch as long as it is up > to the user to build that with qca. (on Qt, I wouldn't do that on qt5-network > because it is not officially supported by Qt). > libressl is already an option, defaulting on base's openssl. [1] > Until that is given, I wouldn't use the patch. How is upstream handling the > use of libressl ? > -- > Kind regards, > > Ralf Nolden > Hi Upstream has the same approach that we have for handling SHA-0[2], and a different one for SSL3: They don't provide a fallback if there's no SSLv3 support [3], while the FreeBSD wiki proposes to do SSLv23 [4] References: [1] https://wiki.freebsd.org/LibreSSL [2] https://quickgit.kde.org/?p=qca.git&a=commit&h=0dbed8eb38afd1561907a52283091c37e7b85156 [3] https://quickgit.kde.org/?p=qca.git&a=commit&h=20a587d77636186edb044cd2b71d6d90fe98d232 [4] https://wiki.freebsd.org/LibreSSL/PatchingPorts#SSLv2.2FSSLv3_method_failures Alonso pgp0F7EYJewjD.pgp Description: PGP signature ___ kde-freebsd mailing list kde-freebsd@kde.org https://mail.kde.org/mailman/listinfo/kde-freebsd See also http://freebsd.kde.org/ for latest information
Re: [kde-freebsd] PR 210053
Am Sonntag, 5. Juni 2016, 16:19:06 schrieb Schaich Alonso: > I forgot my bugzilla password and "The system is not configured to allow > password change requests." ... > > I've got this review ticket for the libressl issue. Somehow kde@ was not > CC-ed. > > https://reviews.freebsd.org/D6685 > > Given it took me one month to open the ticket, I didn't expect the PR to me > made so quickly after it. > > Rakuco is AFK for the time being, so anyone with PORTS commit bit just send > it in. > > Alonso Hi Alonso, thanks for the info. On the Qt side (where it appears as a problem in QtNetwork) we've added now a patch to only support openssl. The usability of libressl and the support for that can be argued about, however, I think we should at least write up some advisory what is used where so people know how to treat problems with Qt-related software in case of security advisories. If the use of libressl instead of openssl can be made optional by an option and keep the defaults at openssl, I'm fine with any patch as long as it is up to the user to build that with qca. (on Qt, I wouldn't do that on qt5-network because it is not officially supported by Qt). Until that is given, I wouldn't use the patch. How is upstream handling the use of libressl ? -- Kind regards, Ralf Nolden ___ kde-freebsd mailing list kde-freebsd@kde.org https://mail.kde.org/mailman/listinfo/kde-freebsd See also http://freebsd.kde.org/ for latest information
[kde-freebsd] PR 210053
I forgot my bugzilla password and "The system is not configured to allow password change requests." ... I've got this review ticket for the libressl issue. Somehow kde@ was not CC-ed. https://reviews.freebsd.org/D6685 Given it took me one month to open the ticket, I didn't expect the PR to me made so quickly after it. Rakuco is AFK for the time being, so anyone with PORTS commit bit just send it in. Alonso pgpzYc_WPvnBP.pgp Description: PGP signature ___ kde-freebsd mailing list kde-freebsd@kde.org https://mail.kde.org/mailman/listinfo/kde-freebsd See also http://freebsd.kde.org/ for latest information
