[Tor-BSD] FreeBSD 9.x and tor 0.2.7.2-alpha

teor teor2345 at gmail.com
Tue Aug 11 13:50:18 EDT 2015


> On 11 Aug 2015, at 07:25 , George Rosamond <george at ceetonetechnology.com> wrote:
> 
> Signed PGP part
> FreeBSD 9.x is still using OpenSSL 0.9.8zg, last updated in base on
> 20150611.
> 
> Updating from 0.2.4.18 to 0.2.7.2 gives this error:
> 
> src/common/aes.c:23:2: error: #error "We require OpenSSL >= 1.0.0"
> 
> Yes, one could use OpenSSL from ports, LibreSSL or update to 10.x, but
> broken by default isn't a good thing.
> 
> 0.2.7.2 doesn't work on FreeBSD 9.x.
> 
> Grrrrreat…

Yes, this is an issue for OS X as well, which only ships:
OpenSSL 0.9.8zf 19 Mar 2015
(Of course, Tor Browser on OS X ships its own OpenSSL to work around this issue. So most OS X Tor users won't notice.)

Tor bugfixes are still being backported to the 0.2.6 series, is it possible to continue using that series until OpenSSL 1.0.1 or later are part of FreeBSD?

The breaking change in 0.2.7.2-aplha was part of the release announcement:
https://blog.torproject.org/blog/tor-0272-alpha-released

> Removed features:
> 	• Tor no longer supports versions of OpenSSL before 1.0. (If you are on an operating system that has not upgraded to OpenSSL 1.0 or later, and you compile Tor from source, you will need to install a more recent OpenSSL to link Tor against.) These versions of OpenSSL are still supported by the OpenSSL, but the numerous cryptographic improvements in later OpenSSL releases makes them a clear choice. Resolves ticket 16034.


It's worth noting that OpenSSL versions 0.9.8 and 1.0.0 are becoming unsupported at the end of 2015:

> As per our previous announcements and our Release Strategy
> (https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions
> 1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these
> releases will be provided after that date. Users of these releases are advised
> to upgrade.

See the second-last section in https://www.openssl.org/news/secadv_20150611.txt

Tim

Tim Wilson-Brown (teor)

teor2345 at gmail dot com
pgp ABFED1AC
https://gist.github.com/teor2345/d033b8ce0a99adbc89c5

teor at blah dot im
OTR D5BE4EC2 255D7585 F3874930 DB130265 7C9EBBC7

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.nycbug.org/pipermail/tor-bsd/attachments/20150812/b59d87d4/attachment.bin>


More information about the Tor-BSD mailing list