On Fri, Feb 09, 2018 at 12:58:30PM +0000, Kevin Chadwick wrote: > I assume you know far more than me and A.Wilcox from the Alpine list > but this was mentioned. They are planning to revert to OpenSSL next > week. > > I don't use Alpine, though it is possibly my preferred Linux, just > thought I would mention it. > > To be honest, I don't even know if facilitating wider adoption of > LibreSSL hurts or benefits OpenBSD security in the end. > > The last paragraph (taken from a separate mail), may be interesting? > > I have no idea what debian etc. are doing. > > http://lists.alpinelinux.org/alpine-devel/6079.html > _____________________________________________________________________ > > awilcox on ciall /usr/src/alpine-aports $ find . -name > '*libressl*.patch' | sort > ./community/asio/libressl.patch > ./community/cargo/openssl-fix-libressl-cmsh-detection.patch > ./community/cargo/openssl-libressl263-compat.patch > ./community/erlang/0011-fix-libressl-build.patch > ./community/freerdp/libressl-2.5.patch > ./community/gsoap/libressl.patch > ./community/heirloom-mailx/libressl.patch > ./community/isync/libressl-compat.patch > ./community/john/libressl.patch > ./community/mongodb-tools/libressl.patch > ./community/pgbouncer/libressl-2.5.patch > ./community/qt5-qtbase/libressl-compat.patch > ./community/retawq/libressl.patch > ./community/rethinkdb/libressl-all.patch > ./community/stunnel/stunnel-libressl.patch > ./community/xchat/libressl.patch > ./community/yadifa/libressl-compat.patch > ./main/boost/libressl.patch > ./main/elinks/libressl-2.5.patch > ./main/fetchmail/libressl.patch > ./main/freeswitch/sofia-sip-libressl.patch > ./main/haproxy/fix-libressl-2.5.patch > ./main/hexchat/libressl.patch > ./main/hostapd/libressl-compat.patch > ./main/krb5/libressl.patch > ./main/ldns/1.6.17-libressl.patch > ./main/libevent/libressl.patch > ./main/libgit2/libressl.patch > ./main/lua-cqueues/libressl-2.5.patch > ./main/mosquitto/libressl.patch > ./main/neon/fix-libressl.patch > ./main/open-isns/libressl.patch > ./main/openldap/libressl.patch > ./main/opensmtpd/libressl-compat.patch > ./main/openvswitch/libressl-compat.patch > ./main/opusfile/libressl.patch > ./main/partimage/libressl.patch > ./main/perl-crypt-ssleay/libressl.patch > ./main/postfix/libressl.patch > ./main/python3/libressl.patch > ./main/qt/qtcore-4.8.5-libressl.patch > ./main/serf/libressl.patch > ./main/spice-gtk/libressl.patch > ./main/spice/libressl.patch > ./main/strongswan/libressl.patch > ./main/tlsdate/libressl-no-sslv3.patch > ./main/tlsdate/libressl-sslstate.patch > ./main/transmission/libressl.patch > ./main/wpa_supplicant/libressl.patch > ./main/xrdp/libressl-support.patch > ./testing/bobcat/libressl-compatibility.patch > ./testing/ejabberd/libressl.patch > ./testing/imapfilter/libressl.patch > ./testing/libimobiledevice/01-libressl.patch > ./testing/litespeed/libressl.patch > ./testing/megatools/libressl.patch > ./testing/openconnect/openconnect-7.08-libressl251.patch > ./testing/prayer/libressl.patch > ./testing/proftpd/libressl.patch > ./testing/tarantool/tests-libressl-compat.patch > ./testing/x11vnc/libressl.patch > > > It isn't just this. Qt 5.10 introduces new dependency on OpenSSL 1.1 > APIs for improved security, and LibreSSL does not implement those APIs > at all. > > Also, as mentioned in my other email, one pain point is something like > mailman or taiga, which require Python Cryptography package version 1.7. > This version requires OpenSSL APIs that LibreSSL removed. That'd be > fine, since it could be built against OpenSSL instead, however! > libressl-dev and openssl-dev conflict, and python-dev installs > libressl-dev because Python is built against LibreSSL. That means you > can't actually build OpenSSL-requiring Python packages at all. > > I'd imagine similar issues would be had with Ruby, Perl, Node, and all > the rest. Certainly any Qt application that needs OpenSSL APIs (like > Kleopatra, KDE's key management utility) won't be buildable as well. > > One question I do have is: is there a way to disable the OpenSSL > compatibility in LibreSSL? It would be good for packages that require > LibreSSL (libressl-dev) to be buildable even if openssl-dev is installed > (preventing something like the above Python situation). >
Just in case some libressl dev doesn't want read the full thread in the Alpine list, they want also a workaround for the lack of time_t for 32bits platforms on Linux. FYI: Adelie is a downstream distro of Alpine which wants to support "old" platforms. https://adelielinux.org/info.html#platforms -- Juan Francisco Cantero Hurtado http://juanfra.info
