From owner-freebsd-questions@freebsd.org Thu Dec 10 12:08:25 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 468394A8679 for ; Thu, 10 Dec 2020 12:08:25 +0000 (UTC) (envelope-from herbert@gojira.at) Received: from mail.bsd4all.net (mail.bsd4all.net [94.130.200.20]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail.bsd4all.net", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4CsCP42czdz3s1t for ; Thu, 10 Dec 2020 12:08:24 +0000 (UTC) (envelope-from herbert@gojira.at) Date: Thu, 10 Dec 2020 13:08:22 +0100 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=gojira.at; s=mail202005; t=1607602102; bh=S4srRnEZsmOZ4rAk4W9kUM4+Zb96s4b0ydSm2V8Uf+U=; h=Date:From:To:Subject:Message-ID:MIME-Version:Content-Type; b=f8tQtt/0wzfP121ThKDiy7maaWzWCqO8cXp74erBCqHUl+RG8FTsd26AHoMJokLjS WlD1WX9zk17uuax3WJ1fiqnpWLfyK7pf2kymDcRSSAzku9qmCFlnCP4Qm0Nm33SVpu EmZIgor/7EImAl8LONmPnKXUa+hAelLeuErlidsBG7TgzUW1+g3nAHXIpDW3fvDOst U2qFcf2RCu04pbXUQKpB298V0SS8AyOxVI6815Jj5R/EtNF9evwy5rbjz06sRxx/E1 9V2xGFSQZ6GeuHmTsN8HrNMnP7SYzBeW7g7Od+d2bKmPMY5/NmF1HUm9asUGbIBlaR XvB0PUcI/HLkg== From: "Herbert J. Skuhra" To: FreeBSD Subject: Re: Patches for OpenSSL Message-ID: References: <267201d6ceeb$52ffcaa0$f8ff5fe0$@seibercom.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <267201d6ceeb$52ffcaa0$f8ff5fe0$@seibercom.net> X-Rspamd-Queue-Id: 4CsCP42czdz3s1t X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gojira.at header.s=mail202005 header.b=f8tQtt/0; dmarc=none; spf=pass (mx1.freebsd.org: domain of herbert@gojira.at designates 94.130.200.20 as permitted sender) smtp.mailfrom=herbert@gojira.at X-Spamd-Result: default: False [-3.50 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[gojira.at:s=mail202005]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:94.130.200.20]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[gojira.at]; NEURAL_HAM_LONG(-1.00)[-1.000]; RCPT_COUNT_ONE(0.00)[1]; SPAMHAUS_ZRD(0.00)[94.130.200.20:from:127.0.2.255]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[gojira.at:+]; NEURAL_HAM_SHORT(-1.00)[-1.000]; RCVD_COUNT_ZERO(0.00)[0]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RBL_DBL_DONT_QUERY_IPS(0.00)[94.130.200.20:from]; ASN(0.00)[asn:24940, ipnet:94.130.0.0/16, country:DE]; MAILMAN_DEST(0.00)[freebsd-questions] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Dec 2020 12:08:25 -0000 On Thu, Dec 10, 2020 at 06:55:15AM -0500, jerry@seibercom.net wrote: > I just read "FreeBSD Security Advisory FreeBSD-SA-20:33.openssl". I found the following part of the message quite troubling. > > > > "Note: The OpenSSL project has published publicly available patches for versions included in FreeBSD 12.x. This vulnerability is also known to affect OpenSSL versions included in FreeBSD 11.4. However, the OpenSSL project is only giving patches for that version to premium support contract holders. The FreeBSD project does not have access to these patches and recommends ..." > > > > Exactly why doesn't FreeBSD have access to the above mentioned 'patches'? Is this purely a financial matter? If so, then exactly how much are we talking about here? For one, I would be too interested in knowing the specifics regarding FreeBSD's inability to gain access to these patches. https://www.openssl.org/news/secadv/20201208.txt OpenSSL 1.0.2 is out of support and no longer receiving public updates. Extended support is available for premium support customers: https://www.openssl.org/support/contracts.html Premium Level Support US$50,000 annually -- Herbert