New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update to openssl 3.0 LTS stable branch #133
Conversation
Rebased to latest on 3.0 Stable LTS branch |
Thanks for this, we absolutely need to move to openssl3. The branch that you pulled from |
The branch this is pulled from is |
Sorry, I meant the branch |
I thought it was 3.0.13 |
The latest stable version is the 3.2 series supported until 23rd November 2025. Also available is the 3.1 series supported until 14th March 2025, and the 3.0 series which is a Long Term Support (LTS) version and is supported until 7th September 2026. but using lts would be easier to maintain |
The latest Beta version is 3.3.0. I was using the latest stable LTS branch which is version 3.0.13. Actually it would be 3.0.14-dev if you pulled latest from |
If I checkout your branch then run: ./tor-droid-make.sh fetch
cd external/openssl
git log -n 1 you get a commit from just a few days ago, not something from any of the stable releases commit 3cd67d10b6bd182a8006dfc04bb48d4dedce82e5 (HEAD, origin/openssl-3.0)
Author: Dmitry Misharov <dmitry@openssl.org>
Date: Wed Apr 3 13:47:39 2024 +0200
downgrade upload-artifact action to v3
GitHub Enterpise Server is not compatible with upload-artifact@v4+.
https://github.com/actions/upload-artifact/tree/v4
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24029)
(cherry picked from commit 089271601a1d085f33ef7b7d8c3b6879045be370) |
You are right we want 3.0.13 LTS like tor browser uses. To get this, on my WIP branch I used the release tag openssl used rather than pulling from any particular branch cd external/openssl
git checkout openssl-3.0.13 |
Why not use the HEAD of the openssl-3.0 branch which is openssl-3.0.13-47-g3cd67d10b6. You would be getting an additional 47 commits. |
git checkout -b openssl-3.0 origin/openssl-3.0 |
The reason why I would choose HEAD over a release tag on an LTS branch is because every change on the LTS branch is either a CVE or bugfix. Nothing additional. Chances are the latest commit is the best one. |
There aren't any CVE/bugfixes added onto that branch! in fact, whenever there is a CVE they immediately make a new release since it is a critical vulnerability |
Openssl 1.1.1 has reached EOL on 11th September 2023 and is no longer getting security updates.