Hi Genodians
On December 08. 2020 the openssl project issued a security advisory (https://www.openssl.org/news/secadv/20201208.txt).
I started looking into binging the latest version of openssl (1.1.1i) to Genode. I have a first version of the library that compiles on x86_64.
When I started testing components I encountered the following things: - `wpa_supplicant` (wifi driver) compiles, but running it fails due to a symbol the dynamic linker can't find - `lighttpd` compiles, but running it fails due to a symbol the dynamic linker can't find - `libssh` doesn't compile (it looks, as it uses data structures that were moved to internal only in version 1.1.x of openssl) - `openvpn` (repo genode-world) doesn't compile (it looks, as it uses data structures that were moved to internal only in version 1.1.x of openssl) - `grpc` (repo genode-world) compiles with some warnings about using deprecated functions - `grpc_tls/client` and `grpc_tls/server` (repo genode-world) can be built
I'm thinking about how to proceed with this. One way that I see, is to create a separate port (e.g. `openssl_1.1`) that provides the updated library. Then each component can choose to use the old or the new version of the library. When a component (or library) is updated, one can choose to switch to the new library if it is supported. In the long run the old version of openssl could then be removed once all users of it have switched.
Do you agree with proceeding according to this plan or would you approach this differently?
Best regards, Pirmin