FS#71597 - [tensorflow] Switch to openssl from openssl-1.0

Attached to Project: Community Packages
Opened by loqs (loqs) - Friday, 23 July 2021, 20:50 GMT
Last edited by Sven-Hendrik Haase (Svenstaro) - Wednesday, 28 July 2021, 01:00 GMT
Task Type Feature Request
Category Packages
Status Closed
Assigned To Sven-Hendrik Haase (Svenstaro)
Konstantin Gizdov (kgizdov)
Architecture All
Severity Very Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:
Please consider switching from openssl-1.0 to openssl. This would add support for TLS 1.3 and avoid the security issues with openssl-1.0 [1].
This requires a minor compatibility patch [2]. Changes required to PKGBUILD are [3].
Patch is not upstreamable in this form as upstream at least from the comments in [4] still supports openssl 1.0 so would require ifdef detection of openssl 1.0, openssl 1.1, boringssl and possibly openssl 3.0. Assuming upstream would take a patch at all for versions they currently do not use. This was tested using the reproducer attached to  FS#67449 .

Additional info:
* tensorflow 2.5.0-5
[1] https://security.archlinux.org/package/openssl-1.0
[2] openssl-1.1-patch
[3] PKGBUILD.diff
[4] https://github.com/tensorflow/tensorflow/blob/v2.6.0-rc1/tensorflow/core/platform/cloud/oauth_client.cc#L100
This task depends upon

Closed by  Sven-Hendrik Haase (Svenstaro)
Wednesday, 28 July 2021, 01:00 GMT
Reason for closing:  Fixed
Additional comments about closing:  In testing
Comment by Sven-Hendrik Haase (Svenstaro) - Tuesday, 27 July 2021, 21:49 GMT
Seems reasonable enough. Compiling with the patches.

Loading...