On Sep 5, 2019, at 10:21 PM, grarpamp grarpamp@gmail.com wrote:
never relied on the OS Package of Tor, mainly because OS’s OpenSSL versions are behind the current version of OpenSSL, so I normally compile Tor against the latest OpenSSL. Example, FreeBSD 12.0-RELEASE has OpenSSL 1.1.1a-freebsd, which generates a slight crypto error during the startup of Tor. If you download OpenSSL 1.1.1c and just compile against it, eh, problem fixed.
As to realtime, hardly any behind... ver openssl 12-stable ports-head 1.1.1c 20190528 20190528 20190528 1.1.1b 20190226 20190226 20180227 1.1.1a 20181120 20181120 20181120 ... not including any 'responsible disclosure' bs around any HW / SW that users may or may not be affected by.
As to release mechanics... 12.0-release base had latest 1.1.1a at release, release ports tags were one letter rev behind at 1.0.2p and 1.1.0i, release ports head was latest at 1.0.2q and 1.1.1a, quarterly was similar.
tor follows same pattern, people can research and post those datas if they want.
Of course people's boxes will be behind if they never update them beyond release, that's not fault of any OS.
https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/updating-upgradin... https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ports.html https://download.freebsd.org/ftp/snapshots/
Either update base per binary, snapshot, releng, or stable... or track and install ports (packages) quarterly, latest / head... and compile against that as needed.
Or get the upstream sources and do by hand.
If people aren't on FreeBSD or a well supported Linux distro they should expect their OS to be laggy in areas.
Many FreeBSD tor users would be fine tracking base stable and packages latest (ports head). pkg.conf: url: "pkg+https://pkg.FreeBSD.org/$%7BABI%7D/latest",
If their OS of choice is still a bit laggy for them, they can join their OS community and start generating update commits... :)
https://freebsd.org/ https://openbsd.org/ etc or whatever pump and dump linux distro is hot this year.
Grampamp,
You know I love you tons - but the problem with the FreeBSD release of Tor isn’t fixed by switching to “latest”, you’ll still get the error upon startup. It’s compiled against an older version of OpenSSL. Since it already has an active maintainer I can’t just go in and take it over. That would be rude.
Yes, OpenSSL on mainline 12.0-RELEASE is fixed, but what they compiled the package against isn’t, so it’s either compile the port or don’t use pkgs. I for one believe in the philosophy of not mixing pkgs and ports so…. Ports it is.
Thanks,
Conrad