OpenSSL 1.1.1 is EOL

[ThomasWaldmann]

About

Read there: https://www.openssl.org/blog/blog/2023/09/11/eol-111/

Consequences for borg releases / branches:

borg 1.1.x (1.1-maint branch)

... is EOL, too (no more releases), so nothing will change there from our side.

borg 1.2.x (1.2-maint branch)

borg 1.2 docs say "OpenSSL >= 1.0".

Normal borg dist packages (like .rpm or .deb or ...) do not include OpenSSL, so borg will use whatever the dist provides.

The pyinstaller-made borg "fat binaries" provided on github releases, do include OpenSSL though - but they usually just use whatever the OS / dist we use for building the binary provides, see the 00_README.txt coming with the binaries:

As of borg 1.2.6 this meant:

• borg-linuxnew64 (built on Debian 11 "Bullseye" with glibc 2.31)
  • supported by Debian LTS until 2026-06-30(?), uses openssl 1.1.1
• borg-linux64 (built on Debian 10 "Buster" with glibc 2.28)
  • supported by Debian LTS until 2024-06-30, uses openssl 1.1.1
• borg-linuxold64 (built on Debian 9 "Stretch" with glibc 2.24)
  • no security updates any more, also vagrant box broken, see #7579
• borg-macos64 (built on macOS Sierra 10.12), uses openssl 1.1.1
• borg-freebsd64 (built on FreeBSD 13.1), uses openssl 1.1.1

So, some systems (like debian stretch or macOS 10.12) are completely out of support.

The linux and linuxnew (buster / bullseye) borg binaries are built on systems still getting security support from debian - but it is unclear to me how they do it if openssl is EOLed by upstream.

The freebsd situation is unclear to me.

Guess we will still provide these binaries on a "use on your own risk basis" for people who need to work with borg on older systems. Guess the risk is tolerable, because borg only uses some rather basic code from libcrypto (like AES-CTR, SHA2, HMAC, etc.).

borg 1.4 (1.4-maint branch)

• borg linux binaries built on debian bookworm (native openssl3), bullseye, buster (see also above)
• borg freebsd binary is built on freebsd 14, native openssl3
• borg macOS binary is built with openssl3 installed via brew
• also, testing in the openbsd vagrant VM also uses openssl3

Fixed some deprecation warnings of openssl 3.0 relating to HMAC_* functions.

borg 2 (master branch)

... is not released yet and is unlikely to go into any "old" OS distribution when it will be released at some time in the future.

OTOH, new OS distributions already have OpenSSL 3.0 now - even more will have it in future (they can't ship unsupported 1.1.1 any more in new dists).

So guess we'll just raise the minimum requirement to OpenSSL >= 3.0?

[infectormp]

OpenSSL 3.1 exists, and it is not an LTS version, should we also add OpenSSL < 3.1?

[ThomasWaldmann]

@infectormp I don't think so. openssl and related security is usually managed by the OS / distribution, not by borg. So any compatible version is fine for us.

The dists jumping on a non-LTS openssl release now will also jump on the next release when that comes out or when the previous one runs out of security support.

OTOH, borg master branch / borg2 does not need to declare compatibility and stay compatible to an openssl release that is already EOL before borg2 is even released.

[Jamie-Landeg-Jones]

@ThomasWaldmann

The freebsd situation is unclear to me.

FreeBSD currently has 2 supported branches: 12-STABLE and 13-STABLE. ( https://www.freebsd.org/security/#sup )

The latest releases in them are 12.4-RELEASE and 13.2-RELEASE ( https://www.freebsd.org/releases/ )

14-STABLE will be supported from October onwards, with the release of 14.0-RELEASE.

14-STABLE is the first to support openssl 3.X natively (in the base distribution)

The 12-STABLE/RELEASE branch will be EOL on December 31st 2023, so you can probably ignore that.

The 13 branch will be supported until April 30, 2026. ( https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=273795 )

So, as far as FreeBSD is concerned, it's only the 13.X branch that would be affected. I don't think there are plans to update the base system in 13.X, however, users can install openssl3 from the FreeBSD ports system, and recompile their ports themselves.

https://wiki.freebsd.org/OpenSSL

This is probably out of scope for most people. My gut feeling is that 1.1.1 will be supported as much as possible by the FreeBSD folks whilst it's still live in FreeBSD, and if that becomes impossible, they'll be forced to upgrade 13.X to 3.0.0

So, personally, I'd still allow 1.1.1 on FreeBSD 13, but maybe provide a warning?

Alternatively bundling the port with it's own private / static version of openssl3 would be an option - especially if newer borg versions aren't compatible with openssl1.1.1

If so, I can help with that - I've already modified one freebsd port to do just that: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=270101#c3

[Jamie-Landeg-Jones]

Note, using a private / static version on FreeBSD wouldn't require borg needing to bundle the openssl source code with it - that can be done automatically by the freebsd ports (source installs) and pkg (package/binary install) infrastructure, as in https://www.freshports.org/security/sslscan

So, bug and security fixes to openssl3 ports on freebsd would be automatically applied to the freebsd borg packages (a 'freebsd version portversion/increment bump will automatically trigger a new version if appropriate)

Actually, scratch that, it would require python mods, not borg mods, wouldn't it? Hmmm. Well, I'm sure we could get around it - in fact, python is quite important, so if python/freebsd13/openssl1.1.1 becomes an issue, there's a good chance that the freebsd python guys would come up with a solution.

Arrrgh, I'm rambling now. Anyway, if you decide openssl3 is a requirement, I offer to get it working on freebsd 13, one way or the other!

Cheers, Jamie

[ThomasWaldmann]

Done for 1.4-maint branch.

TODO: check master branch.

[BloodBlight]

Any chance we can get the 1.2.x branch updated to OpenSSL 1.1.1p or better? I think 1.1.1w is out.

There is a CVE on the version in 1.2.8: https://nvd.nist.gov/vuln/detail/CVE-2022-2068

[ThomasWaldmann]

@BloodBlight many of the openssl CVEs do not affect what borg uses from OpenSSL (encryption and hashing primitives from libcrypto).

Also, only the pyinstaller-made "fat binaries" include whatever OpenSSL the build OS has installed.

The source code based borg packages (pip, git, most linux/... packages) will use what YOUR OS provides.

So, I guess in the end, there is only a tiny potential issue when an outdated build OS is used that is not provided with security updates any more.

The more recent borg binaries use current, security updated build OSes, but some binaries are also built on outdated build OSes (and as the only easy alternative is not to provide these at all, these are provided on a "use on your own risk" basis).

See the Vagrantfile for how the pyinstaller made binaries are built.