libressl vs openssl - surprises
Having read that PC-BSD are/have moved to using libressl in their base system, it was time to have a look. So I updated my ports tree, built in sequence openssl, tested and then built libressl and tested. Platform xeon 1230Lv3 (1.8GHz, 8 logical cores), FreeBSD 10.1 built fresh last night. Summary: openssl aes256 encrypt/decrypt 160MB file: 0.686157 secs (244509876 bytes/sec) libressl aes256 encrypt/decrypt 160MB file: 1.768195 secs (94883282 bytes/sec) openssl speed -evp aes-256-cbc: 74691.70k 288535.11k 876427.49k 5323319.66k 29095886.85k libressl, speed -evp aes-256-cbc: 95036.12k 103030.42k 104839.86k 105190.19k 105840.81k Please note that I added the following to each Makefile, immediately after CPE_VENDOR line CFLAGS+="-O3" I also have the options for openssl "sse2 shared threads". There are no options for libressl. As I use crypto/ssl extensively it seems that migrating to the libressl port will reduce the performance of dependent ports. Are others seeing similar performance? Does anyone have any suggestions for raising the performance of libressl? On the bright side, libressl includes ChaCha20-Poly1305 and other ciphers contrary to the openbsd man page. Refs: 1. http://blog.pcbsd.org/2015/03/a-look-at-the-upcoming-features-for-10-1-2/ 2. https://forums.freebsd.org/threads/replace-openssl-with-libressl.47203/ use of OPENSSL_PORT=security/libressl Detail: I ran the speed and encrypt/decrypt cycle three times for each and took the middle score from each for comparison. For reference dd if=/dev/zero bs=1m count=160 > /dev/null ; # 0.016084 secs (10431025952 bytes/sec) openssl -- dd if=/dev/zero bs=1m count=160 | openssl enc -e -aes-256-cbc -pass pass:p1 | openssl enc -aes-256-cbc -d -pass pass:p1 > /dev/null 160+0 records in 160+0 records out 167772160 bytes transferred in 0.686157 secs (244509876 bytes/sec) openssl speed -evp aes-256-cbc Doing aes-256-cbc for 3s on 16 size blocks: 1568234 aes-256-cbc's in 0.34s Doing aes-256-cbc for 3s on 64 size blocks: 1479306 aes-256-cbc's in 0.33s Doing aes-256-cbc for 3s on 256 size blocks: 1203590 aes-256-cbc's in 0.35s Doing aes-256-cbc for 3s on 1024 size blocks: 690433 aes-256-cbc's in 0.13s Doing aes-256-cbc for 3s on 8192 size blocks: 138740 aes-256-cbc's in 0.04s OpenSSL 1.0.2c 12 Jun 2015 built on: reproducible build, date unspecified options:bn(64,64) md2(int) rc4(ptr,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx) compiler: /usr/local/libexec/ccache/cc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -pthread -D_THREAD_SAFE -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -Wall -O2 -pipe -g0 -ggdb0 -DSTRIP_FBSDID -O3 -march=core-avx-i -O3 -fno-strict-aliasing The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes256 bytes 1024 bytes 8192 bytes aes-256-cbc 74691.70k 288535.11k 876427.49k 5323319.66k 29095886.85k libressl - # dd if=/dev/zero bs=1m count=160 | openssl enc -e -aes-256-cbc -pass pass:p1 | openssl enc -aes-256-cbc -d -pass pass:p1 > /dev/null 160+0 records in 160+0 records out 167772160 bytes transferred in 1.768195 secs (94883282 bytes/sec) # openssl speed -evp aes-256-cbc Doing aes-256-cbc for 3s on 16 size blocks: 18097699 aes-256-cbc's in 3.05s Doing aes-256-cbc for 3s on 64 size blocks: 4829551 aes-256-cbc's in 3.00s Doing aes-256-cbc for 3s on 256 size blocks: 1241390 aes-256-cbc's in 3.03s Doing aes-256-cbc for 3s on 1024 size blocks: 310582 aes-256-cbc's in 3.02s Doing aes-256-cbc for 3s on 8192 size blocks: 38861 aes-256-cbc's in 3.01s LibreSSL 2.1.7 built on: date not available options:bn(64,64) rc4(ptr,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx) compiler: information not available The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes256 bytes 1024 bytes 8192 bytes aes-256-cbc 95036.12k 103030.42k 104839.86k 105190.19k 105840.81k ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
Re: OpenSSL Security Advisory [11 Jun 2015]
On 13/06/2015 19:41, Michelle Sullivan wrote: > How about one for how to make your own portsnap ? :P Presumably you're wanting to re-distribute local modifications to the ports tree sources around your machines? One relatively easy way to do that is to grab the ports from GitHub -- https://github.com/freebsd/freebsd-ports to a machine you designate as your local github master. You can create your own branch for your modifications and distribute that around your systems. Plus you get all the normal merging and revision control features of git. Although personally I tend not to put a ports tree on anything except a package building server nowadays. Cheers, Matthew signature.asc Description: OpenPGP digital signature
Re: OpenSSL Security Advisory [11 Jun 2015]
Matthew Seaman wrote: > On 13/06/2015 19:41, Michelle Sullivan wrote: > >> How about one for how to make your own portsnap ? :P >> > > Presumably you're wanting to re-distribute local modifications to the > ports tree sources around your machines? > > One relatively easy way to do that is to grab the ports from GitHub -- > >https://github.com/freebsd/freebsd-ports > > to a machine you designate as your local github master. You can create > your own branch for your modifications and distribute that around your > systems. Plus you get all the normal merging and revision control > features of git. > > Although personally I tend not to put a ports tree on anything except a > package building server nowadays. > > Cheers, > > Matthew > > I have my own SVN server however it's incredibly slow when compared to portsnap ... would like to know how the portsnap server is built so I can portsnap my own tree... Michelle -- Michelle Sullivan http://www.mhix.org/ ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
gscan2pdf 1.3.1 has unsatisfied dependencies
Hello, The latest gscan2pdf in the ports tree is 1.3.1: root@kg-core1# portversion -v gscan* [Reading data from pkg(8) ... - 825 packages found - done] gscan2pdf-1.3.1 = up-to-date with port It fails in two places: tingo@kg-core1$ gscan2pdf --device epson2:net:10.1.161.8 Can't locate Linux/Distribution.pm in @INC (you may need to install the Linux::Distribution module) (@INC contains: /usr/local/lib/perl5/site_perl/mach/5.18 /usr/local/lib/perl5/site_perl /usr/local/lib/perl5/5.18/mach /usr/local/lib/perl5/5.18 /usr/local/lib/perl5/site_perl/5.18 /usr/local/lib/perl5/site_perl/5.18/mach .) at /usr/local/bin/gscan2pdf line 84. BEGIN failed--compilation aborted at /usr/local/bin/gscan2pdf line 84. I have reported this on the gscan2pdf mailing list, as I don't think we have (or should have) that perl module on FreeBSD. For now, I just commented out the offending code. Next up is this: tingo@kg-core1$ gscan2pdf --device epson2:net:10.1.161.8 Can't locate Filesys/Df.pm in @INC (you may need to install the Filesys::Df module) (@INC contains: /usr/local/lib/perl5/site_perl/mach/5.18 /usr/local/lib/perl5/site_perl /usr/local/lib/perl5/5.18/mach /usr/local/lib/perl5/5.18 /usr/local/lib/perl5/site_perl/5.18 /usr/local/lib/perl5/site_perl/5.18/mach .) at /usr/local/bin/gscan2pdf line 85. BEGIN failed--compilation aborted at /usr/local/bin/gscan2pdf line 85. Which is fixed by installing p5-Filesys-Df. Testing done on: tingo@kg-core1$ uname -a FreeBSD kg-core1.kg4.no 9.3-STABLE FreeBSD 9.3-STABLE #0 r273918: Fri Oct 31 22:52:44 CET 2014 r...@kg-core1.kg4.no:/usr/obj/usr/src/sys/GENERIC amd64 HTH -- Regards, Torfinn Ingolfsen ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
cups-base fails in linking ippfind
Latest cups-base fails: gmake[1]: Entering directory '/usr/ports/print/cups-base/work/cups-2.0.3/test' echo Compiling ippfind.c... echo Compiling ippserver.c... Compiling ippfind.c... cc -Wall -Wno-format-y2k -Wunused -fPIC -Os -g -fstack-protector -I.. -D_CUPS_SOURCE -I/usr/local/include -O2 -pipe -fstack-protector -fno-strict-aliasing -I/usr/local/include/dbus-1.0 -I/usr/local/include/dbus-1.0/include -DDBUS_API_SUBJECT_TO_CHANGE -D_REENTRANT -D_THREAD_SAFE -pthread -I/usr/local/include -I/usr/local/include -I/usr/local/include/p11-kit-1 -D_LARGEFILE_SOURCE -D_THREAD_SAFE -D_REENTRANT -c -o ippfind.o ippfind.c echo Compiling ipptool.c... Compiling ippserver.c... cc -Wall -Wno-format-y2k -Wunused -fPIC -Os -g -fstack-protector -I.. -D_CUPS_SOURCE -I/usr/local/include -O2 -pipe -fstack-protector -fno-strict-aliasing -I/usr/local/include/dbus-1.0 -I/usr/local/include/dbus-1.0/include -DDBUS_API_SUBJECT_TO_CHANGE -D_REENTRANT -D_THREAD_SAFE -pthread -I/usr/local/include -I/usr/local/include -I/usr/local/include/p11-kit-1 -D_LARGEFILE_SOURCE -D_THREAD_SAFE -D_REENTRANT -c -o ippserver.o ippserver.c Compiling ipptool.c... cc -Wall -Wno-format-y2k -Wunused -fPIC -Os -g -fstack-protector -I.. -D_CUPS_SOURCE -I/usr/local/include -O2 -pipe -fstack-protector -fno-strict-aliasing -I/usr/local/include/dbus-1.0 -I/usr/local/include/dbus-1.0/include -DDBUS_API_SUBJECT_TO_CHANGE -D_REENTRANT -D_THREAD_SAFE -pthread -I/usr/local/include -I/usr/local/include -I/usr/local/include/p11-kit-1 -D_LARGEFILE_SOURCE -D_THREAD_SAFE -D_REENTRANT -c -o ipptool.o ipptool.c ippserver.c: In function 'ipp_cancel_job': ippserver.c:2864: warning: null format string ippserver.c: In function 'ipp_close_job': ippserver.c:2919: warning: null format string ippserver.c: In function 'ipp_create_job': ippserver.c:2972: warning: null format string ippserver.c: In function 'ipp_get_job_attributes': ippserver.c:3004: warning: null format string ippserver.c: In function 'ipp_get_jobs': ippserver.c:3159: warning: null format string ippserver.c: In function 'ipp_get_printer_attributes': ippserver.c:3211: warning: null format string ippserver.c: In function 'ipp_identify_printer': ippserver.c:3389: warning: null format string ippserver.c: In function 'ipp_print_job': ippserver.c:3526: warning: null format string ippserver.c: In function 'ipp_print_uri': ippserver.c:3838: warning: null format string ippserver.c: In function 'ipp_send_document': ippserver.c:4040: warning: null format string ippserver.c: In function 'ipp_send_uri': ippserver.c:4409: warning: null format string ippserver.c: In function 'ipp_validate_job': ippserver.c:4430: warning: null format string echo Linking ippfind... Linking ippfind... cc -L../cgi-bin -L../cups -L../filter -L../ppdc -L../scheduler -L/usr/local/lib -fstack-protector -Wl,-R/usr/local/lib -Wall -Wno-format-y2k -Wunused -fPIC -Os -g -fstack-protector -o ippfind ippfind.o -lcups -L/usr/local/lib -lavahi-common -lavahi-client -lz -lpthread -lm -lcrypt -liconv -liconv -lz echo Linking ippfind-static... Linking ippfind-static... cc -L../cgi-bin -L../cups -L../filter -L../ppdc -L../scheduler -L/usr/local/lib -fstack-protector -Wl,-R/usr/local/lib -Wall -Wno-format-y2k -Wunused -fPIC -Os -g -fstack-protector -o ippfind-static ippfind.o ../cups/libcups.a \ -L/usr/local/lib -lgnutls -L/usr/local/lib -lavahi-common -lavahi-client -lpthread -lm -lcrypt -liconv -liconv -lz -lz ../cups/libcups.a(http-support.o): In function `_httpResolveURI': /usr/ports/print/cups-client/work/cups-2.0.3/cups/http-support.c:1702: undefined reference to `DNSServiceCreateConnection' /usr/ports/print/cups-client/work/cups-2.0.3/cups/http-support.c:1711: undefined reference to `DNSServiceResolve' /usr/ports/print/cups-client/work/cups-2.0.3/cups/http-support.c:1855: undefined reference to `DNSServiceRefDeallocate' /usr/ports/print/cups-client/work/cups-2.0.3/cups/http-support.c:1741: undefined reference to `DNSServiceRefSockFD' /usr/ports/print/cups-client/work/cups-2.0.3/cups/http-support.c:1785: undefined reference to `DNSServiceResolve' /usr/ports/print/cups-client/work/cups-2.0.3/cups/http-support.c:1811: undefined reference to `DNSServiceResolve' /usr/ports/print/cups-client/work/cups-2.0.3/cups/http-support.c:1833: undefined reference to `DNSServiceProcessResult' /usr/ports/print/cups-client/work/cups-2.0.3/cups/http-support.c:1845: undefined reference to `DNSServiceRefDeallocate' /usr/ports/print/cups-client/work/cups-2.0.3/cups/http-support.c:1847: undefined reference to `DNSServiceRefDeallocate' /usr/ports/print/cups-client/work/cups-2.0.3/cups/http-support.c:1849: undefined reference to `DNSServiceRefDeallocate' /usr/ports/print/cups-client/work/cups-2.0.3/cups/http-support.c:1852: undefined reference to `DNSServiceRefDeallocate' /usr/ports/print/cups-client/work/cups-2.0.3/cups/http-support.c:1798: undefined reference to `DNSServiceResolve' ../cups/libcups.a(http-support.o): In function `http_resolve_c
Re: cups-base fails in linking ippfind
On Sun, Jun 14, 2015 at 10:38 PM, Torfinn Ingolfsen wrote: > Latest cups-base fails: > Ok, changing options so AVAHI is off and MDNSRESPONDER is on helps. :) Now it compiles and installs. -- Regards, Torfinn ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
foomatic-db Kyocera directory contents make cups give an error
Hi, cups error log file contains lines like this: root@kg-core1# grep Kyocera /var/log/cups/error_log | tail -2 E [14/Jun/2015:19:26:09 +0200] [cups-driverd] Bad driver information file "/usr/local/share/cups/model/foomatic-db-ppds/Kyocera/ReadMe.htm"! E [14/Jun/2015:22:49:54 +0200] [cups-driverd] Bad driver information file "/usr/local/share/cups/model/foomatic-db-ppds/Kyocera/ReadMe.htm"! If you compare the Kyocera directory: root@kg-core1# l /usr/local/share/cups/model/foomatic-db-ppds/Kyocera/ ./ ../ ReadMe.htm de/ en/ es/ fr/ it/ pt/ to another directory: root@kg-core1# l /usr/local/share/cups/model/foomatic-db-ppds/Epson ./ epalc380.ppd.gz epalcx21.ppd.gz epalmx20.ppd.gz epln2700.ppd.gz eplp920c.ppd.gz ../ epalc400.ppd.gz epalm200.ppd.gz epalmx21.ppd.gz epln3000.ppd.gz eplp950c.ppd.gz epal2600.ppd.gz epalc410.ppd.gz epalm201.ppd.gz epl5900.ppd.gz epln7000.ppd.gz eplp960s.ppd.gz epalc190.ppd.gz epalc420.ppd.gz epalm240.ppd.gz epl6100.ppd.gz eplp830c.ppd.gz eplp980c.ppd.gz epalc200.ppd.gz epalc860.ppd.gz epalm241.ppd.gz epl6200.ppd.gz eplp850c.ppd.gz epalc260.ppd.gz epalc910.ppd.gz epalm400.ppd.gz epln2500.ppd.gz eplp880c.ppd.gz epalc280.ppd.gz epalc920.ppd.gz epalm800.ppd.gz epln2550.ppd.gz eplp9100.ppd.gz it is easy to spot the problem. If this is harmless or not, I do not know. Tested on tingo@kg-core1$ uname -a FreeBSD kg-core1.kg4.no 9.3-STABLE FreeBSD 9.3-STABLE #0 r273918: Fri Oct 31 22:52:44 CET 2014 r...@kg-core1.kg4.no:/usr/obj/usr/src/sys/GENERIC amd64 root@kg-core1# pkg which /usr/local/share/cups/model/foomatic-db-ppds /usr/local/share/cups/model/foomatic-db-ppds was installed by package foomatic-db-20150415 root@kg-core1# portversion -v foomatic-db* [Reading data from pkg(8) ... - 825 packages found - done] foomatic-db-20150415= up-to-date with port foomatic-db-engine-4.0.12,2 = up-to-date with port -- Regards, Torfinn Ingolfsen ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
[Bug 199447] Mk/bsd.sites.mk re-introduce WORKING MASTER_SITE_COMP_SOURCES list
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=199447 Kubilay Kocak changed: What|Removed |Added Keywords||easy, patch, patch-ready CC|freebsd-ports-bugs@FreeBSD. | |org,| |portmas...@bsdforge.com | Status|New |Open Assignee|freebsd-ports@FreeBSD.org |freebsd-ports-bugs@FreeBSD. ||org -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
Re: OpenSSL Security Advisory [11 Jun 2015]
On Sat, 13 Jun 2015 16:03:10 -0700 Eitan Adler wrote > On 13 June 2015 at 15:48, Michelle Sullivan wrote: > > > I'd love to setup my own freebsd-update server - if only there were docs > > about how to do it... I'd have done it a couple of months ago, Google > > didn't reveal anything to me when I looked though... > > https://www.freebsd.org/doc/en_US.ISO8859-1/articles/freebsd-update-server/ Thank you! I found I would absolutely need to setup an update server, and was just exploring how this might best be accomplished. You've just saved me hours of R&D. I owe you [at least] a beer! Thanks again! > > > -- > Eitan Adler > ___ > freebsd-ports@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ports > To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org" ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
