Re: HEADS-UP: OpenSSL 1.1.1 in 12.0

From: Don Lewis <truckman_at_FreeBSD.org>
Date: Thu, 11 Oct 2018 11:41:21 -0700 (PDT)
On 11 Oct, Don Lewis wrote:
> On 11 Oct, freebsd.current_at_clogic.com.ua wrote:
>> On 2018-10-10 06:14, Michael Butler wrote:
>>> On 10/9/18 5:34 PM, Glen Barber wrote:
>>>> OpenSSL has been updated to version 1.1.1 as of r339270.
>>>> 
>>>> It is important to rebuild third-party packages before running:
>>>> 
>>>>  # make -C /usr/src delete-old && make -C /usr/src delete-old-libs
>>>> 
>>>> Thank you for your patience while this work was in progress, and thank
>>>> you to all involved for their hard work in getting things ready for 
>>>> this
>>>> update.
>>> 
>>> So far, I've found two ports that will no longer build. They are:
>>> 
>>> net-mgmt/net-snmp
>>> security/opencryptoki
>>> 
>>> I simply chose those that were linked to /usr/lib/libssl.so.8 where the
>>> openssl update creates libssl.so.9. There may be more I haven't found 
>>> yet,
>>> 
>>> 	imb
>> 
>> You always can add DEFAULT_VERSIONS+=ssl=openssl to /etc/make.conf to 
>> use openssl from ports.
>> Anyway, I think apps from ports need to use openssl from ports.
> 
> I've been doing this for a long time, but I still see a fair amount of
> breakage with the new base OpenSSL.  I suspect that some ports are
> incorrectly stumbling across the new bits in base even though they
> shouldn't be looking there.

security/p5-Net-SSLeay is hardwired to use base OpenSSL, so changing the
default version can't be done to unbreak p5-IO-Socket-SSL.

devel/libsoup appears to allow the OpenSSL version to be set, but doesn't
have an option for GSSAPI, so it attempts to use base GSSAPI with ports
OpenSSL which is not a valid combo.

emulators/virtualbox-ose is hardwired to use base OpenSSL.
Received on Thu Oct 11 2018 - 16:41:23 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:18 UTC