Re: HEADS-UP: OpenSSL 1.1.1 in 12.0

From: Ronald Klop <ronald-lists_at_klop.ws>
Date: Sat, 13 Oct 2018 09:40:38 +0200
On Sat, 13 Oct 2018 02:00:16 +0200, Don Lewis <truckman_at_freebsd.org> wrote:

> On 11 Oct, Don Lewis wrote:
>> On 11 Oct, Don Lewis wrote:
>>> On 11 Oct, freebsd.current_at_clogic.com.ua wrote:
>>>> On 2018-10-10 06:14, Michael Butler wrote:
>>>>> On 10/9/18 5:34 PM, Glen Barber wrote:
>>>>>> OpenSSL has been updated to version 1.1.1 as of r339270.
>>>>>>
>>>>>> It is important to rebuild third-party packages before running:
>>>>>>
>>>>>>  # make -C /usr/src delete-old && make -C /usr/src delete-old-libs
>>>>>>
>>>>>> Thank you for your patience while this work was in progress, and  
>>>>>> thank
>>>>>> you to all involved for their hard work in getting things ready for
>>>>>> this
>>>>>> update.
>>>>>
>>>>> So far, I've found two ports that will no longer build. They are:
>>>>>
>>>>> net-mgmt/net-snmp
>>>>> security/opencryptoki
>>>>>
>>>>> I simply chose those that were linked to /usr/lib/libssl.so.8 where  
>>>>> the
>>>>> openssl update creates libssl.so.9. There may be more I haven't found
>>>>> yet,
>>>>>
>>>>> 	imb
>>>>
>>>> You always can add DEFAULT_VERSIONS+=ssl=openssl to /etc/make.conf to
>>>> use openssl from ports.
>>>> Anyway, I think apps from ports need to use openssl from ports.
>>>
>>> I've been doing this for a long time, but I still see a fair amount of
>>> breakage with the new base OpenSSL.  I suspect that some ports are
>>> incorrectly stumbling across the new bits in base even though they
>>> shouldn't be looking there.
>>
>> security/p5-Net-SSLeay is hardwired to use base OpenSSL, so changing the
>> default version can't be done to unbreak p5-IO-Socket-SSL.
>>
>> devel/libsoup appears to allow the OpenSSL version to be set, but  
>> doesn't
>> have an option for GSSAPI, so it attempts to use base GSSAPI with ports
>> OpenSSL which is not a valid combo.
>>
>> emulators/virtualbox-ose is hardwired to use base OpenSSL.
>
> I now think the problem with virtualbox-ose is not the port.  Rather it
> is the fact that that the base libssl.so and the libssl.so installed by
> the security/openssl have the same shared library version number even
> though they are radically different OpenSSL versions.


I added this to libmap.conf:
cat /etc/libmap.conf
# $FreeBSD: head/libexec/rtld-elf/libmap.conf 338741 2018-09-18 00:25:00Z  
brd $
includedir /usr/local/etc/libmap.d
libssl.so.8	libssl.so.9
libcrypto.so.8	libcrypto.so.9

This made pkg run again. And now I'm waiting for the next pkg build to run  
pkg upgrade -f and upgrade everything.
I guess that will solve all issues.

Ronald.
Received on Sat Oct 13 2018 - 05:40:41 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:18 UTC