Re: HEADS-UP: OpenSSL 1.1.1 in 12.0

From: Oleg Lelchuk <oleglelchuk_at_gmail.com>
Date: Fri, 26 Oct 2018 14:13:57 -0400
libtorrent still can't be built with the new openssl

On Sat, Oct 13, 2018 at 4:40 AM Ronald Klop <ronald-lists_at_klop.ws> wrote:

> On Sat, 13 Oct 2018 02:00:16 +0200, Don Lewis <truckman_at_freebsd.org>
> wrote:
>
> > On 11 Oct, Don Lewis wrote:
> >> On 11 Oct, Don Lewis wrote:
> >>> On 11 Oct, freebsd.current_at_clogic.com.ua wrote:
> >>>> On 2018-10-10 06:14, Michael Butler wrote:
> >>>>> On 10/9/18 5:34 PM, Glen Barber wrote:
> >>>>>> OpenSSL has been updated to version 1.1.1 as of r339270.
> >>>>>>
> >>>>>> It is important to rebuild third-party packages before running:
> >>>>>>
> >>>>>>  # make -C /usr/src delete-old && make -C /usr/src delete-old-libs
> >>>>>>
> >>>>>> Thank you for your patience while this work was in progress, and
> >>>>>> thank
> >>>>>> you to all involved for their hard work in getting things ready for
> >>>>>> this
> >>>>>> update.
> >>>>>
> >>>>> So far, I've found two ports that will no longer build. They are:
> >>>>>
> >>>>> net-mgmt/net-snmp
> >>>>> security/opencryptoki
> >>>>>
> >>>>> I simply chose those that were linked to /usr/lib/libssl.so.8 where
> >>>>> the
> >>>>> openssl update creates libssl.so.9. There may be more I haven't found
> >>>>> yet,
> >>>>>
> >>>>>   imb
> >>>>
> >>>> You always can add DEFAULT_VERSIONS+=ssl=openssl to /etc/make.conf to
> >>>> use openssl from ports.
> >>>> Anyway, I think apps from ports need to use openssl from ports.
> >>>
> >>> I've been doing this for a long time, but I still see a fair amount of
> >>> breakage with the new base OpenSSL.  I suspect that some ports are
> >>> incorrectly stumbling across the new bits in base even though they
> >>> shouldn't be looking there.
> >>
> >> security/p5-Net-SSLeay is hardwired to use base OpenSSL, so changing the
> >> default version can't be done to unbreak p5-IO-Socket-SSL.
> >>
> >> devel/libsoup appears to allow the OpenSSL version to be set, but
> >> doesn't
> >> have an option for GSSAPI, so it attempts to use base GSSAPI with ports
> >> OpenSSL which is not a valid combo.
> >>
> >> emulators/virtualbox-ose is hardwired to use base OpenSSL.
> >
> > I now think the problem with virtualbox-ose is not the port.  Rather it
> > is the fact that that the base libssl.so and the libssl.so installed by
> > the security/openssl have the same shared library version number even
> > though they are radically different OpenSSL versions.
>
>
> I added this to libmap.conf:
> cat /etc/libmap.conf
> # $FreeBSD: head/libexec/rtld-elf/libmap.conf 338741 2018-09-18 00:25:00Z
> brd $
> includedir /usr/local/etc/libmap.d
> libssl.so.8     libssl.so.9
> libcrypto.so.8  libcrypto.so.9
>
> This made pkg run again. And now I'm waiting for the next pkg build to
> run
> pkg upgrade -f and upgrade everything.
> I guess that will solve all issues.
>
> Ronald.
> _______________________________________________
> freebsd-current_at_freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to "freebsd-current-unsubscribe_at_freebsd.org"
>
Received on Fri Oct 26 2018 - 16:14:10 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:19 UTC