Re: HEADS-UP: OpenSSL 1.1.1 in 12.0

From: Glen Barber <gjb_at_freebsd.org>
Date: Sat, 27 Oct 2018 16:27:01 +0000
On Sat, Oct 27, 2018 at 06:14:39PM +0200, David Marec wrote:
> On 09/10/2018 23:34, Glen Barber wrote:
> > OpenSSL has been updated to version 1.1.1 as of r339270.
> > 
> > It is important to rebuild third-party packages before running:
> > 
> >   # make -C /usr/src delete-old && make -C /usr/src delete-old-libs
> > 
> 
> 
> I just do a fresh install a FreeBSD-12 from
> http://ftp.freebsd.org/pub/FreeBSD/releases/amd64/12.0-BETA2
> 
> It sounds that "pkg" shipped with 12-BETA-2 still use the old library:
> 
> root_at_matarje:/usr/lib # ls -l libssl*
> -r--r--r--  1 root  wheel  4386406 Oct 26 03:08 libssl.a
> lrwxr-xr-x  1 root  wheel       13 Oct 26 03:08 libssl.so -> libssl.so.111
> -r--r--r--  1 root  wheel   604936 Oct 26 03:08 libssl.so.111
> -r--r--r--  1 root  wheel  4493898 Oct 26 03:08 libssl_p.a
> root_at_matarje:/usr/lib # pkg upgrade
> ld-elf.so.1: Shared object "libssl.so.9" not found, required by "pkg"
> 
> 
> root_at_matarje:/usr/lib # pkg-static upgrade
> Updating FreeBSD repository catalogue...
> pkg-static: Repository FreeBSD load error: access repo
> file(/var/db/pkg/repo-FreeBSD.sqlite) failed: No such file or directory
> Fetching meta.txz: 100%    944 B   0.9kB/s    00:01
> pkg-static: error reading public key:
> error:00000000:lib(0):func(0):reason(0)
> pkg-static: No trusted certificate has been used to sign the repository
> repository FreeBSD has no meta file, using default settings
> Fetching packagesite.txz: 100%    6 MiB   2.1MB/s    00:03
> pkg-static: error reading public key:
> error:00000000:lib(0):func(0):reason(0)
> pkg-static: No trusted certificate has been used to sign the repository
> Unable to update repository FreeBSD
> Error updating repositories!
> 

There was an issue with the pkg-static binary which is used to sign the
package repository, which was fixed in pkg-1.10.5_5.  However, the build
jails did not get updated until after libssl.so and libcrypto.so were
bumped from .9 to .111.

Package builds are currently in progress (this will be noted in the
upcoming BETA2 announcement text I am currently drafting).  It will be
about 48 hours, give or take, before binary packages from the repository
at pkg.freebsd.org are updated.

Glen


Received on Sat Oct 27 2018 - 14:27:05 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:19 UTC