HEADS-UP: OpenSSL 1.1.1 in 12.0

classic Classic list List threaded Threaded
18 messages Options
Reply | Threaded
Open this post in threaded view
|

HEADS-UP: OpenSSL 1.1.1 in 12.0

Glen Barber-6
OpenSSL has been updated to version 1.1.1 as of r339270.

It is important to rebuild third-party packages before running:

 # make -C /usr/src delete-old && make -C /usr/src delete-old-libs

Thank you for your patience while this work was in progress, and thank
you to all involved for their hard work in getting things ready for this
update.

Glen


signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: HEADS-UP: OpenSSL 1.1.1 in 12.0

Michael Butler
On 10/9/18 5:34 PM, Glen Barber wrote:
> OpenSSL has been updated to version 1.1.1 as of r339270.
>
> It is important to rebuild third-party packages before running:
>
>  # make -C /usr/src delete-old && make -C /usr/src delete-old-libs
>
> Thank you for your patience while this work was in progress, and thank
> you to all involved for their hard work in getting things ready for this
> update.

So far, I've found two ports that will no longer build. They are:

net-mgmt/net-snmp
security/opencryptoki

I simply chose those that were linked to /usr/lib/libssl.so.8 where the
openssl update creates libssl.so.9. There may be more I haven't found yet,

        imb
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: HEADS-UP: OpenSSL 1.1.1 in 12.0

Michael Butler
On 10/9/18 11:14 PM, Michael Butler wrote:

> On 10/9/18 5:34 PM, Glen Barber wrote:
>> OpenSSL has been updated to version 1.1.1 as of r339270.
>>
>> It is important to rebuild third-party packages before running:
>>
>>  # make -C /usr/src delete-old && make -C /usr/src delete-old-libs
>>
>> Thank you for your patience while this work was in progress, and thank
>> you to all involved for their hard work in getting things ready for this
>> update.
>
> So far, I've found two ports that will no longer build. They are:
>
> net-mgmt/net-snmp
> security/opencryptoki
>
> I simply chose those that were linked to /usr/lib/libssl.so.8 where the
> openssl update creates libssl.so.9. There may be more I haven't found yet,

add multimedia/ffmpeg to this list ..

        imb

_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: HEADS-UP: OpenSSL 1.1.1 in 12.0

Ed Maste-2
In reply to this post by Michael Butler
On Tue, 9 Oct 2018 at 23:15, Michael Butler <[hidden email]> wrote:

>
> On 10/9/18 5:34 PM, Glen Barber wrote:
> > OpenSSL has been updated to version 1.1.1 as of r339270.
> >
> > It is important to rebuild third-party packages before running:
> >
> >  # make -C /usr/src delete-old && make -C /usr/src delete-old-libs
> >
> > Thank you for your patience while this work was in progress, and thank
> > you to all involved for their hard work in getting things ready for this
> > update.
>
> So far, I've found two ports that will no longer build. They are:
>
> net-mgmt/net-snmp
> security/opencryptoki

You can see the list of ports affected by OpenSSL via PRs 228912,
228865, and 231931. Probably the most convenient view is PR 228865's
dependency tree:
https://bugs.freebsd.org/bugzilla/showdependencytree.cgi?id=228865&hide_resolved=1
Several of these have patches that could use testing and/or review.
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: HEADS-UP: OpenSSL 1.1.1 in 12.0

O. Hartmann-5
In reply to this post by Michael Butler
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Am Tue, 9 Oct 2018 23:37:02 -0400
Michael Butler <[hidden email]> schrieb:

> On 10/9/18 11:14 PM, Michael Butler wrote:
> > On 10/9/18 5:34 PM, Glen Barber wrote:  
> >> OpenSSL has been updated to version 1.1.1 as of r339270.
> >>
> >> It is important to rebuild third-party packages before running:
> >>
> >>  # make -C /usr/src delete-old && make -C /usr/src delete-old-libs
> >>
> >> Thank you for your patience while this work was in progress, and thank
> >> you to all involved for their hard work in getting things ready for this
> >> update.  
> >
> > So far, I've found two ports that will no longer build. They are:
> >
> > net-mgmt/net-snmp
> > security/opencryptoki
> >
> > I simply chose those that were linked to /usr/lib/libssl.so.8 where the
> > openssl update creates libssl.so.9. There may be more I haven't found yet,  
>
> add multimedia/ffmpeg to this list ..
>
> imb
>
> _______________________________________________
> [hidden email] mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to "[hidden email]"

dns/samba-nsupdate
net/liboauth

- --
O. Hartmann

Ich widerspreche der Nutzung oder Übermittlung meiner Daten für
Werbezwecke oder für die Markt- oder Meinungsforschung (§ 28 Abs. 4 BDSG).
-----BEGIN PGP SIGNATURE-----

iLUEARMKAB0WIQQZVZMzAtwC2T/86TrS528fyFhYlAUCW74s5wAKCRDS528fyFhY
lIftAgCn+d7Z0semQwgugPFWnTyuPcIRo0iaPdRQC+DZKndZiPNVEu9hzanPokd5
/kiBWup+5zfTXLHoczuu/1uxCTydAf0Ydn7nXg7imLrBGFHMUoWDe7D3lEipp9oa
glsBP11oUpwQFTDu3gQgHPBn/VqZgsV9koBpkDpQ3otOAVTyJ8YM
=e+AB
-----END PGP SIGNATURE-----
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: HEADS-UP: OpenSSL 1.1.1 in 12.0

O. Hartmann-5
In reply to this post by Michael Butler
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Am Tue, 9 Oct 2018 23:37:02 -0400
Michael Butler <[hidden email]> schrieb:

> On 10/9/18 11:14 PM, Michael Butler wrote:
> > On 10/9/18 5:34 PM, Glen Barber wrote:  
> >> OpenSSL has been updated to version 1.1.1 as of r339270.
> >>
> >> It is important to rebuild third-party packages before running:
> >>
> >>  # make -C /usr/src delete-old && make -C /usr/src delete-old-libs
> >>
> >> Thank you for your patience while this work was in progress, and thank
> >> you to all involved for their hard work in getting things ready for this
> >> update.  
> >
> > So far, I've found two ports that will no longer build. They are:
> >
> > net-mgmt/net-snmp
> > security/opencryptoki
> >
> > I simply chose those that were linked to /usr/lib/libssl.so.8 where the
> > openssl update creates libssl.so.9. There may be more I haven't found yet,  
>
> add multimedia/ffmpeg to this list ..
>
> imb
>
> _______________________________________________
> [hidden email] mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to "[hidden email]"

security/libssh

- --
O. Hartmann

Ich widerspreche der Nutzung oder Übermittlung meiner Daten für
Werbezwecke oder für die Markt- oder Meinungsforschung (§ 28 Abs. 4 BDSG).
-----BEGIN PGP SIGNATURE-----

iLUEARMKAB0WIQQZVZMzAtwC2T/86TrS528fyFhYlAUCW754oQAKCRDS528fyFhY
lGy4AfkBPCItbFuIsX5HZTWLyCSq8L7rU+4cnb77b8iYeKEBT7pThY1jm9F+ZeSz
uepHL6iZoRqwdiXReasafUeXgSbRAf9jCRsfjIq5xq8Gxgm8AtFdabhEQ0y3Nb2B
zZ349A0UwalA/bL+1SZ3y0RaICnsT4LzngB/Cn3fxCqu0nXDxLKG
=0Rcl
-----END PGP SIGNATURE-----
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: HEADS-UP: OpenSSL 1.1.1 in 12.0

Ed Maste-2
On Wed, 10 Oct 2018 at 18:11, O. Hartmann <[hidden email]> wrote:
>
> security/libssh

This one is open as PR 228895.

If there are other ports that you're trying to build and are failing
with OpenSSL 1.1.1 please check PR 228865 and 231931 to see if it is
already listed as a dependency.

You can see all of the ports that have been identified so far:
https://bugs.freebsd.org/bugzilla/showdependencytree.cgi?id=228865&hide_resolved=1
https://bugs.freebsd.org/bugzilla/showdependencytree.cgi?id=231931&hide_resolved=1

If it's not already listed please submit a new PR for it, making it a
blocker of 228865. If it is already listed feel free to add a comment
to the port's PR (in order to help prioritize ongoing work on the open
reports).
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: HEADS-UP: OpenSSL 1.1.1 in 12.0

Manfred Antar-3
Here are a few more:

devel/gnome-vfs
comms/kermit
security/php56-openssl
net-im/telegram
textproc/htmldoc


> On Oct 10, 2018, at 5:35 PM, Ed Maste <[hidden email]> wrote:
>
> On Wed, 10 Oct 2018 at 18:11, O. Hartmann <[hidden email]> wrote:
>>
>> security/libssh
>
> This one is open as PR 228895.
>
> If there are other ports that you're trying to build and are failing
> with OpenSSL 1.1.1 please check PR 228865 and 231931 to see if it is
> already listed as a dependency.
>
> You can see all of the ports that have been identified so far:
> https://bugs.freebsd.org/bugzilla/showdependencytree.cgi?id=228865&hide_resolved=1
> https://bugs.freebsd.org/bugzilla/showdependencytree.cgi?id=231931&hide_resolved=1
>
> If it's not already listed please submit a new PR for it, making it a
> blocker of 228865. If it is already listed feel free to add a comment
> to the port's PR (in order to help prioritize ongoing work on the open
> reports).
> _______________________________________________
> [hidden email] mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to "[hidden email]"

_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: HEADS-UP: OpenSSL 1.1.1 in 12.0

Glen Barber-6
In reply to this post by Ed Maste-2
On Wed, Oct 10, 2018 at 08:35:28PM -0400, Ed Maste wrote:
> On Wed, 10 Oct 2018 at 18:11, O. Hartmann <[hidden email]> wrote:
> >
> > security/libssh
>
> This one is open as PR 228895.
>

I don't need to be personally CC'd on every port that fails to build.
I'm keeping an eye on them.  I do not need the extra email noise.

I'm primarily trying to get us through this hurdle.  Your patience is
appreciated.

Glen


signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: HEADS-UP: OpenSSL 1.1.1 in 12.0

freebsd.current
In reply to this post by Michael Butler
On 2018-10-10 06:14, Michael Butler wrote:

> On 10/9/18 5:34 PM, Glen Barber wrote:
>> OpenSSL has been updated to version 1.1.1 as of r339270.
>>
>> It is important to rebuild third-party packages before running:
>>
>>  # make -C /usr/src delete-old && make -C /usr/src delete-old-libs
>>
>> Thank you for your patience while this work was in progress, and thank
>> you to all involved for their hard work in getting things ready for
>> this
>> update.
>
> So far, I've found two ports that will no longer build. They are:
>
> net-mgmt/net-snmp
> security/opencryptoki
>
> I simply chose those that were linked to /usr/lib/libssl.so.8 where the
> openssl update creates libssl.so.9. There may be more I haven't found
> yet,
>
> imb

You always can add DEFAULT_VERSIONS+=ssl=openssl to /etc/make.conf to
use openssl from ports.
Anyway, I think apps from ports need to use openssl from ports.
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: HEADS-UP: OpenSSL 1.1.1 in 12.0

Oleg Lelchuk
net-p2p/libtorrent also can't be built with the new openssl.

On Thu, Oct 11, 2018 at 2:05 AM <[hidden email]> wrote:

> On 2018-10-10 06:14, Michael Butler wrote:
> > On 10/9/18 5:34 PM, Glen Barber wrote:
> >> OpenSSL has been updated to version 1.1.1 as of r339270.
> >>
> >> It is important to rebuild third-party packages before running:
> >>
> >>  # make -C /usr/src delete-old && make -C /usr/src delete-old-libs
> >>
> >> Thank you for your patience while this work was in progress, and thank
> >> you to all involved for their hard work in getting things ready for
> >> this
> >> update.
> >
> > So far, I've found two ports that will no longer build. They are:
> >
> > net-mgmt/net-snmp
> > security/opencryptoki
> >
> > I simply chose those that were linked to /usr/lib/libssl.so.8 where the
> > openssl update creates libssl.so.9. There may be more I haven't found
> > yet,
> >
> >       imb
>
> You always can add DEFAULT_VERSIONS+=ssl=openssl to /etc/make.conf to
> use openssl from ports.
> Anyway, I think apps from ports need to use openssl from ports.
> _______________________________________________
> [hidden email] mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to "[hidden email]"
>
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: HEADS-UP: OpenSSL 1.1.1 in 12.0

Jamie Landeg-Jones-2
In reply to this post by freebsd.current
[hidden email] wrote:

> Anyway, I think apps from ports need to use openssl from ports.

No. Only if it's installed. If not, it's perfectly normal for a port
to use the base openssl - it's not a private-lib install.

cheers, Jamie
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: HEADS-UP: OpenSSL 1.1.1 in 12.0

freebsd.current
On 2018-10-11 18:02, Jamie Landeg-Jones wrote:
> [hidden email] wrote:
>
>> Anyway, I think apps from ports need to use openssl from ports.
>
> No. Only if it's installed. If not, it's perfectly normal for a port
> to use the base openssl - it's not a private-lib install.
>
> cheers, Jamie
I mean it is good idea to use openssl from ports to build other ports
that depend on openssl.
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: HEADS-UP: OpenSSL 1.1.1 in 12.0

Don Lewis-5
In reply to this post by freebsd.current
On 11 Oct, [hidden email] wrote:

> On 2018-10-10 06:14, Michael Butler wrote:
>> On 10/9/18 5:34 PM, Glen Barber wrote:
>>> OpenSSL has been updated to version 1.1.1 as of r339270.
>>>
>>> It is important to rebuild third-party packages before running:
>>>
>>>  # make -C /usr/src delete-old && make -C /usr/src delete-old-libs
>>>
>>> Thank you for your patience while this work was in progress, and thank
>>> you to all involved for their hard work in getting things ready for
>>> this
>>> update.
>>
>> So far, I've found two ports that will no longer build. They are:
>>
>> net-mgmt/net-snmp
>> security/opencryptoki
>>
>> I simply chose those that were linked to /usr/lib/libssl.so.8 where the
>> openssl update creates libssl.so.9. There may be more I haven't found
>> yet,
>>
>> imb
>
> You always can add DEFAULT_VERSIONS+=ssl=openssl to /etc/make.conf to
> use openssl from ports.
> Anyway, I think apps from ports need to use openssl from ports.

I've been doing this for a long time, but I still see a fair amount of
breakage with the new base OpenSSL.  I suspect that some ports are
incorrectly stumbling across the new bits in base even though they
shouldn't be looking there.

What ever happened to the plan to make base OpenSSL private?

_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: HEADS-UP: OpenSSL 1.1.1 in 12.0

Don Lewis-5
On 11 Oct, Don Lewis wrote:

> On 11 Oct, [hidden email] wrote:
>> On 2018-10-10 06:14, Michael Butler wrote:
>>> On 10/9/18 5:34 PM, Glen Barber wrote:
>>>> OpenSSL has been updated to version 1.1.1 as of r339270.
>>>>
>>>> It is important to rebuild third-party packages before running:
>>>>
>>>>  # make -C /usr/src delete-old && make -C /usr/src delete-old-libs
>>>>
>>>> Thank you for your patience while this work was in progress, and thank
>>>> you to all involved for their hard work in getting things ready for
>>>> this
>>>> update.
>>>
>>> So far, I've found two ports that will no longer build. They are:
>>>
>>> net-mgmt/net-snmp
>>> security/opencryptoki
>>>
>>> I simply chose those that were linked to /usr/lib/libssl.so.8 where the
>>> openssl update creates libssl.so.9. There may be more I haven't found
>>> yet,
>>>
>>> imb
>>
>> You always can add DEFAULT_VERSIONS+=ssl=openssl to /etc/make.conf to
>> use openssl from ports.
>> Anyway, I think apps from ports need to use openssl from ports.
>
> I've been doing this for a long time, but I still see a fair amount of
> breakage with the new base OpenSSL.  I suspect that some ports are
> incorrectly stumbling across the new bits in base even though they
> shouldn't be looking there.

security/p5-Net-SSLeay is hardwired to use base OpenSSL, so changing the
default version can't be done to unbreak p5-IO-Socket-SSL.

devel/libsoup appears to allow the OpenSSL version to be set, but doesn't
have an option for GSSAPI, so it attempts to use base GSSAPI with ports
OpenSSL which is not a valid combo.

emulators/virtualbox-ose is hardwired to use base OpenSSL.

_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: HEADS-UP: OpenSSL 1.1.1 in 12.0

Shane Ambler-5
In reply to this post by Glen Barber-6
On 10/10/18 8:04 am, Glen Barber wrote:

> OpenSSL has been updated to version 1.1.1 as of r339270.
>
> It is important to rebuild third-party packages before running:
>
>  # make -C /usr/src delete-old && make -C /usr/src delete-old-libs
>
> Thank you for your patience while this work was in progress, and thank
> you to all involved for their hard work in getting things ready for this
> update.
>
> Glen
>

I have a host running 11-stable and use bhyve to run current for
testing, zfs says the volume for this bhyve was created 12/2016

Within the bhyve host - base and poudriere jails are built to r339301

Installed ports have been manually re-built in ports tree

poudriere runs and builds ports OK but at the end it fails to create pkg
repo with failing to load cert. This is the cert I have been using for
my pkg repos for some years, do these pkg certs need to be updated after
this update? It does work if I disable the signing key.

[00:01:43] Creating pkg repository
Creating repository in /tmp/packages: 100%
Packing files for repository:   0%
pkg-static: can't load key from /tmp/repo.key
Packing files for repository: 100%
[00:01:44] Cleaning up
[00:01:44] Unmounting file systems


--
FreeBSD - the place to B...Software Developing

Shane Ambler

_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: HEADS-UP: OpenSSL 1.1.1 in 12.0

Don Lewis-5
In reply to this post by Don Lewis-5
On 11 Oct, Don Lewis wrote:

> On 11 Oct, Don Lewis wrote:
>> On 11 Oct, [hidden email] wrote:
>>> On 2018-10-10 06:14, Michael Butler wrote:
>>>> On 10/9/18 5:34 PM, Glen Barber wrote:
>>>>> OpenSSL has been updated to version 1.1.1 as of r339270.
>>>>>
>>>>> It is important to rebuild third-party packages before running:
>>>>>
>>>>>  # make -C /usr/src delete-old && make -C /usr/src delete-old-libs
>>>>>
>>>>> Thank you for your patience while this work was in progress, and thank
>>>>> you to all involved for their hard work in getting things ready for
>>>>> this
>>>>> update.
>>>>
>>>> So far, I've found two ports that will no longer build. They are:
>>>>
>>>> net-mgmt/net-snmp
>>>> security/opencryptoki
>>>>
>>>> I simply chose those that were linked to /usr/lib/libssl.so.8 where the
>>>> openssl update creates libssl.so.9. There may be more I haven't found
>>>> yet,
>>>>
>>>> imb
>>>
>>> You always can add DEFAULT_VERSIONS+=ssl=openssl to /etc/make.conf to
>>> use openssl from ports.
>>> Anyway, I think apps from ports need to use openssl from ports.
>>
>> I've been doing this for a long time, but I still see a fair amount of
>> breakage with the new base OpenSSL.  I suspect that some ports are
>> incorrectly stumbling across the new bits in base even though they
>> shouldn't be looking there.
>
> security/p5-Net-SSLeay is hardwired to use base OpenSSL, so changing the
> default version can't be done to unbreak p5-IO-Socket-SSL.
>
> devel/libsoup appears to allow the OpenSSL version to be set, but doesn't
> have an option for GSSAPI, so it attempts to use base GSSAPI with ports
> OpenSSL which is not a valid combo.
>
> emulators/virtualbox-ose is hardwired to use base OpenSSL.

I now think the problem with virtualbox-ose is not the port.  Rather it
is the fact that that the base libssl.so and the libssl.so installed by
the security/openssl have the same shared library version number even
though they are radically different OpenSSL versions.

_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: HEADS-UP: OpenSSL 1.1.1 in 12.0

Ronald Klop
On Sat, 13 Oct 2018 02:00:16 +0200, Don Lewis <[hidden email]> wrote:

> On 11 Oct, Don Lewis wrote:
>> On 11 Oct, Don Lewis wrote:
>>> On 11 Oct, [hidden email] wrote:
>>>> On 2018-10-10 06:14, Michael Butler wrote:
>>>>> On 10/9/18 5:34 PM, Glen Barber wrote:
>>>>>> OpenSSL has been updated to version 1.1.1 as of r339270.
>>>>>>
>>>>>> It is important to rebuild third-party packages before running:
>>>>>>
>>>>>>  # make -C /usr/src delete-old && make -C /usr/src delete-old-libs
>>>>>>
>>>>>> Thank you for your patience while this work was in progress, and  
>>>>>> thank
>>>>>> you to all involved for their hard work in getting things ready for
>>>>>> this
>>>>>> update.
>>>>>
>>>>> So far, I've found two ports that will no longer build. They are:
>>>>>
>>>>> net-mgmt/net-snmp
>>>>> security/opencryptoki
>>>>>
>>>>> I simply chose those that were linked to /usr/lib/libssl.so.8 where  
>>>>> the
>>>>> openssl update creates libssl.so.9. There may be more I haven't found
>>>>> yet,
>>>>>
>>>>> imb
>>>>
>>>> You always can add DEFAULT_VERSIONS+=ssl=openssl to /etc/make.conf to
>>>> use openssl from ports.
>>>> Anyway, I think apps from ports need to use openssl from ports.
>>>
>>> I've been doing this for a long time, but I still see a fair amount of
>>> breakage with the new base OpenSSL.  I suspect that some ports are
>>> incorrectly stumbling across the new bits in base even though they
>>> shouldn't be looking there.
>>
>> security/p5-Net-SSLeay is hardwired to use base OpenSSL, so changing the
>> default version can't be done to unbreak p5-IO-Socket-SSL.
>>
>> devel/libsoup appears to allow the OpenSSL version to be set, but  
>> doesn't
>> have an option for GSSAPI, so it attempts to use base GSSAPI with ports
>> OpenSSL which is not a valid combo.
>>
>> emulators/virtualbox-ose is hardwired to use base OpenSSL.
>
> I now think the problem with virtualbox-ose is not the port.  Rather it
> is the fact that that the base libssl.so and the libssl.so installed by
> the security/openssl have the same shared library version number even
> though they are radically different OpenSSL versions.


I added this to libmap.conf:
cat /etc/libmap.conf
# $FreeBSD: head/libexec/rtld-elf/libmap.conf 338741 2018-09-18 00:25:00Z  
brd $
includedir /usr/local/etc/libmap.d
libssl.so.8 libssl.so.9
libcrypto.so.8 libcrypto.so.9

This made pkg run again. And now I'm waiting for the next pkg build to run  
pkg upgrade -f and upgrade everything.
I guess that will solve all issues.

Ronald.
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "[hidden email]"