Date: Sat, 27 Oct 2018 16:27:01 +0000 From: Glen Barber <gjb@freebsd.org> To: David Marec <david.marec@davenulle.org> Cc: freebsd-current@freebsd.org Subject: Re: HEADS-UP: OpenSSL 1.1.1 in 12.0 Message-ID: <20181027162701.GK61572@FreeBSD.org> In-Reply-To: <fa5c4999-5f6f-37d1-991c-eeedb6f3a8ed@davenulle.org> References: <20181009213425.GG61558@FreeBSD.org> <fa5c4999-5f6f-37d1-991c-eeedb6f3a8ed@davenulle.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--OOq1TgGhe8eTwFBO Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Oct 27, 2018 at 06:14:39PM +0200, David Marec wrote: > On 09/10/2018 23:34, Glen Barber wrote: > > OpenSSL has been updated to version 1.1.1 as of r339270. > >=20 > > It is important to rebuild third-party packages before running: > >=20 > > # make -C /usr/src delete-old && make -C /usr/src delete-old-libs > >=20 >=20 >=20 > I just do a fresh install a FreeBSD-12 from > http://ftp.freebsd.org/pub/FreeBSD/releases/amd64/12.0-BETA2 >=20 > It sounds that "pkg" shipped with 12-BETA-2 still use the old library: >=20 > root@matarje:/usr/lib # ls -l libssl* > -r--r--r-- 1 root wheel 4386406 Oct 26 03:08 libssl.a > lrwxr-xr-x 1 root wheel 13 Oct 26 03:08 libssl.so -> libssl.so.111 > -r--r--r-- 1 root wheel 604936 Oct 26 03:08 libssl.so.111 > -r--r--r-- 1 root wheel 4493898 Oct 26 03:08 libssl_p.a > root@matarje:/usr/lib # pkg upgrade > ld-elf.so.1: Shared object "libssl.so.9" not found, required by "pkg" >=20 >=20 > root@matarje:/usr/lib # pkg-static upgrade > Updating FreeBSD repository catalogue... > pkg-static: Repository FreeBSD load error: access repo > file(/var/db/pkg/repo-FreeBSD.sqlite) failed: No such file or directory > Fetching meta.txz: 100% 944 B 0.9kB/s 00:01 > pkg-static: error reading public key: > error:00000000:lib(0):func(0):reason(0) > pkg-static: No trusted certificate has been used to sign the repository > repository FreeBSD has no meta file, using default settings > Fetching packagesite.txz: 100% 6 MiB 2.1MB/s 00:03 > pkg-static: error reading public key: > error:00000000:lib(0):func(0):reason(0) > pkg-static: No trusted certificate has been used to sign the repository > Unable to update repository FreeBSD > Error updating repositories! >=20 There was an issue with the pkg-static binary which is used to sign the package repository, which was fixed in pkg-1.10.5_5. However, the build jails did not get updated until after libssl.so and libcrypto.so were bumped from .9 to .111. Package builds are currently in progress (this will be noted in the upcoming BETA2 announcement text I am currently drafting). It will be about 48 hours, give or take, before binary packages from the repository at pkg.freebsd.org are updated. Glen --OOq1TgGhe8eTwFBO Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEjRJAPC5sqwhs9k2jAxRYpUeP4pMFAlvUkdEACgkQAxRYpUeP 4pP8tQ//eevP07bMw8z+JOpWdO68d5LzPTEMe2TWWMFPWjdcX322ekSyiYB8WsTq I0zLQWo4WnmXNto888HLyJo6Vfpwg2ZMTYXHBY/RZgrHECB9B95Qig419+5RkfUp 74M8sj+YxpyB4cHrjeOU4hvXL5hYxM8ZGpSkJcghR7tnF0vaSsMHjlu5PODZywHf d0BScs6gvZlwyXYkqypH9XCRKpSt2JnKxGNS191EShBZZCVhkLX0dHXmfHbuCSUg vZR0GhrwM226Bq/kPm9OFTpkx6RCe3pzEZ44Qu01RePQnYjos5YGrxeJtGWzXclI k0XjUHE39qqdUSGzxrsgsdQ6b49pk2BpG/T4zLTKGaN6bv65FPUtcV9Fh/ck6N3o SaLOUZNb43yAtu1O/58m4lZSGh4H5v9VEW0KQqZKggP6QFbLuHFTwPccFIecRw13 4j0EaSwo5IxgTxPXYk65KmrzubO9HqnUeoneblUfXtWs/CQUyiGfAV/wslmcWA0I UNEb3vEHIb9DXbkX0JwWcsKKwMYfPxglEcCtQeZR+gippa7cMTn/XT0JfJd29QRF tIaWlWlV4Fh8oQ5hF+l+QA2o5bT82ycHgcL6XOFzaDIuptFxTvq1Cxov0cfQcDUs qQRwHWsA5rjTTZEPl6A0z41lDGCacSBdTXRtBm3p0l0gNfEXX40= =WwsA -----END PGP SIGNATURE----- --OOq1TgGhe8eTwFBO--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20181027162701.GK61572>