From owner-freebsd-current@freebsd.org  Sat Oct 27 16:27:05 2018
Return-Path: <owner-freebsd-current@freebsd.org>
Delivered-To: freebsd-current@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3207810C9DF9
 for <freebsd-current@mailman.ysv.freebsd.org>;
 Sat, 27 Oct 2018 16:27:05 +0000 (UTC) (envelope-from gjb@freebsd.org)
Received: from freefall.freebsd.org (freefall.freebsd.org [96.47.72.132])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
 (Client CN "freefall.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id CA5E57083E;
 Sat, 27 Oct 2018 16:27:04 +0000 (UTC) (envelope-from gjb@freebsd.org)
Received: from FreeBSD.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by freefall.freebsd.org (Postfix) with ESMTPS id 6C13AF8BD;
 Sat, 27 Oct 2018 16:27:04 +0000 (UTC) (envelope-from gjb@freebsd.org)
Date: Sat, 27 Oct 2018 16:27:01 +0000
From: Glen Barber <gjb@freebsd.org>
To: David Marec <david.marec@davenulle.org>
Cc: freebsd-current@freebsd.org
Subject: Re: HEADS-UP: OpenSSL 1.1.1 in 12.0
Message-ID: <20181027162701.GK61572@FreeBSD.org>
References: <20181009213425.GG61558@FreeBSD.org>
 <fa5c4999-5f6f-37d1-991c-eeedb6f3a8ed@davenulle.org>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature"; boundary="OOq1TgGhe8eTwFBO"
Content-Disposition: inline
In-Reply-To: <fa5c4999-5f6f-37d1-991c-eeedb6f3a8ed@davenulle.org>
User-Agent: Mutt/1.10.1 (2018-07-13)
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
 <freebsd-current.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current/>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 27 Oct 2018 16:27:05 -0000


--OOq1TgGhe8eTwFBO
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, Oct 27, 2018 at 06:14:39PM +0200, David Marec wrote:
> On 09/10/2018 23:34, Glen Barber wrote:
> > OpenSSL has been updated to version 1.1.1 as of r339270.
> >=20
> > It is important to rebuild third-party packages before running:
> >=20
> >   # make -C /usr/src delete-old && make -C /usr/src delete-old-libs
> >=20
>=20
>=20
> I just do a fresh install a FreeBSD-12 from
> http://ftp.freebsd.org/pub/FreeBSD/releases/amd64/12.0-BETA2
>=20
> It sounds that "pkg" shipped with 12-BETA-2 still use the old library:
>=20
> root@matarje:/usr/lib # ls -l libssl*
> -r--r--r--  1 root  wheel  4386406 Oct 26 03:08 libssl.a
> lrwxr-xr-x  1 root  wheel       13 Oct 26 03:08 libssl.so -> libssl.so.111
> -r--r--r--  1 root  wheel   604936 Oct 26 03:08 libssl.so.111
> -r--r--r--  1 root  wheel  4493898 Oct 26 03:08 libssl_p.a
> root@matarje:/usr/lib # pkg upgrade
> ld-elf.so.1: Shared object "libssl.so.9" not found, required by "pkg"
>=20
>=20
> root@matarje:/usr/lib # pkg-static upgrade
> Updating FreeBSD repository catalogue...
> pkg-static: Repository FreeBSD load error: access repo
> file(/var/db/pkg/repo-FreeBSD.sqlite) failed: No such file or directory
> Fetching meta.txz: 100%    944 B   0.9kB/s    00:01
> pkg-static: error reading public key:
> error:00000000:lib(0):func(0):reason(0)
> pkg-static: No trusted certificate has been used to sign the repository
> repository FreeBSD has no meta file, using default settings
> Fetching packagesite.txz: 100%    6 MiB   2.1MB/s    00:03
> pkg-static: error reading public key:
> error:00000000:lib(0):func(0):reason(0)
> pkg-static: No trusted certificate has been used to sign the repository
> Unable to update repository FreeBSD
> Error updating repositories!
>=20

There was an issue with the pkg-static binary which is used to sign the
package repository, which was fixed in pkg-1.10.5_5.  However, the build
jails did not get updated until after libssl.so and libcrypto.so were
bumped from .9 to .111.

Package builds are currently in progress (this will be noted in the
upcoming BETA2 announcement text I am currently drafting).  It will be
about 48 hours, give or take, before binary packages from the repository
at pkg.freebsd.org are updated.

Glen


--OOq1TgGhe8eTwFBO
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEjRJAPC5sqwhs9k2jAxRYpUeP4pMFAlvUkdEACgkQAxRYpUeP
4pP8tQ//eevP07bMw8z+JOpWdO68d5LzPTEMe2TWWMFPWjdcX322ekSyiYB8WsTq
I0zLQWo4WnmXNto888HLyJo6Vfpwg2ZMTYXHBY/RZgrHECB9B95Qig419+5RkfUp
74M8sj+YxpyB4cHrjeOU4hvXL5hYxM8ZGpSkJcghR7tnF0vaSsMHjlu5PODZywHf
d0BScs6gvZlwyXYkqypH9XCRKpSt2JnKxGNS191EShBZZCVhkLX0dHXmfHbuCSUg
vZR0GhrwM226Bq/kPm9OFTpkx6RCe3pzEZ44Qu01RePQnYjos5YGrxeJtGWzXclI
k0XjUHE39qqdUSGzxrsgsdQ6b49pk2BpG/T4zLTKGaN6bv65FPUtcV9Fh/ck6N3o
SaLOUZNb43yAtu1O/58m4lZSGh4H5v9VEW0KQqZKggP6QFbLuHFTwPccFIecRw13
4j0EaSwo5IxgTxPXYk65KmrzubO9HqnUeoneblUfXtWs/CQUyiGfAV/wslmcWA0I
UNEb3vEHIb9DXbkX0JwWcsKKwMYfPxglEcCtQeZR+gippa7cMTn/XT0JfJd29QRF
tIaWlWlV4Fh8oQ5hF+l+QA2o5bT82ycHgcL6XOFzaDIuptFxTvq1Cxov0cfQcDUs
qQRwHWsA5rjTTZEPl6A0z41lDGCacSBdTXRtBm3p0l0gNfEXX40=
=WwsA
-----END PGP SIGNATURE-----

--OOq1TgGhe8eTwFBO--