Date: Mon, 16 Oct 2023 17:04:19 +0200 From: DutchDaemon - FreeBSD Forums Administrator <DutchDaemon@FreeBSD.org> To: ports@freebsd.org Subject: Re: HEADS-UP: security/openssl switching to 3.0 branch Message-ID: <d463e656-2656-4b90-abb1-4bd52502e940@FreeBSD.org> In-Reply-To: <d2b20427-d618-4c17-b305-7ee1c5cb362d@FreeBSD.org> References: <92667a5ea6afeab7ce9c55528af34f49@freebsd.org> <48b835a442707d7b8db4f4b270c12897@freebsd.org> <aa4d6fb2-4000-40a7-9797-fa583df46ff0@FreeBSD.org> <3aa783ad-4318-4c9a-bb1a-1065ce3a91cf@FreeBSD.org> <8fa8e262-26ed-4094-87d1-8379d7a61e19@FreeBSD.org> <4f470a05-8085-4157-9f1e-ac6ca7fe9aaa@FreeBSD.org> <d2b20427-d618-4c17-b305-7ee1c5cb362d@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------UHmXaXZB0INNjkeQh034y9tg Content-Type: multipart/mixed; boundary="------------57gDYclDqQmTTBqk4kvaPFV8"; protected-headers="v1" From: DutchDaemon - FreeBSD Forums Administrator <DutchDaemon@FreeBSD.org> To: ports@freebsd.org Message-ID: <d463e656-2656-4b90-abb1-4bd52502e940@FreeBSD.org> Subject: Re: HEADS-UP: security/openssl switching to 3.0 branch References: <92667a5ea6afeab7ce9c55528af34f49@freebsd.org> <48b835a442707d7b8db4f4b270c12897@freebsd.org> <aa4d6fb2-4000-40a7-9797-fa583df46ff0@FreeBSD.org> <3aa783ad-4318-4c9a-bb1a-1065ce3a91cf@FreeBSD.org> <8fa8e262-26ed-4094-87d1-8379d7a61e19@FreeBSD.org> <4f470a05-8085-4157-9f1e-ac6ca7fe9aaa@FreeBSD.org> <d2b20427-d618-4c17-b305-7ee1c5cb362d@FreeBSD.org> In-Reply-To: <d2b20427-d618-4c17-b305-7ee1c5cb362d@FreeBSD.org> --------------57gDYclDqQmTTBqk4kvaPFV8 Content-Type: multipart/alternative; boundary="------------eUUGnV6w50T7cr6dVcfeAm0A" --------------eUUGnV6w50T7cr6dVcfeAm0A Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64 T24gMTYvMTAvMjAyMyAxMzoxNCwgRHV0Y2hEYWVtb24gLSBGcmVlQlNEIEZvcnVtcyBBZG1p bmlzdHJhdG9yIHdyb3RlOg0KPiBPbiAxNi8xMC8yMDIzIDEzOjA3LCBHdWlkbyBGYWxzaSB3 cm90ZToNCj4+IE9uIDE2LzEwLzIzIDEzOjAzLCBEdXRjaERhZW1vbiAtIEZyZWVCU0QgRm9y dW1zIEFkbWluaXN0cmF0b3Igd3JvdGU6DQo+Pj4gT24gMTYvMTAvMjAyMyAxMjo1NywgR3Vp ZG8gRmFsc2kgd3JvdGU6DQo+Pj4+IE9uIDE2LzEwLzIzIDExOjE5LCBEdXRjaERhZW1vbiAt IEZyZWVCU0QgRm9ydW1zIEFkbWluaXN0cmF0b3Igd3JvdGU6DQo+Pj4+PiBJIGZvdW5kIHRo aXMgb25lIGFmdGVyIGEgZnVsbCByZWJ1aWxkIGluIFBvdWRyaWVyZToNCj4+Pj4+DQo+Pj4+ PiBsZC1lbGYuc28uMTogU2hhcmVkIG9iamVjdCAibGlic3NsLnNvLjExIiBub3QgZm91bmQs IHJlcXVpcmVkIGJ5IA0KPj4+Pj4gInRyYW5zbWlzc2lvbi1kYWVtb24iDQo+Pj4+Pg0KPj4+ Pg0KPj4+PiBJIGd1ZXNzIHlvdSB3aWxsIG5lZWQgdG8gZm9yY2UgcmVidWlsZC9yZWluc3Rh bGwgYWxsIHBhY2thZ2VzIA0KPj4+PiBkZXBlbmRpbmcgb24gb3BlbnNzbC4NCj4+Pj4NCj4+ Pj4gKGlmIEkgdW5kZXJzdGFuZCBjb3JyZWN0bHkgeW91J3JlIHVzaW5nIHBvdWRyaWVyZS1i dWxrKDgpIHRvIGJ1aWxkIA0KPj4+PiB5b3V0IGJpbmFyeSBwYWNrYWdlcyByZXBvKQ0KPj4+ Pg0KPj4+PiBBY3R1YWxseSBwb3VkcmllcmUgc2hvdWxkIGhhdmUgYmVlbiBhYmxlIHRvIHJl YnVpbGQgdGhlbSBpdHNlbGYsIA0KPj4+PiB1bmxlc3MgeW91J3JlIHVzaW5nIHRoZSAtUyBv cHRpb24sIHdoaWNoIGNvdWxkIGhhdmUgc2tpcHBlZCBzb21lIA0KPj4+PiByZWJ1aWxkcyB0 aGF0IGluIHRoaXMgY2FzZSBhcmUgbmVlZGVkLg0KPj4+Pg0KPj4+PiBJZiB5b3UgaGF2ZSBh IGJyb2tlbiByZXBvIChkdWUgdG8gLVMgb3Igc29tZSBvdGhlciB1bmtub3duIHJlYXNvbikg DQo+Pj4+IHlvdSB3aWxsIG5lZWQgdG8gcmVidWlsZCBpdCBmcm9tIHNjcmF0Y2ggKC1jIG9w dGlvbikgdG8gZ2V0IGEgDQo+Pj4+IHByaXN0aW5lIGFuZCBob3BlZnVsbHkgd29ya2luZyBv bmUuDQo+Pj4+DQo+Pj4gVGhpcyBpcyBQb3VkcmllcmUsIGV2ZXJ5dGhpbmcgd2FzIHJlYnVp bHQgZnJvbSB0aGUgZ3JvdW5kIHVwLg0KPj4+DQo+Pg0KPj4gSSBzZWUsIGJ1dCB5b3UgZGlk IG5vdCByZXBvcnQsIGRpZCB5b3UgInBrZyB1cGdyYWRlIC1mIiBldmVyeXRoaW5nIA0KPj4g ZGVwZW5kaW5nIG9uIG9wZW5zc2w/IEknbSBub3Qgc3VyZSBwa2cgd2lsbCBmaWd1cmUgaXQg b3V0IGJ5IGl0c2VsZiANCj4+IHRoYXQgaXQgbmVlZHMgdG8gZG8gdGhhdCBpbiB5b3VyIGNh c2UuDQo+Pg0KPj4gSXQgbG9va3MgbGlrZSB5b3Ugc3RpbGwgaGF2ZSBvbGQgYmluYXJpZXMg b24geW91ciBzeXN0ZW0uIElmIA0KPj4gcG91ZHJpZXJlIGRpZCBlbmQgdGhlIGJ1aWxkIHRo ZW0gYWxsIHN1Y2Nlc3NmdWxseSBpdCB3b3VsZCBiZSBzdHJhbmdlIA0KPj4gaXQgd291bGQg aGF2ZSBnZW5lcmF0ZWQgc28gbWFueSBub24gd29ya2luZyBiaW5hcmllcyB3aXRob3V0IA0K Pj4gZXhwZXJpZW5jaW5nIGZhaWx1cmVzIGR1cmluZyB0aGUgYnVpbGQuDQo+Pg0KPg0KPiBG b3IgdGhpcyBzcGVjaWZpYyBqYWlsLCA0OTYvNDk2IHBhY2thZ2VzIHdlcmUgYnVpbHQgZnJv bSBzY3JhdGNoIHdpdGggDQo+IDAgZXJyb3JzLCAwIHNraXBzLg0KPg0KPiBUaGUgb25seSB0 aGluZyBJIGNhbiBkbyBpcyBwa2cgZGVsZXRlIC1hLSBmIC15ICYmIHBrZyBpbnN0YWxsIA0K PiAkKGxpc3Qtb2Ytbm9kZS1wb3J0cykgYnV0IHRoYXQgc2VlbXMgZXhjZXNzaXZlLiBBIHBr ZyB1cGdyYWRlIC1meSBvbiANCj4gYWxsIHBvcnRzIHNob3VsZCBiZSBlbm91Z2guDQo+DQoN ClRoaXMgYWN0dWFsbHkgaGVscGVkLiBTbyBmb3Igb2xkLCBkZWVwLWRvd24gcmVtbmFudHMg b2YgT3BlblNTTCAxLjEuIHRvIA0KZGlzYXBwZWFyLCBhIHdob2xlc2FsZSBwa2cgZGVsZXRl IC1hIC1mIC15IGFuZCBhIHJlaW5zdGFsbCBvZiBhbGwgbm9kZSANCnBhY2thZ2VzIChnZXQg dGhlbSB0aHJvdWdoIHBrZyBwcmltZS1vcmlnaW5zKSBpcyBhZHZpc2FibGUuDQoNCg== --------------eUUGnV6w50T7cr6dVcfeAm0A Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable <!DOCTYPE html> <html data-lt-installed=3D"true"> <head> <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3DUTF= -8"> </head> <body style=3D"padding-bottom: 1px;" text=3D"#000000" bgcolor=3D"#FFFFF= F"> <div class=3D"moz-cite-prefix">On 16/10/2023 13:14, DutchDaemon - FreeBSD Forums Administrator wrote:<br> </div> <blockquote type=3D"cite" cite=3D"mid:d2b20427-d618-4c17-b305-7ee1c5cb362d@FreeBSD.org"> <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3DU= TF-8"> <div class=3D"moz-cite-prefix">On 16/10/2023 13:07, Guido Falsi wrote:<br> </div> <blockquote type=3D"cite" cite=3D"mid:4f470a05-8085-4157-9f1e-ac6ca7fe9aaa@FreeBSD.org">On 16/10/23 13:03, DutchDaemon - FreeBSD Forums Administrator wrote: <br> <blockquote type=3D"cite">On 16/10/2023 12:57, Guido Falsi wrote:= <br> <blockquote type=3D"cite">On 16/10/23 11:19, DutchDaemon - FreeBSD Forums Administrator wrote: <br> <blockquote type=3D"cite">I found this one after a full rebuild in Poudriere: <br> <br> ld-elf.so.1: Shared object "libssl.so.11" not found, required by "transmission-daemon" <br> <br> </blockquote> <br> I guess you will need to force rebuild/reinstall all packages depending on openssl. <br> <br> (if I understand correctly you're using poudriere-bulk(8) to build yout binary packages repo) <br> <br> Actually poudriere should have been able to rebuild them itself, unless you're using the -S option, which could have skipped some rebuilds that in this case are needed. <br> <br> If you have a broken repo (due to -S or some other unknown reason) you will need to rebuild it from scratch (-c option) to get a pristine and hopefully working one. <br> <br> </blockquote> This is Poudriere, everything was rebuilt from the ground up. <br> <br> </blockquote> <br> I see, but you did not report, did you "pkg upgrade -f" everything depending on openssl? I'm not sure pkg will figure it out by itself that it needs to do that in your case. <br> <br> It looks like you still have old binaries on your system. If poudriere did end the build them all successfully it would be strange it would have generated so many non working binaries without experiencing failures during the build. <br> <br> </blockquote> <p><br> </p> <p>For this specific jail, 496/496 packages were built from scratch with 0 errors, 0 skips.</p> <p>The only thing I can do is <font face=3D"monospace">pkg delete -a- f -y && pkg install $(list-of-node-ports)</font> but that seems excessive. A <font face=3D"monospace">pkg upgrade -fy</font> on all ports should be enough.<br> </p> </blockquote> <p><br> </p> <p>This actually helped. So for old, deep-down remnants of OpenSSL 1.1. to disappear, a wholesale <font face=3D"monospace">pkg delete -a -f -y</font> and a reinstall of all node packages (get them through <font face=3D"monospace">pkg prime-origins</font>) is advisable.<br> </p> </body> </html> --------------eUUGnV6w50T7cr6dVcfeAm0A-- --------------57gDYclDqQmTTBqk4kvaPFV8-- --------------UHmXaXZB0INNjkeQh034y9tg Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature.asc" -----BEGIN PGP SIGNATURE----- wsF5BAABCAAjFiEE9AWUvcZu/lO5r3wZ0R2eb0cya6gFAmUtUPMFAwAAAAAACgkQ0R2eb0cya6gy bQ/+PYXk8O2PmoQ5JIT+A/i7GGqdNCOV3uMwyAqtbxaSFfLBuUjvC6IwDNWSFvyHUKEGn7MMYaer +V5XlMlSS+nTigrEfC71Vg10wHCr0ytw0wuRIGAGZ4vMDGttAtZ8rHDPCmrbogPt9+RV3o/iCxlQ fKZyEvn3GNz+PTr6G76GK2jw5sRfYoEeJKps1G/SKO4Q7b+dLSM3lFqyi3Tc/I/QhDhxq4Q/7ZPY ctSAhHut77g6avlfFoWBo9okVg8/3Ibnzzj+nFPgeex/OYUCreQWA3o2V8/ALKgwIVvJ2ez4JNxc 2D23UeK5C8MA4ej3ayNKoP/zJM1G3rHKWsUZqtV2qYnob0vuXUeaREfGXmFm1L213gQs+gFdCluI FXeoDqBOAzXkAIXLgcMSpvFLEy82QrC6KNRVo5VBpNVYUXLJlsSvbSZwfIbFHQZ9o3TIbzgpoobI +w4+AbYLjY2qmC2xLWftbBBmT2IkhUSLiYp9DCrbO85G0qD8vWZrKpQ4m+mVXgP51xH/l2nGFieS yjSQEVduY4N68D4sDpwVrqlfz2aEgfeLMgVt3Aj0jvTnq5RCI/kRzIQWdlmcyYqci3llKrV3iWiZ /x/NZjf180EBLT+SDbU6ZoUTMInnqmjoliFuW6zqr+OT315m6hcZa/ld6OVCXw0iRFIPN+iWitjM bXE= =krc1 -----END PGP SIGNATURE----- --------------UHmXaXZB0INNjkeQh034y9tg--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?d463e656-2656-4b90-abb1-4bd52502e940>