FreeBSD Mail Archives

Date:      Mon, 16 Oct 2023 17:04:19 +0200
From:      DutchDaemon - FreeBSD Forums Administrator <DutchDaemon@FreeBSD.org>
To:        ports@freebsd.org
Subject:   Re: HEADS-UP: security/openssl switching to 3.0 branch
Message-ID:  <d463e656-2656-4b90-abb1-4bd52502e940@FreeBSD.org>
In-Reply-To: <d2b20427-d618-4c17-b305-7ee1c5cb362d@FreeBSD.org>
References:  <92667a5ea6afeab7ce9c55528af34f49@freebsd.org> <48b835a442707d7b8db4f4b270c12897@freebsd.org> <aa4d6fb2-4000-40a7-9797-fa583df46ff0@FreeBSD.org> <3aa783ad-4318-4c9a-bb1a-1065ce3a91cf@FreeBSD.org> <8fa8e262-26ed-4094-87d1-8379d7a61e19@FreeBSD.org> <4f470a05-8085-4157-9f1e-ac6ca7fe9aaa@FreeBSD.org> <d2b20427-d618-4c17-b305-7ee1c5cb362d@FreeBSD.org>

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------UHmXaXZB0INNjkeQh034y9tg
Content-Type: multipart/mixed; boundary="------------57gDYclDqQmTTBqk4kvaPFV8";
 protected-headers="v1"
From: DutchDaemon - FreeBSD Forums Administrator <DutchDaemon@FreeBSD.org>
To: ports@freebsd.org
Message-ID: <d463e656-2656-4b90-abb1-4bd52502e940@FreeBSD.org>
Subject: Re: HEADS-UP: security/openssl switching to 3.0 branch
References: <92667a5ea6afeab7ce9c55528af34f49@freebsd.org>
 <48b835a442707d7b8db4f4b270c12897@freebsd.org>
 <aa4d6fb2-4000-40a7-9797-fa583df46ff0@FreeBSD.org>
 <3aa783ad-4318-4c9a-bb1a-1065ce3a91cf@FreeBSD.org>
 <8fa8e262-26ed-4094-87d1-8379d7a61e19@FreeBSD.org>
 <4f470a05-8085-4157-9f1e-ac6ca7fe9aaa@FreeBSD.org>
 <d2b20427-d618-4c17-b305-7ee1c5cb362d@FreeBSD.org>
In-Reply-To: <d2b20427-d618-4c17-b305-7ee1c5cb362d@FreeBSD.org>

--------------57gDYclDqQmTTBqk4kvaPFV8
Content-Type: multipart/alternative;
 boundary="------------eUUGnV6w50T7cr6dVcfeAm0A"

--------------eUUGnV6w50T7cr6dVcfeAm0A
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64

T24gMTYvMTAvMjAyMyAxMzoxNCwgRHV0Y2hEYWVtb24gLSBGcmVlQlNEIEZvcnVtcyBBZG1p
bmlzdHJhdG9yIHdyb3RlOg0KPiBPbiAxNi8xMC8yMDIzIDEzOjA3LCBHdWlkbyBGYWxzaSB3
cm90ZToNCj4+IE9uIDE2LzEwLzIzIDEzOjAzLCBEdXRjaERhZW1vbiAtIEZyZWVCU0QgRm9y
dW1zIEFkbWluaXN0cmF0b3Igd3JvdGU6DQo+Pj4gT24gMTYvMTAvMjAyMyAxMjo1NywgR3Vp
ZG8gRmFsc2kgd3JvdGU6DQo+Pj4+IE9uIDE2LzEwLzIzIDExOjE5LCBEdXRjaERhZW1vbiAt
IEZyZWVCU0QgRm9ydW1zIEFkbWluaXN0cmF0b3Igd3JvdGU6DQo+Pj4+PiBJIGZvdW5kIHRo
aXMgb25lIGFmdGVyIGEgZnVsbCByZWJ1aWxkIGluIFBvdWRyaWVyZToNCj4+Pj4+DQo+Pj4+
PiBsZC1lbGYuc28uMTogU2hhcmVkIG9iamVjdCAibGlic3NsLnNvLjExIiBub3QgZm91bmQs
IHJlcXVpcmVkIGJ5IA0KPj4+Pj4gInRyYW5zbWlzc2lvbi1kYWVtb24iDQo+Pj4+Pg0KPj4+
Pg0KPj4+PiBJIGd1ZXNzIHlvdSB3aWxsIG5lZWQgdG8gZm9yY2UgcmVidWlsZC9yZWluc3Rh
bGwgYWxsIHBhY2thZ2VzIA0KPj4+PiBkZXBlbmRpbmcgb24gb3BlbnNzbC4NCj4+Pj4NCj4+
Pj4gKGlmIEkgdW5kZXJzdGFuZCBjb3JyZWN0bHkgeW91J3JlIHVzaW5nIHBvdWRyaWVyZS1i
dWxrKDgpIHRvIGJ1aWxkIA0KPj4+PiB5b3V0IGJpbmFyeSBwYWNrYWdlcyByZXBvKQ0KPj4+
Pg0KPj4+PiBBY3R1YWxseSBwb3VkcmllcmUgc2hvdWxkIGhhdmUgYmVlbiBhYmxlIHRvIHJl
YnVpbGQgdGhlbSBpdHNlbGYsIA0KPj4+PiB1bmxlc3MgeW91J3JlIHVzaW5nIHRoZSAtUyBv
cHRpb24sIHdoaWNoIGNvdWxkIGhhdmUgc2tpcHBlZCBzb21lIA0KPj4+PiByZWJ1aWxkcyB0
aGF0IGluIHRoaXMgY2FzZSBhcmUgbmVlZGVkLg0KPj4+Pg0KPj4+PiBJZiB5b3UgaGF2ZSBh
IGJyb2tlbiByZXBvIChkdWUgdG8gLVMgb3Igc29tZSBvdGhlciB1bmtub3duIHJlYXNvbikg
DQo+Pj4+IHlvdSB3aWxsIG5lZWQgdG8gcmVidWlsZCBpdCBmcm9tIHNjcmF0Y2ggKC1jIG9w
dGlvbikgdG8gZ2V0IGEgDQo+Pj4+IHByaXN0aW5lIGFuZCBob3BlZnVsbHkgd29ya2luZyBv
bmUuDQo+Pj4+DQo+Pj4gVGhpcyBpcyBQb3VkcmllcmUsIGV2ZXJ5dGhpbmcgd2FzIHJlYnVp
bHQgZnJvbSB0aGUgZ3JvdW5kIHVwLg0KPj4+DQo+Pg0KPj4gSSBzZWUsIGJ1dCB5b3UgZGlk
IG5vdCByZXBvcnQsIGRpZCB5b3UgInBrZyB1cGdyYWRlIC1mIiBldmVyeXRoaW5nIA0KPj4g
ZGVwZW5kaW5nIG9uIG9wZW5zc2w/IEknbSBub3Qgc3VyZSBwa2cgd2lsbCBmaWd1cmUgaXQg
b3V0IGJ5IGl0c2VsZiANCj4+IHRoYXQgaXQgbmVlZHMgdG8gZG8gdGhhdCBpbiB5b3VyIGNh
c2UuDQo+Pg0KPj4gSXQgbG9va3MgbGlrZSB5b3Ugc3RpbGwgaGF2ZSBvbGQgYmluYXJpZXMg
b24geW91ciBzeXN0ZW0uIElmIA0KPj4gcG91ZHJpZXJlIGRpZCBlbmQgdGhlIGJ1aWxkIHRo
ZW0gYWxsIHN1Y2Nlc3NmdWxseSBpdCB3b3VsZCBiZSBzdHJhbmdlIA0KPj4gaXQgd291bGQg
aGF2ZSBnZW5lcmF0ZWQgc28gbWFueSBub24gd29ya2luZyBiaW5hcmllcyB3aXRob3V0IA0K
Pj4gZXhwZXJpZW5jaW5nIGZhaWx1cmVzIGR1cmluZyB0aGUgYnVpbGQuDQo+Pg0KPg0KPiBG
b3IgdGhpcyBzcGVjaWZpYyBqYWlsLCA0OTYvNDk2IHBhY2thZ2VzIHdlcmUgYnVpbHQgZnJv
bSBzY3JhdGNoIHdpdGggDQo+IDAgZXJyb3JzLCAwIHNraXBzLg0KPg0KPiBUaGUgb25seSB0
aGluZyBJIGNhbiBkbyBpcyBwa2cgZGVsZXRlIC1hLSBmIC15ICYmIHBrZyBpbnN0YWxsIA0K
PiAkKGxpc3Qtb2Ytbm9kZS1wb3J0cykgYnV0IHRoYXQgc2VlbXMgZXhjZXNzaXZlLiBBIHBr
ZyB1cGdyYWRlIC1meSBvbiANCj4gYWxsIHBvcnRzIHNob3VsZCBiZSBlbm91Z2guDQo+DQoN
ClRoaXMgYWN0dWFsbHkgaGVscGVkLiBTbyBmb3Igb2xkLCBkZWVwLWRvd24gcmVtbmFudHMg
b2YgT3BlblNTTCAxLjEuIHRvIA0KZGlzYXBwZWFyLCBhIHdob2xlc2FsZSBwa2cgZGVsZXRl
IC1hIC1mIC15IGFuZCBhIHJlaW5zdGFsbCBvZiBhbGwgbm9kZSANCnBhY2thZ2VzIChnZXQg
dGhlbSB0aHJvdWdoIHBrZyBwcmltZS1vcmlnaW5zKSBpcyBhZHZpc2FibGUuDQoNCg==
--------------eUUGnV6w50T7cr6dVcfeAm0A
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE html>
<html data-lt-installed=3D"true">
  <head>
    <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3DUTF=
-8">
  </head>
  <body style=3D"padding-bottom: 1px;" text=3D"#000000" bgcolor=3D"#FFFFF=
F">
    <div class=3D"moz-cite-prefix">On 16/10/2023 13:14, DutchDaemon -
      FreeBSD Forums Administrator wrote:<br>
    </div>
    <blockquote type=3D"cite"
      cite=3D"mid:d2b20427-d618-4c17-b305-7ee1c5cb362d@FreeBSD.org">
      <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3DU=
TF-8">
      <div class=3D"moz-cite-prefix">On 16/10/2023 13:07, Guido Falsi
        wrote:<br>
      </div>
      <blockquote type=3D"cite"
        cite=3D"mid:4f470a05-8085-4157-9f1e-ac6ca7fe9aaa@FreeBSD.org">On
        16/10/23 13:03, DutchDaemon - FreeBSD Forums Administrator
        wrote: <br>
        <blockquote type=3D"cite">On 16/10/2023 12:57, Guido Falsi wrote:=

          <br>
          <blockquote type=3D"cite">On 16/10/23 11:19, DutchDaemon -
            FreeBSD Forums Administrator wrote: <br>
            <blockquote type=3D"cite">I found this one after a full
              rebuild in Poudriere: <br>
              <br>
              ld-elf.so.1: Shared object "libssl.so.11" not found,
              required by "transmission-daemon" <br>
              <br>
            </blockquote>
            <br>
            I guess you will need to force rebuild/reinstall all
            packages depending on openssl. <br>
            <br>
            (if I understand correctly you're using poudriere-bulk(8) to
            build yout binary packages repo) <br>
            <br>
            Actually poudriere should have been able to rebuild them
            itself, unless you're using the -S option, which could have
            skipped some rebuilds that in this case are needed. <br>
            <br>
            If you have a broken repo (due to -S or some other unknown
            reason) you will need to rebuild it from scratch (-c option)
            to get a pristine and hopefully working one. <br>
            <br>
          </blockquote>
          This is Poudriere, everything was rebuilt from the ground up.
          <br>
          <br>
        </blockquote>
        <br>
        I see, but you did not report, did you "pkg upgrade -f"
        everything depending on openssl? I'm not sure pkg will figure it
        out by itself that it needs to do that in your case. <br>
        <br>
        It looks like you still have old binaries on your system. If
        poudriere did end the build them all successfully it would be
        strange it would have generated so many non working binaries
        without experiencing failures during the build. <br>
        <br>
      </blockquote>
      <p><br>
      </p>
      <p>For this specific jail, 496/496 packages were built from
        scratch with 0 errors, 0 skips.</p>
      <p>The only thing I can do is <font face=3D"monospace">pkg delete
          -a- f -y &amp;&amp; pkg install $(list-of-node-ports)</font>
        but that seems excessive. A <font face=3D"monospace">pkg upgrade
          -fy</font> on all ports should be enough.<br>
      </p>
    </blockquote>
    <p><br>
    </p>
    <p>This actually helped. So for old, deep-down remnants of OpenSSL
      1.1. to disappear, a wholesale <font face=3D"monospace">pkg delete
        -a -f -y</font> and a reinstall of all node packages (get them
      through <font face=3D"monospace">pkg prime-origins</font>) is
      advisable.<br>
    </p>
  </body>
</html>

--------------eUUGnV6w50T7cr6dVcfeAm0A--

--------------57gDYclDqQmTTBqk4kvaPFV8--

--------------UHmXaXZB0INNjkeQh034y9tg
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature.asc"

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEE9AWUvcZu/lO5r3wZ0R2eb0cya6gFAmUtUPMFAwAAAAAACgkQ0R2eb0cya6gy
bQ/+PYXk8O2PmoQ5JIT+A/i7GGqdNCOV3uMwyAqtbxaSFfLBuUjvC6IwDNWSFvyHUKEGn7MMYaer
+V5XlMlSS+nTigrEfC71Vg10wHCr0ytw0wuRIGAGZ4vMDGttAtZ8rHDPCmrbogPt9+RV3o/iCxlQ
fKZyEvn3GNz+PTr6G76GK2jw5sRfYoEeJKps1G/SKO4Q7b+dLSM3lFqyi3Tc/I/QhDhxq4Q/7ZPY
ctSAhHut77g6avlfFoWBo9okVg8/3Ibnzzj+nFPgeex/OYUCreQWA3o2V8/ALKgwIVvJ2ez4JNxc
2D23UeK5C8MA4ej3ayNKoP/zJM1G3rHKWsUZqtV2qYnob0vuXUeaREfGXmFm1L213gQs+gFdCluI
FXeoDqBOAzXkAIXLgcMSpvFLEy82QrC6KNRVo5VBpNVYUXLJlsSvbSZwfIbFHQZ9o3TIbzgpoobI
+w4+AbYLjY2qmC2xLWftbBBmT2IkhUSLiYp9DCrbO85G0qD8vWZrKpQ4m+mVXgP51xH/l2nGFieS
yjSQEVduY4N68D4sDpwVrqlfz2aEgfeLMgVt3Aj0jvTnq5RCI/kRzIQWdlmcyYqci3llKrV3iWiZ
/x/NZjf180EBLT+SDbU6ZoUTMInnqmjoliFuW6zqr+OT315m6hcZa/ld6OVCXw0iRFIPN+iWitjM
bXE=
=krc1
-----END PGP SIGNATURE-----

--------------UHmXaXZB0INNjkeQh034y9tg--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?d463e656-2656-4b90-abb1-4bd52502e940>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation