Date: Wed, 18 Oct 2023 01:17:47 +0200 From: Gareth de Vaux <ports@lordcow.org> To: DutchDaemon - FreeBSD Forums Administrator <DutchDaemon@freebsd.org> Cc: ports@freebsd.org Subject: Re: HEADS-UP: security/openssl switching to 3.0 branch Message-ID: <ZS8WGzISUYbRe5-t@lordcow.org> In-Reply-To: <d463e656-2656-4b90-abb1-4bd52502e940@FreeBSD.org> References: <92667a5ea6afeab7ce9c55528af34f49@freebsd.org> <48b835a442707d7b8db4f4b270c12897@freebsd.org> <aa4d6fb2-4000-40a7-9797-fa583df46ff0@FreeBSD.org> <3aa783ad-4318-4c9a-bb1a-1065ce3a91cf@FreeBSD.org> <8fa8e262-26ed-4094-87d1-8379d7a61e19@FreeBSD.org> <4f470a05-8085-4157-9f1e-ac6ca7fe9aaa@FreeBSD.org> <d2b20427-d618-4c17-b305-7ee1c5cb362d@FreeBSD.org> <d463e656-2656-4b90-abb1-4bd52502e940@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon 2023-10-16 (17:04), DutchDaemon - FreeBSD Forums Administrator wrote: > On 16/10/2023 13:14, DutchDaemon - FreeBSD Forums Administrator wrote: > > On 16/10/2023 13:07, Guido Falsi wrote: > > > On 16/10/23 13:03, DutchDaemon - FreeBSD Forums Administrator wrote: > > > > On 16/10/2023 12:57, Guido Falsi wrote: > > > > > On 16/10/23 11:19, DutchDaemon - FreeBSD Forums Administrator wrote: > > > > > > I found this one after a full rebuild in Poudriere: > > > > > > > > > > > > ld-elf.so.1: Shared object "libssl.so.11" not found, > > > > > > required by "transmission-daemon" > > > > > > > > > > > > > > > > I guess you will need to force rebuild/reinstall all > > > > > packages depending on openssl. > > > > > > > > > > (if I understand correctly you're using poudriere-bulk(8) to > > > > > build yout binary packages repo) > > > > > > > > > > Actually poudriere should have been able to rebuild them > > > > > itself, unless you're using the -S option, which could have > > > > > skipped some rebuilds that in this case are needed. > > > > > > > > > > If you have a broken repo (due to -S or some other unknown > > > > > reason) you will need to rebuild it from scratch (-c option) > > > > > to get a pristine and hopefully working one. > > > > > > > > > This is Poudriere, everything was rebuilt from the ground up. > > > > > > > > > > I see, but you did not report, did you "pkg upgrade -f" everything > > > depending on openssl? I'm not sure pkg will figure it out by itself > > > that it needs to do that in your case. > > > > > > It looks like you still have old binaries on your system. If > > > poudriere did end the build them all successfully it would be > > > strange it would have generated so many non working binaries without > > > experiencing failures during the build. > > > > > > > For this specific jail, 496/496 packages were built from scratch with 0 > > errors, 0 skips. > > > > The only thing I can do is pkg delete -a- f -y && pkg install > > $(list-of-node-ports) but that seems excessive. A pkg upgrade -fy on all > > ports should be enough. > > > > This actually helped. So for old, deep-down remnants of OpenSSL 1.1. to > disappear, a wholesale pkg delete -a -f -y and a reinstall of all node > packages (get them through pkg prime-origins) is advisable. portupgrade -frR openssl-3.0.11,1 did the job for me (granted, not everyone's using portupgrade). Also, there should be an entry in ports/UPDATING about this, it's a breaking change.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ZS8WGzISUYbRe5-t>