From owner-freebsd-current@freebsd.org Sat Oct 13 07:40:41 2018 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 414B410B8DD4 for ; Sat, 13 Oct 2018 07:40:41 +0000 (UTC) (envelope-from ronald-lists@klop.ws) Received: from smarthost1.greenhost.nl (smarthost1.greenhost.nl [195.190.28.89]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id DAA9D8D9D2 for ; Sat, 13 Oct 2018 07:40:40 +0000 (UTC) (envelope-from ronald-lists@klop.ws) Received: from smtp.greenhost.nl ([213.108.110.112]) by smarthost1.greenhost.nl with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from ) id 1gBEXN-0000sA-H9 for freebsd-current@freebsd.org; Sat, 13 Oct 2018 09:40:39 +0200 Content-Type: text/plain; charset=utf-8; format=flowed; delsp=yes To: freebsd-current@freebsd.org Subject: Re: HEADS-UP: OpenSSL 1.1.1 in 12.0 References: <20181009213425.GG61558@FreeBSD.org> <346b8805-f4d3-dc90-c882-d72f640b6a5c@protected-networks.net> Date: Sat, 13 Oct 2018 09:40:38 +0200 MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: "Ronald Klop" Message-ID: In-Reply-To: User-Agent: Opera Mail/12.16 (FreeBSD) X-Authenticated-As-Hash: 398f5522cb258ce43cb679602f8cfe8b62a256d1 X-Virus-Scanned: by clamav at smarthost1.samage.net X-Spam-Level: / X-Spam-Score: -0.2 X-Spam-Status: No, score=-0.2 required=5.0 tests=ALL_TRUSTED, BAYES_50 autolearn=disabled version=3.4.0 X-Scan-Signature: 18b3e585b0ef946fc0f6ee9ab4fcc4ff X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Oct 2018 07:40:41 -0000 On Sat, 13 Oct 2018 02:00:16 +0200, Don Lewis wrote: > On 11 Oct, Don Lewis wrote: >> On 11 Oct, Don Lewis wrote: >>> On 11 Oct, freebsd.current@clogic.com.ua wrote: >>>> On 2018-10-10 06:14, Michael Butler wrote: >>>>> On 10/9/18 5:34 PM, Glen Barber wrote: >>>>>> OpenSSL has been updated to version 1.1.1 as of r339270. >>>>>> >>>>>> It is important to rebuild third-party packages before running: >>>>>> >>>>>> # make -C /usr/src delete-old && make -C /usr/src delete-old-libs >>>>>> >>>>>> Thank you for your patience while this work was in progress, and >>>>>> thank >>>>>> you to all involved for their hard work in getting things ready for >>>>>> this >>>>>> update. >>>>> >>>>> So far, I've found two ports that will no longer build. They are: >>>>> >>>>> net-mgmt/net-snmp >>>>> security/opencryptoki >>>>> >>>>> I simply chose those that were linked to /usr/lib/libssl.so.8 where >>>>> the >>>>> openssl update creates libssl.so.9. There may be more I haven't found >>>>> yet, >>>>> >>>>> imb >>>> >>>> You always can add DEFAULT_VERSIONS+=ssl=openssl to /etc/make.conf to >>>> use openssl from ports. >>>> Anyway, I think apps from ports need to use openssl from ports. >>> >>> I've been doing this for a long time, but I still see a fair amount of >>> breakage with the new base OpenSSL. I suspect that some ports are >>> incorrectly stumbling across the new bits in base even though they >>> shouldn't be looking there. >> >> security/p5-Net-SSLeay is hardwired to use base OpenSSL, so changing the >> default version can't be done to unbreak p5-IO-Socket-SSL. >> >> devel/libsoup appears to allow the OpenSSL version to be set, but >> doesn't >> have an option for GSSAPI, so it attempts to use base GSSAPI with ports >> OpenSSL which is not a valid combo. >> >> emulators/virtualbox-ose is hardwired to use base OpenSSL. > > I now think the problem with virtualbox-ose is not the port. Rather it > is the fact that that the base libssl.so and the libssl.so installed by > the security/openssl have the same shared library version number even > though they are radically different OpenSSL versions. I added this to libmap.conf: cat /etc/libmap.conf # $FreeBSD: head/libexec/rtld-elf/libmap.conf 338741 2018-09-18 00:25:00Z brd $ includedir /usr/local/etc/libmap.d libssl.so.8 libssl.so.9 libcrypto.so.8 libcrypto.so.9 This made pkg run again. And now I'm waiting for the next pkg build to run pkg upgrade -f and upgrade everything. I guess that will solve all issues. Ronald.