Date: Tue, 17 Oct 2023 12:51:42 +0200 From: DutchDaemon - FreeBSD Forums Administrator <DutchDaemon@FreeBSD.org> To: ports@freebsd.org Subject: Re: HEADS-UP: security/openssl switching to 3.0 branch Message-ID: <6536f2e0-b0aa-4689-a4a0-c1ffa0fc91a8@FreeBSD.org> In-Reply-To: <b95a7774-05fc-4bb1-874a-4852dbbd0859@FreeBSD.org> References: <92667a5ea6afeab7ce9c55528af34f49@freebsd.org> <48b835a442707d7b8db4f4b270c12897@freebsd.org> <45a77603-6911-41fd-86e7-b56714e9f42b@FreeBSD.org> <b95a7774-05fc-4bb1-874a-4852dbbd0859@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------ZAJ00XhbrO0YAr3XvhlQFtLS
Content-Type: multipart/mixed; boundary="------------49SziTKxCciC5Ru6JO6Ysd7Y";
protected-headers="v1"
From: DutchDaemon - FreeBSD Forums Administrator <DutchDaemon@FreeBSD.org>
To: ports@freebsd.org
Message-ID: <6536f2e0-b0aa-4689-a4a0-c1ffa0fc91a8@FreeBSD.org>
Subject: Re: HEADS-UP: security/openssl switching to 3.0 branch
References: <92667a5ea6afeab7ce9c55528af34f49@freebsd.org>
<48b835a442707d7b8db4f4b270c12897@freebsd.org>
<45a77603-6911-41fd-86e7-b56714e9f42b@FreeBSD.org>
<b95a7774-05fc-4bb1-874a-4852dbbd0859@FreeBSD.org>
In-Reply-To: <b95a7774-05fc-4bb1-874a-4852dbbd0859@FreeBSD.org>
--------------49SziTKxCciC5Ru6JO6Ysd7Y
Content-Type: multipart/alternative;
boundary="------------LSMbZw0nps2MQZliBYD8k6sK"
--------------LSMbZw0nps2MQZliBYD8k6sK
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64
T24gMTcvMTAvMjAyMyAxMjo0MywgRHV0Y2hEYWVtb24gLSBGcmVlQlNEIEZvcnVtcyBBZG1p
bmlzdHJhdG9yIHdyb3RlOg0KPg0KPiBJIGhhdmUgcmV0cmllZCBhbGwga2luZHMgb2YgcmVi
dWlsZHMsIG5ldyBidWlsZCBqYWlscywgQ0NBQ0hFIG9uL29mZiwgDQo+IGFuZCBmdWxsIGRl
aW5zdGFsbHMvcmVpbnN0YWxscywgYnV0IHRoaXMgcmVtYWlucyBhIHByb2JsZW07IEkgc2Vl
IHRoYXQgDQo+IHRoZXJlIGFyZSBPcGVuU1NML3B5LWNyeXB0byBidWdzIGZpbGVkIGZvciB0
aGlzLCBzbyBJIHdpbGwgc3RvcCB0cnlpbmcgDQo+IHRvIHJlbWVkeSB0aGlzLA0KPg0KPiAj
IGNlcnRib3QNCj4gVHJhY2ViYWNrIChtb3N0IHJlY2VudCBjYWxsIGxhc3QpOg0KPiDCoCBG
aWxlICIvdXNyL2xvY2FsL2Jpbi9jZXJ0Ym90IiwgbGluZSAzMywgaW4gPG1vZHVsZT4NCj4g
wqDCoMKgIHN5cy5leGl0KGxvYWRfZW50cnlfcG9pbnQoJ2NlcnRib3Q9PTIuNi4wJywgJ2Nv
bnNvbGVfc2NyaXB0cycsIA0KPiAnY2VydGJvdCcpKCkpDQo+IMKgIEZpbGUgIi91c3IvbG9j
YWwvYmluL2NlcnRib3QiLCBsaW5lIDI1LCBpbiBpbXBvcnRsaWJfbG9hZF9lbnRyeV9wb2lu
dA0KPiDCoMKgwqAgcmV0dXJuIG5leHQobWF0Y2hlcykubG9hZCgpDQo+IMKgIEZpbGUgIi91
c3IvbG9jYWwvbGliL3B5dGhvbjMuOS9pbXBvcnRsaWIvbWV0YWRhdGEucHkiLCBsaW5lIDg2
LCBpbiBsb2FkDQo+IMKgwqDCoCBtb2R1bGUgPSBpbXBvcnRfbW9kdWxlKG1hdGNoLmdyb3Vw
KCdtb2R1bGUnKSkNCj4gwqAgRmlsZSAiL3Vzci9sb2NhbC9saWIvcHl0aG9uMy45L2ltcG9y
dGxpYi9fX2luaXRfXy5weSIsIGxpbmUgMTI3LCBpbiANCj4gaW1wb3J0X21vZHVsZQ0KPiDC
oMKgwqAgcmV0dXJuIF9ib290c3RyYXAuX2djZF9pbXBvcnQobmFtZVtsZXZlbDpdLCBwYWNr
YWdlLCBsZXZlbCkNCj4gwqAgRmlsZSAiPGZyb3plbiBpbXBvcnRsaWIuX2Jvb3RzdHJhcD4i
LCBsaW5lIDEwMzAsIGluIF9nY2RfaW1wb3J0DQo+IMKgIEZpbGUgIjxmcm96ZW4gaW1wb3J0
bGliLl9ib290c3RyYXA+IiwgbGluZSAxMDA3LCBpbiBfZmluZF9hbmRfbG9hZA0KPiDCoCBG
aWxlICI8ZnJvemVuIGltcG9ydGxpYi5fYm9vdHN0cmFwPiIsIGxpbmUgOTg2LCBpbiANCj4g
X2ZpbmRfYW5kX2xvYWRfdW5sb2NrZWQNCj4gwqAgRmlsZSAiPGZyb3plbiBpbXBvcnRsaWIu
X2Jvb3RzdHJhcD4iLCBsaW5lIDY4MCwgaW4gX2xvYWRfdW5sb2NrZWQNCj4gwqAgRmlsZSAi
PGZyb3plbiBpbXBvcnRsaWIuX2Jvb3RzdHJhcF9leHRlcm5hbD4iLCBsaW5lIDg1MCwgaW4g
ZXhlY19tb2R1bGUNCj4gwqAgRmlsZSAiPGZyb3plbiBpbXBvcnRsaWIuX2Jvb3RzdHJhcD4i
LCBsaW5lIDIyOCwgaW4gDQo+IF9jYWxsX3dpdGhfZnJhbWVzX3JlbW92ZWQNCj4gwqAgRmls
ZSAiL3Vzci9sb2NhbC9saWIvcHl0aG9uMy45L3NpdGUtcGFja2FnZXMvY2VydGJvdC9tYWlu
LnB5IiwgbGluZSANCj4gNiwgaW4gPG1vZHVsZT4NCj4gwqDCoMKgIGZyb20gY2VydGJvdC5f
aW50ZXJuYWwgaW1wb3J0IG1haW4gYXMgaW50ZXJuYWxfbWFpbg0KPiDCoCBGaWxlIA0KPiAi
L3Vzci9sb2NhbC9saWIvcHl0aG9uMy45L3NpdGUtcGFja2FnZXMvY2VydGJvdC9faW50ZXJu
YWwvbWFpbi5weSIsIA0KPiBsaW5lIDIxLCBpbiA8bW9kdWxlPg0KPiDCoMKgwqAgaW1wb3J0
IGpvc2VweSBhcyBqb3NlDQo+IMKgIEZpbGUgIi91c3IvbG9jYWwvbGliL3B5dGhvbjMuOS9z
aXRlLXBhY2thZ2VzL2pvc2VweS9fX2luaXRfXy5weSIsIA0KPiBsaW5lIDQwLCBpbiA8bW9k
dWxlPg0KPiDCoMKgwqAgZnJvbSBqb3NlcHkuanNvbl91dGlsIGltcG9ydCAoDQo+IMKgIEZp
bGUgIi91c3IvbG9jYWwvbGliL3B5dGhvbjMuOS9zaXRlLXBhY2thZ2VzL2pvc2VweS9qc29u
X3V0aWwucHkiLCANCj4gbGluZSAxNCwgaW4gPG1vZHVsZT4NCj4gwqDCoMKgIGZyb20gT3Bl
blNTTCBpbXBvcnQgY3J5cHRvDQo+IMKgIEZpbGUgIi91c3IvbG9jYWwvbGliL3B5dGhvbjMu
OS9zaXRlLXBhY2thZ2VzL09wZW5TU0wvX19pbml0X18ucHkiLCANCj4gbGluZSA4LCBpbiA8
bW9kdWxlPg0KPiDCoMKgwqAgZnJvbSBPcGVuU1NMIGltcG9ydCBTU0wsIGNyeXB0bw0KPiDC
oCBGaWxlICIvdXNyL2xvY2FsL2xpYi9weXRob24zLjkvc2l0ZS1wYWNrYWdlcy9PcGVuU1NM
L1NTTC5weSIsIGxpbmUgDQo+IDksIGluIDxtb2R1bGU+DQo+IMKgwqDCoCBmcm9tIE9wZW5T
U0wuX3V0aWwgaW1wb3J0ICgNCj4gwqAgRmlsZSAiL3Vzci9sb2NhbC9saWIvcHl0aG9uMy45
L3NpdGUtcGFja2FnZXMvT3BlblNTTC9fdXRpbC5weSIsIGxpbmUgDQo+IDYsIGluIDxtb2R1
bGU+DQo+IMKgwqDCoCBmcm9tIGNyeXB0b2dyYXBoeS5oYXptYXQuYmluZGluZ3Mub3BlbnNz
bC5iaW5kaW5nIGltcG9ydCBCaW5kaW5nDQo+IMKgIEZpbGUgDQo+ICIvdXNyL2xvY2FsL2xp
Yi9weXRob24zLjkvc2l0ZS1wYWNrYWdlcy9jcnlwdG9ncmFwaHkvaGF6bWF0L2JpbmRpbmdz
L29wZW5zc2wvYmluZGluZy5weSIsIA0KPiBsaW5lIDE1LCBpbiA8bW9kdWxlPg0KPiDCoMKg
wqAgZnJvbSBjcnlwdG9ncmFwaHkuZXhjZXB0aW9ucyBpbXBvcnQgSW50ZXJuYWxFcnJvcg0K
PiDCoCBGaWxlIA0KPiAiL3Vzci9sb2NhbC9saWIvcHl0aG9uMy45L3NpdGUtcGFja2FnZXMv
Y3J5cHRvZ3JhcGh5L2V4Y2VwdGlvbnMucHkiLCANCj4gbGluZSA5LCBpbiA8bW9kdWxlPg0K
PiDCoMKgwqAgZnJvbSBjcnlwdG9ncmFwaHkuaGF6bWF0LmJpbmRpbmdzLl9ydXN0IGltcG9y
dCBleGNlcHRpb25zIGFzIA0KPiBydXN0X2V4Y2VwdGlvbnMNCj4gSW1wb3J0RXJyb3I6IA0K
PiAvdXNyL2xvY2FsL2xpYi9weXRob24zLjkvc2l0ZS1wYWNrYWdlcy9jcnlwdG9ncmFwaHkv
aGF6bWF0L2JpbmRpbmdzL19ydXN0LmFiaTMuc286IA0KPiBVbmRlZmluZWQgc3ltYm9sICJF
VlBfZGVmYXVsdF9wcm9wZXJ0aWVzX2lzX2ZpcHNfZW5hYmxlZCINCj4NCg0KQW5kLCBhcyBu
b3RlZCBlbHNld2hlcmUsIGl0J3MgbGlua2VkIHRvIHRoZSBiYXNlIHN5c3RlbSBPcGVuU1NM
LCBub3QgdGhlIA0KcG9ydGVkIE9wZW5TU0wgKG1ha2UuY29uZiBoYXMgc3NsPW9wZW5zc2wp
Lg0KDQojIGxkZCANCi91c3IvbG9jYWwvbGliL3B5dGhvbjMuOS9zaXRlLXBhY2thZ2VzL2Ny
eXB0b2dyYXBoeS9oYXptYXQvYmluZGluZ3MvX3J1c3QuYWJpMy5zbw0KL3Vzci9sb2NhbC9s
aWIvcHl0aG9uMy45L3NpdGUtcGFja2FnZXMvY3J5cHRvZ3JhcGh5L2hhem1hdC9iaW5kaW5n
cy9fcnVzdC5hYmkzLnNvOg0KIMKgwqDCoMKgwqDCoMKgIGxpYnNzbC5zby4xMTEgPT4gL3Vz
ci9saWIvbGlic3NsLnNvLjExMSAoMHgzMjFiNGIxYWMwMDApDQogwqDCoMKgwqDCoMKgwqAg
bGliY3J5cHRvLnNvLjExMSA9PiAvbGliL2xpYmNyeXB0by5zby4xMTEgKDB4MzIxYjUwMjM0
MDAwKQ0KIMKgwqDCoMKgwqDCoMKgIGxpYnRoci5zby4zID0+IC9saWIvbGlidGhyLnNvLjMg
KDB4MzIxYjRmYWNkMDAwKQ0KIMKgwqDCoMKgwqDCoMKgIGxpYmdjY19zLnNvLjEgPT4gL2xp
Yi9saWJnY2Nfcy5zby4xICgweDMyMWI1MTM2MDAwMCkNCiDCoMKgwqDCoMKgwqDCoCBsaWJj
LnNvLjcgPT4gL2xpYi9saWJjLnNvLjcgKDB4MzIxYjRiOWMyMDAwKQ0KDQo=
--------------LSMbZw0nps2MQZliBYD8k6sK
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE html>
<html data-lt-installed=3D"true">
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3DUTF=
-8">
</head>
<body style=3D"padding-bottom: 1px;" text=3D"#000000" bgcolor=3D"#FFFFF=
F">
<div class=3D"moz-cite-prefix">On 17/10/2023 12:43, DutchDaemon -
FreeBSD Forums Administrator wrote:</div>
<blockquote type=3D"cite"
cite=3D"mid:b95a7774-05fc-4bb1-874a-4852dbbd0859@FreeBSD.org">
<p>I have retried all kinds of rebuilds, new build jails, CCACHE
on/off, and full deinstalls/reinstalls, but this remains a
problem; I see that there are OpenSSL/py-crypto bugs filed for
this, so I will stop trying to remedy this,<br>
</p>
<p><font face=3D"monospace"># certbot<br>
Traceback (most recent call last):<br>
=C2=A0 File "/usr/local/bin/certbot", line 33, in <module>=
;<br>
=C2=A0=C2=A0=C2=A0 sys.exit(load_entry_point('certbot=3D=3D2.6.=
0',
'console_scripts', 'certbot')())<br>
=C2=A0 File "/usr/local/bin/certbot", line 25, in
importlib_load_entry_point<br>
=C2=A0=C2=A0=C2=A0 return next(matches).load()<br>
=C2=A0 File "/usr/local/lib/python3.9/importlib/metadata.py", l=
ine
86, in load<br>
=C2=A0=C2=A0=C2=A0 module =3D import_module(match.group('module=
'))<br>
=C2=A0 File "/usr/local/lib/python3.9/importlib/__init__.py", l=
ine
127, in import_module<br>
=C2=A0=C2=A0=C2=A0 return _bootstrap._gcd_import(name[level:], =
package,
level)<br>
=C2=A0 File "<frozen importlib._bootstrap>", line 1030, i=
n
_gcd_import<br>
=C2=A0 File "<frozen importlib._bootstrap>", line 1007, i=
n
_find_and_load<br>
=C2=A0 File "<frozen importlib._bootstrap>", line 986, in=
_find_and_load_unlocked<br>
=C2=A0 File "<frozen importlib._bootstrap>", line 680, in=
_load_unlocked<br>
=C2=A0 File "<frozen importlib._bootstrap_external>", lin=
e
850, in exec_module<br>
=C2=A0 File "<frozen importlib._bootstrap>", line 228, in=
_call_with_frames_removed<br>
=C2=A0 File
"/usr/local/lib/python3.9/site-packages/certbot/main.py", line
6, in <module><br>
=C2=A0=C2=A0=C2=A0 from certbot._internal import main as intern=
al_main<br>
=C2=A0 File
"/usr/local/lib/python3.9/site-packages/certbot/_internal/main.=
py",
line 21, in <module><br>
=C2=A0=C2=A0=C2=A0 import josepy as jose<br>
=C2=A0 File
"/usr/local/lib/python3.9/site-packages/josepy/__init__.py",
line 40, in <module><br>
=C2=A0=C2=A0=C2=A0 from josepy.json_util import (<br>
=C2=A0 File
"/usr/local/lib/python3.9/site-packages/josepy/json_util.py",
line 14, in <module><br>
=C2=A0=C2=A0=C2=A0 from OpenSSL import crypto<br>
=C2=A0 File
"/usr/local/lib/python3.9/site-packages/OpenSSL/__init__.py",
line 8, in <module><br>
=C2=A0=C2=A0=C2=A0 from OpenSSL import SSL, crypto<br>
=C2=A0 File
"/usr/local/lib/python3.9/site-packages/OpenSSL/SSL.py", line
9, in <module><br>
=C2=A0=C2=A0=C2=A0 from OpenSSL._util import (<br>
=C2=A0 File
"/usr/local/lib/python3.9/site-packages/OpenSSL/_util.py",
line 6, in <module><br>
=C2=A0=C2=A0=C2=A0 from cryptography.hazmat.bindings.openssl.bi=
nding import
Binding<br>
=C2=A0 File
"/usr/local/lib/python3.9/site-packages/cryptography/hazmat/bindings/open=
ssl/binding.py",
line 15, in <module><br>
=C2=A0=C2=A0=C2=A0 from cryptography.exceptions import Internal=
Error<br>
=C2=A0 File
"/usr/local/lib/python3.9/site-packages/cryptography/exceptions=
=2Epy",
line 9, in <module><br>
=C2=A0=C2=A0=C2=A0 from cryptography.hazmat.bindings._rust impo=
rt exceptions
as rust_exceptions<br>
ImportError:
/usr/local/lib/python3.9/site-packages/cryptography/hazmat/bindings/_rust=
=2Eabi3.so:
Undefined symbol "EVP_default_properties_is_fips_enabled"<br>
</font></p>
</blockquote>
<p><br>
</p>
<p>And, as noted elsewhere, it's linked to the base system OpenSSL,
not the ported OpenSSL (make.conf has ssl=3Dopenssl).<br>
</p>
<p><font face=3D"monospace"># ldd
/usr/local/lib/python3.9/site-packages/cryptography/hazmat/bindings/_rust=
=2Eabi3.so<br>
/usr/local/lib/python3.9/site-packages/cryptography/hazmat/bindings/_rust=
=2Eabi3.so:<br>
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 libssl.so.111 =3D> =
/usr/lib/libssl.so.111
(0x321b4b1ac000)<br>
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 libcrypto.so.111 =3D&g=
t; /lib/libcrypto.so.111
(0x321b50234000)<br>
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 libthr.so.3 =3D> /l=
ib/libthr.so.3 (0x321b4facd000)<br>
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 libgcc_s.so.1 =3D> =
/lib/libgcc_s.so.1 (0x321b51360000)<br>
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 libc.so.7 =3D> /lib=
/libc.so.7 (0x321b4b9c2000)</font><br>
</p>
</body>
<lt-container></lt-container>
</html>
--------------LSMbZw0nps2MQZliBYD8k6sK--
--------------49SziTKxCciC5Ru6JO6Ysd7Y--
--------------ZAJ00XhbrO0YAr3XvhlQFtLS
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature.asc"
-----BEGIN PGP SIGNATURE-----
wsF5BAABCAAjFiEE9AWUvcZu/lO5r3wZ0R2eb0cya6gFAmUuZz8FAwAAAAAACgkQ0R2eb0cya6iT
kA//XBih5xTKl1iOEnfei0gb9CHNT82yGGgdszqK/xRJsXuCRTbX+Vt+PKTfBPb3iBZt26uQgvVB
incq0ECjCUcxzDOnaWE5+zVUOxEY4eYA3m3tigNvTTre36VEM15B15Mby+3WMgTP2o9Pel7608pV
44t8mtgZwb11qVpXFXH9Ex1N+a6wFpEwnyTNvqXsdXGdiO4w/eMA8NPgq6FgZ/ExmhgaHOYc+L7X
gl50lUt33Ed51+vXBLYU5IAZ9t74LBkwzcXFTwMq5+x4P2Bv1pSnHsKDUQKGDLU8fkrDb0RRCQr4
VWxXE6d0KGQdByHtr104qmsM8Pch/l0FP64WsDW0a4Y4uLRVPxMi4F/SZoItctfIk+YltzxZzES9
UPNhvOZ6Fnjwbl+HkWzGoj/PypHrVjdS3UJO5N0R5BWO8Ao4ppTCNpUQ5/YRmzYOofeIW4wDC5C0
Yfa9XfHmkMuaY33srVZcnizqjxUYcXn4/UdHm2T4ZXskWHQz9YleMKU4quoq+0H1XYDVlvC3WCR6
ez52O7qgmOd/PWvxCEMMytvWCx2J6JFpnxDSZ2oh2NPxq5sbXr4Y7ET+19GKzbVtC9wp9Hmr4pEB
uhk30BsHGetO866y0PZ8pBy5g3BC9xN5lLyWIWvsVIvD/l8hGpj4tdgPxavGx+YUSwZqaN8dwl+p
/P8=
=4N4u
-----END PGP SIGNATURE-----
--------------ZAJ00XhbrO0YAr3XvhlQFtLS--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6536f2e0-b0aa-4689-a4a0-c1ffa0fc91a8>