From nobody Mon Jun 26 09:33:14 2023 X-Original-To: freebsd-current@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QqN1y15QJz4jWkq for ; Mon, 26 Jun 2023 09:33:26 +0000 (UTC) (envelope-from mad@madpilot.net) Received: from mail.madpilot.net (vogon.madpilot.net [IPv6:2a01:4f8:1c1c:11e5::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4QqN1w64yHz4b7F; Mon, 26 Jun 2023 09:33:24 +0000 (UTC) (envelope-from mad@madpilot.net) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=madpilot.net header.s=bjowvop61wgh header.b="I lB6hCU"; spf=pass (mx1.freebsd.org: domain of mad@madpilot.net designates 2a01:4f8:1c1c:11e5::1 as permitted sender) smtp.mailfrom=mad@madpilot.net; dmarc=pass (policy=quarantine) header.from=madpilot.net Received: from mail (mail [IPv6:fd5c:5351:d272::3]) by mail.madpilot.net (Postfix) with ESMTP id 4QqN1m094mz6fBD; Mon, 26 Jun 2023 11:33:16 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=madpilot.net; h= content-transfer-encoding:content-type:content-type:in-reply-to :from:from:references:content-language:subject:subject:date:date :message-id:received; s=bjowvop61wgh; t=1687771990; x= 1689586391; bh=lpqmG7sxYq+NgPrcGLLO3pVJyF8hBb+Zxwv1JCUsHgc=; b=I lB6hCUbJ0cELHEglJW7J1zMu8+kumHeZiL3aFj8LKKLCq+ahxjnbilUIJczlLmdf TBwEr25wQ92lzfjRRCB5bku/4QEnFCw9A+zw3PNTrv3dSoUl+He2nokv8LYZxXul QGA4kb0j9AemgvbXZc8hLqGpPYg8rrND0N0+FOKrlyhtbTGBnXjlg0fjCFECKOSI CE3UXn2Ui00P5W+xSlkcF7Obn1gzM3i77nSRcWWzI90EsGbodZS+HDXkne03GoEQ 1ZI+5G6lF3mkcv0wQNmgD7zJSt3wwoz8PmjOK+ulbhdTODVlS/wMEOH/MqzeDdWZ CzQWkPz8olMQ1SwGLypAg== Received: from mail.madpilot.net ([IPv6:fd5c:5351:d272::3]) by mail (mail.madpilot.net [IPv6:fd5c:5351:d272::3]) (amavisd-new, port 10026) with ESMTP id jgOmxnnu2nfh; Mon, 26 Jun 2023 11:33:10 +0200 (CEST) Message-ID: <8c22a9ef-aa34-3175-2768-72bda6a24fd8@madpilot.net> Date: Mon, 26 Jun 2023 11:33:14 +0200 Subject: Re: OpenSSL 3.0 is in the tree Content-Language: en-US To: Dimitry Andric , FreeBSD Current Cc: Ed Maste References: <7F74F4D7-77F6-478E-8D3A-9E705F363F5B@FreeBSD.org> From: Guido Falsi In-Reply-To: <7F74F4D7-77F6-478E-8D3A-9E705F363F5B@FreeBSD.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spamd-Result: default: False [-1.93 / 15.00]; MISSING_MIME_VERSION(2.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-0.999]; NEURAL_HAM_LONG(-0.97)[-0.971]; NEURAL_HAM_SHORT(-0.96)[-0.963]; DMARC_POLICY_ALLOW(-0.50)[madpilot.net,quarantine]; R_SPF_ALLOW(-0.20)[+mx]; R_DKIM_ALLOW(-0.20)[madpilot.net:s=bjowvop61wgh]; MIME_GOOD(-0.10)[text/plain]; MLMMJ_DEST(0.00)[freebsd-current@freebsd.org]; FROM_EQ_ENVFROM(0.00)[]; RCVD_TLS_LAST(0.00)[]; MIME_TRACE(0.00)[0:+]; ARC_NA(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; TO_DN_ALL(0.00)[]; FROM_HAS_DN(0.00)[]; DKIM_TRACE(0.00)[madpilot.net:+]; RCPT_COUNT_THREE(0.00)[3]; ASN(0.00)[asn:24940, ipnet:2a01:4f8::/32, country:DE]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MID_RHS_MATCH_FROM(0.00)[] X-Rspamd-Queue-Id: 4QqN1w64yHz4b7F X-Spamd-Bar: - X-ThisMailContainsUnwantedMimeParts: N List-Id: Discussions about the use of FreeBSD-current List-Archive: https://lists.freebsd.org/archives/freebsd-current List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-current@freebsd.org On 24/06/23 16:47, Dimitry Andric wrote: > On 24 Jun 2023, at 16:22, Ed Maste wrote: >> >> Last night I merged OpenSSL 3.0 to main. This, along with the update >> to Clang 16 and other recent changes may result in some challenges >> over the next few days or weeks for folks following -CURRENT, such as >> ports that need to be updated or unanticipated issues in the base >> system. >> >> We need to get this work done so that we can continue moving on with >> FreeBSD 14; I apologize for the trouble it might cause in the short >> term. Please follow up to report any trouble you encounter. > > Regarding affected ports, see also the llvm-16-update exp-run bug: > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=271047 > > and similarly, the openssl 3.0 exp-run bug: > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=271656 > Hi, Thanks for your work on this, I understand and appreciate the importance of getting OpenSSL 3 in the tree. I am trying to uupdate to the new head with openssl 3 and am observing something I did not expect. Some ports are building fine but then failing at runtime. For example, security/pam_ssh_agent_auth fails at runtime when trying to use sudo (which uses this library via pam): in try_dlopen(): /usr/local/lib/pam_ssh_agent_auth.so: (null): Undefined symbol "RSA_generate_key" I see RSA_generate_key is deprecated, but should still be present in the library, I'm guessing there is some define or compile option I could enable in the port to make it work, but I'm failing to find the correct solution. Any help appreciated. Anyway in general be warned that things are also failing at runtime in unexpected ways! -- Guido Falsi