Re: HEADS-UP: security/openssl switching to 3.0 branch
- In reply to: DutchDaemon - FreeBSD Forums Administrator : "Re: HEADS-UP: security/openssl switching to 3.0 branch"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 17 Oct 2023 23:17:47 UTC
On Mon 2023-10-16 (17:04), DutchDaemon - FreeBSD Forums Administrator wrote: > On 16/10/2023 13:14, DutchDaemon - FreeBSD Forums Administrator wrote: > > On 16/10/2023 13:07, Guido Falsi wrote: > > > On 16/10/23 13:03, DutchDaemon - FreeBSD Forums Administrator wrote: > > > > On 16/10/2023 12:57, Guido Falsi wrote: > > > > > On 16/10/23 11:19, DutchDaemon - FreeBSD Forums Administrator wrote: > > > > > > I found this one after a full rebuild in Poudriere: > > > > > > > > > > > > ld-elf.so.1: Shared object "libssl.so.11" not found, > > > > > > required by "transmission-daemon" > > > > > > > > > > > > > > > > I guess you will need to force rebuild/reinstall all > > > > > packages depending on openssl. > > > > > > > > > > (if I understand correctly you're using poudriere-bulk(8) to > > > > > build yout binary packages repo) > > > > > > > > > > Actually poudriere should have been able to rebuild them > > > > > itself, unless you're using the -S option, which could have > > > > > skipped some rebuilds that in this case are needed. > > > > > > > > > > If you have a broken repo (due to -S or some other unknown > > > > > reason) you will need to rebuild it from scratch (-c option) > > > > > to get a pristine and hopefully working one. > > > > > > > > > This is Poudriere, everything was rebuilt from the ground up. > > > > > > > > > > I see, but you did not report, did you "pkg upgrade -f" everything > > > depending on openssl? I'm not sure pkg will figure it out by itself > > > that it needs to do that in your case. > > > > > > It looks like you still have old binaries on your system. If > > > poudriere did end the build them all successfully it would be > > > strange it would have generated so many non working binaries without > > > experiencing failures during the build. > > > > > > > For this specific jail, 496/496 packages were built from scratch with 0 > > errors, 0 skips. > > > > The only thing I can do is pkg delete -a- f -y && pkg install > > $(list-of-node-ports) but that seems excessive. A pkg upgrade -fy on all > > ports should be enough. > > > > This actually helped. So for old, deep-down remnants of OpenSSL 1.1. to > disappear, a wholesale pkg delete -a -f -y and a reinstall of all node > packages (get them through pkg prime-origins) is advisable. portupgrade -frR openssl-3.0.11,1 did the job for me (granted, not everyone's using portupgrade). Also, there should be an entry in ports/UPDATING about this, it's a breaking change.