HEADS-UP: OpenSSL 1.1.1 in 12.0
Don Lewis
truckman at FreeBSD.org
Sat Oct 13 00:00:18 UTC 2018
On 11 Oct, Don Lewis wrote:
> On 11 Oct, Don Lewis wrote:
>> On 11 Oct, freebsd.current at clogic.com.ua wrote:
>>> On 2018-10-10 06:14, Michael Butler wrote:
>>>> On 10/9/18 5:34 PM, Glen Barber wrote:
>>>>> OpenSSL has been updated to version 1.1.1 as of r339270.
>>>>>
>>>>> It is important to rebuild third-party packages before running:
>>>>>
>>>>> # make -C /usr/src delete-old && make -C /usr/src delete-old-libs
>>>>>
>>>>> Thank you for your patience while this work was in progress, and thank
>>>>> you to all involved for their hard work in getting things ready for
>>>>> this
>>>>> update.
>>>>
>>>> So far, I've found two ports that will no longer build. They are:
>>>>
>>>> net-mgmt/net-snmp
>>>> security/opencryptoki
>>>>
>>>> I simply chose those that were linked to /usr/lib/libssl.so.8 where the
>>>> openssl update creates libssl.so.9. There may be more I haven't found
>>>> yet,
>>>>
>>>> imb
>>>
>>> You always can add DEFAULT_VERSIONS+=ssl=openssl to /etc/make.conf to
>>> use openssl from ports.
>>> Anyway, I think apps from ports need to use openssl from ports.
>>
>> I've been doing this for a long time, but I still see a fair amount of
>> breakage with the new base OpenSSL. I suspect that some ports are
>> incorrectly stumbling across the new bits in base even though they
>> shouldn't be looking there.
>
> security/p5-Net-SSLeay is hardwired to use base OpenSSL, so changing the
> default version can't be done to unbreak p5-IO-Socket-SSL.
>
> devel/libsoup appears to allow the OpenSSL version to be set, but doesn't
> have an option for GSSAPI, so it attempts to use base GSSAPI with ports
> OpenSSL which is not a valid combo.
>
> emulators/virtualbox-ose is hardwired to use base OpenSSL.
I now think the problem with virtualbox-ose is not the port. Rather it
is the fact that that the base libssl.so and the libssl.so installed by
the security/openssl have the same shared library version number even
though they are radically different OpenSSL versions.
More information about the freebsd-current
mailing list