From owner-freebsd-current@freebsd.org Thu Oct 11 18:14:53 2018 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2AED510C2E26 for ; Thu, 11 Oct 2018 18:14:53 +0000 (UTC) (envelope-from truckman@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id D0EAD7B349; Thu, 11 Oct 2018 18:14:52 +0000 (UTC) (envelope-from truckman@FreeBSD.org) Received: from mousie.catspoiler.org (unknown [76.212.85.177]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) (Authenticated sender: truckman) by smtp.freebsd.org (Postfix) with ESMTPSA id 52651168C5; Thu, 11 Oct 2018 18:14:52 +0000 (UTC) (envelope-from truckman@FreeBSD.org) Date: Thu, 11 Oct 2018 11:14:48 -0700 (PDT) From: Don Lewis Subject: Re: HEADS-UP: OpenSSL 1.1.1 in 12.0 To: freebsd.current@clogic.com.ua cc: Michael Butler , freebsd-current@freebsd.org In-Reply-To: Message-ID: References: <20181009213425.GG61558@FreeBSD.org> <346b8805-f4d3-dc90-c882-d72f640b6a5c@protected-networks.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; CHARSET=us-ascii Content-Disposition: INLINE X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Oct 2018 18:14:53 -0000 On 11 Oct, freebsd.current@clogic.com.ua wrote: > On 2018-10-10 06:14, Michael Butler wrote: >> On 10/9/18 5:34 PM, Glen Barber wrote: >>> OpenSSL has been updated to version 1.1.1 as of r339270. >>> >>> It is important to rebuild third-party packages before running: >>> >>> # make -C /usr/src delete-old && make -C /usr/src delete-old-libs >>> >>> Thank you for your patience while this work was in progress, and thank >>> you to all involved for their hard work in getting things ready for >>> this >>> update. >> >> So far, I've found two ports that will no longer build. They are: >> >> net-mgmt/net-snmp >> security/opencryptoki >> >> I simply chose those that were linked to /usr/lib/libssl.so.8 where the >> openssl update creates libssl.so.9. There may be more I haven't found >> yet, >> >> imb > > You always can add DEFAULT_VERSIONS+=ssl=openssl to /etc/make.conf to > use openssl from ports. > Anyway, I think apps from ports need to use openssl from ports. I've been doing this for a long time, but I still see a fair amount of breakage with the new base OpenSSL. I suspect that some ports are incorrectly stumbling across the new bits in base even though they shouldn't be looking there. What ever happened to the plan to make base OpenSSL private?