Re: HEADS-UP: security/openssl switching to 3.0 branch
- Reply: DutchDaemon - FreeBSD Forums Administrator : "Re: HEADS-UP: security/openssl switching to 3.0 branch"
- Reply: Gareth de Vaux : "Re: HEADS-UP: security/openssl switching to 3.0 branch"
- In reply to: DutchDaemon - FreeBSD Forums Administrator : "Re: HEADS-UP: security/openssl switching to 3.0 branch"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 16 Oct 2023 15:04:19 UTC
On 16/10/2023 13:14, DutchDaemon - FreeBSD Forums Administrator wrote: > On 16/10/2023 13:07, Guido Falsi wrote: >> On 16/10/23 13:03, DutchDaemon - FreeBSD Forums Administrator wrote: >>> On 16/10/2023 12:57, Guido Falsi wrote: >>>> On 16/10/23 11:19, DutchDaemon - FreeBSD Forums Administrator wrote: >>>>> I found this one after a full rebuild in Poudriere: >>>>> >>>>> ld-elf.so.1: Shared object "libssl.so.11" not found, required by >>>>> "transmission-daemon" >>>>> >>>> >>>> I guess you will need to force rebuild/reinstall all packages >>>> depending on openssl. >>>> >>>> (if I understand correctly you're using poudriere-bulk(8) to build >>>> yout binary packages repo) >>>> >>>> Actually poudriere should have been able to rebuild them itself, >>>> unless you're using the -S option, which could have skipped some >>>> rebuilds that in this case are needed. >>>> >>>> If you have a broken repo (due to -S or some other unknown reason) >>>> you will need to rebuild it from scratch (-c option) to get a >>>> pristine and hopefully working one. >>>> >>> This is Poudriere, everything was rebuilt from the ground up. >>> >> >> I see, but you did not report, did you "pkg upgrade -f" everything >> depending on openssl? I'm not sure pkg will figure it out by itself >> that it needs to do that in your case. >> >> It looks like you still have old binaries on your system. If >> poudriere did end the build them all successfully it would be strange >> it would have generated so many non working binaries without >> experiencing failures during the build. >> > > For this specific jail, 496/496 packages were built from scratch with > 0 errors, 0 skips. > > The only thing I can do is pkg delete -a- f -y && pkg install > $(list-of-node-ports) but that seems excessive. A pkg upgrade -fy on > all ports should be enough. > This actually helped. So for old, deep-down remnants of OpenSSL 1.1. to disappear, a wholesale pkg delete -a -f -y and a reinstall of all node packages (get them through pkg prime-origins) is advisable.