Re: HEADS-UP: security/openssl switching to 3.0 branch

2023-10-17 Thread DutchDaemon - FreeBSD Forums Administrator 

On 17/10/2023 08:41, Xavier Humbert wrote:

Hi Bernard,

To be clear, if one wants to keep old openssl11, add

DEFAULT_VERSIONS+= ssl=openssl111

to make .conf

Am I right ?



That is correct.




OpenPGP_signature.asc
Description: OpenPGP digital signature

Re: HEADS-UP: security/openssl switching to 3.0 branch

2023-10-17 Thread DutchDaemon - FreeBSD Forums Administrator 

On 16/10/2023 17:04, DutchDaemon - FreeBSD Forums Administrator wrote:


This actually helped. So for old, deep-down remnants of OpenSSL 1.1. 
to disappear, a wholesale pkg delete -a -f -y and a reinstall of all 
node packages (get them through pkg prime-origins) is advisable.




Note: switching of CCACHE for this is also advisable. Rebuild all ports, 
no CCACHE from previous builds, and hard deinstall/reinstall. OpenSSL is 
pesky.




OpenPGP_signature.asc
Description: OpenPGP digital signature

Re: HEADS-UP: security/openssl switching to 3.0 branch

2023-10-17 Thread DutchDaemon - FreeBSD Forums Administrator 

On 16/10/2023 12:49, DutchDaemon - FreeBSD Forums Administrator wrote:


Certbot is now also broken:


# certbot
Traceback (most recent call last):
  File "/usr/local/bin/certbot", line 33, in 
    sys.exit(load_entry_point('certbot==2.6.0', 'console_scripts', 
'certbot')())

  File "/usr/local/bin/certbot", line 25, in importlib_load_entry_point
    return next(matches).load()
  File "/usr/local/lib/python3.9/importlib/metadata.py", line 86, in load
    module = import_module(match.group('module'))
  File "/usr/local/lib/python3.9/importlib/__init__.py", line 127, in 
import_module

    return _bootstrap._gcd_import(name[level:], package, level)
  File "", line 1030, in _gcd_import
  File "", line 1007, in _find_and_load
  File "", line 986, in 
_find_and_load_unlocked

  File "", line 680, in _load_unlocked
  File "", line 850, in exec_module
  File "", line 228, in 
_call_with_frames_removed
  File "/usr/local/lib/python3.9/site-packages/certbot/main.py", line 
6, in 

    from certbot._internal import main as internal_main
  File 
"/usr/local/lib/python3.9/site-packages/certbot/_internal/main.py", 
line 21, in 

    import josepy as jose
  File "/usr/local/lib/python3.9/site-packages/josepy/__init__.py", 
line 40, in 

    from josepy.json_util import (
  File "/usr/local/lib/python3.9/site-packages/josepy/json_util.py", 
line 14, in 

    from OpenSSL import crypto
  File "/usr/local/lib/python3.9/site-packages/OpenSSL/__init__.py", 
line 8, in 

    from OpenSSL import SSL, crypto
  File "/usr/local/lib/python3.9/site-packages/OpenSSL/SSL.py", line 
9, in 

    from OpenSSL._util import (
  File "/usr/local/lib/python3.9/site-packages/OpenSSL/_util.py", line 
6, in 

    from cryptography.hazmat.bindings.openssl.binding import Binding
  File 
"/usr/local/lib/python3.9/site-packages/cryptography/hazmat/bindings/openssl/binding.py", 
line 15, in 

    from cryptography.exceptions import InternalError
  File 
"/usr/local/lib/python3.9/site-packages/cryptography/exceptions.py", 
line 9, in 
    from cryptography.hazmat.bindings._rust import exceptions as 
rust_exceptions
ImportError: 
/usr/local/lib/python3.9/site-packages/cryptography/hazmat/bindings/_rust.abi3.so: 
Undefined symbol "EVP_default_properties_is_fips_enabled"


I have retried all kinds of rebuilds, new build jails, CCACHE on/off, 
and full deinstalls/reinstalls, but this remains a problem; I see that 
there are OpenSSL/py-crypto bugs filed for this, so I will stop trying 
to remedy this,


# certbot
Traceback (most recent call last):
  File "/usr/local/bin/certbot", line 33, in 
    sys.exit(load_entry_point('certbot==2.6.0', 'console_scripts', 
'certbot')())

  File "/usr/local/bin/certbot", line 25, in importlib_load_entry_point
    return next(matches).load()
  File "/usr/local/lib/python3.9/importlib/metadata.py", line 86, in load
    module = import_module(match.group('module'))
  File "/usr/local/lib/python3.9/importlib/__init__.py", line 127, in 
import_module

    return _bootstrap._gcd_import(name[level:], package, level)
  File "", line 1030, in _gcd_import
  File "", line 1007, in _find_and_load
  File "", line 986, in 
_find_and_load_unlocked

  File "", line 680, in _load_unlocked
  File "", line 850, in exec_module
  File "", line 228, in 
_call_with_frames_removed
  File "/usr/local/lib/python3.9/site-packages/certbot/main.py", line 
6, in 

    from certbot._internal import main as internal_main
  File 
"/usr/local/lib/python3.9/site-packages/certbot/_internal/main.py", line 
21, in 

    import josepy as jose
  File "/usr/local/lib/python3.9/site-packages/josepy/__init__.py", 
line 40, in 

    from josepy.json_util import (
  File "/usr/local/lib/python3.9/site-packages/josepy/json_util.py", 
line 14, in 

    from OpenSSL import crypto
  File "/usr/local/lib/python3.9/site-packages/OpenSSL/__init__.py", 
line 8, in 

    from OpenSSL import SSL, crypto
  File "/usr/local/lib/python3.9/site-packages/OpenSSL/SSL.py", line 9, 
in 

    from OpenSSL._util import (
  File "/usr/local/lib/python3.9/site-packages/OpenSSL/_util.py", line 
6, in 

    from cryptography.hazmat.bindings.openssl.binding import Binding
  File 
"/usr/local/lib/python3.9/site-packages/cryptography/hazmat/bindings/openssl/binding.py", 
line 15, in 

    from cryptography.exceptions import InternalError
  File 
"/usr/local/lib/python3.9/site-packages/cryptography/exceptions.py", 
line 9, in 
    from cryptography.hazmat.bindings._rust import exceptions as 
rust_exceptions
ImportError: 
/usr/local/lib/python3.9/site-packages/cryptography/hazmat/bindings/_rust.abi3.so: 
Undefined symbol "EVP_default_properties_is_fips_enabled"




OpenPGP_signature.asc
Description: OpenPGP digital signature

Re: HEADS-UP: security/openssl switching to 3.0 branch

2023-10-17 Thread DutchDaemon - FreeBSD Forums Administrator 

On 17/10/2023 12:43, DutchDaemon - FreeBSD Forums Administrator wrote:


I have retried all kinds of rebuilds, new build jails, CCACHE on/off, 
and full deinstalls/reinstalls, but this remains a problem; I see that 
there are OpenSSL/py-crypto bugs filed for this, so I will stop trying 
to remedy this,


# certbot
Traceback (most recent call last):
  File "/usr/local/bin/certbot", line 33, in 
    sys.exit(load_entry_point('certbot==2.6.0', 'console_scripts', 
'certbot')())

  File "/usr/local/bin/certbot", line 25, in importlib_load_entry_point
    return next(matches).load()
  File "/usr/local/lib/python3.9/importlib/metadata.py", line 86, in load
    module = import_module(match.group('module'))
  File "/usr/local/lib/python3.9/importlib/__init__.py", line 127, in 
import_module

    return _bootstrap._gcd_import(name[level:], package, level)
  File "", line 1030, in _gcd_import
  File "", line 1007, in _find_and_load
  File "", line 986, in 
_find_and_load_unlocked

  File "", line 680, in _load_unlocked
  File "", line 850, in exec_module
  File "", line 228, in 
_call_with_frames_removed
  File "/usr/local/lib/python3.9/site-packages/certbot/main.py", line 
6, in 

    from certbot._internal import main as internal_main
  File 
"/usr/local/lib/python3.9/site-packages/certbot/_internal/main.py", 
line 21, in 

    import josepy as jose
  File "/usr/local/lib/python3.9/site-packages/josepy/__init__.py", 
line 40, in 

    from josepy.json_util import (
  File "/usr/local/lib/python3.9/site-packages/josepy/json_util.py", 
line 14, in 

    from OpenSSL import crypto
  File "/usr/local/lib/python3.9/site-packages/OpenSSL/__init__.py", 
line 8, in 

    from OpenSSL import SSL, crypto
  File "/usr/local/lib/python3.9/site-packages/OpenSSL/SSL.py", line 
9, in 

    from OpenSSL._util import (
  File "/usr/local/lib/python3.9/site-packages/OpenSSL/_util.py", line 
6, in 

    from cryptography.hazmat.bindings.openssl.binding import Binding
  File 
"/usr/local/lib/python3.9/site-packages/cryptography/hazmat/bindings/openssl/binding.py", 
line 15, in 

    from cryptography.exceptions import InternalError
  File 
"/usr/local/lib/python3.9/site-packages/cryptography/exceptions.py", 
line 9, in 
    from cryptography.hazmat.bindings._rust import exceptions as 
rust_exceptions
ImportError: 
/usr/local/lib/python3.9/site-packages/cryptography/hazmat/bindings/_rust.abi3.so: 
Undefined symbol "EVP_default_properties_is_fips_enabled"




And, as noted elsewhere, it's linked to the base system OpenSSL, not the 
ported OpenSSL (make.conf has ssl=openssl).


# ldd 
/usr/local/lib/python3.9/site-packages/cryptography/hazmat/bindings/_rust.abi3.so

/usr/local/lib/python3.9/site-packages/cryptography/hazmat/bindings/_rust.abi3.so:
    libssl.so.111 => /usr/lib/libssl.so.111 (0x321b4b1ac000)
    libcrypto.so.111 => /lib/libcrypto.so.111 (0x321b50234000)
    libthr.so.3 => /lib/libthr.so.3 (0x321b4facd000)
    libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x321b5136)
    libc.so.7 => /lib/libc.so.7 (0x321b4b9c2000)



OpenPGP_signature.asc
Description: OpenPGP digital signature

Re: HEADS-UP: security/openssl switching to 3.0 branch

2023-10-17 Thread DutchDaemon - FreeBSD Forums Administrator 

On 17/10/2023 12:51, DutchDaemon - FreeBSD Forums Administrator wrote:
And, as noted elsewhere, it's linked to the base system OpenSSL, not 
the ported OpenSSL (make.conf has ssl=openssl).


# ldd 
/usr/local/lib/python3.9/site-packages/cryptography/hazmat/bindings/_rust.abi3.so

/usr/local/lib/python3.9/site-packages/cryptography/hazmat/bindings/_rust.abi3.so:
    libssl.so.111 => /usr/lib/libssl.so.111 (0x321b4b1ac000)
    libcrypto.so.111 => /lib/libcrypto.so.111 (0x321b50234000)
    libthr.so.3 => /lib/libthr.so.3 (0x321b4facd000)
    libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x321b5136)
    libc.so.7 => /lib/libc.so.7 (0x321b4b9c2000)



And this appears to hinge on 
https://bz-attachments.freebsd.org/attachment.cgi?id=245511 (base SSL 
prioritized over port SSL) - now we wait?




OpenPGP_signature.asc
Description: OpenPGP digital signature

Re: Does anyone has patch for math/py-scikit-umfpack ?

2023-10-17 Thread KIRIYAMA Kazuhiko 
Hi, Thierry !

On Tue, 17 Oct 2023 02:43:05 +0900,
Thierry Thomas wrote:
> 
> [1  ]
> Le lun. 16 oct. 23 .AN` 12:26:07 +0200, KIRIYAMA Kazuhiko 
>  .ANicrivaitN :
> > Hi, list
> 
> Hello,
> 
> > I'm building audio/audacity package, but failed at
> > math/py-scikit-umfpack:
> 
> I just submitted PR 274518 with a patch from GH:
> 

Fine! py39-scikit-umfpack-0.3.3_2 has been succesefully
built by sanitaly change (maybe typo):

--- math_py-scikit-umfpack.diff~2023-10-17 16:28:18.004562000 +0900
+++ math_py-scikit-umfpack.diff 2023-10-17 21:18:41.559313000 +0900
@@ -35,7 +35,7 @@
${PYTHON_PKGNAMEPREFIX}scipy>0:science/py-scipy@${PY_FLAVOR} \
swig:devel/swig
  LIB_DEPENDS=  libamd.so:math/suitesparse-amd \
-+  libcblas.so::math/cblas \
++  libcblas.so:math/cblas \
libopenblas.so:math/openblas \
libumfpack.so:math/suitesparse-umfpack
  RUN_DEPENDS=  ${PYNUMPY} \

> With this patch it builds, but the tests are still failing, and I don.FN"t
> know how it can be used$B!D(B Could you please check it?

Are those tests are runtime ones ? What troublesomes appear
in running ?

Anyway all packages that needs in my desktop has beed built
[1]. Thanks for help.

[1] 
ftp://ftp.truefc.org/pub/FreeBSD/packages/freebsd/amd64/amd64/15.0C/9b03a5de73d4.xij/9ce8c29b90c7/All/

Best regards
---
Kazuhiko Kiriyama

Any chance of MySQL 5.7.43?

2023-10-17 Thread DutchDaemon - FreeBSD Forums Administrator 

dev.mysql.com

MySQL :: MySQL 5.7 Release Notes :: Changes in MySQL 5.7.43 (2023-07-18, 
General Availability) <#>


🔗 https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-43.html 



Currently, the 5.7.42 in Ports fails to build against OpenSSL 3. 
Upstream says that 5.7.43 has been linked to OpenSSL 3.


I know, EOL, but 8.x is not deployable on many servers in my client base 
right now, though they're working on it.




OpenPGP_signature.asc
Description: OpenPGP digital signature

Re: Any chance of MySQL 5.7.43?

2023-10-17 Thread Ronald Klop 

Hi,

You could mail the maintainer of the port and ask for an upgrade.
See https://www.freshports.org/databases/mysql57-server

Or file a PR on 
https://bugs.freebsd.org/bugzilla/buglist.cgi?component=Individual%20Port%28s%29&list_id=647720&product=Ports%20%26%20Packages&query_format=advanced&resolution=---&short_desc=databases%2Fmysql57-server&short_desc_type=allwordssubstr

It always helps if you could add a diff to the port to the PR. But I don't know 
your skills. Otherwise let's hope the maintainer has some time.

Regards en de groetjes,
Ronald.


Van: DutchDaemon - FreeBSD Forums Administrator 
Datum: dinsdag, 17 oktober 2023 15:27
Aan: freebsd-po...@freebsd.org
Onderwerp: Any chance of MySQL 5.7.43?


dev.mysql.com

MySQL :: MySQL 5.7 Release Notes :: Changes in MySQL 5.7.43 (2023-07-18, 
General Availability)

 


https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-43.html

 


Currently, the 5.7.42 in Ports fails to build against OpenSSL 3. Upstream says 
that 5.7.43 has been linked to OpenSSL 3.

I know, EOL, but 8.x is not deployable on many servers in my client base right 
now, though they're working on it.

Re: Any chance of MySQL 5.7.43?

2023-10-17 Thread DutchDaemon - FreeBSD Forums Administrator 


On 17/10/2023 15:35, Ronald Klop wrote:


Hi,

You could mail the maintainer of the port and ask for an upgrade.
See https://www.freshports.org/databases/mysql57-server

Or file a PR on 
https://bugs.freebsd.org/bugzilla/buglist.cgi?component=Individual%20Port%28s%29&list_id=647720&product=Ports%20%26%20Packages&query_format=advanced&resolution=---&short_desc=databases%2Fmysql57-server&short_desc_type=allwordssubstr


It always helps if you could add a diff to the port to the PR. But I 
don't know your skills. Otherwise let's hope the maintainer has some time.


Regards en de groetjes,
Ronald.

*Van:* DutchDaemon - FreeBSD Forums Administrator 


*Datum:* dinsdag, 17 oktober 2023 15:27
*Aan:* freebsd-po...@freebsd.org
*Onderwerp:* Any chance of MySQL 5.7.43?

dev.mysql.com

MySQL :: MySQL 5.7 Release Notes :: Changes in MySQL 5.7.43
(2023-07-18, General Availability)

https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-43.html


Currently, the 5.7.42 in Ports fails to build against OpenSSL 3.
Upstream says that 5.7.43 has been linked to OpenSSL 3.

I know, EOL, but 8.x is not deployable on many servers in my
client base right now, though they're working on it.



Indeed forgot to include maint.
Also pointing to 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=258413 where MySQL 5.7 
was deemed 'EOL'.

Hopefully this changes that idea.



OpenPGP_signature.asc
Description: OpenPGP digital signature

Re: Any chance of MySQL 5.7.43?

2023-10-17 Thread Moin Rahman 


> On Oct 17, 2023, at 3:40 PM, DutchDaemon - FreeBSD Forums Administrator 
>  wrote:
> 
> 
> On 17/10/2023 15:35, Ronald Klop wrote:
>> Hi,
>> 
>> You could mail the maintainer of the port and ask for an upgrade.
>> See https://www.freshports.org/databases/mysql57-server
>> 
>> Or file a PR on 
>> https://bugs.freebsd.org/bugzilla/buglist.cgi?component=Individual%20Port%28s%29&list_id=647720&product=Ports%20%26%20Packages&query_format=advanced&resolution=---&short_desc=databases%2Fmysql57-server&short_desc_type=allwordssubstr
>> 
>> It always helps if you could add a diff to the port to the PR. But I don't 
>> know your skills. Otherwise let's hope the maintainer has some time.
>> 
>> Regards en de groetjes,
>> Ronald.
>> 
>> Van: DutchDaemon - FreeBSD Forums Administrator 
>> Datum: dinsdag, 17 oktober 2023 15:27
>> Aan: freebsd-po...@freebsd.org
>> Onderwerp: Any chance of MySQL 5.7.43?
>> dev.mysql.com
>> MySQL :: MySQL 5.7 Release Notes :: Changes in MySQL 5.7.43 (2023-07-18, 
>> General Availability)
>> 
>> https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-43.html
>> 
>> Currently, the 5.7.42 in Ports fails to build against OpenSSL 3. Upstream 
>> says that 5.7.43 has been linked to OpenSSL 3.
>> I know, EOL, but 8.x is not deployable on many servers in my client base 
>> right now, though they're working on it.
>> 
>> 
> 
> Indeed forgot to include maint.
> Also pointing to https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=258413 
> where MySQL 5.7 was deemed 'EOL'.
> Hopefully this changes that idea.
> 

In the case you are not yet ready for the upgrades I think it will best to lock 
the packages or maintain a different repo and build your own pkgsets.

Additionally 5.7 was actually on extended support(official support ended in 
2019/2020 and they dropped support for FreeBSD during those days) which ends in 
the end of this month. So we are more than sure that it won't survive next 
quarterly in the official tree.

Kind regards,
Moin




signature.asc
Description: Message signed with OpenPGP

Re: Any chance of MySQL 5.7.43?

2023-10-17 Thread Jochen Neumeister 

Hello,

yes, the port is updated to 5.7.43. I am also working on MySQL 8.1 at 
the same time.


Please remember, if you are still using MySQL 5.7, that it will be 
deleted at the end of this year and you must use MySQL 8.0 then :-)


Best regards
Jochen



Am 17.10.23 um 15:40 schrieb DutchDaemon - FreeBSD Forums Administrator:


On 17/10/2023 15:35, Ronald Klop wrote:


Hi,

You could mail the maintainer of the port and ask for an upgrade.
See https://www.freshports.org/databases/mysql57-server

Or file a PR on 
https://bugs.freebsd.org/bugzilla/buglist.cgi?component=Individual%20Port%28s%29&list_id=647720&product=Ports%20%26%20Packages&query_format=advanced&resolution=---&short_desc=databases%2Fmysql57-server&short_desc_type=allwordssubstr


It always helps if you could add a diff to the port to the PR. But I 
don't know your skills. Otherwise let's hope the maintainer has some 
time.


Regards en de groetjes,
Ronald.

*Van:* DutchDaemon - FreeBSD Forums Administrator 


*Datum:* dinsdag, 17 oktober 2023 15:27
*Aan:* freebsd-po...@freebsd.org
*Onderwerp:* Any chance of MySQL 5.7.43?

dev.mysql.com

MySQL :: MySQL 5.7 Release Notes :: Changes in MySQL 5.7.43
(2023-07-18, General Availability)

https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-43.html


Currently, the 5.7.42 in Ports fails to build against OpenSSL 3.
Upstream says that 5.7.43 has been linked to OpenSSL 3.

I know, EOL, but 8.x is not deployable on many servers in my
client base right now, though they're working on it.



Indeed forgot to include maint.
Also pointing to 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=258413 where MySQL 
5.7 was deemed 'EOL'.

Hopefully this changes that idea.

Re: Any chance of MySQL 5.7.43?

2023-10-17 Thread DutchDaemon - FreeBSD Forums Administrator 

On 17/10/2023 16:08, Jochen Neumeister wrote:


Hello,

yes, the port is updated to 5.7.43. I am also working on MySQL 8.1 at 
the same time.


Please remember, if you are still using MySQL 5.7, that it will be 
deleted at the end of this year and you must use MySQL 8.0 then :-)




Many thanks, and understood!




OpenPGP_signature.asc
Description: OpenPGP digital signature

Re: HEADS-UP: security/openssl switching to 3.0 branch

2023-10-17 Thread Gareth de Vaux 
On Mon 2023-10-16 (17:04), DutchDaemon - FreeBSD Forums Administrator wrote:
> On 16/10/2023 13:14, DutchDaemon - FreeBSD Forums Administrator wrote:
> > On 16/10/2023 13:07, Guido Falsi wrote:
> > > On 16/10/23 13:03, DutchDaemon - FreeBSD Forums Administrator wrote:
> > > > On 16/10/2023 12:57, Guido Falsi wrote:
> > > > > On 16/10/23 11:19, DutchDaemon - FreeBSD Forums Administrator wrote:
> > > > > > I found this one after a full rebuild in Poudriere:
> > > > > > 
> > > > > > ld-elf.so.1: Shared object "libssl.so.11" not found,
> > > > > > required by "transmission-daemon"
> > > > > > 
> > > > > 
> > > > > I guess you will need to force rebuild/reinstall all
> > > > > packages depending on openssl.
> > > > > 
> > > > > (if I understand correctly you're using poudriere-bulk(8) to
> > > > > build yout binary packages repo)
> > > > > 
> > > > > Actually poudriere should have been able to rebuild them
> > > > > itself, unless you're using the -S option, which could have
> > > > > skipped some rebuilds that in this case are needed.
> > > > > 
> > > > > If you have a broken repo (due to -S or some other unknown
> > > > > reason) you will need to rebuild it from scratch (-c option)
> > > > > to get a pristine and hopefully working one.
> > > > > 
> > > > This is Poudriere, everything was rebuilt from the ground up.
> > > > 
> > > 
> > > I see, but you did not report, did you "pkg upgrade -f" everything
> > > depending on openssl? I'm not sure pkg will figure it out by itself
> > > that it needs to do that in your case.
> > > 
> > > It looks like you still have old binaries on your system. If
> > > poudriere did end the build them all successfully it would be
> > > strange it would have generated so many non working binaries without
> > > experiencing failures during the build.
> > > 
> > 
> > For this specific jail, 496/496 packages were built from scratch with 0
> > errors, 0 skips.
> > 
> > The only thing I can do is pkg delete -a- f -y && pkg install
> > $(list-of-node-ports) but that seems excessive. A pkg upgrade -fy on all
> > ports should be enough.
> > 
> 
> This actually helped. So for old, deep-down remnants of OpenSSL 1.1. to
> disappear, a wholesale pkg delete -a -f -y and a reinstall of all node
> packages (get them through pkg prime-origins) is advisable.


portupgrade -frR openssl-3.0.11,1  did the job for me (granted, not everyone's 
using portupgrade).

Also, there should be an entry in ports/UPDATING about this, it's a breaking 
change.

Re: HEADS-UP: security/openssl switching to 3.0 branch

2023-10-17 Thread Tatsuki Makino 
Hello.

Xavier Humbert wrote on 2023/10/17 15:41:
> DEFAULT_VERSIONS+= ssl=openssl111

We who want to keep 1.1.1 should just do that thing we always do, right?
The pkg version results would show the following.

openssl-1.1.1w,1   <   needs updating (index has 3.0.11,1)

security/openssl111 has PKGNAMESUFFIX, so rename it.

pkg set -n openssl:openssl111

Origin is also moving.

pkg set -o security/openssl:security/openssl111

Will these changes also update the local.sqlite deps table? :)

If openssl is allowed to be built again, portmaster is used as follows

portmaster -o security/openssl111 openssl-1.1.1w,1

After this, restart all processes using openssl to give up the handle to the 
unlinked library.

Such a procedure would require the least amount of effort, would it not?

Regards.

Re: HEADS-UP: security/openssl switching to 3.0 branch

2023-10-17 Thread Tatsuki Makino 
Tatsuki Makino wrote on 2023/10/18 09:06:
> pkg set -n openssl:openssl111
> pkg set -o security/openssl:security/openssl111
> Will these changes also update the local.sqlite deps table? :)

I have run it in my environment. in use :)
>From the results of `pkg shell .dump | grep openssl`, it seems that the 
>rewrite was done as I thought.
A few lines of examples are quoted below.

INSERT INTO packages 
VALUES(27078,'security/openssl111','openssl111','1.1.1w,1','TLSv1.3 capable SSL 
and crypto library',replace('T ...(omitted)
INSERT INTO deps VALUES('security/openssl111','openssl111','1.1.1w,1',22497);
INSERT INTO deps VALUES('security/openssl111','openssl111','1.1.1w,1',22958);

This changed the pkg version results as follows.

> pkg version -v -e openssl111
openssl111-1.1.1w,1>   succeeds index (index has 1.1.1w)

Since PORTEPOCH is different, it seems that it needs to be rebuilt and 
reinstalled after all :)

By the way, security/openssl111 of origin has been disused once, around 
2020-01-01.
And if it is used again, how will PORTEPOCH be treated?

Regards.

Unmaintained FreeBSD ports which are out of date

2023-10-17 Thread portscout 
Dear port maintainers,

The portscout new distfile checker has detected that one or more
unmaintained ports appears to be out of date. Please take the opportunity
to check each of the ports listed below, and if possible and appropriate,
submit/commit an update. Please consider also adopting this port.
If any ports have already been updated, you can safely ignore the entry.

An e-mail will not be sent again for any of the port/version combinations
below.

Full details can be found at the following URL:
http://portscout.freebsd.org/po...@freebsd.org.html


Port| Current version | New version
+-+
audio/baresip   | 3.5.1   | v3.6.0
+-+
audio/re| 3.5.1   | v3.6.0
+-+
cad/ifcopenshell| 0.6.0   | 
blenderbim-231017
+-+
devel/py-archinfo   | 9.0.5405| v9.2.73
+-+
devel/py-cle| 9.0.5405| v9.2.73
+-+
net-im/signal-cli   | 0.9.0   | v0.12.3
+-+
security/py-ailment | 9.0.5405| v9.2.73
+-+
security/py-angr| 9.0.5405| v9.2.73
+-+
security/py-pyvex   | 9.0.5405| v9.2.73
+-+


If any of the above results are invalid, please check the following page
for details on how to improve portscout's detection and selection of
distfiles on a per-port basis:

http://portscout.freebsd.org/info/portscout-portconfig.txt

Reported by:portscout!