On 18/03/2020 15:04, John D. Baker wrote:
I didn't realise that but you are right just checked the deps on my binary package and there is no direct ssl dependency. That's a very wierd situation. I'll see if I can figure out how that happens.Base heimdal may be linked against base OpenSSL (1.0.2k in netbsd-8), but pkgsrc heimdal explicitly does NOT link with any OpenSSL (even 1.1.x in pkgsrc). So, the solution for "heimdal linked against obsolete OpenSSL" is to install "heimdal not linked with ANY OpenSSL".
For what its worth I have a lot of the same packages on my 8.x amd64 system and I didn't actually encounter any problems with the openssl change. I've been running with it now for quite some time as I track the pkgsrc mainline. I would have expected to run into issues if there where any as I run https, imaps, and SMTP with TLS support on one of my 8.x systems.libarchive openldap-client (new package to satisfy nss_ldap) rhash python37 netatalk22 p5-Net-SSLeay python27 curl samba git-base
Nasty. That can't be fun to try and debug as the cycle times for recovery must be awful.Alas, I can't update this machine to netbsd-9 as siisata(4) is broken for me and hoses my RAID.
I always kick the tyres of a new release fairly hard on my build server before pushing it out to everything else.
Mike