Date: Thu, 9 Apr 2015 21:54:17 +0200 From: Michael Gmelin <freebsd@grem.de> To: Adam McDougall <mcdouga9@egr.msu.edu> Cc: "freebsd-ports@freebsd.org" <freebsd-ports@freebsd.org> Subject: Re: LibreSSL infects ports, causes problems Message-ID: <BE1A4A16-17D3-46E3-8DB1-6BE168FC6709@grem.de> In-Reply-To: <5526B7D1.20607@egr.msu.edu> References: <slrnmib1ur.2jau.naddy@lorvorc.mips.inka.de> <5525E609.70402@FreeBSD.org> <20150409115942.GA81282@lorvorc.mips.inka.de> <20150409130521.GQ95321@ivaldir.etoilebsd.net> <20150409155345.GA87497@lorvorc.mips.inka.de> <5526B7D1.20607@egr.msu.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 09 Apr 2015, at 19:33, Adam McDougall <mcdouga9@egr.msu.edu> wrote: >=20 >> On 04/09/2015 11:53, Christian Weisgerber wrote: >> Baptiste Daroussin: >>=20 >>> Some how you have mixed up things between base openssl and libressl, whe= n >>> starting to activate libressl if you are using ports only you have to be= extra >>> careful, (same goes with ncurses or ports openssl) just installing those= ports >>> is enough to "pollute" nearly anything you build after with a dependency= on it >>> (well anything that does link to libssl, libcrypto) >>=20 >> Well, yes, that's what I said. It's a bug. >>=20 >>> If it very complicated and >>> error prone to cherry pick "only take base openssl here, only ports open= ssl >>> there" the only "safe" way to solve this situation and being consistent i= s to >>> always skip the version from base and enforce the version for ports. (th= e >>> otherway around is impossible - very complicated) >>=20 >> And the addition of LibreSSL as a not-quite-equivalent alternative >> to ports OpenSSL makes this even more complicated. You can expect >> things coming out of OpenBSD (like new versions of net/openntpd) >> to require LibreSSL, because it includes a new library libtls that >> doesn't exist in OpenSSL. In the meantime, LibreSSL has removed >> some of the more horrific APIs of OpenSSL, which means some ports >> will not build against LibreSSL as is. Like python27. Fixes for >> these problems can be picked from the OpenBSD ports tree, if we >> want to. >=20 > Many problem reports with patches are filed already just waiting for > committers and are summarized here: https://wiki.freebsd.org/LibreSSL > It would be great to get at least the python27 patch committed. The patches proposed are not sufficient in all cases though. > _______________________________________________ > freebsd-ports@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ports > To unsubscribe, send any mail to "freebsd-ports-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BE1A4A16-17D3-46E3-8DB1-6BE168FC6709>