From owner-freebsd-security@FreeBSD.ORG Sat May 3 17:55:40 2014 Return-Path: Delivered-To: FreeBSD-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id ED4EC5A2; Sat, 3 May 2014 17:55:40 +0000 (UTC) Received: from mail-ig0-x229.google.com (mail-ig0-x229.google.com [IPv6:2607:f8b0:4001:c05::229]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id A91EF1454; Sat, 3 May 2014 17:55:37 +0000 (UTC) Received: by mail-ig0-f169.google.com with SMTP id h18so3075860igc.0 for ; Sat, 03 May 2014 10:55:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=c96kEjFP6r1TSsmPpX6tWO/lPW6+MBgwwqorM9uu8CA=; b=b67O0V135ySJcytBnt+ee0MoHrL8L/dw8FsX2Uv+8sMQau4yVMNURDVzWE9EJpDPtd 4jCyK8j8Gz2X3zQFThaxk/dTfMB8jSVDnd5gFfetxqBHW/3bjpx7Yase1prMfT9+Lh6W QftVohvHfp9CVf3kq1Au9H2GEEkdDcY5uVGHKRQvJML+90Ysen36XRKz38uf8Pub3lHC 0x6cnD5/EzZMW9nG0HW0puZpomBR6I9YSQAa4VeHw1EDjsqfux8InGUkC309fXJFLNWe zE+wDJTz2p/rbigrl44ZkbmTS7dqffanF+5g/Mk54LtBBJHMW0d51N6x37mPNH8847Sn 0yIQ== MIME-Version: 1.0 X-Received: by 10.50.112.167 with SMTP id ir7mr13113877igb.27.1399139736989; Sat, 03 May 2014 10:55:36 -0700 (PDT) Received: by 10.50.7.74 with HTTP; Sat, 3 May 2014 10:55:36 -0700 (PDT) In-Reply-To: <18F230B0-65F4-4DAE-A771-52AAE7B00573@proper.com> References: <201405031619.s43GJbXQ095254@freefall.freebsd.org> <18F230B0-65F4-4DAE-A771-52AAE7B00573@proper.com> Date: Sat, 3 May 2014 12:55:36 -0500 Message-ID: Subject: Re: ports/189208: Add a mention of WITH_OPENSSL_PORT to the pkg-descr of security/openssl From: Scot Hetzel To: Paul Hoffman Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: dinoex@freebsd.org, FreeBSD Security , FreeBSD Ports X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 03 May 2014 17:55:41 -0000 On Sat, May 3, 2014 at 11:35 AM, Paul Hoffman wrote: > Note that the description below does *not* match what people were saying = last week about how things work. My reading of the earlier thread was that,= unless you had WITH_OPENSSL_PORT=3Dyes in /etc/make.conf, a port needing O= penSSL would make with OpenSSL from the base. > > I am not a porter and wouldn't know where to look in the code, so I can't= figure out which is right. But it is clear that this is worth clarifying b= oth in the openssl pkg-descr *and* in the make.conf man page. > bsd.openssl.mk has the falling checks: if WITH_OPENSSL_BASE is set, then use the base system's OpenSSL. if WITH_OPENSSL_BASE or WITH_OPENSSL_PORT are not set, check if ${LOCALBASE}/lib/libcrypto.so is installed, if it is then use the OpenSSL port, otherwise use the base system's OpenSSL. if WITH_OPENSSL_PORT is set, then use the OpenSSL port So, if you install the OpenSSL port first, then ports that require OpenSSL should be built against the OpenSSL Port. --=20 DISCLAIMER: No electrons were maimed while sending this message. Only slightly bruised.