Date: Tue, 17 Apr 2012 13:06:00 -0700 From: Kevin Oberman <kob6558@gmail.com> To: Bryan Drewery <bryan@shatow.net> Cc: jmk@wagsky.com, freebsd-ports@freebsd.org Subject: Re: security/openssl moved from libssl.so.7 to libssl.so.8 on 2012/04/11 Message-ID: <CAN6yY1srTy0SkmkGD9o1hywknZJMLi6ma6CKh-YEGfX-tyPedw@mail.gmail.com> In-Reply-To: <4F8D60B5.5030405@shatow.net> References: <4F8D0493.5090600@wagsky.com> <4F8D60B5.5030405@shatow.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Apr 17, 2012 at 5:23 AM, Bryan Drewery <bryan@shatow.net> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > On 4/17/2012 12:50 AM, Jeff Kletsky wrote: > >> Should libssl.so.7 have been retained somehow? >> >> I upgraded using portmaster, it that provides any clues as to why it was >> or wasn't. >> > > Using -w with portmaster will retain the old file in > /usr/local/lib/compat/pkg > > =A0 =A0 After the port is built, if the -w option is being used, all shar= ed > =A0 =A0 libraries installed by the old port (if any) will be saved to > =A0 =A0 /usr/local/lib/compat/pkg. =A0After installation if there are any= new > files > =A0 =A0 with the same names as those in /usr/local/lib/compat/pkg the old= files > =A0 =A0 will be deleted, and ldconfig(8) will be run via /etc/rc.d/ldconf= ig. I have dropped Dirk a note asking for him to add a note in UPDATING. This should really be done whenever a common sharable get a version bump. It can be a bit of a shock when lots of security related stuff starts crashing after what looks like a minor update to a port. As I always point out, re-building all dependent ports does fix things, but it results in updating many ports that don't need it as they don't link to the sharable but are simply dependent on a port that does. In the case of my laptop I think I had about 40 ports that actually linked to one of the updated sharables, but about 350 that would have been re-built if i had gone the "all dependent ports" route. If you want to just build the ports that actually need it, install sysutils/bsdadminscripts and use 'pkg_libchk -o | grep -E "crypt.so|ssl.so"' (or just 'pkg_libchk -o', but you will likely get false positives from ports that load sharables themselves instead of using rtld to do it). Yes, '-w' will work in the short term, but you still need to re-build ports fairly soon as you will hit a case where an executable links to two sharables, one of which is from a port that was already installed and links to the old sharable and one which was updated and links to the new one. That executable will no longer run. --=20 R. Kevin Oberman, Network Engineer E-mail: kob6558@gmail.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAN6yY1srTy0SkmkGD9o1hywknZJMLi6ma6CKh-YEGfX-tyPedw>