Date: Fri, 20 Apr 2012 10:36:27 -0700 From: Doug Barton <dougb@FreeBSD.org> To: Kevin Oberman <kob6558@gmail.com> Cc: Oliver Heesakkers <freebsd@heesakkers.info>, freebsd-ports@freebsd.org Subject: Re: security/openssl so bump w/o mention in UPDATING Message-ID: <4F919E9B.2020808@FreeBSD.org> In-Reply-To: <CAN6yY1v%2BGbQdcTB%2BxDuk4vdUknJ9qVq1k4-SoOWvMBRBeh34BQ@mail.gmail.com> References: <f3147ee85c3df709f9b1fd44ffc5664f@huis.heesakkers.info> <CAN6yY1vYyhFzexxN_g-ZxwQH-MEgcCN0P5%2Bq5NBJ-49WGNORRQ@mail.gmail.com> <5479d7fdf8836152540bfe9fbfa42c3b@huis.heesakkers.info> <CAN6yY1v%2BGbQdcTB%2BxDuk4vdUknJ9qVq1k4-SoOWvMBRBeh34BQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 4/12/2012 12:14 PM, Kevin Oberman wrote:
> On Thu, Apr 12, 2012 at 11:19 AM, Oliver Heesakkers
> <freebsd@heesakkers.info> wrote:
>> Kevin Oberman schreef op 12.04.2012 18:13:
>>>
>>> On Thu, Apr 12, 2012 at 4:23 AM, Oliver Heesakkers
>>> <freebsd@heesakkers.info> wrote:
>>>>
>>>> security/openssl was brought up to 1.0.1 recently which includes bumping
>>>> OPENSSL_SHLIBVER from 7 to 8.
>>>>
>>>> Which means, that in order not to break surprisingly many ports on my
>>>> desktop
>>>> I have to "portmaster -r" this port.
>>>>
>>>> "portmaster -w" might have also done the trick and I'll leave mentions of
>>>> other ports-mgmt tools to whomever who will commit this to UPDATING as I
>>>> believe should happen.
>>>
>>>
>>> Sorry to sound like a broken record, but using 'portmaster -r' for
>>> this is using a .50 cal. machine gun to kill a fly. Serious over-kill!
>>>
>>> Install sysutils/bsdadminscripts, update the port (with -w if you
>>> want) and use 'pkg_libchk -o'. It will l list just the ports that
>>> actually link to the library in question. Then just re-install these
>>> ports. The number of ports needing re-installation will often drop
>>> from hundreds to a dozen or so. Not many things depend directly on
>>> openssl, but those ports' libraries are linked to a great many more.
>>>
>>> Just '-w' is of limited value if you update ports (and it appears that
>>> you do) as you will start getting rtld errors when an executable links
>>> to two shareables, one of which is linked to the old version and one
>>> to the new. For something like openssl, this will happen a lot and
>>> getting rid of references to the old openssl shareable is the only way
>>> to fix it.
>>>
>>> Because a fer ports do their own linking to shareables (java comes to
>>> mind), pkg_chklib will generate a few false positives. If you pipe the
>>> output to a grep for the shareable in question, you can avoid updating
>>> ports that don't need it.
>>>
>>> As pkg_libchk is just a shell script and one that can be a huge
>>> time-saver, I think I may start pushing to either be integrated into
>>> portmaster (I doubt Doug will go for that and I probably wouldn't,
>>> either) or made a standard tool for the system.
>>
>>
>> Yes, you're quite right. I'll rephrase:
>>
>> IMHO *something* should be said in UPDATING, what exactly is up to
>> maintainer / committer(s).
>
> Indeed! I was a bit surprised that there was no entry.
>
> And, to accurately (and less hyperbolicly) state the advantage of
> using pkg_libchk, I am re-installing 64 ports while 'portmaster -r
> openssl' would have updated 364. Not quite the disparity I have seen
> with some ports that bumped shareable versions, but still very
> significant. (The system I am using is my old laptop with 1380 ports
> including gnome2 installed, so it's near worst case, I suspect.)
portmaster relies completely on what's recorded in the +CONTENTS files.
One way to add sanity to this is to add EXPLICIT_PACKAGE_DEPENDS= true
to your /etc/make.conf.
Yes, that should be the default, no, I don't know why it still isn't.
Doug
--
This .signature sanitized for your protection
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4F919E9B.2020808>