From owner-freebsd-ports@FreeBSD.ORG Mon May 11 22:03:11 2015 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 329658AF for ; Mon, 11 May 2015 22:03:11 +0000 (UTC) Received: from mail-in-3.serv.Uni-Osnabrueck.DE (vm299.rz.uni-osnabrueck.de [131.173.16.215]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id AE808127D for ; Mon, 11 May 2015 22:03:09 +0000 (UTC) Received: from smtp-auth.serv.Uni-Osnabrueck.DE (vm136.rz.uni-osnabrueck.de [131.173.16.11]) by mail-in-3.serv.Uni-Osnabrueck.DE (8.14.4/8.14.4) with ESMTP id t4BM36DD031185 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 12 May 2015 00:03:06 +0200 Received: from spock.drpetervoigt.private (p5DC4C58C.dip0.t-ipconnect.de [93.196.197.140]) (authenticated bits=0) by smtp-auth.serv.Uni-Osnabrueck.DE (8.13.8/8.13.8) with ESMTP id t4BM34Lj028660 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 12 May 2015 00:03:04 +0200 Received: from kirk.drpetervoigt.private (kirk.drpetervoigt.private [192.168.1.60]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: pvoigt) by spock.drpetervoigt.private (Postfix) with ESMTPSA id 08FD34A03385; Tue, 12 May 2015 00:03:03 +0200 (CEST) Date: Tue, 12 May 2015 00:02:59 +0200 From: "Dr. Peter Voigt" To: Yuri Cc: freebsd-ports@freebsd.org Subject: Re: www/firefox really depends on security/openssl? Message-ID: <20150512000259.32a44ec4@kirk.drpetervoigt.private> In-Reply-To: <55510C22.9050900@rawbw.com> References: <20150509125643.0bda93e6@kirk.drpetervoigt.private> <554EEBB5.8010304@rawbw.com> <20150511202110.34e6e29c@kirk.drpetervoigt.private> <55510C22.9050900@rawbw.com> Organization: =?UTF-8?B?VW5pdmVyc2l0w6R0IE9zbmFicsO8Y2s=?= X-Mailer: Claws Mail 3.10.1 (GTK+ 2.24.23; x86_64-suse-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-PMX-Version: 6.0.0.2142326, Antispam-Engine: 2.7.2.2107409, Antispam-Data: 2015.5.11.215717 (Univ. Osnabrueck) X-PMX-Spam: Gauge=IIIIIIII, Probability=8%, Report= HTML_00_01 0.05, HTML_00_10 0.05, BODYTEXTP_SIZE_3000_LESS 0, BODY_SIZE_1700_1799 0, BODY_SIZE_2000_LESS 0, BODY_SIZE_5000_LESS 0, BODY_SIZE_7000_LESS 0, FROM_NAME_PHRASE 0, RDNS_POOLED 0, RDNS_SUSP 0, RDNS_SUSP_SPECIFIC 0, REFERENCES 0, __ANY_URI 0, __BOUNCE_CHALLENGE_SUBJ 0, __BOUNCE_NDR_SUBJ_EXEMPT 0, __CT 0, __CTE 0, __CT_TEXT_PLAIN 0, __FORWARDED_MSG 0, __HAS_FROM 0, __HAS_MSGID 0, __HAS_X_MAILER 0, __IN_REP_TO 0, __MIME_TEXT_ONLY 0, __MIME_VERSION 0, __RDNS_POOLED_10 0, __REFERENCES 0, __SANE_MSGID 0, __SUBJ_ALPHA_NEGATE 0, __TO_MALFORMED_2 0, __URI_NO_PATH 0, __URI_NO_WWW 0 X-PMX-Spam-Level: IIIIIIII X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 May 2015 22:03:11 -0000 On Mon, 11 May 2015 13:08:02 -0700 Yuri wrote: > On 05/11/2015 11:21, Dr. Peter Voigt wrote: > > Thanks for your feedback. I have to admit that I am a bit lost with > > the referenced PR: > > Or you can just run 'pkg info -d firefox' - it doesn't show any > openssl dependencies. Running 'ldd' on elfs in firefox package also > don't show openssl. So firefox doesn't depend on OpenSSL. > OK, I currently haven't firefox installed and did not download the package to do this test myself. But your results go along with the output of "make run-depends-list". And back to my initial question: Why does "pkg install firefox" in spite of this insist on installing port openssl? > Also, you shouldn't be switching to the base OpenSSL just for one > package. The reason is, again, the conflict between the base and port > OpenSSL versions. If I were you, I would move in another direction, > and try to eliminate base OpenSSL dependency. You need to figure out > which dependency causes it. You should identify it and see if this > can be fixed. > I changed to base openssl after fighting with latest port openssl. As reported by several people https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=198788 it is currently more or less impossible to build all ports cleanly against port openssl leaving you with a mixture of base and port openssl. And this makes your system as unstable that it cannot be used anymore. Most people in the referenced PR suggested to rebuild all ports against base openssl. That's want I did after a hard system crash. Since then my machine is rock stable again. Besides this port openssl had an issue with ASM=on. Peter