From owner-freebsd-security@FreeBSD.ORG Thu May 1 15:26:14 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 12A72204; Thu, 1 May 2014 15:26:14 +0000 (UTC) Received: from c01.escapebox.net (c01.escapebox.net [87.230.55.75]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id BAB7717E7; Thu, 1 May 2014 15:26:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=geminix.org; s=g01; h=Content-Transfer-Encoding:Content-Type:In-Reply-To:References:Subject:CC:To:MIME-Version:From:Date:Message-ID; bh=OAymW7YQbOUdAAZ1cI/tdaQ6HCHP+CKJqzGUnN1EgDk=; b=xgC4ddLsAY6ElQ84h6r8pWk5pr5wj3hpt5NBu2O+nMTjqwALCgrVpUwSN2i0XHgUqVPjxIvtSnSLOuWcCayIcl1+tc55UnIEqzr7OL4kyfylL23MXsFX/7k714KHSJi9VxoRZKhVzJGJGVm0HjJ/smipZWXgI8vo/XVgrNmwRMg=; Received: from user.n01.escapebox.net ([fd45:7d86:a5ba::3b] ident=mailnull) by repo.n01.escapebox.net with esmtp (Exim 4.82 (FreeBSD)) (envelope-from ) id 1WfssE-0003lj-JN; Thu, 01 May 2014 17:26:10 +0200 Message-ID: <536267A0.9010403@geminix.org> Date: Thu, 01 May 2014 17:26:24 +0200 From: Uwe Doering Organization: Private UNIX Site User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.5.0 MIME-Version: 1.0 To: Paul Hoffman Subject: Re: ports requiring OpenSSL not honouring OpenSSL from ports References: <201404271508.s3RF8sMA014085@catnip.dyslexicfish.net> <201404272250.s3RMo2NZ095771@catnip.dyslexicfish.net> <445CDD31-5A11-4F5E-92DE-CB11A10E9BDE@odo.in-berlin.de> <5361896C.7010703@bluerosetech.com> <53621BE0.4040704@geminix.org> <15864901-C372-43A8-A6E6-BF0AF73F2EC6@vpnc.org> In-Reply-To: <15864901-C372-43A8-A6E6-BF0AF73F2EC6@vpnc.org> X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Received: from gemini by user.n01.escapebox.net with esmtpa (Exim 4.82 (FreeBSD)) (envelope-from ) id 1WfssE-0003le-Fv; Thu, 01 May 2014 17:26:10 +0200 Cc: freebsd-security@freebsd.org, "freebsd-ports@freebsd.org" X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 May 2014 15:26:14 -0000 On 01.05.14 16:33, Paul Hoffman wrote: > On May 1, 2014, at 3:03 AM, Uwe Doering wrote: > >> I indeed wondered why this variable hadn't been mentioned so far. Guys, >> you do have "WITH_OPENSSL_PORT=yes" in your "/etc/make.conf", haven't you? >> >> Because otherwise the whole thread might be considered a false alert. >> The ports system does not link with the ports' OpenSSL of its own >> accord. Or at least not in a reliable/predictable manner. You have to >> explicitly tell it what you want. > > Please consider whether it is appropriate to chide people for not knowing about an *undocumented* feature of make.conf. First of all, I certainly didn't intend to chide anyone, so I apologize if some of you got the impression. Having worked with FreeBSD and the ports system for years I was under the impression that this information would be readily available in the docs. But on further research it appears to me that this is indeed pretty well hidden in only some mailing list and forum articles, where I probably learned it from in the past. Having realized that, I now wonder how many people run half-broken systems because they didn't know about this and didn't notice the wrong and sometimes even mixed linking of the OpenSSL libs. > I'll turn in a pr for it. Good idea. I would think that this should be mentioned at least in "pkg-descr" of the "openssl" port, where it gets displayed by "portmaster" and perhaps other port management tools after each install. Best regards, Uwe -- Uwe Doering gemini@geminix.org