Date: Wed, 14 Apr 2004 17:49:25 +0000 (UTC) From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> To: freebsd-ports@freebsd.org Cc: nectar@freebsd.org Subject: SA-04:05 single patch && bsd.openssl.mk problem Message-ID: <Pine.BSF.4.53.0404141708380.9278@e0-0.zab2.int.zabbadoz.net>
next in thread | raw e-mail | index | archive | help
Hi, when applying the patch from SA-04:05[1] and re-building changed parts of the base system opensslv.h does not get altered with the update like it did with the commits to the various branches [2]. [1] ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-04:05/openssl.patch [2] p.ex. http://www.freebsd.org/cgi/cvsweb.cgi/src/crypto/openssl/crypto/opensslv.h.diff?r1=1.1.1.1.2.8&r2=1.1.1.1.2.9 bsd.openssl.mk now doing a string compare on p.ex. "0.9.7a-p1" which will fail. Thus ports that set USE_OPENSSL will depend on the openssl package. This logic is broken as the base system is patched and the openssl package is not needed. So the SA patches should also update the version strings in headers - or more general commit the same parts (only) that get published as single patches (or even better the other way round: should publish a complete single patch from what got previously committed). What short term solutions are there for people building ports [ I do not really like any of those ] ? - setting USE_OPENSSL_BASE=yes seems to be a possible workaround forcing the version of the base system and not the port to be used. - patching the header file by hand is not a real solution but should work too. - would it be possible to make the check in bsd.openssl.mk somehow more intelligent to better detect a patched version ? - ... ? -- Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT 56 69 73 69 74 http://www.zabbadoz.net/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.53.0404141708380.9278>