From owner-freebsd-ports@FreeBSD.ORG Thu Apr 9 15:53:51 2015 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 4AE8D92D; Thu, 9 Apr 2015 15:53:51 +0000 (UTC) Received: from mail-in-16.arcor-online.net (mail-in-16.arcor-online.net [151.189.21.56]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "mx.arcor.de", Issuer "Thawte SSL CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 880EFD19; Thu, 9 Apr 2015 15:53:50 +0000 (UTC) Received: from mail-in-12-z2.arcor-online.net (mail-in-12-z2.arcor-online.net [151.189.8.29]) by mx.arcor.de (Postfix) with ESMTP id 3lN6TR2b1NzDxV; Thu, 9 Apr 2015 17:53:47 +0200 (CEST) Received: from mail-in-16.arcor-online.net (mail-in-16.arcor-online.net [151.189.21.56]) by mail-in-12-z2.arcor-online.net (Postfix) with ESMTP id 54F09CF1DD; Thu, 9 Apr 2015 17:53:47 +0200 (CEST) X-Greylist: Passed host: 188.98.158.188 X-DKIM: Sendmail DKIM Filter v2.8.2 mail-in-16.arcor-online.net 3lN6TR12TKzDxV X-Greylist: Passed host: 188.98.158.188 X-Greylist: Passed host: 188.98.158.188 Received: from lorvorc.mips.inka.de (dslb-188-098-158-188.188.098.pools.vodafone-ip.de [188.98.158.188]) by mail-in-16.arcor-online.net (Postfix) with ESMTPS id 3lN6TR12TKzDxV; Thu, 9 Apr 2015 17:53:47 +0200 (CEST) Received: from lorvorc.mips.inka.de (localhost [127.0.0.1]) by lorvorc.mips.inka.de (8.14.9/8.14.9) with ESMTP id t39FrjCW087883; Thu, 9 Apr 2015 17:53:45 +0200 (CEST) (envelope-from naddy@lorvorc.mips.inka.de) Received: (from naddy@localhost) by lorvorc.mips.inka.de (8.14.9/8.14.9/Submit) id t39Frjes087882; Thu, 9 Apr 2015 17:53:45 +0200 (CEST) (envelope-from naddy) Date: Thu, 9 Apr 2015 17:53:45 +0200 From: Christian Weisgerber To: Baptiste Daroussin Subject: Re: LibreSSL infects ports, causes problems Message-ID: <20150409155345.GA87497@lorvorc.mips.inka.de> References: <5525E609.70402@FreeBSD.org> <20150409115942.GA81282@lorvorc.mips.inka.de> <20150409130521.GQ95321@ivaldir.etoilebsd.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20150409130521.GQ95321@ivaldir.etoilebsd.net> User-Agent: Mutt/1.5.23 (2014-03-12) Cc: freebsd-ports@freebsd.org, Bryan Drewery X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Apr 2015 15:53:51 -0000 Baptiste Daroussin: > Some how you have mixed up things between base openssl and libressl, when > starting to activate libressl if you are using ports only you have to be extra > careful, (same goes with ncurses or ports openssl) just installing those ports > is enough to "pollute" nearly anything you build after with a dependency on it > (well anything that does link to libssl, libcrypto) Well, yes, that's what I said. It's a bug. > If it very complicated and > error prone to cherry pick "only take base openssl here, only ports openssl > there" the only "safe" way to solve this situation and being consistent is to > always skip the version from base and enforce the version for ports. (the > otherway around is impossible - very complicated) And the addition of LibreSSL as a not-quite-equivalent alternative to ports OpenSSL makes this even more complicated. You can expect things coming out of OpenBSD (like new versions of net/openntpd) to require LibreSSL, because it includes a new library libtls that doesn't exist in OpenSSL. In the meantime, LibreSSL has removed some of the more horrific APIs of OpenSSL, which means some ports will not build against LibreSSL as is. Like python27. Fixes for these problems can be picked from the OpenBSD ports tree, if we want to. It's kind of hard to fix such problems if there is no clear policy how things are supposed to work in the first place. -- Christian "naddy" Weisgerber naddy@mips.inka.de