Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 09 Apr 2015 13:33:05 -0400
From:      Adam McDougall <mcdouga9@egr.msu.edu>
To:        freebsd-ports@freebsd.org
Subject:   Re: LibreSSL infects ports, causes problems
Message-ID:  <5526B7D1.20607@egr.msu.edu>
In-Reply-To: <20150409155345.GA87497@lorvorc.mips.inka.de>
References:  <slrnmib1ur.2jau.naddy@lorvorc.mips.inka.de> <5525E609.70402@FreeBSD.org> <20150409115942.GA81282@lorvorc.mips.inka.de> <20150409130521.GQ95321@ivaldir.etoilebsd.net> <20150409155345.GA87497@lorvorc.mips.inka.de>
next in thread | previous in thread | raw e-mail | index | archive | help 
On 04/09/2015 11:53, Christian Weisgerber wrote:
> Baptiste Daroussin:
> 
>> Some how you have mixed up things between base openssl and libressl, when
>> starting to activate libressl if you are using ports only you have to be extra
>> careful, (same goes with ncurses or ports openssl) just installing those ports
>> is enough to "pollute" nearly anything you build after with a dependency on it
>> (well anything that does link to libssl, libcrypto)
> 
> Well, yes, that's what I said.  It's a bug.
> 
>> If it very complicated and
>> error prone to cherry pick "only take base openssl here, only ports openssl
>> there" the only "safe" way to solve this situation and being consistent is to
>> always skip the version from base and enforce the version for ports. (the
>> otherway around is impossible - very complicated)
> 
> And the addition of LibreSSL as a not-quite-equivalent alternative
> to ports OpenSSL makes this even more complicated.  You can expect
> things coming out of OpenBSD (like new versions of net/openntpd)
> to require LibreSSL, because it includes a new library libtls that
> doesn't exist in OpenSSL.  In the meantime, LibreSSL has removed
> some of the more horrific APIs of OpenSSL, which means some ports
> will not build against LibreSSL as is.  Like python27.  Fixes for
> these problems can be picked from the OpenBSD ports tree, if we
> want to.
> 

Many problem reports with patches are filed already just waiting for
committers and are summarized here: https://wiki.freebsd.org/LibreSSL
It would be great to get at least the python27 patch committed.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5526B7D1.20607>