From owner-freebsd-ports@FreeBSD.ORG Thu Apr 9 17:33:14 2015 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 04864261 for ; Thu, 9 Apr 2015 17:33:14 +0000 (UTC) Received: from mail.egr.msu.edu (boomhauer.egr.msu.edu [35.9.37.167]) by mx1.freebsd.org (Postfix) with ESMTP id CC299BD5 for ; Thu, 9 Apr 2015 17:33:12 +0000 (UTC) Received: from boomhauer (localhost [127.0.0.1]) by mail.egr.msu.edu (Postfix) with ESMTP id EF4FF3BF78 for ; Thu, 9 Apr 2015 13:33:05 -0400 (EDT) X-Virus-Scanned: amavisd-new at egr.msu.edu Received: from mail.egr.msu.edu ([127.0.0.1]) by boomhauer (boomhauer.egr.msu.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7st1WvUt9f4Z for ; Thu, 9 Apr 2015 13:33:05 -0400 (EDT) Received: from EGR authenticated sender mcdouga9 Message-ID: <5526B7D1.20607@egr.msu.edu> Date: Thu, 09 Apr 2015 13:33:05 -0400 From: Adam McDougall User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.6.0 MIME-Version: 1.0 To: freebsd-ports@freebsd.org Subject: Re: LibreSSL infects ports, causes problems References: <5525E609.70402@FreeBSD.org> <20150409115942.GA81282@lorvorc.mips.inka.de> <20150409130521.GQ95321@ivaldir.etoilebsd.net> <20150409155345.GA87497@lorvorc.mips.inka.de> In-Reply-To: <20150409155345.GA87497@lorvorc.mips.inka.de> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Apr 2015 17:33:14 -0000 On 04/09/2015 11:53, Christian Weisgerber wrote: > Baptiste Daroussin: > >> Some how you have mixed up things between base openssl and libressl, when >> starting to activate libressl if you are using ports only you have to be extra >> careful, (same goes with ncurses or ports openssl) just installing those ports >> is enough to "pollute" nearly anything you build after with a dependency on it >> (well anything that does link to libssl, libcrypto) > > Well, yes, that's what I said. It's a bug. > >> If it very complicated and >> error prone to cherry pick "only take base openssl here, only ports openssl >> there" the only "safe" way to solve this situation and being consistent is to >> always skip the version from base and enforce the version for ports. (the >> otherway around is impossible - very complicated) > > And the addition of LibreSSL as a not-quite-equivalent alternative > to ports OpenSSL makes this even more complicated. You can expect > things coming out of OpenBSD (like new versions of net/openntpd) > to require LibreSSL, because it includes a new library libtls that > doesn't exist in OpenSSL. In the meantime, LibreSSL has removed > some of the more horrific APIs of OpenSSL, which means some ports > will not build against LibreSSL as is. Like python27. Fixes for > these problems can be picked from the OpenBSD ports tree, if we > want to. > Many problem reports with patches are filed already just waiting for committers and are summarized here: https://wiki.freebsd.org/LibreSSL It would be great to get at least the python27 patch committed.