From owner-freebsd-ports@FreeBSD.ORG Thu Apr 9 19:54:28 2015 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id B74EFD13 for ; Thu, 9 Apr 2015 19:54:28 +0000 (UTC) Received: from mail.grem.de (outcast.grem.de [213.239.217.27]) by mx1.freebsd.org (Postfix) with SMTP id 21F56FB4 for ; Thu, 9 Apr 2015 19:54:27 +0000 (UTC) Received: (qmail 10701 invoked by uid 89); 9 Apr 2015 19:54:18 -0000 Received: from unknown (HELO ?10.83.193.212?) (mg@grem.de@109.43.2.74) by mail.grem.de with ESMTPA; 9 Apr 2015 19:54:18 -0000 Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (1.0) Subject: Re: LibreSSL infects ports, causes problems From: Michael Gmelin X-Mailer: iPhone Mail (12F70) In-Reply-To: <5526B7D1.20607@egr.msu.edu> Date: Thu, 9 Apr 2015 21:54:17 +0200 Content-Transfer-Encoding: quoted-printable Message-Id: References: <5525E609.70402@FreeBSD.org> <20150409115942.GA81282@lorvorc.mips.inka.de> <20150409130521.GQ95321@ivaldir.etoilebsd.net> <20150409155345.GA87497@lorvorc.mips.inka.de> <5526B7D1.20607@egr.msu.edu> To: Adam McDougall Cc: "freebsd-ports@freebsd.org" X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Apr 2015 19:54:28 -0000 > On 09 Apr 2015, at 19:33, Adam McDougall wrote: >=20 >> On 04/09/2015 11:53, Christian Weisgerber wrote: >> Baptiste Daroussin: >>=20 >>> Some how you have mixed up things between base openssl and libressl, whe= n >>> starting to activate libressl if you are using ports only you have to be= extra >>> careful, (same goes with ncurses or ports openssl) just installing those= ports >>> is enough to "pollute" nearly anything you build after with a dependency= on it >>> (well anything that does link to libssl, libcrypto) >>=20 >> Well, yes, that's what I said. It's a bug. >>=20 >>> If it very complicated and >>> error prone to cherry pick "only take base openssl here, only ports open= ssl >>> there" the only "safe" way to solve this situation and being consistent i= s to >>> always skip the version from base and enforce the version for ports. (th= e >>> otherway around is impossible - very complicated) >>=20 >> And the addition of LibreSSL as a not-quite-equivalent alternative >> to ports OpenSSL makes this even more complicated. You can expect >> things coming out of OpenBSD (like new versions of net/openntpd) >> to require LibreSSL, because it includes a new library libtls that >> doesn't exist in OpenSSL. In the meantime, LibreSSL has removed >> some of the more horrific APIs of OpenSSL, which means some ports >> will not build against LibreSSL as is. Like python27. Fixes for >> these problems can be picked from the OpenBSD ports tree, if we >> want to. >=20 > Many problem reports with patches are filed already just waiting for > committers and are summarized here: https://wiki.freebsd.org/LibreSSL > It would be great to get at least the python27 patch committed. The patches proposed are not sufficient in all cases though. > _______________________________________________ > freebsd-ports@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ports > To unsubscribe, send any mail to "freebsd-ports-unsubscribe@freebsd.org"