From owner-freebsd-ports@FreeBSD.ORG Thu Apr 12 16:13:19 2012 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 6C7EE1065670 for ; Thu, 12 Apr 2012 16:13:19 +0000 (UTC) (envelope-from kob6558@gmail.com) Received: from mail-wg0-f50.google.com (mail-wg0-f50.google.com [74.125.82.50]) by mx1.freebsd.org (Postfix) with ESMTP id F30CE8FC0C for ; Thu, 12 Apr 2012 16:13:18 +0000 (UTC) Received: by wgbds12 with SMTP id ds12so2168810wgb.31 for ; Thu, 12 Apr 2012 09:13:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=Y++zAyyX7uA9tSK0RmokFGUHaUqSSUkvjzzQDX2sn8c=; b=p7AsNboLZybl13dLCYERzzyAXxvb7jR81D+GBXM4EJtaNdNjSqUUSwlrxuMMSkk9Cr hNJyD/ozStti4rOqoUC5cDz+mgKD08VfzIHBQex1+hDdR/q2O/CgbYCbhaiUwsj0eNFd dc+E4mCnEy8RWRQRAoGWhkntbESNTC5AR20hvv4S6fYuFN58Plimbx+xlrSs2QkCAwiM lR249elXKWUEV66DNHsFCxGWbeHHbFzUNWOqxLJH4SEgBSrHzVMr4P99FnQSIPq4oz8q 2Cfwzl6G0lNUMhaglNCZ/POIt2gbGJAUOydzvjcb/Ndq+DwlmRv6lTa9/IcuCatlh5V/ g0IA== MIME-Version: 1.0 Received: by 10.216.132.98 with SMTP id n76mr1818998wei.101.1334247198066; Thu, 12 Apr 2012 09:13:18 -0700 (PDT) Received: by 10.223.54.207 with HTTP; Thu, 12 Apr 2012 09:13:18 -0700 (PDT) In-Reply-To: References: Date: Thu, 12 Apr 2012 09:13:18 -0700 Message-ID: From: Kevin Oberman To: Oliver Heesakkers Content-Type: text/plain; charset=ISO-8859-1 Cc: freebsd-ports@freebsd.org Subject: Re: security/openssl so bump w/o mention in UPDATING X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Apr 2012 16:13:19 -0000 On Thu, Apr 12, 2012 at 4:23 AM, Oliver Heesakkers wrote: > security/openssl was brought up to 1.0.1 recently which includes bumping > OPENSSL_SHLIBVER from 7 to 8. > > Which means, that in order not to break surprisingly many ports on my > desktop > I have to "portmaster -r" this port. > > "portmaster -w" might have also done the trick and I'll leave mentions of > other ports-mgmt tools to whomever who will commit this to UPDATING as I > believe should happen. Sorry to sound like a broken record, but using 'portmaster -r' for this is using a .50 cal. machine gun to kill a fly. Serious over-kill! Install sysutils/bsdadminscripts, update the port (with -w if you want) and use 'pkg_libchk -o'. It will l list just the ports that actually link to the library in question. Then just re-install these ports. The number of ports needing re-installation will often drop from hundreds to a dozen or so. Not many things depend directly on openssl, but those ports' libraries are linked to a great many more. Just '-w' is of limited value if you update ports (and it appears that you do) as you will start getting rtld errors when an executable links to two shareables, one of which is linked to the old version and one to the new. For something like openssl, this will happen a lot and getting rid of references to the old openssl shareable is the only way to fix it. Because a fer ports do their own linking to shareables (java comes to mind), pkg_chklib will generate a few false positives. If you pipe the output to a grep for the shareable in question, you can avoid updating ports that don't need it. As pkg_libchk is just a shell script and one that can be a huge time-saver, I think I may start pushing to either be integrated into portmaster (I doubt Doug will go for that and I probably wouldn't, either) or made a standard tool for the system. -- R. Kevin Oberman, Network Engineer E-mail: kob6558@gmail.com