Date: Thu, 12 Apr 2012 09:13:18 -0700 From: Kevin Oberman <kob6558@gmail.com> To: Oliver Heesakkers <freebsd@heesakkers.info> Cc: freebsd-ports@freebsd.org Subject: Re: security/openssl so bump w/o mention in UPDATING Message-ID: <CAN6yY1vYyhFzexxN_g-ZxwQH-MEgcCN0P5%2Bq5NBJ-49WGNORRQ@mail.gmail.com> In-Reply-To: <f3147ee85c3df709f9b1fd44ffc5664f@huis.heesakkers.info> References: <f3147ee85c3df709f9b1fd44ffc5664f@huis.heesakkers.info>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Apr 12, 2012 at 4:23 AM, Oliver Heesakkers <freebsd@heesakkers.info> wrote: > security/openssl was brought up to 1.0.1 recently which includes bumping > OPENSSL_SHLIBVER from 7 to 8. > > Which means, that in order not to break surprisingly many ports on my > desktop > I have to "portmaster -r" this port. > > "portmaster -w" might have also done the trick and I'll leave mentions of > other ports-mgmt tools to whomever who will commit this to UPDATING as I > believe should happen. Sorry to sound like a broken record, but using 'portmaster -r' for this is using a .50 cal. machine gun to kill a fly. Serious over-kill! Install sysutils/bsdadminscripts, update the port (with -w if you want) and use 'pkg_libchk -o'. It will l list just the ports that actually link to the library in question. Then just re-install these ports. The number of ports needing re-installation will often drop from hundreds to a dozen or so. Not many things depend directly on openssl, but those ports' libraries are linked to a great many more. Just '-w' is of limited value if you update ports (and it appears that you do) as you will start getting rtld errors when an executable links to two shareables, one of which is linked to the old version and one to the new. For something like openssl, this will happen a lot and getting rid of references to the old openssl shareable is the only way to fix it. Because a fer ports do their own linking to shareables (java comes to mind), pkg_chklib will generate a few false positives. If you pipe the output to a grep for the shareable in question, you can avoid updating ports that don't need it. As pkg_libchk is just a shell script and one that can be a huge time-saver, I think I may start pushing to either be integrated into portmaster (I doubt Doug will go for that and I probably wouldn't, either) or made a standard tool for the system. -- R. Kevin Oberman, Network Engineer E-mail: kob6558@gmail.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAN6yY1vYyhFzexxN_g-ZxwQH-MEgcCN0P5%2Bq5NBJ-49WGNORRQ>