Date: Thu, 12 Apr 2012 20:19:38 +0200 From: Oliver Heesakkers <freebsd@heesakkers.info> To: <freebsd-ports@freebsd.org> Subject: Re: security/openssl so bump w/o mention in UPDATING Message-ID: <5479d7fdf8836152540bfe9fbfa42c3b@huis.heesakkers.info> In-Reply-To: <CAN6yY1vYyhFzexxN_g-ZxwQH-MEgcCN0P5%2Bq5NBJ-49WGNORRQ@mail.gmail.com> References: <f3147ee85c3df709f9b1fd44ffc5664f@huis.heesakkers.info> <CAN6yY1vYyhFzexxN_g-ZxwQH-MEgcCN0P5%2Bq5NBJ-49WGNORRQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Kevin Oberman schreef op 12.04.2012 18:13: > On Thu, Apr 12, 2012 at 4:23 AM, Oliver Heesakkers > <freebsd@heesakkers.info> wrote: >> security/openssl was brought up to 1.0.1 recently which includes >> bumping >> OPENSSL_SHLIBVER from 7 to 8. >> >> Which means, that in order not to break surprisingly many ports on >> my >> desktop >> I have to "portmaster -r" this port. >> >> "portmaster -w" might have also done the trick and I'll leave >> mentions of >> other ports-mgmt tools to whomever who will commit this to UPDATING >> as I >> believe should happen. > > Sorry to sound like a broken record, but using 'portmaster -r' for > this is using a .50 cal. machine gun to kill a fly. Serious > over-kill! > > Install sysutils/bsdadminscripts, update the port (with -w if you > want) and use 'pkg_libchk -o'. It will l list just the ports that > actually link to the library in question. Then just re-install these > ports. The number of ports needing re-installation will often drop > from hundreds to a dozen or so. Not many things depend directly on > openssl, but those ports' libraries are linked to a great many more. > > Just '-w' is of limited value if you update ports (and it appears > that > you do) as you will start getting rtld errors when an executable > links > to two shareables, one of which is linked to the old version and one > to the new. For something like openssl, this will happen a lot and > getting rid of references to the old openssl shareable is the only > way > to fix it. > > Because a fer ports do their own linking to shareables (java comes to > mind), pkg_chklib will generate a few false positives. If you pipe > the > output to a grep for the shareable in question, you can avoid > updating > ports that don't need it. > > As pkg_libchk is just a shell script and one that can be a huge > time-saver, I think I may start pushing to either be integrated into > portmaster (I doubt Doug will go for that and I probably wouldn't, > either) or made a standard tool for the system. Yes, you're quite right. I'll rephrase: IMHO *something* should be said in UPDATING, what exactly is up to maintainer / committer(s).
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5479d7fdf8836152540bfe9fbfa42c3b>