Date: Thu, 12 Apr 2012 12:14:52 -0700 From: Kevin Oberman <kob6558@gmail.com> To: Oliver Heesakkers <freebsd@heesakkers.info> Cc: freebsd-ports@freebsd.org Subject: Re: security/openssl so bump w/o mention in UPDATING Message-ID: <CAN6yY1v%2BGbQdcTB%2BxDuk4vdUknJ9qVq1k4-SoOWvMBRBeh34BQ@mail.gmail.com> In-Reply-To: <5479d7fdf8836152540bfe9fbfa42c3b@huis.heesakkers.info> References: <f3147ee85c3df709f9b1fd44ffc5664f@huis.heesakkers.info> <CAN6yY1vYyhFzexxN_g-ZxwQH-MEgcCN0P5%2Bq5NBJ-49WGNORRQ@mail.gmail.com> <5479d7fdf8836152540bfe9fbfa42c3b@huis.heesakkers.info>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Apr 12, 2012 at 11:19 AM, Oliver Heesakkers <freebsd@heesakkers.info> wrote: > Kevin Oberman schreef op 12.04.2012 18:13: >> >> On Thu, Apr 12, 2012 at 4:23 AM, Oliver Heesakkers >> <freebsd@heesakkers.info> wrote: >>> >>> security/openssl was brought up to 1.0.1 recently which includes bumpin= g >>> OPENSSL_SHLIBVER from 7 to 8. >>> >>> Which means, that in order not to break surprisingly many ports on my >>> desktop >>> I have to "portmaster -r" this port. >>> >>> "portmaster -w" might have also done the trick and I'll leave mentions = of >>> other ports-mgmt tools to whomever who will commit this to UPDATING as = I >>> believe should happen. >> >> >> Sorry to sound like a broken record, but using 'portmaster -r' for >> this is using a .50 cal. machine gun to kill a fly. Serious over-kill! >> >> Install sysutils/bsdadminscripts, update the port (with -w if you >> want) =A0and use 'pkg_libchk -o'. It will l list just the ports that >> actually link to the library in question. =A0Then just re-install these >> ports. The number of ports needing re-installation will often drop >> from hundreds to a dozen or so. Not many things depend directly on >> openssl, but those ports' libraries are linked to a great many more. >> >> Just '-w' is of limited value if you update ports (and it appears that >> you do) as you will start getting rtld errors when an executable links >> to two shareables, one of which is linked to the old version and one >> to the new. For something like openssl, this will happen a lot and >> getting rid of references to the old openssl shareable is the only way >> to fix it. >> >> Because a fer ports do their own linking to shareables (java comes to >> mind), pkg_chklib will generate a few false positives. If you pipe the >> output to a grep for the shareable in question, you can avoid updating >> ports that don't need it. >> >> As pkg_libchk is just a shell script and one that can be a huge >> time-saver, I think I may start pushing to either be integrated into >> portmaster (I doubt Doug will go for that and I probably wouldn't, >> either) or made a standard tool for the system. > > > Yes, you're quite right. I'll rephrase: > > IMHO *something* should be said in UPDATING, what exactly is up to > maintainer / committer(s). Indeed! I was a bit surprised that there was no entry. And, to accurately (and less hyperbolicly) state the advantage of using pkg_libchk, I am re-installing 64 ports while 'portmaster -r openssl' would have updated 364. Not quite the disparity I have seen with some ports that bumped shareable versions, but still very significant. (The system I am using is my old laptop with 1380 ports including gnome2 installed, so it's near worst case, I suspect.) --=20 R. Kevin Oberman, Network Engineer E-mail: kob6558@gmail.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAN6yY1v%2BGbQdcTB%2BxDuk4vdUknJ9qVq1k4-SoOWvMBRBeh34BQ>