Date: Fri, 13 Oct 2006 09:21:19 -0700 (PDT) From: Roger Marquis <marquis@roble.com> To: freebsd-security@freebsd.org Subject: Re: I cannot upgrade openssl-stablr Message-ID: <20061013090533.C51590@ubfganzr> In-Reply-To: <20061013120059.8232C16A5F6@hub.freebsd.org> References: <20061013120059.8232C16A5F6@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Dirk Meyer wrote: >> Try adding OPENSSL_OVERWRITE_BASE=yes into your /etc/make.conf >> file, and try again. You can also define that variable at build >> time, but having it in make.conf keeps it there for future >> reference. > > OPENSSL_OVERWRITE_BASE=yes sould be used with extreme caution! I disagree, never having had a problem with OPENSSL_OVERWRITE_BASE. > This might break your base application in cases like this, when > the base uses a diffrent api as the ports does. That would be a version mis-match, not really related to overwriting the base port. Indeed if you install openssl without OPENSSL_OVERWRITE_BASE you will have two different versions on your your system, which is much more of a sysadmin headache than an easily diagnosed version mismatch. For the same reason I recommend OPENSSH_OVERWRITE_BASE, NO_MAILWRAPPER, NO_SENDMAIL, NO_OPENSSH, NO_OPENSSL, NO_BIND, and PORT_REPLACES_BASE_BIND8 or PORT_REPLACES_BASE_BIND9 as well. OPENSSL_OVERWRITE_BASE should be the default, but consider adding WITH_OPENSSL_097 to prevent automatic incompatible version upgrades. Most of the sites I consult with have stuck with the 0.9.7 branch for compatibility reasons. Is it still the case that 'make *world' cannot parse OPENSSL_OVERWRITE_BASE and requires NO_OPENSSL instead? -- Roger Marquis Roble Systems Consulting http://www.roble.com/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061013090533.C51590>