openssl upgrade, libcrypto, libssl confusion
Anton Shterenlikht
mexas at bristol.ac.uk
Wed Jul 25 16:37:30 UTC 2012
On Wed, Jul 25, 2012 at 5:06 AM, Anton Shterenlikht <mexas at bristol.ac.uk> wrote:
> On Wed, Jul 25, 2012 at 12:30:29PM +0100, Anton Shterenlikht wrote:
>> In /usr/src/UPDATING I see
>>
>> 20120712:
>> The OpenSSL has been upgraded to 1.0.1c. Any binaries requiring
>> libcrypto.so.6 or libssl.so.6 must be recompiled. Also, there are
>> configuration changes. Make sure to merge /etc/ssl/openssl.cnf.
>
> oops.. wait a minute, I'm still on
>
> # uname -a
> FreeBSD mech-cluster241.men.bris.ac.uk 10.0-CURRENT FreeBSD 10.0-CURRENT #6 r237134: Mon Jun 18 09:02:17 BST 2012 root at mech-cluster241.men.bris.ac.uk:/usr/obj/usr/src/sys/TZAV ia64
> #
>
> So this change shouldn't apply to me yet.
>
> Still there are *lots* of binaries, and libs
> linked with /lib/libcrypto.so.6:
>
> Binaries that are linked with: /lib/libcrypto.so.6
...
> and so on,
>
> so is it really right that I can safely delete it?
Some ldd/objdump and grep magic will give you the answer you need.
check-old-libs only points out candidates for removal based on
existence.
Cheers,
-Garrett
That's scary. /usr/src/Makefile calles
these "obsolete", which means these can
be safely deleted:
# check-old-libs - List obsolete libraries.
# delete-old-libs - Delete obsolete libraries.
>From what you are saying, and from what
I observe, the algorithm used to determine
whether the libs are obsolete cannot be
trusted.
For example, on another ia64 box, r238540,
I get:
# make -C /usr/src/ check-old-libs
>>> Checking for old libraries
/usr/lib/libftpio.so.8
/lib/libz.so.5
/lib/libutil.so.8
#
None of these are obsolete.
First, the base OS programs (not ports) depend on these libs:
(I usually use sysutils/libchk to check this)
Binaries that are linked with: /usr/lib/libftpio.so.8
/usr/sbin/sysinstall
Binaries that are linked with: /lib/libz.so.5
/usr/sbin/dtrace
/usr/sbin/lockstat
Binaries that are linked with: /lib/libutil.so.8
/usr/sbin/sysinstall
Second, at least for libftpio.so.8, there is no
newer version.
Finally, how come I have base OS binaries linked
against old libs, if I always do the orthodox
make buildworld, make buildkernel, make installkernel,
make installworld? This just shouldn't happen, right?
# ls -al /lib/libz.so.*
-r--r--r-- 1 root wheel 151200 Jul 18 2010 /lib/libz.so.5
-r--r--r-- 1 root wheel 155264 Jul 18 11:25 /lib/libz.so.6
# ldd /usr/sbin/dtrace
/usr/sbin/dtrace:
libdtrace.so.2 => /lib/libdtrace.so.2 (0x20000000400b2000)
libproc.so.2 => /usr/lib/libproc.so.2 (0x20000000401b2000)
libctf.so.2 => /lib/libctf.so.2 (0x20000000401c6000)
libelf.so.1 => /usr/lib/libelf.so.1 (0x20000000401ee000)
libz.so.5 => /lib/libz.so.5 (0x200000004022e000)
libthr.so.3 => /lib/libthr.so.3 (0x2000000040264000)
libc.so.7 => /lib/libc.so.7 (0x20000000402b2000)
# ls -al /usr/sbin/dtrace
-r-xr-xr-x 1 root wheel 58976 Jul 18 2010 /usr/sbin/dtrace
Any why is dtrace so old?
Something is not right here...
More information about the freebsd-current
mailing list