security/openssl moved from libssl.so.7 to libssl.so.8 on 2012/04/11

Kevin Oberman kob6558 at gmail.com
Tue Apr 17 20:06:02 UTC 2012 

On Tue, Apr 17, 2012 at 5:23 AM, Bryan Drewery <bryan at shatow.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
>
> On 4/17/2012 12:50 AM, Jeff Kletsky wrote:
>
>> Should libssl.so.7 have been retained somehow?
>>
>> I upgraded using portmaster, it that provides any clues as to why it was
>> or wasn't.
>>
>
> Using -w with portmaster will retain the old file in
> /usr/local/lib/compat/pkg
>
>     After the port is built, if the -w option is being used, all shared
>     libraries installed by the old port (if any) will be saved to
>     /usr/local/lib/compat/pkg.  After installation if there are any new
> files
>     with the same names as those in /usr/local/lib/compat/pkg the old files
>     will be deleted, and ldconfig(8) will be run via /etc/rc.d/ldconfig.

I have dropped Dirk a note asking for him to add a note in UPDATING.
This should really be done whenever a common sharable get a version
bump. It can be a bit of a shock when lots of security related stuff
starts crashing after what looks like a minor update to a port.

As I always point out, re-building all dependent ports does fix
things, but it results in updating many ports that don't need it as
they don't link to the sharable but are simply dependent on a port
that does.

In the case of my laptop I think I had about 40 ports that actually
linked to one of the updated sharables, but about 350 that would have
been re-built if i had gone the "all dependent ports" route.

If you want to just build the ports that actually need it, install
sysutils/bsdadminscripts and use 'pkg_libchk -o | grep -E
"crypt.so|ssl.so"' (or just 'pkg_libchk -o', but you will likely get
false positives from ports that load sharables themselves instead of
using rtld to do it).

Yes, '-w' will work in the short term, but you still need to re-build
ports fairly soon as you will hit a case where an executable links to
two sharables, one of which is from a port that was already installed
and links to the old sharable and one which was updated and links to
the new one. That executable will no longer run.
-- 
R. Kevin Oberman, Network Engineer
E-mail: kob6558 at gmail.com

More information about the freebsd-ports mailing list