[Bug 256140] security/p5-Crypt-SSLeay dependency to p5-LWP-Protocol-https

From: <bugzilla-noreply_at_freebsd.org>
Date: Tue, 25 May 2021 06:38:43 +0000
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=256140

            Bug ID: 256140
           Summary: security/p5-Crypt-SSLeay dependency to
                    p5-LWP-Protocol-https
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: Individual Port(s)
          Assignee: perl_at_FreeBSD.org
          Reporter: gert_at_greenie.muc.de
          Assignee: perl_at_FreeBSD.org
             Flags: maintainer-feedback?(perl_at_FreeBSD.org)

Hi,

upgrading ports/pkgs, and noted this:

New packages to be INSTALLED:
        p5-Authen-NTLM: 1.09_1
        p5-Crypt-SSLeay: 0.72_3
        p5-File-Listing: 6.14
        p5-HTTP-Cookies: 6.10
        p5-HTTP-Negotiate: 6.01_1
        p5-LWP-Protocol-https: 6.10
        p5-Net-HTTP: 6.21
        p5-Try-Tiny: 0.30
        p5-WWW-RobotRules: 6.02_1
        p5-libwww: 6.54

Installed packages to be UPGRADED:
        p5-DBD-mysql: 4.050 -> 4.050_1

so, upgrading p5-DBD-mysql brings in 10 new packages that are not needed
otherwise on the system.  I try to keep my systems as clean as possible, so if
this happens I try to find out why.

The change in p5-DBD-mysql is to enable SSL by default, which activates a
dependency to p5-Crypt-SSLeay - so far, ok.

Now, why does the rest happen?

p5-Crypt-SSLeay has

BUILD_DEPENDS=  p5-LWP-Protocol-https>=6.02:www/p5-LWP-Protocol-https \
                p5-Path-Class>=0.26:devel/p5-Path-Class \
                p5-Try-Tiny>=0.19:lang/p5-Try-Tiny
RUN_DEPENDS=    p5-LWP-Protocol-https>=6.02:www/p5-LWP-Protocol-https

which I find surprising - p5-Crypt-SSLeay used to be a dependency of
LWP::Protocol::https, not "the other way round".

I tried to find a reason in the code ("grep -R ^use work") but as far as I
could see it only mentions LWP::UserAgent in the documentation, and even
mentions that one does not need Crypt::SSLeay anymore(!) to get https support
in LWP - because it was unbundled to LWP::Protocol::https (as a replacement,
not dependency).

I tried to remove the DEPENDS setting, and it seems to build and test same way
as with the dependency...

Long story short - can you please check whether this BUILD_DEPENDS/RUN_DEPENDS
to p5-LWP-Protocol-https is needed anymore?

thanks

-- 
You are receiving this mail because:
You are the assignee for the bug.
Received on Tue May 25 2021 - 06:38:43 UTC

Original text of this message