[Bug 256140] security/p5-Crypt-SSLeay dependency to p5-LWP-Protocol-https
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 25 May 2021 06:38:43 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=256140 Bug ID: 256140 Summary: security/p5-Crypt-SSLeay dependency to p5-LWP-Protocol-https Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: Individual Port(s) Assignee: perl@FreeBSD.org Reporter: firstname.lastname@example.org Assignee: perl@FreeBSD.org Flags: maintainer-feedback?(perl@FreeBSD.org) Hi, upgrading ports/pkgs, and noted this: New packages to be INSTALLED: p5-Authen-NTLM: 1.09_1 p5-Crypt-SSLeay: 0.72_3 p5-File-Listing: 6.14 p5-HTTP-Cookies: 6.10 p5-HTTP-Negotiate: 6.01_1 p5-LWP-Protocol-https: 6.10 p5-Net-HTTP: 6.21 p5-Try-Tiny: 0.30 p5-WWW-RobotRules: 6.02_1 p5-libwww: 6.54 Installed packages to be UPGRADED: p5-DBD-mysql: 4.050 -> 4.050_1 so, upgrading p5-DBD-mysql brings in 10 new packages that are not needed otherwise on the system. I try to keep my systems as clean as possible, so if this happens I try to find out why. The change in p5-DBD-mysql is to enable SSL by default, which activates a dependency to p5-Crypt-SSLeay - so far, ok. Now, why does the rest happen? p5-Crypt-SSLeay has BUILD_DEPENDS= p5-LWP-Protocol-https>=6.02:www/p5-LWP-Protocol-https \ p5-Path-Class>=0.26:devel/p5-Path-Class \ p5-Try-Tiny>=0.19:lang/p5-Try-Tiny RUN_DEPENDS= p5-LWP-Protocol-https>=6.02:www/p5-LWP-Protocol-https which I find surprising - p5-Crypt-SSLeay used to be a dependency of LWP::Protocol::https, not "the other way round". I tried to find a reason in the code ("grep -R ^use work") but as far as I could see it only mentions LWP::UserAgent in the documentation, and even mentions that one does not need Crypt::SSLeay anymore(!) to get https support in LWP - because it was unbundled to LWP::Protocol::https (as a replacement, not dependency). I tried to remove the DEPENDS setting, and it seems to build and test same way as with the dependency... Long story short - can you please check whether this BUILD_DEPENDS/RUN_DEPENDS to p5-LWP-Protocol-https is needed anymore? thanks -- You are receiving this mail because: You are the assignee for the bug.