SA-04:05 single patch && problem

Jacques A. Vidrine nectar at
Wed Apr 14 10:56:04 PDT 2004

On Wed, Apr 14, 2004 at 05:49:25PM +0000, Bjoern A. Zeeb wrote:
> Hi,
> when applying the patch from SA-04:05[1] and re-building changed parts
> of the base system  opensslv.h does not get altered with the update
> like it did with the commits to the various branches [2].

Often the patch file will have changes to version strings elided
in order to facilitate actual patching.

> [1]
> [2] p.ex.
> now doing a string compare on p.ex. "0.9.7a-p1" which
> will fail.  Thus ports that set USE_OPENSSL will depend on the
> openssl package.
> This logic is broken as the base system is patched and the openssl
> package is not needed.

Put USE_OPENSSL_BASE=yes in /etc/make.conf to defeat's

> So the SA patches should also update the version strings in headers

In general, this will be avoided.

> - or more general commit the same parts (only) that get published
> as single patches 

Providing patches really serves a different purpose than what you
want.  It is provided (a) to illustrate the actual problem; (b) to
allow people who ``know what they are doing'' to patch their systems,
even if they are running something quite different from stock FreeBSD.

> (or even better the other way round: should publish
> a complete single patch from what got previously committed).

Since actual patches are in CVS, it makes little sense to duplicate
them on the FTP site.

> What short term solutions are there for people building ports
> [ I do not really like any of those ] ?
> - setting USE_OPENSSL_BASE=yes seems to be a possible workaround
>   forcing the version of the base system and not the port to be used.

> - patching the header file by hand is not a real solution but should
>   work too.
> - would it be possible to make the check in somehow
>   more intelligent to better detect a patched version ?
> - ... ?

Use CVSup, CVS, or cvsweb to update your local files if you want to
track security branches.

Jacques Vidrine / nectar at / jvidrine at / nectar at

More information about the freebsd-ports mailing list