Rebuild ports statically linked to libcrypto(3)

Dmitry Marakasov amdmi3 at mail.ru
Thu Sep 7 11:11:06 PDT 2006


* Dominique Goncalves (dominique.goncalves at gmail.com) wrote:
> According to Security Advisories SA-06:19 about OpenSSL, we need to
> rebuild ports which are statically linked to libcrypto(3).
> 
> Is there a magic command to rebuild these ports ?

No magic command, but this seems pretty reliable for me:

for port in `pkg_info -oaq`; do
	grep OPENSSL /usr/ports/$port/Makefile >/dev/null &&
		echo $port;
done

This will list all ports that use OPENSSL, and no need to search for
executables/libs linked with libcrypto dynamically or statically.

So you may consider this as `magic command', but I prefer to do such
updates by hand, just to be sure everything is updated:

for port in `pkg_info -oaq`; do 
        grep OPENSSL /usr/ports/$port/Makefile >/dev/null && 
                pkg_info -qO $port;
done | xargs portupgrade -fr

Note, that this will not only rebuild packages using OPENSSL, but also
all package that depend on these. That catches double statical linking,
i.e. libfoo.a is statically linked with libcrypto, and some other port
is linked with libfoo.a statically, thus incluning openssl code.

-- 
Best regards,
 Dmitry                          mailto:amdmi3 at mail.ru


More information about the freebsd-ports mailing list