LibreSSL infects ports, causes problems

Michael Gmelin freebsd at grem.de
Thu Apr 9 19:54:28 UTC 2015



> On 09 Apr 2015, at 19:33, Adam McDougall <mcdouga9 at egr.msu.edu> wrote:
> 
>> On 04/09/2015 11:53, Christian Weisgerber wrote:
>> Baptiste Daroussin:
>> 
>>> Some how you have mixed up things between base openssl and libressl, when
>>> starting to activate libressl if you are using ports only you have to be extra
>>> careful, (same goes with ncurses or ports openssl) just installing those ports
>>> is enough to "pollute" nearly anything you build after with a dependency on it
>>> (well anything that does link to libssl, libcrypto)
>> 
>> Well, yes, that's what I said.  It's a bug.
>> 
>>> If it very complicated and
>>> error prone to cherry pick "only take base openssl here, only ports openssl
>>> there" the only "safe" way to solve this situation and being consistent is to
>>> always skip the version from base and enforce the version for ports. (the
>>> otherway around is impossible - very complicated)
>> 
>> And the addition of LibreSSL as a not-quite-equivalent alternative
>> to ports OpenSSL makes this even more complicated.  You can expect
>> things coming out of OpenBSD (like new versions of net/openntpd)
>> to require LibreSSL, because it includes a new library libtls that
>> doesn't exist in OpenSSL.  In the meantime, LibreSSL has removed
>> some of the more horrific APIs of OpenSSL, which means some ports
>> will not build against LibreSSL as is.  Like python27.  Fixes for
>> these problems can be picked from the OpenBSD ports tree, if we
>> want to.
> 
> Many problem reports with patches are filed already just waiting for
> committers and are summarized here: https://wiki.freebsd.org/LibreSSL
> It would be great to get at least the python27 patch committed.

The patches proposed are not sufficient in all cases though.

> _______________________________________________
> freebsd-ports at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ports
> To unsubscribe, send any mail to "freebsd-ports-unsubscribe at freebsd.org"


More information about the freebsd-ports mailing list