ports requiring OpenSSL not honouring OpenSSL from ports

Jamie Landeg-Jones jamie at dyslexicfish.net
Sun Apr 27 15:09:03 UTC 2014

One of the first things I do on installing a new machine is install
OpenSSL from ports. I do build with base OpenSSL due to the many programs
that depend on it, but using ports OpenSSL for ports makes things easier
to patch/update.

In the case of Heartbleed, for example, I was able to fix ports OpenSSL
much sooner than base.

In the process, however, I discovered a couple of ports that built against
base even when the port was installed. I was going to supply patches /
notify the maintainers, but first did a check, and discovered that a lot
of current ports do similar.

It turns out that this wasn't a problem specifically, but more generally,
it's possible that someone may think a port has been patched when it hasn't.

Basically what I'm asking: Shouldn't a port that uses OpenSSL *always*
build against the port if it's installed?

I realise this isn't always possible to test, especially if the port Makefile
doesn't have any openSSL configuration options, but I'd like to hear
others opinions on the matter.

[ Not crossposted to ports@ as I'm unsure onbcross-posting etiqurtte, but
  feel free to add them in if appropriate ]


No sig

More information about the freebsd-security mailing list