Hi all, this is the first time I post to this list. If I am wrong, sorry. I have been trying for three weeks to update openssl-stable, but I cannot beacause of this message: ===> Cleaning for openssl-stable-0.9.7k # # this ports conflicts with your base system # please undefine OPENSSL_OVERWRITE_PORT # and use WITH_OPENSSL_BASE=yes instead. # *** Error code 1 I do not know how to act. Bye Emilio
owner-freebsd-security@freebsd.org <> wrote on Wednesday, October 11, 2006 8:43 AM:> ===> Cleaning for openssl-stable-0.9.7k # # this ports > conflicts with your base system # please undefine > OPENSSL_OVERWRITE_PORT # and use WITH_OPENSSL_BASE=yes instead. # > *** Error code 1Also first post.. Try adding OPENSSL_OVERWRITE_BASE=yes into your /etc/make.conf file, and try again. You can also define that variable at build time, but having it in make.conf keeps it there for future reference. Regards, Martin
Il giorno Wed, 11 Oct 2006 10:07:51 -0400 "Martin Leach" <martin@custard.org> ha scritto:> owner-freebsd-security@freebsd.org <> wrote on Wednesday, October 11, > 2006 8:43 AM: > > > ===> Cleaning for openssl-stable-0.9.7k # # this ports > > conflicts with your base system # please undefine > > OPENSSL_OVERWRITE_PORT # and use WITH_OPENSSL_BASE=yes instead. # > > *** Error code 1 > > Also first post.. > > Try adding OPENSSL_OVERWRITE_BASE=yes into your /etc/make.conf file, > and try again. > You can also define that variable at build time, but having it in > make.conf keeps it there for future reference. > > Regards, > > Martin >Thank you, Martin. That worked. Cheers Emilio
Dirk Meyer a ?crit:> >OPENSSL_OVERWRITE_BASE=yes >sould be used with extreme caution! > >This might break your base application in cases like this, when the baseuses a diffrent api as the ports does.>That's totally true. I was wondering if, to avoid ports problem with openssl (and maybe some over libs/important parts) - because somes refers directly to the openssl base, others to the ports one -, we might try to find a way to have openssl - in future release - in the base system being like a pre-installed port. It will be very hopeful too when security issues are discovered, because instead of patching the system base (and rebuilding the world...) we have only to do a portupgrade... Saving times :) An other interest in doing this, is that the system will be reported unsecure by portaudit... OpenSSH should have the same treatment :) -- Cl?ment Moulin SimpleRezo
Dirk Meyer wrote:>> Try adding OPENSSL_OVERWRITE_BASE=yes into your /etc/make.conf >> file, and try again. You can also define that variable at build >> time, but having it in make.conf keeps it there for future >> reference. > > OPENSSL_OVERWRITE_BASE=yes sould be used with extreme caution!I disagree, never having had a problem with OPENSSL_OVERWRITE_BASE.> This might break your base application in cases like this, when > the base uses a diffrent api as the ports does.That would be a version mis-match, not really related to overwriting the base port. Indeed if you install openssl without OPENSSL_OVERWRITE_BASE you will have two different versions on your your system, which is much more of a sysadmin headache than an easily diagnosed version mismatch. For the same reason I recommend OPENSSH_OVERWRITE_BASE, NO_MAILWRAPPER, NO_SENDMAIL, NO_OPENSSH, NO_OPENSSL, NO_BIND, and PORT_REPLACES_BASE_BIND8 or PORT_REPLACES_BASE_BIND9 as well. OPENSSL_OVERWRITE_BASE should be the default, but consider adding WITH_OPENSSL_097 to prevent automatic incompatible version upgrades. Most of the sites I consult with have stuck with the 0.9.7 branch for compatibility reasons. Is it still the case that 'make *world' cannot parse OPENSSL_OVERWRITE_BASE and requires NO_OPENSSL instead? -- Roger Marquis Roble Systems Consulting http://www.roble.com/