Roger Marquis
2008-Apr-17 18:35 UTC
openssldoesn't -overwrite-base again (was: FreeBSD-SA-08:05.openssh)
I'd like to thank the openssh-portable port maintainer/s for preserving the -overwrite-base option. This eases our systems and security update jobs measurably. Unfortunately, openSSL has dropped the -overwrite-base option (again), leaving us with two versions of openssl and some confusion over A) which version of openssl a new port or upgrade (i.e., openssh) will use, and B) how to update systems with openssl-overwrite-base installed. Is there a best practice/recommendation for updating openssl-overwrite-base without having to maintain multiple versions? Roger Marquis Roble Systems Consulting
Roger Marquis
2008-Apr-22 18:14 UTC
openssldoesn't -overwrite-base again (was: FreeBSD-SA-08:05.openssh)
Dirk Meyer wrote:> The -overwrite-base option was only functional on FreeBSD 4.x > With FreeBSD 5.x the libs are spread in /lib and /usr/lib, so > even if the ports overwrite base libs, some tools still use the > old (unpatched) libs from /lib.Couldn't this be addressed simply by removing the old libs, possibly replacing with symlinks, in coordination with the standard/base? We shouldn't need to worry about base applications linked to the old libs anyhow, unless a base app is making unreasonable expectations. Better to fix those bugs in base, IMO, than have multiple versions of key libraries. Roger Marquis