Bug 209582 - security/openssl: OPENSSL_SHLIBVER is the same as version in -CURRENT
Summary: security/openssl: OPENSSL_SHLIBVER is the same as version in -CURRENT
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Bernard Spil
URL:
Keywords: needs-patch, needs-qa
Depends on:
Blocks:
 
Reported: 2016-05-17 16:23 UTC by fullermd
Modified: 2016-10-28 21:43 UTC (History)
3 users (show)

See Also:
koobs: maintainer-feedback? (brnrd)
koobs: merge-quarterly?


Attachments
svn diff for security/openssl (1.34 KB, patch)
2016-10-28 19:10 UTC, Bernard Spil
brnrd: maintainer-approval+
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description fullermd 2016-05-17 16:23:33 UTC
-CURRENT has OpenSSL 1.0.2 since r290207 (Oct 2015), which has the same soversion of libcrypto/libssl as the port (was never bumped from 8 when it was updated to 1.0.2), so causes some odd visible breakage (and potentially worse invisible).

Additionally, the port makefile checks that the base version isn't greater than the port version; it should probably check >= to catch these cases too...
Comment 1 Dirk Meyer freebsd_committer 2016-05-26 19:58:29 UTC
As far as I know OpenSSL in the base of FreeBSD -CURRENT will be moved,
so no port will link to it in the future.

The next soversion bump is scheduled for OpneSSL 1.1.0

bsd.openssl.mk sets rpath ( -Wl,-rpath,/usr/local/lib ),
to handle the case if the soversion is the same.

unless the build system of a port ignores that.

OpenSSL 1.0.2 in base and Port should be binary compatible.
Do you have any evidence where this goes wrong?
Comment 2 fullermd 2016-05-27 23:22:07 UTC
They're actually not binary compatible, since the port has at least MD2 enabled, but base doesn't.  This shows up building emulators/virtualbox-ose, which blows up linking being unable to find MD2 bits.  Presumably configuring itself against the headers from the ports install, but finally trying to link to base.

kBuild: Linking VBoxExtPackHelperApp
/usr/ports.work/usr/ports/emulators/virtualbox-ose/work/VirtualBox-4.3.38/out/freebsd.amd64/release/bin/VBoxRT.so: undefined reference to `MD2_Final'
/usr/ports.work/usr/ports/emulators/virtualbox-ose/work/VirtualBox-4.3.38/out/freebsd.amd64/release/bin/VBoxRT.so: undefined reference to `MD2_Update'
/usr/ports.work/usr/ports/emulators/virtualbox-ose/work/VirtualBox-4.3.38/out/freebsd.amd64/release/bin/VBoxRT.so: undefined reference to `MD2_Init'
c++: error: linker command failed with exit code 1 (use -v to see invocation)
kmk: *** [/usr/ports.work/usr/ports/emulators/virtualbox-ose/work/VirtualBox-4.3.38/out/freebsd.amd64/release/obj/VBoxExtPackHelperApp/VBoxExtPackHelperApp] Error 1
The failing command:
@c++               '-Wl,-rpath,/usr/local/lib/virtualbox'   -m64   -o /usr/ports.work/usr/ports/emulators/virtualbox-ose/work/VirtualBox-4.3.38/out/freebsd.amd64/release/obj/VBoxExtPackHelperApp/VBoxExtPackHelperApp /usr/ports.work/usr/ports/emulators/virtualbox-ose/work/VirtualBox-4.3.38/out/freebsd.amd64/release/obj/VBoxExtPackHelperApp/src-helper-apps/VBoxExtPackHelperApp.o /usr/ports.work/usr/ports/emulators/virtualbox-ose/work/VirtualBox-4.3.38/out/freebsd.amd64/release/obj/VBoxExtPackHelperApp/src-all/ExtPackUtil.o   -L/usr/local/lib   /usr/ports.work/usr/ports/emulators/virtualbox-ose/work/VirtualBox-4.3.38/out/freebsd.amd64/release/bin/VBoxRT.so 



(this case at least is obvious; I'm a lot more concerned about things that might silently "work"...)
Comment 3 fullermd 2016-06-04 18:34:28 UTC
Another that goes wonky in even weirder ways: net/ntp.

/usr/local/sbin/ntpd:
        libcrypto.so.8 => /usr/local/lib/libcrypto.so.8 (0x800e00000)
        libssl.so.8 => /usr/lib/libssl.so.8 (0x801c62000)

/usr/local/sbin/ntptime:
        libcrypto.so.8 => /lib/libcrypto.so.8 (0x801a00000)
        libssl.so.8 => /usr/lib/libssl.so.8 (0x801640000)


Even if theoretically ports should be doing tricksy overrides to always look in the right direction, I think in practice having the same shlibver is playing with a pretty big fire.  Especially on something so security-central.
Comment 4 Bryan Drewery freebsd_committer 2016-06-14 16:45:41 UTC
(In reply to Dirk Meyer from comment #1)
> As far as I know OpenSSL in the base of FreeBSD -CURRENT will be moved,
> so no port will link to it in the future.

It's still public/exposed for 11.0
Comment 5 Dirk Meyer freebsd_committer 2016-09-25 16:23:10 UTC
no longer MAINTAINER
Comment 6 Mathieu Arnold freebsd_committer 2016-10-27 16:42:01 UTC
TL;DR: you need to bump devel/openssl's .so version (8 -> 9)
Comment 7 Bernard Spil freebsd_committer 2016-10-28 19:10:18 UTC
Created attachment 176252 [details]
svn diff for security/openssl

Bump shlib-version of
  security/openssl
  security/openssl-devel

Document shlib-version bump in UPDATING
Comment 8 commit-hook freebsd_committer 2016-10-28 19:49:30 UTC
A commit references this bug:

Author: brnrd
Date: Fri Oct 28 19:49:18 UTC 2016
New revision: 424878
URL: https://svnweb.freebsd.org/changeset/ports/424878

Log:
  security/openssl: Bump shared library version

    - Bump shlib version for security/openssl
    - Bump shlib version for security/openssl-devel
    - Add instructions to UPDATING

  PR:		209582
  Reported by:	Matthew D. Fuller <fullermd@over-yonder.net>
  MFH:		2016Q4

Changes:
  head/UPDATING
  head/security/openssl/version.mk
  head/security/openssl-devel/version.mk
Comment 9 commit-hook freebsd_committer 2016-10-28 20:06:33 UTC
A commit references this bug:

Author: brnrd
Date: Fri Oct 28 20:05:49 UTC 2016
New revision: 424879
URL: https://svnweb.freebsd.org/changeset/ports/424879

Log:
  security/openssl: Bump PORTREVISION

    - Make sure ports get rebuilt

  PR:		209582
  Reported by:	mat

Changes:
  head/security/openssl/Makefile
  head/security/openssl-devel/Makefile
Comment 10 commit-hook freebsd_committer 2016-10-28 21:43:45 UTC
A commit references this bug:

Author: brnrd
Date: Fri Oct 28 21:43:03 UTC 2016
New revision: 424886
URL: https://svnweb.freebsd.org/changeset/ports/424886

Log:
  MFH: r424878 r424879

  security/openssl: Bump shared library version

    - Bump shlib version for security/openssl
    - Bump shlib version for security/openssl-devel
    - Bump PORTREVISION
    - Add instructions to UPDATING

  PR:		209582
  Reported by:	Matthew D. Fuller <fullermd@over-yonder.net>, mat
  Approved by:	ports-secteam (feld)

Changes:
_U  branches/2016Q4/
  branches/2016Q4/UPDATING
  branches/2016Q4/security/openssl/Makefile
  branches/2016Q4/security/openssl/version.mk
  branches/2016Q4/security/openssl-devel/Makefile
  branches/2016Q4/security/openssl-devel/version.mk