Page MenuHomeFreeBSD
Differential D3278

security/libressl: Update to 2.2.2
ClosedPublic
Actions

Authored by brnrd on Aug 3 2015, 9:30 AM.
Tags
None
Referenced Files
Unknown Object (File)
Sun, Jan 18, 7:35 AM
Unknown Object (File)
Tue, Jan 13, 2:59 AM
Unknown Object (File)
Dec 7 2025, 9:01 PM
Unknown Object (File)
Dec 4 2025, 6:20 AM
Unknown Object (File)
Dec 2 2025, 2:16 PM
Unknown Object (File)
Nov 23 2025, 2:14 AM
Unknown Object (File)
Nov 22 2025, 8:08 PM
Unknown Object (File)
Nov 22 2025, 5:09 PM
View All Files
Subscribers
antoine
mat

Details

Reviewers
vsevolod
koobs
Summary

Proposed commit log:

security/libressl: Update to 2.2.2

  * Bump SHLIB versions of libssl/crypto/tls
  * Bump OPENSSL_SHLIBVER in bsd.openssl.mk
  * Add UPDATING entry for SHLIB version bump
  * Narrow scope of CONFLICTS (portlint)

Changes: 

  ftp://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.2.2-relnotes.txt

Differential_revision:	D3278
Reviewed by:        koobs (mentor), vsevolod (maintainer, mentor)
Approved by:        koobs (mentor), vsevolod (maintainer, mentor)
Test Plan
  • testport: OK success
  • portlint -AC (removed conflict warning)
% portlint -AC
WARN: Makefile: for new port, make $FreeBSD$ tag in comment section empty, to make SVN happy.
0 fatal errors and 1 warning found.
  • regression-test:
============================================================================
Testsuite summary for libressl 2.2.2
============================================================================
# TOTAL: 50
# PASS:  50
# SKIP:  0
# XFAIL: 0
# FAIL:  0
# XPASS: 0
# ERROR: 0
============================================================================

Diff Detail

Repository
rP FreeBSD ports repository
Lint
No Lint Coverage
Unit
No Test Coverage

Event Timeline

brnrd updated this revision to Diff 7605.Aug 3 2015, 9:30 AM
brnrd retitled this revision from to security/libressl Update to 2.2.2-PRErelease.
brnrd updated this object.
brnrd edited the test plan for this revision. (Show Details)
brnrd added reviewers: koobs, vsevolod.
brnrd updated this revision to Diff 7606.Aug 3 2015, 9:33 AM

Add Mk/bsd.openssl.mk and UPDATING diffs

Herald added a reviewer: portmgr. · View Herald TranscriptAug 3 2015, 9:33 AM
mat added a subscriber: mat.Aug 3 2015, 2:55 PM
mat added inline comments.
UPDATING
18

What's wrong with running either pkg info -r libressl, or if you only want the one really depending on the libs, pkg shlib -r libcrypto.so.34 and such ?

brnrd added inline comments.Aug 3 2015, 7:37 PM
UPDATING
18

Thanks for the suggestion! I borrowed the solution from other UPDATING entries. I'd be happy to change it at minimum to pkg info -r as that's an easy simplification.

The pkg info -r method returns the same list, to replicate the function with pkg shlib I had to resort to

`pkg info -qb libressl | xargs -n1 pkg shlib -qR | sort -u`

since pkg-shlib discards all but the first shlib

mat added inline comments.Aug 3 2015, 7:48 PM
UPDATING
18

pkg shlib does not take more than one argument, so, I'm not sure what you are complaining about.

brnrd edited the test plan for this revision. (Show Details)Aug 3 2015, 9:02 PM
brnrd edited edge metadata.
brnrd edited the test plan for this revision. (Show Details)Aug 4 2015, 9:22 AM
koobs edited edge metadata.Aug 5 2015, 11:57 AM

Can you explain the rationale for updating to a PRE-release?

brnrd added a comment.Aug 5 2015, 2:16 PM
In D3278#66877, @koobs wrote:

Can you explain the rationale for updating to a PRE-release?

Just to elicit early feedback. Like with 2.2.1 I'll update this review with the -RELEASE once that's out there.

UPDATING
18

Just that the command becomes a bit long, that's all. the xargs and sort bother me most.

Will go with pkg info -r

koobs requested changes to this revision.Aug 5 2015, 2:25 PM
koobs edited edge metadata.
koobs added inline comments.
UPDATING
21

Provide user instructions for "how" to do this.

dangling shared library dependencies is not necessarily an easily/obviously understood concept

security/libressl/Makefile
12

No LICENSE_FILE?

24

regression-test: build

security/libressl/pkg-plist
2

Doesn't this and other /etc/ssl/ entries CONFLICT with ca_root_nss?

80

Can you PLIST_SUB+=OPENSSL_SHLIBVER for these?

81

Can you PLIST_SUB+=OPENSSL_SHLIBVER for these?

84

Can you PLIST_SUB+=OPENSSL_SHLIBVER for these?

85

Can you PLIST_SUB+=OPENSSL_SHLIBVER for these?

1546

Doesn't this and other /etc/ssl/ entries CONFLICT with ca_root_nss?

This revision now requires changes to proceed.Aug 5 2015, 2:25 PM
brnrd updated this revision to Diff 7702.Aug 6 2015, 10:09 AM
brnrd edited edge metadata.
brnrd marked 4 inline comments as done.

Update patches for 2.2.2 RELEASE

brnrd retitled this revision from security/libressl Update to 2.2.2-PRErelease to security/libressl Update to 2.2.2.Aug 6 2015, 12:06 PM
brnrd updated this object.
brnrd edited edge metadata.
brnrd edited the test plan for this revision. (Show Details)
koobs added a comment.EditedAug 6 2015, 12:41 PM

Also, for your commit log message:

* Minor update from OpenBSD LibreSSL-portable

This doesnt describe the changeset/revision. No need to describe 'upstream changes' in itemized changes list, just 'port changes. '

* Bumps SHLIB versions of libssl/crypto/tls
* Bumps OPENSSL_SHLIBVER in bsd.openssl.mk

Use "Bump", or "Increment"

* Pet portlint

describe the change, not the kind of change, eg: Blah blah (portlint)

Changes: 

  ftp://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.2.2-relnotes.txt

Is there a http(s) URL available?

brnrd updated this revision to Diff 7707.Aug 6 2015, 2:05 PM
brnrd marked 9 inline comments as done.
brnrd updated this object.

Add LICENSE_FILE, rename test target

security/libressl/pkg-plist
2

Doesn't conflict with ca_root_nss. That installs /etc/ssl/cert.pem as a symlink to /usr/local/share/certs/ca-root-nss.crt

80

That would only be possible for libcrypto as that is what OPENSSL_SHLIBVER is for. That libssl now has version 35 seems to be merely a coincidence, most of the releases these differ, see https://wiki.freebsd.org/LibreSSL#History

brnrd updated this object.Aug 6 2015, 2:12 PM
Changes: 

  ftp://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.2.2-relnotes.txt

Is there a http(s) URL available?

Not that I could find. Not even www.libressl.org supports https!

koobs retitled this revision from security/libressl Update to 2.2.2 to security/libressl: Update to 2.2.2.Aug 6 2015, 2:13 PM
brnrd updated this object.Aug 6 2015, 2:15 PM
koobs requested changes to this revision.Aug 6 2015, 2:18 PM
koobs edited edge metadata.
koobs added inline comments.
security/libressl/pkg-plist
81

Incorrectly marked "Done"

Only mark done if a change was made based on feedback.

Since OPENSSL_SHLIBVER applies to libcrypto, you can use it for these lines (not libssl's)

This revision now requires changes to proceed.Aug 6 2015, 2:18 PM
brnrd updated this revision to Diff 7733.Aug 6 2015, 6:29 PM
brnrd edited edge metadata.
brnrd updated this object.

Make use of the SHLIBVER as defined in bsd.openssl.mk

brnrd updated this object.Aug 6 2015, 6:31 PM
brnrd edited edge metadata.
koobs accepted this revision.Aug 6 2015, 6:39 PM
koobs edited edge metadata.

LGTM, if it still builds (post recent plist change). SHIP IT

vsevolod added inline comments.Aug 6 2015, 6:52 PM
security/libressl/Makefile
21

What's the meaning of this use btw? I'm NOT convinced that libressl should be built merely if OPENSSL_PORT is security/libressl. And by your patch, that's the new behaviour (as you use OPENSSL_SHLIBVER in further). Anyway, I'm not explicitly against this option, just curious and a bit confused.

brnrd added inline comments.Aug 6 2015, 7:09 PM
security/libressl/Makefile
21

This is here solely to get OPENSSL_SHLIBVER defined so it can be used for PLIST_SUB.

I checked for cyclic dependency and haven't found an issue with build/reinstall. If OPENSSL_PORT is set to security/libressl by the user and any port defines USE_OPENSSL=YES isn't the expected behaviour to build LibreSSL?

brnrd mentioned this in rP393666: security/libressl: Update to 2.2.2.Aug 6 2015, 7:13 PM
brnrd removed a reviewer: portmgr.Aug 6 2015, 7:14 PM
This revision is now accepted and ready to land.Aug 6 2015, 7:14 PM
brnrd closed this revision.Aug 6 2015, 7:16 PM

Forgot to remove the _ from Differential_review :'(

antoine added a subscriber: antoine.Aug 6 2015, 7:22 PM

The circular dependency is wrong, WITH_OPENSSL_PORT and OPENSSL_PORT are things people put in make.conf

antoine added a comment.Aug 6 2015, 7:32 PM

With make.conf containing:

WITH_OPENSSL_PORT=yes
OPENSSL_PORT=security/libressl

You get this when building with poudriere:

[00:00:03] ====>> Calculating ports order and dependencies
[00:00:03] ====>> Error: security/libressl incorrectly depends on itself. Please contact maintainer of the port to fix this.
[00:00:03] ====>> Error: Fatal errors encountered calculating dependencies
[00:00:03] ====>> Cleaning up

Revision Contents
Changeset List

PathSize
Mk/
2 lines
15 lines
security/
libressl/
4 lines
4 lines
files/
10 lines
17 lines

Diff 7606

View Options

Mk/bsd.openssl.mk

Loading...
View Options

UPDATING

Loading...
View Options

security/libressl/Makefile

Loading...
View Options

security/libressl/distinfo

Loading...
View Options

security/libressl/files/patch-include_openssl_opensslv.h

Loading...
View Options

security/libressl/pkg-plist

Loading...