[MacPorts] #55264: libressl @2.5.5: update to 2.6.4

MacPorts noreply at macports.org
Mon Apr 23 15:22:35 UTC 2018


#55264: libressl @2.5.5: update to 2.6.4
-----------------------+----------------------
  Reporter:  l2dy      |      Owner:  jeremyhu
      Type:  update    |     Status:  new
  Priority:  Normal    |  Milestone:
 Component:  ports     |    Version:
Resolution:            |   Keywords:
      Port:  libressl  |
-----------------------+----------------------

Comment (by jeremyhu):

 Replying to [comment:10 janstary]:
 > If we do upgrade, the dependent ports need to be rebuilt, obviously.
 > But that's imho a very weak reason not to upgrade. There are ports
 > that can drop their OpenSSl/LibreSSL patch now. Isn't that the issue we
 have with LibreSSL in general?

 No, I don't think anyone feels that patching is a problem.  The problem is
 that Libressl and OpenSSL are ABI incompatible (heck, OpenSSL is not ABI
 compatible with OpenSSL and ditto for Libressl with itself), and we don't
 have a good solution in place for installing multiple versions.  Combined
 with deep dependencies that make rev-upgrade impossible to solve, this
 makes changing the ABIs quite problematic.
 >
 > The fact that we have not yet figured out the right way for OpenSSL,
 LibreSSL, WolfSSL etc to coexist
 > in general is not a reason to not upgrade: we are no worse off in that
 regard with 2.7.2 than 2.5.5
 > (or any other version of any of the others, for that matter).

 Correct, we're no worse off with 2.7.2 vs 2.5.5 aside from the fact that
 everyone using it will go through tremendous pain trying to rev-upgrade.
 That's what I want to avoid.  I want to make everyone go through that pain
 just one more time (when we fix #54744).

 > As for the libressl and libressl-devel: LibreSSL itself makes no
 distinction between a "stable release"
 > or a "devel releaae". That's entirely ours (i.e. Jeremy's :-).

 That's not entirely true (as pointed out above).  However, one of the
 major reasons for the -devel port has more or less gone away.  For the
 first few years of its life, Libressl was dropping more and more legacy
 APIs between releases, so it made sense to test that out in -devel to
 ensure no major problems and address them before moving to the stable
 port..

 > I undrstand the desire to have the "bleeding edge" separated,
 > so that you can install either the latest or the previous (typically).
 But our libressl is 2.5.5 and our libressl-devel is 2.6.2;
 > that is, they are both behind.

 Yes, because those were the versions in place when #54744 was brought up,
 so we decided to leave them there while someone worked on a solution to
 that problem.  However, nobody has solved that yet, and I haven't had any
 time to devote to it either =/.

 Replying to [comment:14 janstary]:
 > OK, do we agree that figuring out https://trac.macports.org/ticket/54744
 > is not a prerequisity for bumping libressl?
 >
 > If so, can we upgrade to 2.7.2 please?

 I'm happy to bump libressl-devel since more people opt into the rev-
 upgrade pain in using the -devel port.

 > Thanks for the stable/devel correction.
 > According to the homepage, 2.7.2 is the "stable" one now,
 > meaning "what is in the latest OpenBSD release"; there is no "devel"
 release.
 > Would it make more sense then to upgrade libressl (as opposed to
 libressl-devel)?

 No, because I want to avoid inflicting rev-upgrade pain on users of the
 libressl port.

 > Staying with 2.5.5 < 2.7.2, we are really missing out.

 I agree, and hopefully that encourages some folks to take a look at
 #54744, so we can install these ports in parallel and configure which
 libssl is used on a per-port basis.

-- 
Ticket URL: <https://trac.macports.org/ticket/55264#comment:15>
MacPorts <https://www.macports.org/>
Ports system for macOS


More information about the macports-tickets mailing list