current-users: Re: OpenSSL upgrade does not bump minor version of shared libs

Subject: Re: OpenSSL upgrade does not bump minor version of shared libs
To: Olaf Seibert <rhialto@polderland.nl>
From: Frederick Bruckman <fb@enteract.com>
List: current-users
Date: 04/26/2001 10:18:57

On Thu, 26 Apr 2001, Olaf Seibert wrote:

> The OpenSSL in pkgsrc has been upgraded from 0.9.5 to 0.9.6. Yet the
> shared libraries it installs have the same version number
> (libcrypto.so.1.0 and libssl.so.1.0). Is this correct? Can I just
> replace the old library with the new one (as this non-change implies)?

I think so. When I updated openssl, I tested it by re-installing
binary packages for openssh and lynx, and they both seemed to work OK.

Yes, I know... Pedantically, the major version probably should have
been bumped, because certain symbols were removed from the libraries,
but that would have made it impossible to do what you suggest. Plus,
the next bump should put pkgsrc in sync with the in-tree openssl,
whatever that's worth.

It's also not possible (or not practical) to do the right thing with
libwwwssl, since the libwww package can't easily tell which version of
openssl you are building against (could be in-tree, could be package).
It would also have been thoughtlessly cruel to force every package
that depends on libwww to be rebuilt (and that includes teTeX),
especially since none of them actually makes use of libwwwssl. For the
future, I've modified the libwww package so that only libwwwssl.so.?.?
links in -lssl -lcrypto, so it'll be safe to bump just that one, along
with libssl.so.?.? and libcrypto.so.?.?, next time.

> The specific reason I am asking was because I wanted to
> FORCE_PKG_REGISTER openssl 0.9.6, so that I do not have to deinstall
> sendmail and all the other things that depend on openssl while the
> upgrade process is recompiling them (ap-ssl-2.7.1 lynx-2.8.3.1
> imap-uw-2000.0.3nb1 php-imap-4.0.4.1nb1 imp-2.2.4 openssh-2.5.1p1
> mutt-1.2.5i pine-4.33 links-0.95 and sendmail-8.11.3), a process which I
> expect will take longer than acceptible to have sendmail out of order.
> I only want a new openssh for now...

Well, FORCE_PKG_REGISTER leaves a mess, but you must know that, of
course. I'd recommend that you reinstall the binary packages that you
thoughtfully made and saved when you built and installed the packages.
(Too late?) Current pkg_add also has an option to add (update) an
already installed package, but I'm not sure if that helps you for
pkgsrc builds.

Frederick