On 10/12/2020 17:15, Greg Troxel wrote:
Rust is a PITA. As someone that does my own local builds for pkgin I have a lot of sympathy for that decision.In this case, it seems you are using old NetBSD and pkgsrc is built against a newer version than 9.0 because there are some bugs ixed that matter tor other things (rust, not apache AFAIK).
I'd expect it to be safe as well. The biggest risk would be if the newer modssl used a symbol that didn't exist in the old library but that would blow up completely at module load time.Also, openssl 1.1.1g really ought to be binary compatible with 1.1.1d. If not that's an openssl bug, and it's a bug in NetBSD that we applied it on the branch. But, my best guest is that it's toally fine.
This is very true in this case. I'm fairly certain at least one of the openssl bugfixes in 9.1 relates to TLS handshake issues that could impact an server offering https.Entirely separately from compat, you should be running recent openssl anyway, as a matter of security best practices.
Mike