tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

RE: libressl status



> From: Edgar Fuß
> Sent: Tuesday, April 07, 2015 5:02 AM
>
> The downside of this approach is that it renders nss_ldap and pam-ldap
> unusuable. If your (base) sshd is linked against base libcrypto and then
> pulls in nss_ldap/pam-ldap, openldap-client and openssl, all from pkgsrc,
> you have one binary with two libcrypto's, making sshd crash.

Hmm, transitive dependency issues was one of the things leading Gentoo
towards allowing only one of either openssl or libressl to be installed. For
pkgsrc, even if libressl is installed in a separate prefix, it is still
going to have a transitive dependency issue during dynamic linking, where if
package A uses libressl and library B, and library B uses openssl, library B
will end up using the symbols exported by libressl and possibly breaking
horribly :(. Or, given they are fairly compatible in terms of symbol
namespace, possibly appearing to work but having a security issue or
corruption or some other failure other than simple crash.




Home | Main Index | Thread Index | Old Index