Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
openssl - update - should cause proper pkg update dep
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Portage & Programming
View previous topic :: View next topic  
Author Message
honeymak
Guru
Guru


Joined: 30 Dec 2002
Posts: 575

PostPosted: Thu Oct 03, 2024 7:59 am    Post subject: openssl - update - should cause proper pkg update dep Reply with quote

just wanted to report here
openssl recently updated from 3.0.0 to 3.3.0

postfix program issued a warning inside the maillog/syslog stating openssl version issue

i mean pls calculate dep with openssl update
i guess i need to rebuild world?? i guess postfix is a smart program stating openssl version while others maybe another leak?

:oops: :roll:
_________________
hackers - make sth real
academics - read sth said to be real
Back to top
View user's profile Send private message
nicop
Tux's lil' helper
Tux's lil' helper


Joined: 10 Apr 2014
Posts: 96

PostPosted: Thu Oct 03, 2024 8:20 am    Post subject: Re: openssl - update - should cause proper pkg update dep Reply with quote

Hello,

This is a common issue due to mismatch versions.

honeymak wrote:

i mean pls calculate dep with openssl update
i guess i need to rebuild world??


Check preserve-libs

Yes, you need an upgrade :
Code:
emerge --ask --verbose --update --deep --changed-use @world


Postfix ebuild do the job :
Quote:
ssl? ( >=dev-libs/openssl-1.1.1:0= )

:0= means that the package must be rebuilt if the sub-slot of the dependency changes.


Last edited by nicop on Thu Oct 03, 2024 8:21 am; edited 1 time in total
Back to top
View user's profile Send private message
freke
Veteran
Veteran


Joined: 23 Jan 2003
Posts: 1029
Location: Somewhere in Denmark

PostPosted: Thu Oct 03, 2024 8:21 am    Post subject: Reply with quote

I encountered similar a long time ago (https://forums.gentoo.org/viewtopic-t-1027632-highlight-openssl+postfix.html) - appearently it's not supposed to trigger rebuild here.
Back to top
View user's profile Send private message
honeymak
Guru
Guru


Joined: 30 Dec 2002
Posts: 575

PostPosted: Thu Oct 03, 2024 8:25 am    Post subject: Re: openssl - update - should cause proper pkg update dep Reply with quote

nicop wrote:
Hello,

This is a common issue due to mismatch versions.

honeymak wrote:

i mean pls calculate dep with openssl update
i guess i need to rebuild world??


Check preserve-libs

Yes, you need an upgrade :
Code:
emerge --ask --verbose --update --deep --changed-use @world


Postfix ebuild do the job :
Quote:
ssl? ( >=dev-libs/openssl-1.1.1:0= )

:0= means that the package must be rebuilt if the sub-slot of the dependency changes.


preserved-rebuild/-libs did NOT catch that
that ebuild thing means 3.0.0 and 3.3.0 works for it. but doesn't mean rebuild
_________________
hackers - make sth real
academics - read sth said to be real
Back to top
View user's profile Send private message
honeymak
Guru
Guru


Joined: 30 Dec 2002
Posts: 575

PostPosted: Thu Oct 03, 2024 8:26 am    Post subject: Reply with quote

freke wrote:
I encountered similar a long time ago (https://forums.gentoo.org/viewtopic-t-1027632-highlight-openssl+postfix.html) - appearently it's not supposed to trigger rebuild here.


that post is very long time ago though

i guess when openssl such a core lib got updated...em...i guess many stuff depends on it....em...i guess a rebuild should be triggered?...wondering :oops: :roll:
_________________
hackers - make sth real
academics - read sth said to be real
Back to top
View user's profile Send private message
nicop
Tux's lil' helper
Tux's lil' helper


Joined: 10 Apr 2014
Posts: 96

PostPosted: Thu Oct 03, 2024 9:27 am    Post subject: Re: openssl - update - should cause proper pkg update dep Reply with quote

OK. So, you know what it is and you know what you have to do :roll:

But, if the changes between 3.0.0 and 3.3.0 do not break postfix, you can ignore the warning in the log.
Back to top
View user's profile Send private message
honeymak
Guru
Guru


Joined: 30 Dec 2002
Posts: 575

PostPosted: Thu Oct 03, 2024 9:29 am    Post subject: Re: openssl - update - should cause proper pkg update dep Reply with quote

nicop wrote:
OK. So, you know what it is and you know what you have to do :roll:

https://devmanual.gentoo.org/general-concepts/dependencies/#slot-operators :
:SLOT= means that only the 'SLOT' slot is acceptable. It otherwise behaves identically to the := operator. That is, the package must be rebuilt if the sub-slot of the dependency changes.

But, if the changes between 3.0.0 and 3.3.0 do not break postfix, you can ignore the warning in the log.


for me, i would update (i mean rebuild) world for safety xp
i don't like warnings either

:roll: :wink:
_________________
hackers - make sth real
academics - read sth said to be real
Back to top
View user's profile Send private message
sam_
Developer
Developer


Joined: 14 Aug 2020
Posts: 1972

PostPosted: Thu Oct 03, 2024 10:06 am    Post subject: Reply with quote

OpenSSL changed its versioning policy with >=3 and now has stable ABI.

Some applications still wrongly have very sensitive runtime checks like what you're seeing -- please file a bug so they can be fixed.
Back to top
View user's profile Send private message
honeymak
Guru
Guru


Joined: 30 Dec 2002
Posts: 575

PostPosted: Thu Oct 03, 2024 10:10 am    Post subject: Reply with quote

sam_ wrote:
OpenSSL changed its versioning policy with >=3 and now has stable ABI.

Some applications still wrongly have very sensitive runtime checks like what you're seeing -- please file a bug so they can be fixed.


file in bugs.gentoo.org? or upstream??
:roll: :oops:
_________________
hackers - make sth real
academics - read sth said to be real
Back to top
View user's profile Send private message
sam_
Developer
Developer


Joined: 14 Aug 2020
Posts: 1972

PostPosted: Thu Oct 03, 2024 10:30 am    Post subject: Reply with quote

Do bugs.gentoo.org first and we can forward it if appropriate after analysing. Be sure to include the logs in full. Thanks.
Back to top
View user's profile Send private message
nicop
Tux's lil' helper
Tux's lil' helper


Joined: 10 Apr 2014
Posts: 96

PostPosted: Thu Oct 03, 2024 10:34 am    Post subject: Reply with quote

Apparently, devs already discussed about that :
https://marc.info/?t=171787657400001

Viktor Dukhovni :
Quote:
While newer minor numbers are compatible, older minor numbers may be
lacking newly introduced functions. We could consider skipping the
warning for 3.x onward, so long as the minor version is not older than
expected.
Back to top
View user's profile Send private message
honeymak
Guru
Guru


Joined: 30 Dec 2002
Posts: 575

PostPosted: Thu Oct 03, 2024 10:58 am    Post subject: Reply with quote

sam_ wrote:
Do bugs.gentoo.org first and we can forward it if appropriate after analysing. Be sure to include the logs in full. Thanks.



https://bugs.gentoo.org/show_bug.cgi?id=940708


report-ed
let's try our best

:oops: :roll: :idea:
_________________
hackers - make sth real
academics - read sth said to be real
Back to top
View user's profile Send private message
honeymak
Guru
Guru


Joined: 30 Dec 2002
Posts: 575

PostPosted: Thu Oct 03, 2024 11:03 am    Post subject: Reply with quote

nicop wrote:
Apparently, devs already discussed about that :
https://marc.info/?t=171787657400001

Viktor Dukhovni :
Quote:
While newer minor numbers are compatible, older minor numbers may be
lacking newly introduced functions. We could consider skipping the
warning for 3.x onward, so long as the minor version is not older than
expected.


em...do u think this is a conclusion? or just general discussion?
auto-rebuild is not expected but did not mention the expected behavior or any leaks or jumps?

btw, if really no rebuild needed then how about any eselect news for general this openssl stuff? other than postfix may not even report this kind of warning msg?

:roll:
_________________
hackers - make sth real
academics - read sth said to be real
Back to top
View user's profile Send private message
sam_
Developer
Developer


Joined: 14 Aug 2020
Posts: 1972

PostPosted: Thu Oct 03, 2024 9:43 pm    Post subject: Reply with quote

But there's no need for a news item because things should be fine, right? There's no expected issues.
Back to top
View user's profile Send private message
honeymak
Guru
Guru


Joined: 30 Dec 2002
Posts: 575

PostPosted: Thu Oct 03, 2024 11:38 pm    Post subject: Reply with quote

sam_ wrote:
But there's no need for a news item because things should be fine, right? There's no expected issues.


for me, i think i will rebuild world anyway

:roll:
_________________
hackers - make sth real
academics - read sth said to be real
Back to top
View user's profile Send private message
Hu
Administrator
Administrator


Joined: 06 Mar 2007
Posts: 22692

PostPosted: Fri Oct 04, 2024 12:31 am    Post subject: Reply with quote

In my opinion, that is a severe overreaction. You have one program generating an overzealous diagnostic. You have multiple well-informed people telling you that the diagnostic is overzealous. It seems likely that you could silence that diagnostic by rebuilding postfix. Many packages in @world are likely unaware of openssl at all, and so cannot be affected by this change.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Portage & Programming All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum