View previous topic :: View next topic |
Author |
Message |
honeymak Guru
Joined: 30 Dec 2002 Posts: 575
|
Posted: Thu Oct 03, 2024 7:59 am Post subject: openssl - update - should cause proper pkg update dep |
|
|
just wanted to report here
openssl recently updated from 3.0.0 to 3.3.0
postfix program issued a warning inside the maillog/syslog stating openssl version issue
i mean pls calculate dep with openssl update
i guess i need to rebuild world?? i guess postfix is a smart program stating openssl version while others maybe another leak?
_________________ hackers - make sth real
academics - read sth said to be real |
|
Back to top |
|
|
nicop Tux's lil' helper
Joined: 10 Apr 2014 Posts: 96
|
Posted: Thu Oct 03, 2024 8:20 am Post subject: Re: openssl - update - should cause proper pkg update dep |
|
|
Hello,
This is a common issue due to mismatch versions.
honeymak wrote: |
i mean pls calculate dep with openssl update
i guess i need to rebuild world??
|
Check preserve-libs
Yes, you need an upgrade : Code: | emerge --ask --verbose --update --deep --changed-use @world |
Postfix ebuild do the job :
Quote: | ssl? ( >=dev-libs/openssl-1.1.1:0= ) |
:0= means that the package must be rebuilt if the sub-slot of the dependency changes.
Last edited by nicop on Thu Oct 03, 2024 8:21 am; edited 1 time in total |
|
Back to top |
|
|
freke Veteran
Joined: 23 Jan 2003 Posts: 1029 Location: Somewhere in Denmark
|
|
Back to top |
|
|
honeymak Guru
Joined: 30 Dec 2002 Posts: 575
|
Posted: Thu Oct 03, 2024 8:25 am Post subject: Re: openssl - update - should cause proper pkg update dep |
|
|
nicop wrote: | Hello,
This is a common issue due to mismatch versions.
honeymak wrote: |
i mean pls calculate dep with openssl update
i guess i need to rebuild world??
|
Check preserve-libs
Yes, you need an upgrade : Code: | emerge --ask --verbose --update --deep --changed-use @world |
Postfix ebuild do the job :
Quote: | ssl? ( >=dev-libs/openssl-1.1.1:0= ) |
:0= means that the package must be rebuilt if the sub-slot of the dependency changes. |
preserved-rebuild/-libs did NOT catch that
that ebuild thing means 3.0.0 and 3.3.0 works for it. but doesn't mean rebuild _________________ hackers - make sth real
academics - read sth said to be real |
|
Back to top |
|
|
honeymak Guru
Joined: 30 Dec 2002 Posts: 575
|
Posted: Thu Oct 03, 2024 8:26 am Post subject: |
|
|
that post is very long time ago though
i guess when openssl such a core lib got updated...em...i guess many stuff depends on it....em...i guess a rebuild should be triggered?...wondering _________________ hackers - make sth real
academics - read sth said to be real |
|
Back to top |
|
|
nicop Tux's lil' helper
Joined: 10 Apr 2014 Posts: 96
|
Posted: Thu Oct 03, 2024 9:27 am Post subject: Re: openssl - update - should cause proper pkg update dep |
|
|
OK. So, you know what it is and you know what you have to do
But, if the changes between 3.0.0 and 3.3.0 do not break postfix, you can ignore the warning in the log. |
|
Back to top |
|
|
honeymak Guru
Joined: 30 Dec 2002 Posts: 575
|
Posted: Thu Oct 03, 2024 9:29 am Post subject: Re: openssl - update - should cause proper pkg update dep |
|
|
nicop wrote: | OK. So, you know what it is and you know what you have to do
https://devmanual.gentoo.org/general-concepts/dependencies/#slot-operators :
:SLOT= means that only the 'SLOT' slot is acceptable. It otherwise behaves identically to the := operator. That is, the package must be rebuilt if the sub-slot of the dependency changes.
But, if the changes between 3.0.0 and 3.3.0 do not break postfix, you can ignore the warning in the log. |
for me, i would update (i mean rebuild) world for safety xp
i don't like warnings either
_________________ hackers - make sth real
academics - read sth said to be real |
|
Back to top |
|
|
sam_ Developer
Joined: 14 Aug 2020 Posts: 1972
|
Posted: Thu Oct 03, 2024 10:06 am Post subject: |
|
|
OpenSSL changed its versioning policy with >=3 and now has stable ABI.
Some applications still wrongly have very sensitive runtime checks like what you're seeing -- please file a bug so they can be fixed. |
|
Back to top |
|
|
honeymak Guru
Joined: 30 Dec 2002 Posts: 575
|
Posted: Thu Oct 03, 2024 10:10 am Post subject: |
|
|
sam_ wrote: | OpenSSL changed its versioning policy with >=3 and now has stable ABI.
Some applications still wrongly have very sensitive runtime checks like what you're seeing -- please file a bug so they can be fixed. |
file in bugs.gentoo.org? or upstream??
_________________ hackers - make sth real
academics - read sth said to be real |
|
Back to top |
|
|
sam_ Developer
Joined: 14 Aug 2020 Posts: 1972
|
Posted: Thu Oct 03, 2024 10:30 am Post subject: |
|
|
Do bugs.gentoo.org first and we can forward it if appropriate after analysing. Be sure to include the logs in full. Thanks. |
|
Back to top |
|
|
nicop Tux's lil' helper
Joined: 10 Apr 2014 Posts: 96
|
Posted: Thu Oct 03, 2024 10:34 am Post subject: |
|
|
Apparently, devs already discussed about that :
https://marc.info/?t=171787657400001
Viktor Dukhovni :
Quote: | While newer minor numbers are compatible, older minor numbers may be
lacking newly introduced functions. We could consider skipping the
warning for 3.x onward, so long as the minor version is not older than
expected. |
|
|
Back to top |
|
|
honeymak Guru
Joined: 30 Dec 2002 Posts: 575
|
Posted: Thu Oct 03, 2024 10:58 am Post subject: |
|
|
sam_ wrote: | Do bugs.gentoo.org first and we can forward it if appropriate after analysing. Be sure to include the logs in full. Thanks. |
https://bugs.gentoo.org/show_bug.cgi?id=940708
report-ed
let's try our best
_________________ hackers - make sth real
academics - read sth said to be real |
|
Back to top |
|
|
honeymak Guru
Joined: 30 Dec 2002 Posts: 575
|
Posted: Thu Oct 03, 2024 11:03 am Post subject: |
|
|
nicop wrote: | Apparently, devs already discussed about that :
https://marc.info/?t=171787657400001
Viktor Dukhovni :
Quote: | While newer minor numbers are compatible, older minor numbers may be
lacking newly introduced functions. We could consider skipping the
warning for 3.x onward, so long as the minor version is not older than
expected. |
|
em...do u think this is a conclusion? or just general discussion?
auto-rebuild is not expected but did not mention the expected behavior or any leaks or jumps?
btw, if really no rebuild needed then how about any eselect news for general this openssl stuff? other than postfix may not even report this kind of warning msg?
_________________ hackers - make sth real
academics - read sth said to be real |
|
Back to top |
|
|
sam_ Developer
Joined: 14 Aug 2020 Posts: 1972
|
Posted: Thu Oct 03, 2024 9:43 pm Post subject: |
|
|
But there's no need for a news item because things should be fine, right? There's no expected issues. |
|
Back to top |
|
|
honeymak Guru
Joined: 30 Dec 2002 Posts: 575
|
Posted: Thu Oct 03, 2024 11:38 pm Post subject: |
|
|
sam_ wrote: | But there's no need for a news item because things should be fine, right? There's no expected issues. |
for me, i think i will rebuild world anyway
_________________ hackers - make sth real
academics - read sth said to be real |
|
Back to top |
|
|
Hu Administrator
Joined: 06 Mar 2007 Posts: 22691
|
Posted: Fri Oct 04, 2024 12:31 am Post subject: |
|
|
In my opinion, that is a severe overreaction. You have one program generating an overzealous diagnostic. You have multiple well-informed people telling you that the diagnostic is overzealous. It seems likely that you could silence that diagnostic by rebuilding postfix. Many packages in @world are likely unaware of openssl at all, and so cannot be affected by this change. |
|
Back to top |
|
|
|