Re: [gentoo-user] Re: openssl upgrade may miss some needed rebuilds

2016-03-03 Thread Rich Freeman
On Thu, Mar 3, 2016 at 8:05 AM, Håkon Alstadheim wrote: > On 03. mars 2016 12:26, Rich Freeman wrote: >> On Thu, Mar 3, 2016 at 3:15 AM, Håkon Alstadheim >> wrote: >>> Would "revdep-rebuild.sh -i -L "libssl\.so.*" -- -f" before emerging, be >>>

Re: [gentoo-user] Re: openssl upgrade may miss some needed rebuilds

2016-03-03 Thread Håkon Alstadheim
On 03. mars 2016 12:26, Rich Freeman wrote: > On Thu, Mar 3, 2016 at 3:15 AM, Håkon Alstadheim > wrote: >> Would "revdep-rebuild.sh -i -L "libssl\.so.*" -- -f" before emerging, be >> sufficient ? I.e. that should obviate the need for compiling wget with >> gnutls ? >> >

Re: [gentoo-user] Re: openssl upgrade may miss some needed rebuilds

2016-03-03 Thread Rich Freeman
On Thu, Mar 3, 2016 at 3:15 AM, Håkon Alstadheim wrote: > Would "revdep-rebuild.sh -i -L "libssl\.so.*" -- -f" before emerging, be > sufficient ? I.e. that should obviate the need for compiling wget with > gnutls ? > No, and no. The problem is the ABI is silently

Re: [gentoo-user] Re: openssl upgrade may miss some needed rebuilds

2016-03-03 Thread Håkon Alstadheim
Den 02. mars 2016 19:19, skrev »Q«: > On Wed, 2 Mar 2016 10:49:59 -0500 > Rich Freeman wrote: > >> https://forums.gentoo.org/viewtopic-p-7886940.html >> https://bugs.gentoo.org/show_bug.cgi?id=576128 > I had wget with USE="gnutls" already, so I took the plunge yesterday > and

Re: [gentoo-user] Re: openssl upgrade may miss some needed rebuilds

2016-03-02 Thread Adam Carter
FYI for anyone concerned about this latest issue "DROWN" - its only a problem if SSLv2 is enabled. SSLv2 has been broken for a long time, so should be disabled. However, if it is exposed then an attacker can retrieve the private key, and in doing so will be able to also decrypt secure TLS 1.2+

Re: [gentoo-user] Re: openssl upgrade may miss some needed rebuilds

2016-03-02 Thread Rich Freeman
On Wed, Mar 2, 2016 at 2:11 PM, James wrote: > Rich Freeman gentoo.org> writes: > > Excuse me, but I did not criticize anyone. I know. It was really meant to temper my remarks, since email is easy to misconstrue. It wasn't really directed at you, and you did get at

[gentoo-user] Re: openssl upgrade may miss some needed rebuilds

2016-03-02 Thread James
Rich Freeman gentoo.org> writes: > >> They changed ABI without changing SONAME, which is an absolutely > >> braid-dead thing for upstream to do, because it causes exactly this > >> kind of breakage. > > > > H. I've been working on my ebuild and end-o-mentoring quizes:: so in > > that vein,

Re: [gentoo-user] Re: openssl upgrade may miss some needed rebuilds

2016-03-02 Thread Jeremi Piotrowski
On Wed, Mar 2, 2016 at 6:54 PM, Rich Freeman wrote: > Upstream really dropped the ball on this. When I'm updating packages > I certainly don't carefully review all their ABIs and SONAMEs. > Without some kind of automatic QA tool it would be a pretty big > undertaking. I might

[gentoo-user] Re: openssl upgrade may miss some needed rebuilds

2016-03-02 Thread »Q«
On Wed, 2 Mar 2016 10:49:59 -0500 Rich Freeman wrote: > https://forums.gentoo.org/viewtopic-p-7886940.html > https://bugs.gentoo.org/show_bug.cgi?id=576128 I had wget with USE="gnutls" already, so I took the plunge yesterday and followed PolynomialC's instructions at the first

Re: [gentoo-user] Re: openssl upgrade may miss some needed rebuilds

2016-03-02 Thread Rich Freeman
On Wed, Mar 2, 2016 at 11:06 AM, James wrote: > Rich Freeman gentoo.org> writes: > >> They changed ABI without changing SONAME, which is an absolutely >> braid-dead thing for upstream to do, because it causes exactly this >> kind of breakage. > > H. I've been

[gentoo-user] Re: openssl upgrade may miss some needed rebuilds

2016-03-02 Thread James
Rich Freeman gentoo.org> writes: > >> Today's upgrade of openssl to 1.0.2g-r1 may cause some necessary > >> rebuilds to fail due to missing symbol errors. > https://forums.gentoo.org/viewtopic-p-7886940.html > https://bugs.gentoo.org/show_bug.cgi?id=576128 > They changed ABI without changing

Re: [gentoo-user] Re: openssl upgrade may miss some needed rebuilds

2016-03-02 Thread Rich Freeman
On Wed, Mar 2, 2016 at 10:54 AM, Alan McKinnon wrote: > On 02/03/2016 17:49, Rich Freeman wrote: >> https://forums.gentoo.org/viewtopic-p-7886940.html >> https://bugs.gentoo.org/show_bug.cgi?id=576128 >> >> They changed ABI without changing SONAME, which is an absolutely

Re: [gentoo-user] Re: openssl upgrade may miss some needed rebuilds

2016-03-02 Thread Alan McKinnon
On 02/03/2016 17:49, Rich Freeman wrote: > https://forums.gentoo.org/viewtopic-p-7886940.html > https://bugs.gentoo.org/show_bug.cgi?id=576128 > > They changed ABI without changing SONAME, which is an absolutely > braid-dead thing for upstream to do, because it causes exactly this > kind of

Re: [gentoo-user] Re: openssl upgrade may miss some needed rebuilds

2016-03-02 Thread Rich Freeman
On Wed, Mar 2, 2016 at 10:15 AM, Nikos Chantziaras wrote: > On 02/03/16 16:41, walt wrote: >> >> Today's upgrade of openssl to 1.0.2g-r1 may cause some necessary >> rebuilds to fail due to missing symbol errors. >> >> Example: libcurl was broken and caused the rebuilds of

Re: [gentoo-user] Re: openssl upgrade may miss some needed rebuilds

2016-03-02 Thread Todd Goodman
* Nikos Chantziaras [160302 10:16]: > On 02/03/16 16:41, walt wrote: > > Today's upgrade of openssl to 1.0.2g-r1 may cause some necessary > > rebuilds to fail due to missing symbol errors. > > > > Example: libcurl was broken and caused the rebuilds of virtualbox and > > git to

[gentoo-user] Re: openssl upgrade may miss some needed rebuilds

2016-03-02 Thread Nikos Chantziaras
On 02/03/16 16:41, walt wrote: Today's upgrade of openssl to 1.0.2g-r1 may cause some necessary rebuilds to fail due to missing symbol errors. Example: libcurl was broken and caused the rebuilds of virtualbox and git to fail until I forced a rebuild of curl. Any installed package that is