Opened 3 years ago

Closed 2 years ago

#55772 closed defect (wontfix)

textmate2 @2.0-rc.4 links with openssl statically

Reported by: ryandesign (Ryan Schmidt) Owned by: neverpanic (Clemens Lang)
Priority: Normal Milestone:
Component: ports Version:
Keywords: Cc:
Port: textmate2

Description

textmate2 @2.0-rc.4 links with openssl's static libraries, so it does not benefit from openssl updates and security fixes until textmate2's revision is increased. It would be better if textmate2 would link with openssl's dynamic libraries so that it receives openssl fixes immediately without needing to be rebuilt.

Change History (3)

comment:1 Changed 3 years ago by neverpanic (Clemens Lang)

Yeah, I noticed that. I'm not sure we should spend time on reversing upstream's deliberate change on that. Fortunately, it seems it only uses libcrypto, not libssl, so it's probably only for encryption and decryption, not for TLS connections.

I don't really want to keep patching textmate2 forever. Ideally, upstream either agrees that they should link dynamically, or we should stop patching it.

comment:2 Changed 3 years ago by ryandesign (Ryan Schmidt)

Well we're not patching it yet. But I intend to look into patching it and discussing it with the developers.

comment:3 Changed 2 years ago by neverpanic (Clemens Lang)

Resolution: wontfix
Status: newclosed

I agree this is suboptimal, but I don't want to spend time patching this against the decisions of upstream.

Note: See TracTickets for help on using tickets.