upgraded perl from perl5.18 to perl5.24 having issues

tony33

tony33

Hi, I upgraded perl and now p5-Net-SSLeay is not installing. I had this working under perl5.18 and perl5.16 which I had before and it was working perfectly. I had p5-Net-SSLeay installed before but it stopped working after the upgrade to v 24. I deleted it and tried to reinstall it but I get errors. The error message says that file SSLeay.so doesn't exist. How can I have the installation create this file?
 
If that didn't work, now we need some more information such as the output of uname -a and the port build error(s).
This might or might not work, but try removing the ports and install the packages using pkg(7).
 
Both 5.22 and 5.24 killed off some important old Perl 5 behaviour, so many old scripts and modules will fail when upgrading, if they have not been appropriately modified to use newer behaviour. See the perldelta for each release for details, there's a long list of incompatibilities and deprecations for 5.22.0 and 5.24.0. 5.20 also had similar, but it's been out for long enough that most modules caught up with it a while ago.

5.24 is very recent, and not something I would particularly recommend for production use at this point in time, simply because it is very rare for a Perl installation to exist without a large number of extra modules, and it takes time for the modules to become stable on a new stable release of the core. 5.22 is somewhere between the two, as you would expect, not quite "so old that everything now works, if the module hasn't been completely abandoned", but no longer "bleeding edge, with lots of broken stuff". All of the most popular stuff should now generally be good on 5.22, but you could easily run into the odd module which is still in need of an update.

Either 5.20 or 5.22 are the safer options, but be aware that they (inappropriately and unnecessarily, in my opinion) euthanised CGI.pm in 5.22, which may cause significant problems for many web-related scripts.

5.20 is still the FreeBSD default version (defined in Mk/bsd.default-versions.mk). 5.20 in ports is patched for the latest (not actually all that important, or urgent, for many use cases, in my opinion) CVE.

You are correct in wanting to migrate forwards from 5.18, as it's really getting to be "too old" now.
 
Murph said:
Both 5.22 and 5.24 killed off some important old Perl 5 behaviour, so many old scripts and modules will fail when upgrading, if they have not been appropriately modified to use newer behaviour. See the perldelta for each release for details, there's a long list of incompatibilities and deprecations for 5.22.0 and 5.24.0. 5.20 also had similar, but it's been out for long enough that most modules caught up with it a while ago.

5.24 is very recent, and not something I would particularly recommend for production use at this point in time, simply because it is very rare for a Perl installation to exist without a large number of extra modules, and it takes time for the modules to become stable on a new stable release of the core. 5.22 is somewhere between the two, as you would expect, not quite "so old that everything now works, if the module hasn't been completely abandoned", but no longer "bleeding edge, with lots of broken stuff". All of the most popular stuff should now generally be good on 5.22, but you could easily run into the odd module which is still in need of an update.

Either 5.20 or 5.22 are the safer options, but be aware that they (inappropriately and unnecessarily, in my opinion) euthanised CGI.pm in 5.22, which may cause significant problems for many web-related scripts.

5.20 is still the FreeBSD default version (defined in Mk/bsd.default-versions.mk). 5.20 in ports is patched for the latest (not actually all that important, or urgent, for many use cases, in my opinion) CVE.

You are correct in wanting to migrate forwards from 5.18, as it's really getting to be "too old" now.
Click to expand...
The only reason I want to use perl5.24 is just to avoid having to keep updating stuff every month. I recently upgraded freebsd 10.2 to 10.3 in May 2016. There's a Freebsd 11 coming out in Sep. Again I own a couple websites and use freebsd on a server and really want to just focus on working on my website rather than keep worrying about security issues with software and doing upgrades or updates for the server.

So, I want to update everything and get it done now and be able to wait a couple of years to do an update or upgrade again.
 
tony33 said:
The only reason I want to use perl5.24 is just to avoid having to keep updating stuff every month. I recently upgraded freebsd 10.2 to 10.3 in May 2016. There's a Freebsd 11 coming out in Sep. Again I own a couple websites and use freebsd on a server and really want to just focus on working on my website rather than keep worrying about security issues with software and doing upgrades or updates for the server.

So, I want to update everything and get it done now and be able to wait a couple of years to do an update or upgrade again.
Click to expand...

11.0 and Perl 5.24 will not experience security issues and receive updates any slower than 10.3 and Perl 5.20 or 5.22. If anything, there may be more frequent important updates for the newer versions, until they properly mature.

It would most certainly be a very bad idea to plan on running 11.0 and Perl 5.24 for "a couple of years" without updates. Both of them are almost certain to have published security vulnerabilities long before that time.

As far as FreeBSD versions go, you are good through to April 2018 with 10.3, although there will be the usual steady stream of security and errata updates to react to discovered issues. 11.0 will probably be end-of-life before then.
 
Murph said:
Either 5.20 or 5.22 are the safer options, but be aware that they (inappropriately and unnecessarily, in my opinion) euthanised CGI.pm in 5.22, which may cause significant problems for many web-related scripts.

5.20 is still the FreeBSD default version (defined in Mk/bsd.default-versions.mk). 5.20 in ports is patched for the latest (not actually all that important, or urgent, for many use cases, in my opinion) CVE.
Click to expand...

I wouldn't recommend you recommending those perl versions, please see this thread.
 
youngunix said:
I wouldn't recommend you recommending those perl versions, please see this thread.
Click to expand...

I stand by everything I have said here. There's nothing at all in that thread to suggest that 5.22 should not be used. As for 5.20, it is still the default version for FreeBSD ports, and still very much a valid choice today.
 
Some confusion perhaps,
We "officially" support the two most recent stable release series. 5.20.x and earlier are now out of support. As of the release of 5.26.0, we will "officially" end support for Perl 5.22.x, other than providing security updates as described below.
Click to expand...
Perl 5.26 however hasn't been released yet. Which means 5.22 is still supported.

With or without the release of 5.26, there's still:
To the best of our ability, we will provide "critical" security patches / releases for any major version of Perl whose 5.x.0 release was within the past three years. We can only commit to providing these for the most recent .y release in any 5.x.y series.
Click to expand...
Perl 5.20 was released in May 2014. Which means they'll provide security updates at least until May 2017 or the release of 5.26 (which ever comes first).
 
SirDice said:
Some confusion perhaps,

Perl 5.26 however hasn't been released yet. Which means 5.22 is still supported.

With or without the release of 5.26, there's still:

Perl 5.20 was released in May 2014. Which means they'll provide security updates at least until May 2017 or the release of 5.26 (which ever comes first).
Click to expand...
Perl 5.20 still has a lingering vulnerability and I don't think it's a good idea to add the worry of a problematic version to the development cycle. However, everyone is free to use whatever they like as long as they know what they are doing. For instance, I've seen a lot of threads (here and else where) where users are complaining about their -RELEASE having issues with packages, configuration, etc. But it turns out they were unaware that the -RELEASE has already reached the EOL.
Security patches won't always come in time, because the devs are busy working on the next release(s).
 
youngunix said:
Perl 5.20 still has a lingering vulnerability…
Click to expand...
If you mean CVE-2016-1238 or CVE-2016-6185, FreeBSD's lang/perl5.18 and lang/perl5.20 include fixes for both of those, and the vulnerabilities were essentially a non-issue for a great many use cases.

In the commercial world, ActiveState provide support all the way back to Perl 5.8. Apple still support 5.18 on OS X 10.10. I don't feel like digging out all of the other examples, but I'm confident that you will find plenty of cases of 5.20 and older being supported by various commercial Unix and Linux vendors.
 
You must log in or register to reply here.
Back
Top