From owner-freebsd-security@FreeBSD.ORG Sat Apr 17 16:12:43 2010 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4AB7D1065672 for ; Sat, 17 Apr 2010 16:12:43 +0000 (UTC) (envelope-from apseudoutopia@gmail.com) Received: from mail-ww0-f54.google.com (mail-ww0-f54.google.com [74.125.82.54]) by mx1.freebsd.org (Postfix) with ESMTP id D3F938FC1A for ; Sat, 17 Apr 2010 16:12:42 +0000 (UTC) Received: by wwa36 with SMTP id 36so2189309wwa.13 for ; Sat, 17 Apr 2010 09:12:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:received:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=Nvx1+1JetMBUelK3AK6OORdRPY279SqLtRLlOSYLO18=; b=fwyvoaeuU6fLotY1kW7HTy5JaL+028tZJLgRUf4lom1KrqMa52QZNRs/OzphC8Fkzs X3BGibp0EoPgSK7nZxkklGgZ7/SaM793RHu1luJcYuKGcQNi64lMPDEWMPa34ySmG6HL 8MwAZ4914nNetvQLZoVdRYmsMlugqGAia6c2Q= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=New2q15eMCcN0id+9fAIFMfBNKgpyK0gtZ9fi/l6nyvaFHNHIejCNMAlXV/ZYFz/da l3P8FSHHWO6XlzGs49duEBLheEq/WyJDks36xAi6+1hbQrC4iUw1MqkXqT7LLp+4QQiK ge5uil5RZ26YKuX7rNbu19EQKrsY4HwKi53v4= MIME-Version: 1.0 Received: by 10.216.220.219 with HTTP; Sat, 17 Apr 2010 08:12:03 -0700 (PDT) In-Reply-To: <1849729321.700021271515794985.JavaMail.root@mail-01.cse.ucsc.edu> References: <1849729321.700021271515794985.JavaMail.root@mail-01.cse.ucsc.edu> Date: Sat, 17 Apr 2010 11:12:03 -0400 Received: by 10.216.174.129 with SMTP id x1mr2014015wel.140.1271517123721; Sat, 17 Apr 2010 08:12:03 -0700 (PDT) Message-ID: From: APseudoUtopia To: Tim Gustafson Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Cc: freebsd-security@freebsd.org Subject: Re: OpenSSL 0.9.8k -> 0.9.8l X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 Apr 2010 16:12:43 -0000 On Sat, Apr 17, 2010 at 10:49 AM, Tim Gustafson wrote: > Hi, > > I run a few web servers with need to be PCI compliant. =C2=A0Apparently t= here's a problem with OpenSSL 0.9.8k that requires us to upgrade to 0.9.8l = for us to maintain our compliance level. > > I've csup'd to RELENG_8_0 and did a build/install cycle and OpenSSL is st= ill at 0.9.8k. =C2=A0Using RELENG_8 isn't really an option for me because t= he last I upgraded to that level, ipfw was broken and I'm not sure that the= problem with ipfw has been fixed (Luigi tells me that it has, but I haven'= t had time to test it yet). > > Is there any movement to patch RELENG_8_0 with OpenSSL 0.9.8l? =C2=A0Or w= ill I be stuck with 0.9.8k until I move to RELENG_8? > > Tim Gustafson This isn't an answer to your question, but you could always use OpenSSL from the ports tree. http://www.freebsd.org/cgi/cvsweb.cgi/ports/security/openssl/ It's at version 1.0.0.