From owner-freebsd-questions@FreeBSD.ORG  Fri Mar  2 22:07:40 2012
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 69A481065675
	for <freebsd-questions@freebsd.org>;
	Fri,  2 Mar 2012 22:07:40 +0000 (UTC) (envelope-from max@mxcrypt.com)
Received: from mail-vx0-f182.google.com (mail-vx0-f182.google.com
	[209.85.220.182])
	by mx1.freebsd.org (Postfix) with ESMTP id 203588FC13
	for <freebsd-questions@freebsd.org>;
	Fri,  2 Mar 2012 22:07:39 +0000 (UTC)
Received: by vcmm1 with SMTP id m1so745179vcm.13
	for <freebsd-questions@freebsd.org>;
	Fri, 02 Mar 2012 14:07:39 -0800 (PST)
Received-SPF: pass (google.com: domain of max@mxcrypt.com designates
	10.52.240.200 as permitted sender) client-ip=10.52.240.200; 
Authentication-Results: mr.google.com;
	spf=pass (google.com: domain of max@mxcrypt.com
	designates 10.52.240.200 as permitted sender)
	smtp.mail=max@mxcrypt.com
Received: from mr.google.com ([10.52.240.200])
	by 10.52.240.200 with SMTP id wc8mr18350213vdc.64.1330726059441
	(num_hops = 1); Fri, 02 Mar 2012 14:07:39 -0800 (PST)
Received: by 10.52.240.200 with SMTP id wc8mr15653235vdc.64.1330726059271;
	Fri, 02 Mar 2012 14:07:39 -0800 (PST)
MIME-Version: 1.0
Received: by 10.220.141.75 with HTTP; Fri, 2 Mar 2012 14:07:09 -0800 (PST)
In-Reply-To: <86fwdqvf2x.fsf@red.stonehenge.com>
References: <86fwdqvf2x.fsf@red.stonehenge.com>
From: Maxim Khitrov <max@mxcrypt.com>
Date: Fri, 2 Mar 2012 17:07:09 -0500
Message-ID: <CAJcQMWe2807i-8Xcb=+R31LKfL-OEyd7eHiLop6Mg6j_m5K_4A@mail.gmail.com>
To: "Randal L. Schwartz" <merlyn@stonehenge.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-Gm-Message-State: ALoCoQnMo0CwR/182k46SOM9L6DVto2c4F1Xz7FygMpn4LVim+8BvIeCz4wfO72JiAOIelwr9bY5
Cc: freebsd-questions@freebsd.org
Subject: Re: openssl from ports
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Mar 2012 22:07:40 -0000

On Fri, Mar 2, 2012 at 5:00 PM, Randal L. Schwartz
<merlyn@stonehenge.com> wrote:
>
> I know openssl is in the core, but the version in FreeBSD 8.2 is
> vulnerable to some recent attacks. =C2=A0(Hmm, I wonder why there hasn't =
been
> an 8.2 update then...)

Which attacks are you referring to?

> I installed the version from ports, which was recently updated, but now
> I'm not sure how to get my other ports to use that port instead of the
> core libraries. =C2=A0Is it sufficient to restart the apps (apache in
> particular), or do I need to recompile things?

You will need to recompile ports that depend on OpenSSL, passing
WITH_OPENSSL_PORT=3D flag to make. My preferred way to do this is to
install ports-mgmt/portconf and use something like this for
/usr/local/etc/ports.conf:

*: WITHOUT_IPV6 | WITHOUT_NLS | WITHOUT_X11 | WITHOUT_GTK | WITH_OPENSSL_PO=
RT

- Max