Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 02 Mar 2012 14:12:29 -0800
From:      merlyn@stonehenge.com (Randal L. Schwartz)
To:        Maxim Khitrov <max@mxcrypt.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: openssl from ports
Message-ID:  <86booeveia.fsf@red.stonehenge.com>
In-Reply-To: <CAJcQMWe2807i-8Xcb=%2BR31LKfL-OEyd7eHiLop6Mg6j_m5K_4A@mail.gmail.com> (Maxim Khitrov's message of "Fri, 2 Mar 2012 17:07:09 -0500")
References:  <86fwdqvf2x.fsf@red.stonehenge.com> <CAJcQMWe2807i-8Xcb=%2BR31LKfL-OEyd7eHiLop6Mg6j_m5K_4A@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
>>>>> "Maxim" =3D=3D Maxim Khitrov <max@mxcrypt.com> writes:

Maxim> On Fri, Mar 2, 2012 at 5:00 PM, Randal L. Schwartz
Maxim> <merlyn@stonehenge.com> wrote:
>>=20
>> I know openssl is in the core, but the version in FreeBSD 8.2 is
>> vulnerable to some recent attacks. =C2=A0(Hmm, I wonder why there hasn't=
 been
>> an 8.2 update then...)

Maxim> Which attacks are you referring to?

http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2011-4109

Theoretically, this should have triggered a FreeBSD 8.2 security update,
now that I keep thinking about it.  Did I miss an announcement in the
past few days?

>> I installed the version from ports, which was recently updated, but now
>> I'm not sure how to get my other ports to use that port instead of the
>> core libraries. =C2=A0Is it sufficient to restart the apps (apache in
>> particular), or do I need to recompile things?

Maxim> You will need to recompile ports that depend on OpenSSL, passing
Maxim> WITH_OPENSSL_PORT=3D flag to make. My preferred way to do this is to
Maxim> install ports-mgmt/portconf and use something like this for
Maxim> /usr/local/etc/ports.conf:

Maxim> *: WITHOUT_IPV6 | WITHOUT_NLS | WITHOUT_X11 | WITHOUT_GTK | WITH_OPE=
NSSL_PORT

Is that the same as setting it in /etc/make.conf ? That's where I have
"WITHOUT_X11=3Dyes".  And you're gonna regret that WITHOUT_IPV6 in a
couple of months. :)

(Googling a bit..)

Oh, it makes it easier to make it non-universal.  Cool.

--=20
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<merlyn@stonehenge.com> <URL:http://www.stonehenge.com/merlyn/>;
Smalltalk/Perl/Unix consulting, Technical writing, Comedy, etc. etc.
See http://methodsandmessages.posterous.com/ for Smalltalk discussion

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86booeveia.fsf>