From owner-freebsd-questions@FreeBSD.ORG Fri Mar 2 22:12:32 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 75C37106566C for ; Fri, 2 Mar 2012 22:12:32 +0000 (UTC) (envelope-from merlyn@stonehenge.com) Received: from mail.mroute.net (lax-gw12.mailroute.net [199.89.0.112]) by mx1.freebsd.org (Postfix) with ESMTP id 544DE8FC15 for ; Fri, 2 Mar 2012 22:12:31 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by lax-gw12.mroute.net (Postfix) with ESMTP id B7D043270C97; Fri, 2 Mar 2012 22:12:31 +0000 (UTC) X-Virus-Scanned: by MailRoute Received: from red.stonehenge.com (red.stonehenge.com [208.79.95.2]) by lax-gw12.mroute.net (Postfix) with ESMTP id AFD863270BB3; Fri, 2 Mar 2012 22:12:30 +0000 (UTC) Received: by red.stonehenge.com (Postfix, from userid 1001) id 1EC6F1AF1; Fri, 2 Mar 2012 14:12:30 -0800 (PST) From: merlyn@stonehenge.com (Randal L. Schwartz) To: Maxim Khitrov References: <86fwdqvf2x.fsf@red.stonehenge.com> x-mayan-date: Long count = 12.19.19.3.6; tzolkin = 9 Cimi; haab = 14 Kayab Date: Fri, 02 Mar 2012 14:12:29 -0800 In-Reply-To: (Maxim Khitrov's message of "Fri, 2 Mar 2012 17:07:09 -0500") Message-ID: <86booeveia.fsf@red.stonehenge.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Cc: freebsd-questions@freebsd.org Subject: Re: openssl from ports X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Mar 2012 22:12:32 -0000 >>>>> "Maxim" =3D=3D Maxim Khitrov writes: Maxim> On Fri, Mar 2, 2012 at 5:00 PM, Randal L. Schwartz Maxim> wrote: >>=20 >> I know openssl is in the core, but the version in FreeBSD 8.2 is >> vulnerable to some recent attacks. =C2=A0(Hmm, I wonder why there hasn't= been >> an 8.2 update then...) Maxim> Which attacks are you referring to? http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2011-4109 Theoretically, this should have triggered a FreeBSD 8.2 security update, now that I keep thinking about it. Did I miss an announcement in the past few days? >> I installed the version from ports, which was recently updated, but now >> I'm not sure how to get my other ports to use that port instead of the >> core libraries. =C2=A0Is it sufficient to restart the apps (apache in >> particular), or do I need to recompile things? Maxim> You will need to recompile ports that depend on OpenSSL, passing Maxim> WITH_OPENSSL_PORT=3D flag to make. My preferred way to do this is to Maxim> install ports-mgmt/portconf and use something like this for Maxim> /usr/local/etc/ports.conf: Maxim> *: WITHOUT_IPV6 | WITHOUT_NLS | WITHOUT_X11 | WITHOUT_GTK | WITH_OPE= NSSL_PORT Is that the same as setting it in /etc/make.conf ? That's where I have "WITHOUT_X11=3Dyes". And you're gonna regret that WITHOUT_IPV6 in a couple of months. :) (Googling a bit..) Oh, it makes it easier to make it non-universal. Cool. --=20 Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095 Smalltalk/Perl/Unix consulting, Technical writing, Comedy, etc. etc. See http://methodsandmessages.posterous.com/ for Smalltalk discussion