From owner-freebsd-ports Mon Mar 24 8:20:24 2003 Delivered-To: freebsd-ports@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DF62237B410 for ; Mon, 24 Mar 2003 08:20:18 -0800 (PST) Received: from net2.dinoex.sub.org (net2.dinoex.de [212.184.201.182]) by mx1.FreeBSD.org (Postfix) with ESMTP id 315F743F75 for ; Mon, 24 Mar 2003 08:20:17 -0800 (PST) (envelope-from dirk.meyer@dinoex.sub.org) Received: from net2.dinoex.sub.org (dinoex@net2.dinoex.de [212.184.201.182]) by net2.dinoex.sub.org (8.12.8/8.12.8) with ESMTP id h2OGK8hG025147 for ; Mon, 24 Mar 2003 17:20:10 +0100 (CET) (envelope-from dirk.meyer@dinoex.sub.org) X-MDaemon-Deliver-To: X-Authentication-Warning: net2.dinoex.sub.org: Host dinoex@net2.dinoex.de [212.184.201.182] claimed to be net2.dinoex.sub.org Received: from gate.dinoex.sub.org (dinoex@localhost) by net2.dinoex.sub.org (8.12.8/8.12.8/Submit) with BSMTP id h2OGK6Jm025133 for ; Mon, 24 Mar 2003 17:20:06 +0100 (CET) (envelope-from dirk.meyer@dinoex.sub.org) To: freebsd-ports@FreeBSD.ORG Message-ID: From: dirk.meyer@dinoex.sub.org (Dirk Meyer) Organization: privat Subject: Re: /usr/ports/Mk/bsd.port.mk Date: Mon, 24 Mar 2003 17:16:48 +0100 X-Mailer: Dinoex 1.79 References: X-Gateway: ZCONNECT gate.dinoex.sub.org [UNIX/Connect 0.94] X-Accept-Language: de,en X-PGP-Fingerprint: 44 16 EC 0A D3 3A 4F 28 8A 8A 47 93 F1 CF 2F 12 X-Noad: Please don't send me ad's by mail. I'm bored by this type of mail. X-Copyright: (C) Copyright 2001 by Dirk Meyer -- All rights reserved. X-Note: sending SPAM is a violation of both german and US law and will at least trigger a complaint at your provider's postmaster. X-PGP-Key-Avail: mailto:pgp-public-keys@keys.de.pgp.net Subject:GET 0x331CDA5D X-No-Archive: yes X-ZC-VIA: 20030324000000W+1@dinoex.sub.org X-Spam-Status: No, hits=-9.0 required=5.0 tests=BAD_HELO_WARNING,QUOTED_EMAIL_TEXT,REFERENCES, X_AUTH_WARNING autolearn=ham version=2.50 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 2.50 (1.173-2003-02-20-exp) Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Nathan Gardner schrieb:, > So if someone were to upgrade their system > from the ports collection (say there was a new version of OpenSSL > released, like there is every few months it seems) the ports > collection still tries to use the one in /usr and doesn't look at the > new by default. yes this is hardcoded in bsd.port.mk I offered to fix this back in June 2002: http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/39054 > While it is the responsibility of administrators to be aware of the > versions of their libraries, because the ports collection doesn't look > for new versions in the places that it installs them, there is a > chance of someone installing a new version of OpenSSL (for example) > when an exploit comes out, recompiling everything as directed, and > thinking everything is fixed, while in actuality their recompile > didn't make use of the new libraries, and they are still vulnerable. ports that want this feature can do this by: Remove the line: USE_OPENSSL=yes and add later (after bsd.pre.mk): .include "${PORTSDIR}/security/openssl/Makefile.ssl" unless someone approves any change to bsd.port.mk. kind regards Dirk - Dirk Meyer, Im Grund 4, 34317 Habichtswald, Germany - [dirk.meyer@dinoex.sub.org],[dirk.meyer@guug.de],[dinoex@FreeBSD.org] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message