Date: Mon, 24 Mar 2003 17:16:48 +0100 From: dirk.meyer@dinoex.sub.org (Dirk Meyer) To: freebsd-ports@FreeBSD.ORG Subject: Re: /usr/ports/Mk/bsd.port.mk Message-ID: <MkVZt3TMh4@dmeyer.dinoex.sub.org> References: <Pine.LNX.4.53.0303240725110.20406@blueberry.inwa.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Nathan Gardner schrieb:, > So if someone were to upgrade their system > from the ports collection (say there was a new version of OpenSSL > released, like there is every few months it seems) the ports > collection still tries to use the one in /usr and doesn't look at the > new by default. yes this is hardcoded in bsd.port.mk I offered to fix this back in June 2002: http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/39054 > While it is the responsibility of administrators to be aware of the > versions of their libraries, because the ports collection doesn't look > for new versions in the places that it installs them, there is a > chance of someone installing a new version of OpenSSL (for example) > when an exploit comes out, recompiling everything as directed, and > thinking everything is fixed, while in actuality their recompile > didn't make use of the new libraries, and they are still vulnerable. ports that want this feature can do this by: Remove the line: USE_OPENSSL=yes and add later (after bsd.pre.mk): .include "${PORTSDIR}/security/openssl/Makefile.ssl" unless someone approves any change to bsd.port.mk. kind regards Dirk - Dirk Meyer, Im Grund 4, 34317 Habichtswald, Germany - [dirk.meyer@dinoex.sub.org],[dirk.meyer@guug.de],[dinoex@FreeBSD.org] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?MkVZt3TMh4>