Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 9 Apr 2014 17:08:09 +0100
From:      David Chisnall <David.Chisnall@cl.cam.ac.uk>
To:        koobs@FreeBSD.org, Kubilay Kocak <koobs.freebsd@gmail.com>
Cc:        src-committers@freebsd.org, svn-src-all@freebsd.org, Bryan Drewery <bdrewery@FreeBSD.org>, Xin LI <delphij@freebsd.org>, secteam@FreeBSD.org, svn-src-head@freebsd.org, =?iso-8859-1?Q?Dag-Erling_Sm=F8rgrav?= <des@des.no>
Subject:   Re: svn commit: r264265 - in head: crypto/openssl/crypto/bn crypto/openssl/crypto/ec crypto/openssl/ssl sys/fs/nfsserver
Message-ID:  <323CC215-6DA6-4C8F-A5DA-72C3CB76566A@cl.cam.ac.uk>
In-Reply-To: <534556EB.5080700@FreeBSD.org>
References:  <201404081827.s38IRXiL048987@svn.freebsd.org> <e25208600d1ed778a20d6ac8596c658a@shatow.net> <86bnwa7gav.fsf@nine.des.no> <534556EB.5080700@FreeBSD.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On 9 Apr 2014, at 15:19, Kubilay Kocak <koobs.freebsd@gmail.com> wrote:

> That expectation is orthogonal to whether we or other projects do it =
one
> way or another. RHEL users may well be as confused as ours (whether of
> not ours are). It may be relevant as a data point, but not for =
decision
> making.

I can confirm that, as a user (albeit a slightly sleep-deprived one at =
the time) I was confused.  I believe that I'm now running the correct =
version, as my libssl.so has a creation date of yesterday, but I don't =
have a good way of verifying it.

It would be great for future security advisories to have a 'how to tell =
if you're affected' and 'how to tell if you're patched' section.

I noticed that freebsd-update told me (after the fetch phase) that I =
should rebuild all third-party software.  I have been following the =
instructions that we give to users and not building most software on =
that machine myself.  I don't know if there are any packages that =
statically link to libssl.a (or even if we have a mechanism for =
determining that), but I'd hope that these would get separate VuXML =
reports for pkg audit to pick up. =20

David




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?323CC215-6DA6-4C8F-A5DA-72C3CB76566A>