From owner-freebsd-security@FreeBSD.ORG  Thu Jun  5 14:16:00 2014
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 27CDB3C9
 for <freebsd-security@freebsd.org>; Thu,  5 Jun 2014 14:16:00 +0000 (UTC)
Received: from mail.tdx.com (mail.tdx.com [62.13.128.18])
 by mx1.freebsd.org (Postfix) with ESMTP id C31192226
 for <freebsd-security@freebsd.org>; Thu,  5 Jun 2014 14:15:58 +0000 (UTC)
Received: from Mail-PC.tdx.co.uk (storm.tdx.co.uk [62.13.130.251])
 (authenticated bits=0)
 by mail.tdx.com (8.14.3/8.14.3/) with ESMTP id s55EEMtf043950
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
 for <freebsd-security@freebsd.org>; Thu, 5 Jun 2014 15:14:22 +0100 (BST)
Date: Thu, 05 Jun 2014 15:14:22 +0100
From: Karl Pielorz <kpielorz_lst@tdx.co.uk>
To: freebsd-security@freebsd.org
Subject: Re: FreeBSD Security Advisory FreeBSD-SA-14:14.openssl
Message-ID: <08DED76B16E5AB7BE75CA6B5@Mail-PC.tdx.co.uk>
In-Reply-To: <201406051316.s55DGtwI041948@freefall.freebsd.org>
References: <201406051316.s55DGtwI041948@freefall.freebsd.org>
X-Mailer: Mulberry/4.0.8 (Win32)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Jun 2014 14:16:00 -0000



--On 05 June 2014 13:16 +0000 FreeBSD Security Advisories 
<security-advisories@freebsd.org> wrote:

># cd /usr/src
># patch < /path/to/patch
>
> c) Recompile the operating system using buildworld and installworld as
> described in <URL:http://www.FreeBSD.org/handbook/makeworld.html>.

Hi,

Is it necessary to build/install the entire world if you're more concerned 
with protecting specific applications using the OpenSSL library? - e.g. if 
the machine is just running Apache?

How would you just recompile / install openssl in the base on it's own?

Is there anything in FreeBSD that statically links against openssl anyway?

Cheers,

-Karl