From owner-freebsd-security@FreeBSD.ORG Thu Jun 5 15:45:08 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 4B9F71C2 for ; Thu, 5 Jun 2014 15:45:08 +0000 (UTC) Received: from anubis.delphij.net (anubis.delphij.net [IPv6:2001:470:1:117::25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "anubis.delphij.net", Issuer "StartCom Class 1 Primary Intermediate Server CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 2A59A2BED for ; Thu, 5 Jun 2014 15:45:08 +0000 (UTC) Received: from delphij-macbook.local (c-24-5-244-32.hsd1.ca.comcast.net [24.5.244.32]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by anubis.delphij.net (Postfix) with ESMTPSA id 580E313346; Thu, 5 Jun 2014 08:45:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=delphij.net; s=anubis; t=1401983107; bh=B/zmKKzcZ/BITJ7piQ8JZ4WyEd1T0BdjDWZyioC4QpY=; h=Date:From:Reply-To:To:Subject:References:In-Reply-To; b=UjNCPGDw9qiA0XfboBQWl94LX/zI8/o78Gvun1jx6+pJiDXqUxVSzzcffKpLlR1SK wGkOaEFAn14AduvGH8YsS7aXmd/OM1HbAfHKdOSuO/BFL+9ip++acaFZd56MEgCDtt j7Y0niAG+NKRWQfgGvgotfcrIIh39x5OjJhyVJ08= Message-ID: <53909083.5000304@delphij.net> Date: Thu, 05 Jun 2014 08:45:07 -0700 From: Xin Li Reply-To: d@delphij.net Organization: The FreeBSD Project MIME-Version: 1.0 To: Karl Pielorz , freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-14:14.openssl References: <201406051316.s55DGtwI041948@freefall.freebsd.org> <08DED76B16E5AB7BE75CA6B5@Mail-PC.tdx.co.uk> In-Reply-To: <08DED76B16E5AB7BE75CA6B5@Mail-PC.tdx.co.uk> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Jun 2014 15:45:08 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 6/5/14, 7:14 AM, Karl Pielorz wrote: > > > --On 05 June 2014 13:16 +0000 FreeBSD Security Advisories > wrote: > >> # cd /usr/src # patch < /path/to/patch >> >> c) Recompile the operating system using buildworld and >> installworld as described in >> . > > Hi, > > Is it necessary to build/install the entire world if you're more > concerned with protecting specific applications using the OpenSSL > library? - e.g. if the machine is just running Apache? We recommend recompiling the entire world because it's less likely to miss something. > How would you just recompile / install openssl in the base on it's > own? You can do openssl only build as long as you know what you are doing. > Is there anything in FreeBSD that statically links against openssl > anyway? For this one advisory, no, no statically linked binaries are affected. -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJTkJCDAAoJEJW2GBstM+ns9TIP/1oPhf5pg2QN1rX/SbwHh4h6 PKcB6dg4WDFzChjLXvR/C+C+tJ7Z7W5kDs6FT22hsgUqEvyqGkepNmLvP5MeCS4s FLfptjJDj2tZHQ099nr4iY4nmw+5B+1i76nr1HfO9Cew2VLs3M0XOh9IqJ0k0Jh7 5Bj97E2fePJDak+Fd5umaCbFxLRWoyx/rOjfgPu+Ux045VCmAZ6cOqkCSGtLF9qo zut4RwFMACMezvPy7xPt9URwWnCRpnbN3ijSHTEIonkkJuWyz52Dxw9EsEJrLQgB qqlY4r8WSYP5QBgl2CtEqfgUy8qyAnKIBMjn00Y/258iPUxI70AXHVTLbi0yOG0D hsEp5PZjC6GM0M+8Lvsi1Psd5ySVi/J3FyPmEG3aSRDhvQzn7sE9C+KxlJl20zhM f5xWtRInBBB3GQxYfvKQpsowVxTzkZ+kJWOSJCcfmU5Sbq+twprhOBN+XfPcRX9Q KlKdnr0+KOthTK/LM8dRYO7CAfFC1RV3HeXMWlp2xzwz+tgbLsyDwD1bnxDY+F8n WfBV7FEFIn37M3Q/5WItbO4GEoh2ZsTcIAO0y+SQW6xUlnLQqQ6GdMrMviVDTRcN szcD7mtB1LE1zM6mLmS324pQlxCypGTYyBEqAwhMa1LOaNxgAKD7KKvBMkQlN7LK axCSurcrM5FMrBp3hCYT =jTd5 -----END PGP SIGNATURE-----