From owner-freebsd-ports@FreeBSD.ORG  Sat Jun 13 11:13:10 2015
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
Delivered-To: freebsd-ports@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 03FF9CE8;
 Sat, 13 Jun 2015 11:13:10 +0000 (UTC)
 (envelope-from michelle@sorbs.net)
Received: from hades.sorbs.net (hades.sorbs.net [67.231.146.201])
 by mx1.freebsd.org (Postfix) with ESMTP id E765CF41;
 Sat, 13 Jun 2015 11:13:09 +0000 (UTC)
 (envelope-from michelle@sorbs.net)
MIME-version: 1.0
Content-transfer-encoding: 7BIT
Content-type: text/plain; CHARSET=US-ASCII
Received: from isux.com (firewall.isux.com [213.165.190.213])
 by hades.sorbs.net
 (Oracle Communications Messaging Server 7.0.5.29.0 64bit (built Jul 9 2013))
 with ESMTPSA id <0NPV009BXRFCMX00@hades.sorbs.net>; Sat,
 13 Jun 2015 04:18:49 -0700 (PDT)
Message-id: <557C1042.4050405@sorbs.net>
Date: Sat, 13 Jun 2015 13:13:06 +0200
From: Michelle Sullivan <michelle@sorbs.net>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.24)
 Gecko/20100301 SeaMonkey/1.1.19
To: Don Lewis <truckman@FreeBSD.org>
Cc: ml@netfence.it, freebsd-ports@FreeBSD.org
Subject: Re: OpenSSL Security Advisory [11 Jun 2015]
References: <201506130551.t5D5pqiO084627@gw.catspoiler.org>
In-reply-to: <201506130551.t5D5pqiO084627@gw.catspoiler.org>
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports/>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 13 Jun 2015 11:13:10 -0000

Don Lewis wrote:
> On 13 Jun, Michelle Sullivan wrote:
>   
>
>> SSH would be the biggie that most security departments are scared of...
>>     
>
> Well, ssh is available in ports, though I haven't checked to see that it
> picks up the correct version of openssl.
>
>   

Problem is it doesn't have 'overwrite base' anymore - and
openssh-portable66 which does have overwrite base is now marked
depreciated... which means one would have to be very careful about how
they use SSH in production as both server and client...  Server is
easier as it has a different _enable identifier... but the client is not
distinguishable so unless one puts /usr/local/bin in their permanent
path as a priority over /usr/bin one will use the wrong version.

-- 
Michelle Sullivan
http://www.mhix.org/