Date: Fri, 04 May 2012 08:38:06 +0100 From: Matthew Seaman <matthew@FreeBSD.org> To: Darrel <levitch@iglou.com> Cc: questions@FreeBSD.org Subject: Re: WITH_OPENSSL_PORT=yes Message-ID: <4FA3875E.10206@FreeBSD.org> In-Reply-To: <alpine.GSO.2.00.1205031720550.5132@shell1> References: <alpine.GSO.2.00.1205031720550.5132@shell1>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On 03/05/2012 21:22, Darrel wrote: > If WITH_OPENSSL_PORT=yes exists in /etc/make.conf, will the system > compile against that as well or only applications? The base system always links against the copy of openssl in base irrespective of the WITH_OPENSSL_PORT setting: % grep WITH_OPENSSL_PORT /etc/make.conf WITH_OPENSSL_PORT= yes A sample application from the base that uses openssl: % ldd /usr/bin/ssh /usr/bin/ssh: [...] libcrypto.so.6 => /lib/libcrypto.so.6 (0x8012dd000) [...] Whereas something installed from ports uses the ports version of openssl: % ldd /usr/local/sbin/sendmail /usr/local/sbin/sendmail: [...] libssl.so.8 => /usr/local/lib/libssl.so.8 (0x800ce8000) libcrypto.so.8 => /usr/local/lib/libcrypto.so.8 (0x800f4a000) [...] So, yes, you do need to update the system in the manner described in the recent FreeBSD-SA-12:01.openssl security advisory. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. PGP: http://www.infracaninophile.co.uk/pgpkey [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk+jh2gACgkQ8Mjk52CukIyJ7ACfVRHjbLzPSXBd8hcqFYO/py7s ODcAn103Z0MMS10ct0rIlMi4Q2j0be4H =ojoI -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4FA3875E.10206>