From owner-freebsd-questions@FreeBSD.ORG Fri May 4 07:38:27 2012 Return-Path: Delivered-To: questions@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C878D106564A for ; Fri, 4 May 2012 07:38:27 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from smtp.infracaninophile.co.uk (smtp6.infracaninophile.co.uk [IPv6:2001:8b0:151:1:3cd3:cd67:fafa:3d78]) by mx1.freebsd.org (Postfix) with ESMTP id 348068FC14 for ; Fri, 4 May 2012 07:38:27 +0000 (UTC) Received: from seedling.black-earth.co.uk (seedling.black-earth.co.uk [IPv6:2001:8b0:151:1:fa1e:dfff:feda:c0bb]) (authenticated bits=0) by smtp.infracaninophile.co.uk (8.14.5/8.14.5) with ESMTP id q447cGHR004679 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Fri, 4 May 2012 08:38:23 +0100 (BST) (envelope-from matthew@FreeBSD.org) X-DKIM: OpenDKIM Filter v2.5.2 smtp.infracaninophile.co.uk q447cGHR004679 Authentication-Results: smtp.infracaninophile.co.uk/q447cGHR004679; dkim=none (no signature); dkim-adsp=none Message-ID: <4FA3875E.10206@FreeBSD.org> Date: Fri, 04 May 2012 08:38:06 +0100 From: Matthew Seaman User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:12.0) Gecko/20120428 Thunderbird/12.0.1 MIME-Version: 1.0 To: Darrel References: In-Reply-To: X-Enigmail-Version: 1.4.1 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enigA6AD7CCF55A79949735AA926" X-Virus-Scanned: clamav-milter 0.97.4 at lucid-nonsense.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-2.8 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00 autolearn=ham version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on lucid-nonsense.infracaninophile.co.uk Cc: questions@FreeBSD.org Subject: Re: WITH_OPENSSL_PORT=yes X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 May 2012 07:38:27 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigA6AD7CCF55A79949735AA926 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 03/05/2012 21:22, Darrel wrote: > If WITH_OPENSSL_PORT=3Dyes exists in /etc/make.conf, will the system > compile against that as well or only applications? The base system always links against the copy of openssl in base irrespective of the WITH_OPENSSL_PORT setting: % grep WITH_OPENSSL_PORT /etc/make.conf WITH_OPENSSL_PORT=3D yes A sample application from the base that uses openssl: % ldd /usr/bin/ssh /usr/bin/ssh: [...] libcrypto.so.6 =3D> /lib/libcrypto.so.6 (0x8012dd000) [...] Whereas something installed from ports uses the ports version of openssl:= % ldd /usr/local/sbin/sendmail=09 /usr/local/sbin/sendmail: [...] libssl.so.8 =3D> /usr/local/lib/libssl.so.8 (0x800ce8000) libcrypto.so.8 =3D> /usr/local/lib/libcrypto.so.8 (0x800f4a000) [...] So, yes, you do need to update the system in the manner described in the recent FreeBSD-SA-12:01.openssl security advisory. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. PGP: http://www.infracaninophile.co.uk/pgpkey --------------enigA6AD7CCF55A79949735AA926 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk+jh2gACgkQ8Mjk52CukIyJ7ACfVRHjbLzPSXBd8hcqFYO/py7s ODcAn103Z0MMS10ct0rIlMi4Q2j0be4H =ojoI -----END PGP SIGNATURE----- --------------enigA6AD7CCF55A79949735AA926--