From owner-freebsd-questions@FreeBSD.ORG Fri Mar 2 22:16:36 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 40486106564A for ; Fri, 2 Mar 2012 22:16:36 +0000 (UTC) (envelope-from jerry@seibercom.net) Received: from mail-yw0-f54.google.com (mail-yw0-f54.google.com [209.85.213.54]) by mx1.freebsd.org (Postfix) with ESMTP id DCBC28FC0A for ; Fri, 2 Mar 2012 22:16:34 +0000 (UTC) Received: by yhgm50 with SMTP id m50so1186142yhg.13 for ; Fri, 02 Mar 2012 14:16:34 -0800 (PST) Received-SPF: pass (google.com: domain of jerry@seibercom.net designates 10.236.179.67 as permitted sender) client-ip=10.236.179.67; Authentication-Results: mr.google.com; spf=pass (google.com: domain of jerry@seibercom.net designates 10.236.179.67 as permitted sender) smtp.mail=jerry@seibercom.net Received: from mr.google.com ([10.236.179.67]) by 10.236.179.67 with SMTP id g43mr16223384yhm.66.1330726594645 (num_hops = 1); Fri, 02 Mar 2012 14:16:34 -0800 (PST) Received: by 10.236.179.67 with SMTP id g43mr12878022yhm.66.1330726594546; Fri, 02 Mar 2012 14:16:34 -0800 (PST) Received: from scorpio.seibercom.net (cpe-076-182-104-150.nc.res.rr.com. [76.182.104.150]) by mx.google.com with ESMTPS id q55sm17263930yhi.0.2012.03.02.14.16.33 (version=TLSv1/SSLv3 cipher=OTHER); Fri, 02 Mar 2012 14:16:33 -0800 (PST) Received: from scorpio (localhost [127.0.0.1]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: jerry@scorpio.seibercom.net) by scorpio.seibercom.net (Postfix) with ESMTPSA id 3V04c00YC5z2CG4p for ; Fri, 2 Mar 2012 17:16:32 -0500 (EST) Date: Fri, 2 Mar 2012 17:16:31 -0500 From: Jerry To: FreeBSD Message-ID: <20120302171631.775dd715@scorpio> In-Reply-To: <86fwdqvf2x.fsf@red.stonehenge.com> References: <86fwdqvf2x.fsf@red.stonehenge.com> Organization: seibercom.net X-Mailer: Claws Mail 3.8.0 (GTK+ 2.24.6; amd64-portbld-freebsd8.2) Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAHlBMVEUAAABYRlwJCw4FAgAIBwKprDkBAQFQLR0BAgCir7VRttp8AAACAUlEQVQ4jZWUTYvbMBCGTVl8V2hX6Gg5G5FbWQdBj0lEfE7BhN4cyzi5Wt1E5L70roWy6N92xok/skkP+5IYrMcz78xIduDWpNM3vFzuA/jX5EY1AI6KHFwW/CzFuQAwqUBbV12p+CzIh6Awq7sg33pn5D64SQXAexffeuQlA/L35RrkaB551OjGfP/cAO8mCNaDcgvfky5ijoD0pAXlCQCnljiAjsJD9Ax05Ko5sZxbnLQcmM+dZg5IjREfZrWIHK0JuwU68pAGwHvfRxBundRzTxxz3r9dNUikPsEihjz2Dc4kjp1hKsJGuot4EDxaxzMoC7XqhxhOSfZrTS6gSX1JVdjp+o1PvWfekXgw3WL0g70nDEwA0H0HQsEZc8sTmFMTkWUfYWC/vdR1zQy3xLQgLwzu90QnlnFLjeiGWBjwhb4Sa42IqOg2qqS4O1/zhKokFUb1Q8Rj4Eb69WVflXEehJ35DgChVTE5n50eaGyMLOfH8AOodoSM4PVYAQgQdBulOa+knklYks3vAuQ+uX492lTl+A+e8qBV2AKoXalVKFfyuUp0pUp1ARaUHh82lv9MN+Ig7CZtgE6FNYvjlywT2VP2dMgOG46gTIWcqdfvuwyXNz0oMJNd/N5lh1YNiJt19ADTUo3VuFSNeQwVqRSrGjSCp53fk2g+Mvfk/gfoPxHeUS8MH9vRAAAAAElFTkSuQmCC Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Gm-Message-State: ALoCoQkG/yZAcw1VHJATpQSxV4RJLp/3r6XngJRpa5k/kDz3VlLOytMHbTSgZ7H4sZxYy8K6up8J Subject: Re: openssl from ports X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: FreeBSD List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Mar 2012 22:16:36 -0000 On Fri, 02 Mar 2012 14:00:06 -0800 Randal L. Schwartz articulated: > > I know openssl is in the core, but the version in FreeBSD 8.2 is > vulnerable to some recent attacks. (Hmm, I wonder why there hasn't > been an 8.2 update then...) > > I installed the version from ports, which was recently updated, but > now I'm not sure how to get my other ports to use that port instead > of the core libraries. Is it sufficient to restart the apps (apache > in particular), or do I need to recompile things? I have used the port's version for quite some time now. I am not sure if it is still required; however, I placed the following in the "/etc/make.conf" file: WITH_OPENSSL_PORT=yes I then rebuilt all of the ports that require OpenSSL. Perhaps someone else has an easier solution. BTW, if you find a port that does not build with the port's version, file a PR against it. I found several that had to be fixed before they built correctly. Maybe they have all been fixed by now. That was over two years ago. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __________________________________________________________________