Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 30 Apr 2014 21:48:20 +0200
From:      Michael Grimm <trashcan@odo.in-berlin.de>
To:        freebsd-security@freebsd.org
Cc:        "freebsd-ports@freebsd.org" <freebsd-ports@freebsd.org>
Subject:   Re: ports requiring OpenSSL not honouring OpenSSL from ports
Message-ID:  <445CDD31-5A11-4F5E-92DE-CB11A10E9BDE@odo.in-berlin.de>
In-Reply-To: <201404272250.s3RMo2NZ095771@catnip.dyslexicfish.net>
References:  <201404271508.s3RF8sMA014085@catnip.dyslexicfish.net> <CACdU%2Bf_Wo6VDcJkn6tmF8MTU49=rnJM7SB6XxofGZVdukSarHA@mail.gmail.com> <201404272250.s3RMo2NZ095771@catnip.dyslexicfish.net>

next in thread | previous in thread | raw e-mail | index | archive | help
[CC'd to freebsd-ports]

On 28.04.2014, at 00:50, Jamie Landeg-Jones <jamie@dyslexicfish.net> =
wrote:
> Scot Hetzel <swhetzel@gmail.com> wrote:

> Here's a list of some that link against /lib/libcrypto.so.7 and/or
> /lib/libssl.so.7
[...]
> devel/android-tools-adb
> net-p2p/transmission-cli
> net-p2p/transmission-daemon
> net/socat
> net/svnup
> ports-mgmt/pkg
> security/john
> security/scrypt
> security/trousers
> sysutils/tarsnap

+ www/nginx

It took me some time to realize that nginx continued to be vulnerable =
(heartbleed) even after:
1) creating upgraded poudriere jail (svn,stable10)
2) rebuilding all installed ports in that jail by poudriere
3) reinstalling all ports
4) rebuilding world and kernel (svn, stable10)
5) rebooting

Well, I should have started with 4) instead. Now I know ;-)=20

Regards,
Michael




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?445CDD31-5A11-4F5E-92DE-CB11A10E9BDE>