Date: Sat, 4 Oct 2003 11:00:10 -0500 From: "Jacques A. Vidrine" <nectar@FreeBSD.org> To: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-03:18.openssl Message-ID: <20031004160010.GA96970@hellblazer.celabo.org> In-Reply-To: <Pine.BSF.4.53.0310041506140.60080@e0-0.zab2.int.zabbadoz.net> References: <200310032249.h93MnXS8047857@freefall.freebsd.org> <Pine.BSF.4.53.0310041506140.60080@e0-0.zab2.int.zabbadoz.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Oct 04, 2003 at 03:22:42PM +0000, Bjoern A. Zeeb wrote: > Another question: can someone please confirm that mod_ssl.so from > apache 2.0.47 port is _not_ affected ? It _is_ affected, because it uses the affected portions of OpenSSL. > I have rebuilt libssl, libcrypto and installed them (they all differ > from the old libs after make install) and done a rebuild of > mod_ssl. But the new mod_ssl.so doesn't differ from the one > built late August: > > [ports]apache2/work/httpd-2.0.47/modules/ssl/.libs> md5 mod_ssl.so > MD5 (mod_ssl.so) = a4e31cf6e4aff5ca91f164d57eb68457 > > /usr/local/libexec/apache2> md5 mod_ssl.so > MD5 (mod_ssl.so) = a4e31cf6e4aff5ca91f164d57eb68457 > > Also diff does not say that the binary files would differ. mod_ssl.so uses dynamic linking. It would not require a rebuild nor would the compiler output necessarily change after a rebuild. Cheers, -- Jacques Vidrine . NTT/Verio SME . FreeBSD UNIX . Heimdal nectar@celabo.org . jvidrine@verio.net . nectar@freebsd.org . nectar@kth.se
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031004160010.GA96970>