openssl from ports
Randal L. Schwartz
merlyn at stonehenge.com
Fri Mar 2 22:12:32 UTC 2012
>>>>> "Maxim" == Maxim Khitrov <max at mxcrypt.com> writes:
Maxim> On Fri, Mar 2, 2012 at 5:00 PM, Randal L. Schwartz
Maxim> <merlyn at stonehenge.com> wrote:
>>
>> I know openssl is in the core, but the version in FreeBSD 8.2 is
>> vulnerable to some recent attacks. (Hmm, I wonder why there hasn't been
>> an 8.2 update then...)
Maxim> Which attacks are you referring to?
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4109
Theoretically, this should have triggered a FreeBSD 8.2 security update,
now that I keep thinking about it. Did I miss an announcement in the
past few days?
>> I installed the version from ports, which was recently updated, but now
>> I'm not sure how to get my other ports to use that port instead of the
>> core libraries. Is it sufficient to restart the apps (apache in
>> particular), or do I need to recompile things?
Maxim> You will need to recompile ports that depend on OpenSSL, passing
Maxim> WITH_OPENSSL_PORT= flag to make. My preferred way to do this is to
Maxim> install ports-mgmt/portconf and use something like this for
Maxim> /usr/local/etc/ports.conf:
Maxim> *: WITHOUT_IPV6 | WITHOUT_NLS | WITHOUT_X11 | WITHOUT_GTK | WITH_OPENSSL_PORT
Is that the same as setting it in /etc/make.conf ? That's where I have
"WITHOUT_X11=yes". And you're gonna regret that WITHOUT_IPV6 in a
couple of months. :)
(Googling a bit..)
Oh, it makes it easier to make it non-universal. Cool.
--
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<merlyn at stonehenge.com> <URL:http://www.stonehenge.com/merlyn/>
Smalltalk/Perl/Unix consulting, Technical writing, Comedy, etc. etc.
See http://methodsandmessages.posterous.com/ for Smalltalk discussion
More information about the freebsd-questions
mailing list