svn commit: r264265 - in head: crypto/openssl/crypto/bn crypto/openssl/crypto/ec crypto/openssl/ssl sys/fs/nfsserver
David.Chisnall at cl.cam.ac.uk
Wed Apr 9 16:08:13 UTC 2014
On 9 Apr 2014, at 15:19, Kubilay Kocak <koobs.freebsd at gmail.com> wrote:
> That expectation is orthogonal to whether we or other projects do it one
> way or another. RHEL users may well be as confused as ours (whether of
> not ours are). It may be relevant as a data point, but not for decision
I can confirm that, as a user (albeit a slightly sleep-deprived one at the time) I was confused. I believe that I'm now running the correct version, as my libssl.so has a creation date of yesterday, but I don't have a good way of verifying it.
It would be great for future security advisories to have a 'how to tell if you're affected' and 'how to tell if you're patched' section.
I noticed that freebsd-update told me (after the fetch phase) that I should rebuild all third-party software. I have been following the instructions that we give to users and not building most software on that machine myself. I don't know if there are any packages that statically link to libssl.a (or even if we have a mechanism for determining that), but I'd hope that these would get separate VuXML reports for pkg audit to pick up.
More information about the svn-src-head