Re: WITH_OPENSSL_PORT=yes
- From: Matthew Seaman <matthew@xxxxxxxxxxx>
- Date: Fri, 04 May 2012 08:38:06 +0100
On 03/05/2012 21:22, Darrel wrote:
If WITH_OPENSSL_PORT=yes exists in /etc/make.conf, will the system
compile against that as well or only applications?
The base system always links against the copy of openssl in base
irrespective of the WITH_OPENSSL_PORT setting:
% grep WITH_OPENSSL_PORT /etc/make.conf
WITH_OPENSSL_PORT= yes
A sample application from the base that uses openssl:
% ldd /usr/bin/ssh
/usr/bin/ssh:
[...]
libcrypto.so.6 => /lib/libcrypto.so.6 (0x8012dd000)
[...]
Whereas something installed from ports uses the ports version of openssl:
% ldd /usr/local/sbin/sendmail
/usr/local/sbin/sendmail:
[...]
libssl.so.8 => /usr/local/lib/libssl.so.8 (0x800ce8000)
libcrypto.so.8 => /usr/local/lib/libcrypto.so.8 (0x800f4a000)
[...]
So, yes, you do need to update the system in the manner described in
the recent FreeBSD-SA-12:01.openssl security advisory.
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil.
PGP: http://www.infracaninophile.co.uk/pgpkey
Attachment:
signature.asc
Description: OpenPGP digital signature
- References:
- WITH_OPENSSL_PORT=yes
- From: Darrel
- WITH_OPENSSL_PORT=yes
- Prev by Date: Re: HOWTO: FreeBSD ZFS Madness (Boot Environments)
- Next by Date: Re: freebsd-update not updating reported patchlevel
- Previous by thread: WITH_OPENSSL_PORT=yes
- Next by thread: freebsd-update not updating reported patchlevel
- Index(es):
Relevant Pages
|
