On 03/05/2012 21:22, Darrel wrote:
If WITH_OPENSSL_PORT=yes exists in /etc/make.conf, will the system
compile against that as well or only applications?

The base system always links against the copy of openssl in base
irrespective of the WITH_OPENSSL_PORT setting:

% grep WITH_OPENSSL_PORT /etc/make.conf

A sample application from the base that uses openssl:

% ldd /usr/bin/ssh
[...] => /lib/ (0x8012dd000)

Whereas something installed from ports uses the ports version of openssl:

% ldd /usr/local/sbin/sendmail
[...] => /usr/local/lib/ (0x800ce8000) => /usr/local/lib/ (0x800f4a000)

So, yes, you do need to update the system in the manner described in
the recent FreeBSD-SA-12:01.openssl security advisory.



Dr Matthew J Seaman MA, D.Phil.

Attachment: signature.asc
Description: OpenPGP digital signature

Relevant Pages

  • Re: OpenSSL 1.0
    ... If you need a newer version of OpenSSL in FreeBSD 7 you should try the ... OpenSSL ports. ... fail with the base system and other ports that work with the base libssl ... Energy Sciences Network (ESnet) ...
  • Re: How to overwrite openssl base with the one from ports?
    ... I seem to have some problems overwriting openssl base. ... to have openssl from base and then install it from port? ... which means link any ports against the version of OpenSSL installed ... Applications that use SSL in the base system are always ...
  • Re: SSH Client - OpenSSH dependency problem
    ... As already mentioned you can just use the base system ssh. ... By default the base system contains openssl in /usr/bin and the openssl ... port installs to /usr/local/bin. ... have an updated version in base or ports then tell me where it is. ...
  • Re: openoffice-2 & openssl-beta-0.9.8a
    ... I suppose you're using the ports openssl instead of the base system. ... >> This is a kind of reposting, I got no response to this question (Why? ...
  • Re: broken openssl on freebsd60
    ... >> install the openssl port or at least they used to. ... > Another user had a similar issue like this with OpenSSL, ... that openssl is per default within the base system, ...