new openssl security advisory is dfly affected
Robin Hahling
robin.hahling at gw-computing.net
Sun Jun 8 00:57:25 PDT 2014
OpenSSL is a dependency of x11-servers/xorg-server. As you noticed, two
versions of OpenSSL are provided, the one in base and the one in dports.
They are not necessarily at the same version or updated at the same time.
You can specify which one to use by default for other dports, in
/etc/make.conf, by specifying either:
WITH_OPENSSL_PORT=yes
or
WITH_OPENSSL_BASE=yes
If you choose the latter, the dports that depend on OpenSSL will link
against the version in base rather than dports, thus you won't need
security/openssl from dports.
Cheers,
Robin
On Sunday 08 June 2014 12.51:23 Vitaly Shevtsov wrote:
> Btw, why is OpenSSL built from dports when I install
> x11-servers/xorg-server? It's present in base system with the same
version.
>
> 2014-06-06 13:14 GMT+06:00 Robin Hahling <robin.hahling at gw-
computing.net>:
> > On Friday 06 June 2014 00.06:04 Edward M wrote:
> > > Hello,
> > >
> > >
> > > Wondering if new openssl SSl/TLS MITM vulnerability (CVE-20140224)
> > > affects DragonFLY?
> > >
> > > OpenSSL Security Advisory
> > > https://www.openssl.org/news/secadv_20140605.txt
> >
> > Hi,
> >
> > DragonFly BSD 3.8 ships with OpenSSL 1.0.1g. OpenSSL needs an
upgrade to
> > version 1.0.1h so I bet a new release will come soon.
> >
> > Cheers,
> >
> > Robin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dragonflybsd.org/pipermail/users/attachments/20140608/c3d6d147/attachment-0003.htm>
More information about the Users
mailing list