On 12/10/20 12:03 AM, FreeBSD Security Advisories wrote:
Note: The OpenSSL project has published publicly available patches for
versions included in FreeBSD 12.x. This vulnerability is also known to
affect OpenSSL versions included in FreeBSD 11.4. However, the OpenSSL
project is only giving patches for that version to premium support contract
holders. The FreeBSD project does not have access to these patches and
recommends FreeBSD 11.4 users to either upgrade to FreeBSD 12.x or leverage
up to date versions of OpenSSL in the ports/pkg system. The FreeBSD Project
may update this advisory to include FreeBSD 11.4 should patches become
publicly available.
So I'm looking for suggestion on how to handle this.
I guess I'll just upgrade some 11.4 to 12.2 and that'll be it.
However there are a few boxes I can't or don't want to upgrade and I'm
thinking about using openssl from ports.
If I'm correct, I'll need to put "DEFAULT_VERSIONS= ssl=openssl" either
in /etc/make.conf and/or in /usr/local/etc/poudriere.d/114amd64-make.conf.
I started with the latter, but a bulk run ended up in some port failing
(and a lot being skipped) due to kerberos support: AFAICT I cannot use
base's kerberos with ports' openssl. Which is a better replacement: MIT
or HEIMDAL?
Then I think I'll just need "pkg upgrade -f", where I'm using packages.
I still have some systems, however, that are using portupgrade: perhaps
I can convert some to packages, but others have to stay like this for
the moment.
Will "portupgrade -Fa" do or do I need something more complex?
bye & Thanks
av.
_______________________________________________
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
