Lars Bonnesen <lars.bonne...@gmail.com> writes: > Just want to make sure if I get this right. > > Patches 007 and 008 (OpenSSL-fix) for 5.4 has been run. > > OpenBSD 5.5 install source code patch branch run and compiled. > > On both setup I get this: > > # openssl version -a > OpenSSL 1.0.1c 10 May 2012 > built on: date not available > platform: information not available > options: bn(64,32) rc4(8x,mmx) des(ptr,risc1,16,long) idea(int) > blowfish(idx) > compiler: information not available > OPENSSLDIR: "/etc/ssl" > > As far as I understand, OpenSSL 1.0.1g is needed in order to be home same > reg. heartbleed. > > I know that OpenBSD's OpenSSL is a fork, and this is maybe where the > confussion comes in... but can someone clarify for me the above?
The patches you applied are just that, patches that fix the problem they're supposed to fix. There is no reason to change the OpenSSL version in such a patch, it would be a lie. This is not related to the fork, which happened in -current and does not affect 5.5. -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
