# Help upgrading OpenSSL 1.0.1_8 to 1.0.1g



## LeventeX (May 4, 2014)

Hi, 

Pl*ea*s*e* help me upgrading *O*pen*SSL*. I use Freebsd FreeBSD 10.0 64 bit. What is the code for upgrading?


----------



## fonz (May 4, 2014)

The latest version in the ports tree is 1.0.1g. So make sure your ports tree is up to date and rebuild the port using your favourite method.


----------



## LeventeX (May 4, 2014)

Sorry for posting in the wrong forum.

I'm a beginner, how can *I* make sure  the ports tree is up to date? I want to protect my VPS against the Heartbleed bug. 

I don't speak English well.


----------



## fonz (May 4, 2014)

LeventeX said:
			
		

> I'm a beginner, how can *I* make sure  the ports tree is up to date? I want to protect my VPS against the Heartbleed bug.


One question then: did you install OpenSSL from ports or packages, or are you using the version of OpenSSL that came with the operating system?



			
				LeventeX said:
			
		

> I don't speak English well.


Language is not a problem, we're quite tolerant of that. But please try to mind your writing style: proper use of punctuation and capital letters, that sort of thing.


----------



## LeventeX (May 4, 2014)

Okay 

I'm using OpenSSL that came with the operating system.


----------



## fonz (May 4, 2014)

LeventeX said:
			
		

> I'm using OpenSSL that came with the operating system.


In that case, it's enough to update the operating system itself(*). Assuming you are running FreeBSD 10.0-RELEASE, issue the following two commands and then reboot the system:
`# freebsd-update fetch`
`# freebsd-update install`

If the FreeBSD version (type `uname -r` to find out) now reads 10.0-RELEASE-pX (where X is a number) you have successfully updated to the latest patchlevel.

Ad (*): Which means you were in the right forum after all  I'll move your thread back.


----------



## LeventeX (May 4, 2014)

Thx Thanks for the help.

One more question: does the  `pkg update` command have same function as 
`freebsd-update fetch`
`freebsd-update install`?


----------



## fonz (May 4, 2014)

Yes and no. freebsd-update updates the operating system itself, `pkg update` (followed by `pkg upgrade`, by the way) updates third-party packages. So they have the same function, but operate on different parts of the system.


----------



## LeventeX (May 4, 2014)

Yesterday, I typed the `pkg update` command, so *I* need to type `freebsd-update fetch`, `freebsd-update install` to protect my VPS against the Heartbleed bug? Or not?


----------



## fonz (May 4, 2014)

LeventeX said:
			
		

> Yesterday, I typed the `pkg update` command, so *I* need to type `freebsd-update fetch`, `freebsd-update install` to protect my VPS against the Heartbleed bug? Or not?


Yes, that should do it.

Mind you: `pkg update` alone won't do you much good. It only updates _information about_ packages. You need to follow it up with `pkg up[i]grade[/i]` to actually update the packages themselves.

Edit: think of it this way:
`pkg update` and `freebsd-update fetch` mean asking: "So, what's new?"
`pkg upgrade` and `freebsd-update install` mean saying: "Okay, please do that."


----------



## LeventeX (May 4, 2014)

Thanks for the help and informations.


----------



## fred974 (Jul 16, 2014)

fonz said:
			
		

> LeventeX said:
> 
> 
> 
> ...



Hi @fonz

I also use openssl that comes with FreeBSD..

So if `uname -r` returns

```
10.0-RELEASE-p7
```
does it mean that my openssl has got the latest patch for the Heartbleed bug even if `openssl version` returns 1.0.1e and not 1.0.1g?

Is there any advantage in installing openssl from the port and adding 
	
	



```
WITH_OPENSSL_PORT=yes
```
 in /etc/make.conf file?

Thank you,

Fred


----------



## SirDice (Jul 16, 2014)

fred974 said:
			
		

> So If `uname -r` return
> 
> ```
> 10.0-RELEASE-p7
> ...


Yes, http://www.freebsd.org/security/advisor ... penssl.asc



> Is there any advantage in installing openssl from port and adding
> 
> 
> 
> ...


Not really but some ports may require the version from ports.


----------



## fred974 (Jul 16, 2014)

Thank you @SirDice,

I can put that question in the closet now.


----------

