Guidance on building only the affected part of the system is no longer included in many of the security advices and errata's. I try to document some that I know of in this article
Beware!
Not following the guidance from the Security Advice or Errata Notice can and will result in partially solving issues. This may result in your system remaining vulnerable, data loss. Use only as a temporary fix until you can apply the full advice (usually involving rebuilding and installing world and/or kernel and rebooting).
This guide does NOT guarantee a properly patched system
In general you must make sure you have your source tree updated via the patches that are linked in the advice/notice or any other method of your preference, see handbook. The commands have been taken from old announce messages.
Added to the install targets is also installing to an ezjail basejail. You'll need to adapt this is you use different methods for running jails.
OpenSSL
This one is most frequently required.
Anything that's statically linked will NOT be updated!
1 cd /usr/src/secure/lib/libcrypto
2 make obj && make depend && make includes && make
3 make install
4 make DESTDIR=/usr/jails/basejail install
5 cd /usr/src/secure/lib/libssl
6 make clean && make depend && make includes && make
7 make install
8 make DESTDIR=/usr/jails/basejail install
9 cd /usr/src/secure/usr.bin/openssl
10 make clean && make
11 make install
12 make DESTDIR=/usr/jails/basejail install
https://www.freebsd.org/security/advisories/FreeBSD-SA-10:10.openssl.asc https://www.freebsd.org/security/advisories/FreeBSD-SA-09:08.openssl.asc
Sendmail
https://www.freebsd.org/security/advisories/FreeBSD-SA-06:17.sendmail.asc