(See http://lists.freebsd.org/pipermail/freebsd-announce/2014-April/001541.html)
FreeBSD port security/openssl have been patched on 2014-04-07 21:46:40 UTC (head, r350548) and 2014-04-07 21:48:07 UTC (branches/2014Q2, r350549).
FreeBSD base system have been patched on 2014-04-08 18:27:32 UTC (head, r264265), 2014-04-08 18:27:39 UTC (stable/10, r264266), 2014-04-08 18:27:46 UTC (releng/10.0, r264267). The update is available with freebsd-update. All other supported FreeBSD branches are not affected by this issue.
Users who use TLS client and/or server are strongly advised to apply updates immediately.
Because of the nature of this issue, it's also recommended for system administrators to consider revoking all of server certificate, client certificate and keys that is used with these systems and invalidate active authentication credentials with a forced passphrase change.
NOTE: the following contents are listed only for reference purpose only. Apply FreeBSD update and the Port update NOW on your OpenSSL code.
(Patch source: http://lists.freebsd.org/pipermail/freebsd-security/2014-April/007405.html (Thanks Xin Li))
This patch is applicable to 10.0-STABLE base r264247 (and will be applicable to other 10.0 userland source sets.)
To make this patch effective, rebuilding needed from the source, and/or rebooting the system. Minimal procedure:
cd /usr/src
umask 0022
patch < downloaded/xinli-heartbleed-patch.txt
# export CCACHE_DISABLE=yes NOCCACHE=yes
make buildworld
See http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html for the further details.
Note: update the Port OpenSSL as well! portsnap fetch && portsnap update && portmaster security/openssl