From owner-freebsd-security Thu Mar 13 9:54: 6 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 17C1837B401; Thu, 13 Mar 2003 09:54:03 -0800 (PST) Received: from bodb.mc.mpls.visi.com (bodb.mc.mpls.visi.com [208.42.156.104]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4204543F75; Thu, 13 Mar 2003 09:54:02 -0800 (PST) (envelope-from hawkeyd@visi.com) Received: from sheol.localdomain (hawkeyd-fw.dsl.visi.com [208.42.101.193]) by bodb.mc.mpls.visi.com (Postfix) with ESMTP id 97BB94BEB; Thu, 13 Mar 2003 11:54:01 -0600 (CST) Received: (from hawkeyd@localhost) by sheol.localdomain (8.11.6/8.11.6) id h2DHs0X68608; Thu, 13 Mar 2003 11:54:00 -0600 (CST) (envelope-from hawkeyd) Date: Thu, 13 Mar 2003 11:54:00 -0600 From: D J Hawkey Jr To: "Bruce A. Mah" Cc: security at FreeBSD Subject: Re: SA-03:02.openssl for RELENG_4_6_2 vs. RELENG_4_5 Message-ID: <20030313115400.A25510@sheol.localdomain> Reply-To: hawkeyd@visi.com References: <20030313080852.A30434@sheol.localdomain> <20030313171647.GA19381@intruder.bmah.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20030313171647.GA19381@intruder.bmah.org>; from bmah@FreeBSD.ORG on Thu, Mar 13, 2003 at 09:16:47AM -0800 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mar 13, at 09:16 AM, Bruce A. Mah wrote: > > > OK. So as I go about cvsup'ing along the RELENG_4_5 tree, at p13, the > > source is upgraded to OpenSSL 0.9.6e. At p18, it got an ASN.1 patch. So > > did RELENG_4_6, at p10. Both RELENGs continued to get the same patches > > until RELENG_4_5 support was dropped. So, up through RELENG_4_6_2 p7 > > (p8 is SA-03:02), the two RELENGs had the same OpenSSL trees, right? > > Probably. In theory, just because the version numbers are the same > doesn't mean that there weren't minor tweaks. I think this is pretty > unlikely, however. [1] I can accept that tweaks made in the RELENG_4_5 tree might get lost in patching upwards to 0.9.6i with SA-03:02; at least I'll know I can probably continue patching the OpenSSL tree against RELENG_4_6 updates. > Any reason you can't just check out copies of src/contrib/openssl for > the RELENG_4_5 and RELENG_4_6 branches and diff them? If the only > deltas are version numbers, you're probably safe. Um, sheer number of files vs. Time, mostly. For those six files that had rejected patches, I changed the versions in the patchfile to those of the sources, and the entire update occured without incident. BZZT! "Oh, I'm sorry, discussion time is over." Throwing caution to the wind, I started a buildworld against the updated source about 45 minutes ago. Anyone know how to run the tests in /usr/src/crypto/openssl/apps and/or /usr/src/crypto/openssl/test, and what to look for? :-) Oh! I also need to know how one ascertains what binaries are statically linked to libcrypto and/or libssl? > Bruce. Thanks, Dave -- ______________________ ______________________ \__________________ \ D. J. HAWKEY JR. / __________________/ \________________/\ hawkeyd@visi.com /\________________/ http://www.visi.com/~hawkeyd/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message