From owner-freebsd-security  Thu Apr 18  0:48:33 2002
Delivered-To: freebsd-security@freebsd.org
Received: from ziplip.com (mail.ziplip.com [128.242.109.119])
	by hub.freebsd.org (Postfix) with ESMTP id C1D0B37B404
	for <freebsd-security@freebsd.org>; Thu, 18 Apr 2002 00:48:28 -0700 (PDT)
Received: from 10.1.0.21 (EHLO 10.1.0.21 10.1.0.21 [10.1.0.21] (may be forged))
	by 10.1.0.21 with ESMTP id <EEYC0UNIROOQPYD0IHFPCX530WYHX4T4EGVLMD53@ziplip.com>
	for <freebsd-security@freebsd.org>; 18 Apr 2002 00:48:26 -0700 (PDT)
Message-ID: <EEYC0UNIROOQPYD0IHFPCX530WYHX4T4EGVLMD53@ziplip.com>
Date: Thu, 18 Apr 2002 00:48:26 -0700 (PDT)
From: SolarfluX <solarflux@ziplip.com>
Reply-To: solarflux@ziplip.com
To: freebsd-security@freebsd.org
Subject: Re: Upgrading default OpenSSL
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-ZLPwdHint: 
X-ZLExpiry: -1
X-ZLReceiptConfirm: N
X-ZLAuthType: WEB-MAIL
X-ZLAuthOn: Y
X-Mailer: ZipLip Sonoma v3.2
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Normally, yes, that's what it is for, but not in this case.  From /usr/ports/security/openssl/Makefile:

#FORBIDDEN=     "OpenSSL is already in the base system"

-S

> -----Original Message-----
> From: Jeff Palmer [mailto:scorpio@drkshdw.org]
> Sent: Thursday, April 18, 2002, 12:39 AM
> To: solarflux@ziplip.com
> Subject: Re: Upgrading default OpenSSL
> 
> Do you happen to know what the forbidden= is for?
> Typically its due to a security related issue.   It seems to me that you
> want the latest/greatest OpenSSL/OpenSSH for security purposes..  so I'd
> think this whole idea of commenting out the line, would be
> counter-productive..
> 
> 
> ----- Original Message -----
> From: "SolarfluX" <solarflux@ziplip.com>
> To: <freebsd-security@freebsd.org>
> Sent: Thursday, April 18, 2002 3:33 AM
> Subject: Upgrading default OpenSSL
> 
> 
> > Hi,
> >
> > I'd like to upgrade the default version of OpenSSL (0.9.6a) on 4.5-STABLE
> to the latest available in ports (0.9.6b).  I upgraded the default OpenSSH
> to 3.1p using an entry in /etc/make.conf:
> >
> > OPENSSH_OVERWRITE_BASE=YES
> >
> > Can the same thing be done with OpenSSL (i.e. OPENSSL_OVERWRITE_BASE=YES),
> after commenting out the FORBIDDEN lines in the Makefile?
> >
> > When will 0.9.6c (released Dec. 21, 2001) be incorporated?
> >
> > TIA


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message