From owner-freebsd-questions@FreeBSD.ORG Wed Apr 12 18:43:24 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A90AE16A403 for ; Wed, 12 Apr 2006 18:43:24 +0000 (UTC) (envelope-from freebsd-questions@m.gmane.org) Received: from ciao.gmane.org (main.gmane.org [80.91.229.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id EE9EF43D49 for ; Wed, 12 Apr 2006 18:43:23 +0000 (GMT) (envelope-from freebsd-questions@m.gmane.org) Received: from list by ciao.gmane.org with local (Exim 4.43) id 1FTkIx-0003ft-NF for freebsd-questions@freebsd.org; Wed, 12 Apr 2006 20:43:03 +0200 Received: from r5k20.chello.upc.cz ([86.49.10.20]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 12 Apr 2006 20:43:03 +0200 Received: from martinkov by r5k20.chello.upc.cz with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 12 Apr 2006 20:43:03 +0200 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-questions@freebsd.org From: martinko Date: Wed, 12 Apr 2006 20:42:44 +0200 Lines: 35 Message-ID: References: <443BAE40.9050704@dial.pipex.com> <001301c65d7f$0b9dab70$dededede@avalon.lan> <20060411203727.GA90177@xor.obsecurity.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Complaints-To: usenet@sea.gmane.org X-Gmane-NNTP-Posting-Host: r5k20.chello.upc.cz User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.12) Gecko/20051205 X-Accept-Language: sk, cs, en-gb, en-us, en In-Reply-To: <20060411203727.GA90177@xor.obsecurity.org> Sender: news Subject: Re: upcoming release 6.1: old version of some core components X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Apr 2006 18:43:24 -0000 Kris Kennaway wrote: > On Tue, Apr 11, 2006 at 05:46:06PM +0200, No@SPAM@mgEDV.net wrote: > >> >> >>>I can't answer you main question, but I would say that you can bet your >>>shirt on the fact that there will be no known security issues in the >>>older packages. >> >>>At least for openssl and openssh you can get latest versions through the >>>ports. Not an option for everything -- I see no zlib for example and I >>>don't believe there's a standard cvs port either. >> >>as for zlib i definitely know, that there are 2 security flaws, which can >>lead to problems when invalid compressed data is feeded. > > > Already fixed as soon as they were published. Are there other reasons > to upgrade? > > >>my problem also is not the installation of ports/packages/custom compiles, >>it's more that the operating system components itself are linked against >>these older libraries an therefore will contain bugs, which may have been >>already solved. > > > The other side of this is that newer versions are often incompatible > (OpenSSL, I'm looking at you), which rules out upgrading the version > in a FreeBSD-STABLE branch since it ruins binary compatibility. > > Kris one may wonder why they change very minor version number/letter only, if the changes are so disturbing..