From owner-freebsd-security@FreeBSD.ORG  Fri Oct 13 16:20:57 2006
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
X-Original-To: freebsd-security@freebsd.org
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id D1CF816A47E
	for <freebsd-security@freebsd.org>;
	Fri, 13 Oct 2006 16:20:57 +0000 (UTC)
	(envelope-from cmoulin@simplerezo.com)
Received: from mail.omnikles.com (omnicertisg-47-74.cnt.nerim.net
	[213.215.47.74])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E2CAD43D4C
	for <freebsd-security@freebsd.org>;
	Fri, 13 Oct 2006 16:20:56 +0000 (GMT)
	(envelope-from cmoulin@simplerezo.com)
Received: (qmail 32037 invoked by uid 98); 13 Oct 2006 18:20:55 +0200
Received: from 192.168.6.112 by poseidon.omnikles.net (envelope-from
	<cmoulin@simplerezo.com>, uid 82) with qmail-scanner-1.25 
	(clamdscan: 0.88.1/1374.  Clear:RC:1(192.168.6.112):. 
	Processed in 0.186761 secs); 13 Oct 2006 16:20:55 -0000
X-Qmail-Scanner-Mail-From: cmoulin@simplerezo.com via poseidon.omnikles.net
X-Qmail-Scanner: 1.25 (Clear:RC:1(192.168.6.112):. Processed in 0.186761 secs)
Received: from unknown (HELO nb03) (192.168.6.112)
	by 192.168.6.18 with SMTP; 13 Oct 2006 18:20:54 +0200
From: =?iso-8859-1?Q?Cl=E9ment_Moulin?= <cmoulin@simplerezo.com>
To: <freebsd-security@freebsd.org>
Date: Fri, 13 Oct 2006 18:20:53 +0200
Organization: SimpleRezo
Message-ID: <000a01c6eee3$8e56d500$7006a8c0@nb03>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Office Outlook 11
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962
Thread-Index: AcbuPJOx55/7T58HTHGk64uipnw0ngAo0tdg
In-Reply-To: <tUXijs4jgM@dmeyer.dinoex.sub.org>
Subject: RE: I cannot upgrade openssl-stablr
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Oct 2006 16:20:57 -0000

Dirk Meyer a =E9crit:
>
>OPENSSL_OVERWRITE_BASE=3Dyes
>sould be used with extreme caution!
>
>This might break your base application in cases like this, when the =
base
uses a diffrent api as the ports does.
>

That's totally true.

I was wondering if, to avoid ports problem with openssl (and maybe some =
over
libs/important parts) - because somes refers directly to the openssl =
base,
others to the ports one -, we might try to find a way to have openssl - =
in
future release - in the base system being like a pre-installed port.

It will be very hopeful too when security issues are discovered, because
instead of patching the system base (and rebuilding the world...) we =
have
only to do a portupgrade... Saving times :)
An other interest in doing this, is that the system will be reported
unsecure by portaudit...

OpenSSH should have the same treatment :)

--
Cl=E9ment Moulin
SimpleRezo