From owner-freebsd-security@FreeBSD.ORG Sun Oct 5 10:12:47 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7448516A4B3 for ; Sun, 5 Oct 2003 10:12:47 -0700 (PDT) Received: from corb.mc.mpls.visi.com (corb.mc.mpls.visi.com [208.42.156.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id A697043FDF for ; Sun, 5 Oct 2003 10:12:46 -0700 (PDT) (envelope-from hawkeyd@visi.com) Received: from sheol.localdomain (hawkeyd-fw.dsl.visi.com [208.42.101.193]) by corb.mc.mpls.visi.com (Postfix) with ESMTP id C93538566; Sun, 5 Oct 2003 12:12:45 -0500 (CDT) Received: (from hawkeyd@localhost) by sheol.localdomain (8.11.6p2/8.11.6) id h95HCjP82903; Sun, 5 Oct 2003 12:12:45 -0500 (CDT) (envelope-from hawkeyd) X-Spam-Policy: http://www.visi.com/~hawkeyd/index.html#mail Date: Sun, 5 Oct 2003 12:12:45 -0500 From: D J Hawkey Jr To: peter.lai@uconn.edu Message-ID: <20031005171245.GA82807@sheol.localdomain> References: <200310032249.h93MnXS8047857@freefall.freebsd.org> <20031005142519.GA76750@sheol.localdomain> <20031005163252.GC399@cowbert.2y.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20031005163252.GC399@cowbert.2y.net> User-Agent: Mutt/1.4.1i cc: security at FreeBSD Subject: Re: 4.6-R (Was: Re: FreeBSD Security Advisory FreeBSD-SA-03:18.openssl) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: hawkeyd@visi.com List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Oct 2003 17:12:47 -0000 On Oct 05, at 12:32 PM, Peter C. Lai wrote: > > recompiling the secure and crypto subsystems on the latest RELENG_4_6 (cvsup'd > 3 Oct.) will fail with one of the ssh-pam modules not being able to link with > libssh (unrecognized symbols). This is uncool. Didn't happen here on my RELENG_4_5 box. I should mention that I don't update this box with cvsup(1); I apply the SA patches myself (there have been times where RELENG_4_5 is not explicitly supported by an SA, but is applicable nonetheless). > I noticed that the latest RELENG_4_6 already has the ssh patches; did someone > backport them and upgrade something along the way? I thought 4.6 is supposed to > be unsupported? According to a HEADSUP sent out by Jacques, RELENG_4_6 was supported by SA-03:15, and the CVS tree updated. RELENG_4_6 was also supported by SA-03:18, but I'm not certain if its CVS tree was updated (neither the HEADSUP nor the SA explicitly says so, but I'll bet it has been). I'm not sure if RELENG_4_6 is EOL'd or not (though I think it is). Having said that, the Security team does release patches for EOL'd releases as they see fit. > I was expecting to be able to manually patch my 4.6 sources > and recompile just the crypto/secure subsystems but instead I was forced to > upgrade to 4.8 which broke a ton of other stuff (mainly ports). Maybe I should > have moved to RELENG_4_7 instead. I can't guess at what happened on your end. Well, I _could_, but I'd pro'lly be wrong. :-) Dave -- ______________________ ______________________ \__________________ \ D. J. HAWKEY JR. / __________________/ \________________/\ hawkeyd@visi.com /\________________/ http://www.visi.com/~hawkeyd/