From owner-freebsd-questions Fri Feb 9 14:46:48 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mta6.snfc21.pbi.net (mta6.snfc21.pbi.net [206.13.28.240]) by hub.freebsd.org (Postfix) with ESMTP id 0BDFB37B65D for ; Fri, 9 Feb 2001 14:46:31 -0800 (PST) Received: from xor.obsecurity.org ([63.207.60.67]) by mta6.snfc21.pbi.net (Sun Internet Mail Server sims.3.5.2000.01.05.12.18.p9) with ESMTP id <0G8I00155HOGWT@mta6.snfc21.pbi.net> for freebsd-questions@freebsd.org; Fri, 9 Feb 2001 14:41:05 -0800 (PST) Received: by xor.obsecurity.org (Postfix, from userid 1000) id 9A4D266B62; Fri, 09 Feb 2001 14:43:49 -0800 (PST) Date: Fri, 09 Feb 2001 14:43:49 -0800 From: Kris Kennaway Subject: Re: OpenSSH 2.3.0 In-reply-to: <000501c092de$717ebc20$0101a8c0@pavilion>; from mh@neonsky.net on Fri, Feb 09, 2001 at 04:22:41PM -0500 To: Richard Ward Cc: freebsd-questions@freebsd.org Message-id: <20010209144349.C69512@mollari.cthul.hu> MIME-version: 1.0 Content-type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="oTHb8nViIGeoXxdp" Content-disposition: inline User-Agent: Mutt/1.2.5i References: <000501c092de$717ebc20$0101a8c0@pavilion> Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG --oTHb8nViIGeoXxdp Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Fri, Feb 09, 2001 at 04:22:41PM -0500, Richard Ward wrote: > In trying to upgrade from a vulnerable release of OpenSSH, I > downloaded the full source from openssh.com. While viewing the > README file, it directs me to a INSTALL file that doesn't seem to be > included, which holds install/configure information. Since I'm doing > this from the source and not ports (my tree isn't too up-to-date) > does anyone know where I can find information on compiling OpenSSH > 2.3.0 on my FreeBSD 4.x machine? -- If not that, is there a way to > grab just one package from the latest ports that is up-to-date with > the latest vulnerabilities? I just committed patches to the port, which is still using version 2.2.0 but should be secure. FreeBSD 4.2-STABLE has had OpenSSH 2.3.0 since 2000/12/05 - if you have an older release you can grab patch-az from the updated port and apply that to your /usr/src/crypto/openssh, and recompile - or wait for the advisory which shouldb e out on monday. Kris --oTHb8nViIGeoXxdp Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6hHKkWry0BWjoQKURAl9VAJ95h6dEbZ7YwJfURisHt7KqEnJfvACgxnCU mMNj72E6cuJiHVUQc8OHc/I= =7t57 -----END PGP SIGNATURE----- --oTHb8nViIGeoXxdp-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message