From owner-freebsd-security  Wed Jul 31 19:25:45 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3790E37B400
	for <freebsd-security@FreeBSD.ORG>; Wed, 31 Jul 2002 19:25:41 -0700 (PDT)
Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 9C5CE43EB1
	for <freebsd-security@FreeBSD.ORG>; Wed, 31 Jul 2002 19:25:37 -0700 (PDT)
	(envelope-from nectar@nectar.cc)
Received: from madman.nectar.cc (madman.nectar.cc [10.0.1.111])
	by gw.nectar.cc (Postfix) with ESMTP
	id 0CA4054; Wed, 31 Jul 2002 21:25:32 -0500 (CDT)
Received: from madman.nectar.cc (localhost [IPv6:::1])
	by madman.nectar.cc (8.12.3/8.12.3) with ESMTP id g712PVU4020290;
	Wed, 31 Jul 2002 21:25:31 -0500 (CDT)
	(envelope-from nectar@madman.nectar.cc)
Received: (from nectar@localhost)
	by madman.nectar.cc (8.12.3/8.12.3/Submit) id g712PVvR020289;
	Wed, 31 Jul 2002 21:25:31 -0500 (CDT)
Date: Wed, 31 Jul 2002 21:25:31 -0500
From: "Jacques A. Vidrine" <nectar@FreeBSD.ORG>
To: Christopher Schulte <schulte+freebsd@nospam.schulte.org>
Cc: Dirk Meyer <dirk.meyer@dinoex.sub.org>,
	freebsd-security@FreeBSD.ORG
Subject: Re: Are OpenSSL bugs related to OpenSSH ?
Message-ID: <20020801022531.GB20191@madman.nectar.cc>
Mail-Followup-To: "Jacques A. Vidrine" <nectar@FreeBSD.org>,
	Christopher Schulte <schulte+freebsd@nospam.schulte.org>,
	Dirk Meyer <dirk.meyer@dinoex.sub.org>, freebsd-security@FreeBSD.ORG
References: <Wx/oYHzdAA@dmeyer.dinoex.sub.org> <1028113366.1406.0.camel@linux> <200207311127.g6VBRWY98818@www.wsf.at> <Wx/oYHzdAA@dmeyer.dinoex.sub.org> <20020731151607.GD26793@madman.nectar.cc> <5.1.1.6.2.20020731153229.03e9f388@localhost>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <5.1.1.6.2.20020731153229.03e9f388@localhost>
X-Url: http://www.nectar.cc/
User-Agent: Mutt/1.5.1i-ja.1
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Wed, Jul 31, 2002 at 03:44:11PM -0500, Christopher Schulte wrote:
> I installed the 0.9.6e openssl port to overwrite base 
> (-DOPENSSL_OVERWRITE_BASE)
> and relinked my critical apps.  I added:
> 
> NO_OPENSSL=     true
> 
> to /etc/make.conf
> 
> Now when I want to update to a patched RELENG_4_6, and use the base openssl,
> should I:
> 
> 1) deinstall the port
> 2) remove make.conf declaration
> 3) cvsup/make world
> 4) recompile my third party apps again, because /usr/lib/libcrypto.so.3 and
> /usr/lib/libssl.so.3 are not used by the base openssl

That's correct.

> I'm only a tad confused with number 4.  Was the .2 -> .3 change made just 
> within
> the port or within openssl itself?  Thanks!

Just within the port.  It was ill-advised (IMO).  If it weren't for
the gratuitous version bump, you wouldn't have to rebuild your apps
yet again.

Cheers,
-- 
Jacques A. Vidrine <n@nectar.cc>                 http://www.nectar.cc/
NTT/Verio SME          .     FreeBSD UNIX     .       Heimdal Kerberos
jvidrine@verio.net     .  nectar@FreeBSD.org  .          nectar@kth.se

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message