From owner-freebsd-security Mon Feb 24 19:45:11 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ED0B437B405; Mon, 24 Feb 2003 19:45:06 -0800 (PST) Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id 75FBB43FA3; Mon, 24 Feb 2003 19:45:05 -0800 (PST) (envelope-from nectar@celabo.org) Received: from madman.celabo.org (madman.celabo.org [10.0.1.111]) by gw.nectar.cc (Postfix) with ESMTP id 0D52E42; Mon, 24 Feb 2003 21:45:05 -0600 (CST) Received: by madman.celabo.org (Postfix, from userid 1001) id E66F678C3E; Mon, 24 Feb 2003 21:45:04 -0600 (CST) Date: Mon, 24 Feb 2003 21:45:04 -0600 From: "Jacques A. Vidrine" To: KIMURA Yasuhiro Cc: freebsd-security@FreeBSD.ORG Subject: Updated OpenSSL patches (was Re: openssl advisory) Message-ID: <20030225034504.GA92642@madman.celabo.org> Mail-Followup-To: "Jacques A. Vidrine" , KIMURA Yasuhiro , freebsd-security@FreeBSD.ORG References: <20030225.100021.27473189.yasu@utahime.org> <20030225022110.GA92307@madman.celabo.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030225022110.GA92307@madman.celabo.org> X-Url: http://www.celabo.org/ User-Agent: Mutt/1.5.3i-ja.1 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org [If you had trouble with the OpenSSL patches that were published this morning, please read this. If you are using CVS or CVSup to follow the security branches, then this will not interest you. ] On Mon, Feb 24, 2003 at 08:21:10PM -0600, Jacques A. Vidrine wrote: > On Tue, Feb 25, 2003 at 10:00:21AM +0900, KIMURA Yasuhiro wrote: > > I applied openssl47.patch to my 4.7R source tree, but some parts of > > the patch were rejected as following. > > > > sugar# patch -s < /tmp/security-fixes/openssl47.patch > > 1 out of 1 hunks failed--saving rejects to UPDATING.rej > > 1 out of 1 hunks failed--saving rejects to crypto/openssl/apps/openssl.cnf.rej > > 1 out of 3 hunks failed--saving rejects to crypto/openssl/apps/speed.c.rej > > Reversed (or previously applied) patch detected! Assume -R? [y] ^Csugar# > > > > Does anybody suceed? > I'm afraid there's something amiss with the patch set I generated with > CVS :-( > I will have to redo them. > Meanwhile, please use CVSup. I'm sorry for the inconvenience. I've put updated patches on ftp-master -- they should reach mirrors in a few hours. I've also pushed them out to ftp2.freebsd.org, so they are available there immediately. A revised advisory with corrected URLs will be published tomorrow with new patch instructions. The excerpt is here: ---- updated patch instructions ---- 2) To patch your present system: The following patches have been verified to apply to FreeBSD 4.6.2, 4.7, and 5.0 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 4.7-STABLE systems after 2003/02/14 and 4.8-PRERELEASE systems] # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:02/openssl4s.patch.gz # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:02/openssl4s.patch.gz.asc [FreeBSD 5.0 systems] # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:02/openssl50.patch.gz # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:02/openssl50.patch.gz.asc [FreeBSD 4.7 systems] # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:02/openssl47.patch.gz # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:02/openssl47.patch.gz.asc [FreeBSD 4.6.2 systems] # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:02/openssl462.patch.gz # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:02/openssl462.patch.gz.asc b) Execute the following commands as root: # cd /usr/src # gunzip -c /path/to/patch | patch -E c) Recompile the operating system as described in . ---- end updated patch instructions ---- Please let me know of any trouble you encounter. Sorry for the goof. These were quite large and unwieldy patch sets. Cheers, -- Jacques A. Vidrine http://www.celabo.org/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message