From owner-freebsd-security Tue Apr 30 15:49:17 2002 Delivered-To: freebsd-security@freebsd.org Received: from ziplip.com (mail.ziplip.com [128.242.109.119]) by hub.freebsd.org (Postfix) with ESMTP id 2B58337B404 for ; Tue, 30 Apr 2002 15:48:22 -0700 (PDT) Received: from 10.1.0.20 (EHLO 10.1.0.20 10.1.0.20 [10.1.0.20] (may be forged)) by 10.1.0.20 with ESMTP id for ; 30 Apr 2002 15:48:06 -0700 (PDT) Message-ID: Date: Tue, 30 Apr 2002 15:48:06 -0700 (PDT) From: SolarfluX Reply-To: solarflux@ziplip.com To: freebsd-security@freebsd.org Subject: Re: Upgrading default OpenSSL Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-ZLPwdHint: X-ZLExpiry: -1 X-ZLReceiptConfirm: N X-ZLAuthType: WEB-MAIL X-ZLAuthOn: Y X-Mailer: ZipLip Sonoma v3.2 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Would this question be more appropriate for freebsd-ports, if not here? I figured the ability (or lack of) to upgrade the default OpenSSL is more of a security issue first, then a ports issue second. I don't want to install OpenSSL manually using the source and have two different versions on my system. I want to replace the default version 0.9.6a with 0.9.6b (0.9.6c would be really nice). Could someone please comment on how this can (or cannot, and why) be done? >Normally, yes, that's what it is for, but not in this case. >From /usr/ports/security/openssl/Makefile: >#FORBIDDEN= "OpenSSL is already in the base system" >-S > -----Original Message----- > From: Jeff Palmer [mailto:scorpio@drkshdw.org] > Sent: Thursday, April 18, 2002, 12:39 AM > To: solarflux@ziplip.com > Subject: Re: Upgrading default OpenSSL > > Do you happen to know what the forbidden= is for? > Typically its due to a security related issue. It seems to me that you > want the latest/greatest OpenSSL/OpenSSH for security purposes.. so I'd > think this whole idea of commenting out the line, would be > counter-productive.. >> ----- Original Message ----- > From: "SolarfluX" > To: > Sent: Thursday, April 18, 2002 3:33 AM > Subject: Upgrading default OpenSSL >> > > Hi, > > > > I'd like to upgrade the default version of OpenSSL (0.9.6a) on 4.5-STABLE > to the latest available in ports (0.9.6b). I upgraded the default OpenSSH > to 3.1p using an entry in /etc/make.conf: > > > > OPENSSH_OVERWRITE_BASE=YES > > > > Can the same thing be done with OpenSSL (i.e. OPENSSL_OVERWRITE_BASE=YES), > after commenting out the FORBIDDEN lines in the Makefile? > > > > When will 0.9.6c (released Dec. 21, 2001) be incorporated? > > > > TIA To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message