From owner-freebsd-security Tue Apr 30 18:45:42 2002 Delivered-To: freebsd-security@freebsd.org Received: from d188h80.mcb.uconn.edu (d188h80.mcb.uconn.edu [137.99.188.80]) by hub.freebsd.org (Postfix) with SMTP id C56A037B41A for ; Tue, 30 Apr 2002 18:45:37 -0700 (PDT) Received: (qmail 21910 invoked by uid 1001); 1 May 2002 01:45:31 -0000 Date: Tue, 30 Apr 2002 21:45:31 -0400 From: "Peter C. Lai" To: SolarfluX Cc: freebsd-security@freebsd.org Subject: Re: Upgrading default OpenSSL Message-ID: <20020430214531.A21901@cowbert.2y.net> Reply-To: peter.lai@uconn.edu References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from solarflux@ziplip.com on Tue, Apr 30, 2002 at 03:48:06PM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org cvsup and make world? On Tue, Apr 30, 2002 at 03:48:06PM -0700, SolarfluX wrote: > Would this question be more appropriate for freebsd-ports, if not here? > > I figured the ability (or lack of) to upgrade the default OpenSSL is more of a > security issue first, then a ports issue second. I don't want to install OpenSSL > manually using the source and have two different versions on my system. I > want to replace the default version 0.9.6a with 0.9.6b (0.9.6c would be really > nice). Could someone please comment on how this can (or cannot, and why) be > done? > > >Normally, yes, that's what it is for, but not in this case. >From /usr/ports/security/openssl/Makefile: > > >#FORBIDDEN= "OpenSSL is already in the base system" > > >-S > > -----Original Message----- > > From: Jeff Palmer [mailto:scorpio@drkshdw.org] > > Sent: Thursday, April 18, 2002, 12:39 AM > > To: solarflux@ziplip.com > > Subject: Re: Upgrading default OpenSSL > > > > Do you happen to know what the forbidden= is for? > > Typically its due to a security related issue. It seems to me that you > > want the latest/greatest OpenSSL/OpenSSH for security purposes.. so I'd > > think this whole idea of commenting out the line, would be > > counter-productive.. > >> ----- Original Message ----- > > From: "SolarfluX" > > To: > > Sent: Thursday, April 18, 2002 3:33 AM > > Subject: Upgrading default OpenSSL > >> > > > Hi, > > > > > > I'd like to upgrade the default version of OpenSSL (0.9.6a) on 4.5-STABLE > > to the latest available in ports (0.9.6b). I upgraded the default OpenSSH > > to 3.1p using an entry in /etc/make.conf: > > > > > > OPENSSH_OVERWRITE_BASE=YES > > > > > > Can the same thing be done with OpenSSL (i.e. OPENSSL_OVERWRITE_BASE=YES), > > after commenting out the FORBIDDEN lines in the Makefile? > > > > > > When will 0.9.6c (released Dec. 21, 2001) be incorporated? > > > > > > TIA > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- Peter C. Lai University of Connecticut Dept. of Molecular and Cell Biology | Undergraduate Research Assistant http://cowbert.2y.net/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message