From owner-freebsd-security Thu Mar 13 6: 9:48 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ED43D37B401 for ; Thu, 13 Mar 2003 06:09:44 -0800 (PST) Received: from bodb.mc.mpls.visi.com (bodb.mc.mpls.visi.com [208.42.156.104]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2996243FBF for ; Thu, 13 Mar 2003 06:09:43 -0800 (PST) (envelope-from hawkeyd@visi.com) Received: from sheol.localdomain (hawkeyd-fw.dsl.visi.com [208.42.101.193]) by bodb.mc.mpls.visi.com (Postfix) with ESMTP id 5F7E94BE4 for ; Thu, 13 Mar 2003 08:09:42 -0600 (CST) Received: (from hawkeyd@localhost) by sheol.localdomain (8.11.6/8.11.6) id h2DE8qM30505 for freebsd-security@freebsd.org; Thu, 13 Mar 2003 08:08:52 -0600 (CST) (envelope-from hawkeyd) Date: Thu, 13 Mar 2003 08:08:52 -0600 From: D J Hawkey Jr To: security at FreeBSD Subject: SA-03:02.openssl for RELENG_4_6_2 vs. RELENG_4_5 Message-ID: <20030313080852.A30434@sheol.localdomain> Reply-To: hawkeyd@visi.com Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello All. This is my last hope for "Are the SA-03:02.openssl patches for RELENG_4_6_2 appropriate for RELENG_4_5?". After a dry-run, it appears that only the FreeBSD CVS version numbers keep some half-dozen of the SA-03:02 patches from applying. FreeBSD released 4.4 with OpenSSL 0.9.6a. FreeBSD released 4.5 with the same (though it may have had changes?). FreeBSD released 4.6.2 with OpenSSL 0.9.e. OK. So as I go about cvsup'ing along the RELENG_4_5 tree, at p13, the source is upgraded to OpenSSL 0.9.6e. At p18, it got an ASN.1 patch. So did RELENG_4_6, at p10. Both RELENGs continued to get the same patches until RELENG_4_5 support was dropped. So, up through RELENG_4_6_2 p7 (p8 is SA-03:02), the two RELENGs had the same OpenSSL trees, right? Therefore: Does anyone know that the SA-03:02 patches for RELENG_4_6_2 should not be applied to a RELENG_4_5 tree (after getting by the above versioning SNAFU)? Thanks, Dave -- ______________________ ______________________ \__________________ \ D. J. HAWKEY JR. / __________________/ \________________/\ hawkeyd@visi.com /\________________/ http://www.visi.com/~hawkeyd/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message