Re: OpenSSL upgrade.
On Saturday 27 October 2007 07:22:35 am Grant Peel wrote: > Hiall, > > Due to a security issue, I need to upgrade my OpenSSL version. > > What is the correct method? > > ports? > > package? > > a CVSUP of the whole server source? > > Here is the version I have now (on freebsd 6.2) > > const# openssl version > OpenSSL 0.9.7e-p1 25 Oct 2004 > const# > > TIA, > > -Grant There is a link to the security advisory for OpenSSL on the homepage of www.freebsd.org that contains step by step instructions on how to upgrade it. -- Thanks, Josh Paetzel PGP: 8A48 EF36 5E9F 4EDA 5A8C 11B4 26F9 01F1 27AF AECB signature.asc Description: This is a digitally signed message part.
OpenSSL upgrade.
Hiall, Due to a security issue, I need to upgrade my OpenSSL version. What is the correct method? ports? package? a CVSUP of the whole server source? Here is the version I have now (on freebsd 6.2) const# openssl version OpenSSL 0.9.7e-p1 25 Oct 2004 const# TIA, -Grant ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
openssl upgrade confusion
I'm trying to upgrade openssl 0.9.7d from 0.9.7c and am having a really rough time. I downloaded the 9.7d tarball and untarred it in /usr/src. I did a ./config, make, and make install. It seems to have placed the new openssl libraries in a different location than where the original ones were installed: # locate libcrypto.a /usr/lib/libcrypto.a /usr/local/ssl/lib/libcrypto.a # What is the best way to over-write the base install? I've considered adding /usr/local/ssl/lib to the /var/run/ld-elf.so.hints file but I can't find a way to modify the order so that /usr/local/ssl/lib/ is checked before /usr/lib. Is that the route I should be taking, or is there a better way? I have considered using the openssl port to do the upgrade, but I would rather use a tarball because I have built apache/mod_ssl/openssl together. - Jamie Greetings from Minneapolis, MN, United States ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
openssl upgrade problem, now mail broken
While trying to upgrade my OpenSSH and OpenSSL I really messed things up. I have openssh-portable-3.6.1p2 installed but when I "make" OpenSSL I get the following error: hw_cryptodev.c:1121: `CRF_DH_COMPUTE_KEY' undeclared (first use in this function) hw_cryptodev.c: At top level: hw_cryptodev.c:297: warning: `get_cryptodev_digests' defined but not used *** Error code 1 Stop in /max/ports/security/openssl/work/openssl-0.9.7b/crypto/engine. *** Error code 1 Stop in /max/ports/security/openssl/work/openssl-0.9.7b/crypto. *** Error code 1 Stop in /max/ports/security/openssl/work/openssl-0.9.7b. *** Error code 1 Stop in /max/ports/security/openssl/work/openssl-0.9.7b. *** Error code 1 Stop in /max/ports/security/openssl. = When I try to retieve my mail I get the error: /usr/libexex/ld-elf.so.1: Shared object "libcrypto.so.3" not found. I'm running in circles. Any ideas? Please CC me as I cannot subscribe to the list. Thanks, Jim __ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: openssl upgrade problems - newbie stuck
On Wed, 18 Sep 2002 13:41:49 +0100, [EMAIL PROTECTED] (Roman Neuhauser) wrote: >hmmm, i got to http://people.freebsd.org/~jdp/s1g/ >read this page. > >you have a kind of chicken and egg problem: you need to update >cvsup, but it's too old, and will get kicked from cvsup >servers. try using the package listed there. >you'll want the non-gui version. How about "pkg_delete -x cvsup" and "pkg_add -r cvsup-without-gui", or will this fall foul of the change of package format from gzip to bzip2? In which case I guess manually download the package for cvsup-without-gui from ftp.freebsd.org and pkg_add the downloaded file. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: openssl upgrade problems - newbie stuck
On Wed, 18 Sep 2002, Roman Neuhauser wrote: > # cd /usr/ports/security/openssl > # make clean build >> Patch patch-ac failed to apply cleanly. Stop in /usr/ports/security/openssl. *** Error code 1 (as before) > > if that fails, cvsup your ports *), and try again. > > *) if the system is configured well, this will suffice: > > # cd /usr/ports > # make update index /usr/ports# make update index Error: Please define either SUP_UPDATE or CVS_UPDATE first. So I tried export SUP_UPDATE=yes Now: /usr/ports# make update index Error: Please define PORTSSUPFILE before doing make update. I found an example port-supfile, edited it just to get ports-all and ports-security, and ran again. Now I get: /usr/ports# make update index -- >>> Running -- *default: not found *default: not found *default: not found *default: not found *default: not found *default: not found ports-base: not found ports-security: not found *** Error code 127 and thought I'd better stop before doing any more damage failing around like this... Thanks for the help Graham > > -- > begin 666 nonexistent.vbs > FreeBSD 4.7-RC > 12:56PM up 20:11, 13 users, load averages: 2.76, 2.24, 2.09 > end > To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: openssl upgrade problems - newbie stuck
# [EMAIL PROTECTED] / 2002-09-18 13:23:59 +0100: > Parsing supfile "/usr/local/etc/cvsup/supfiles/ports-supfile" > Connecting to cvsup.uk.FreeBSD.org > Connected to cvsup.uk.FreeBSD.org > Protocol negotiation failed: See > http://www.polstra.com/projects/freeware/CVSup/s1g/ for upgrading > information > *** Error code 1 > > Stop in /usr/ports. > --- > but the url given above just redirects to the cvsup.org front page. > and there's nothing I can see in the FAQ. hmmm, i got to http://people.freebsd.org/~jdp/s1g/ read this page. you have a kind of chicken and egg problem: you need to update cvsup, but it's too old, and will get kicked from cvsup servers. try using the package listed there. you'll want the non-gui version. -- begin 666 nonexistent.vbs FreeBSD 4.7-RC 2:38PM up 21:53, 13 users, load averages: 2.00, 2.00, 2.00 end To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: openssl upgrade problems - newbie stuck
On Wed, 18 Sep 2002, Roman Neuhauser wrote: > ok, so it's not configured. this is the relevant part of my > /etc/make.conf, you'll want to adjust SUPHOST: > > and this is the ports-supfile: > > > try again with this. > -- >>> Running /usr/local/bin/cvsup -- Parsing supfile "/usr/local/etc/cvsup/supfiles/ports-supfile" Connecting to cvsup.uk.FreeBSD.org Connected to cvsup.uk.FreeBSD.org Protocol negotiation failed: See http://www.polstra.com/projects/freeware/CVSup/s1g/ for upgrading information *** Error code 1 Stop in /usr/ports. --- but the url given above just redirects to the cvsup.org front page. and there's nothing I can see in the FAQ. Graham To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: openssl upgrade problems - newbie stuck
# [EMAIL PROTECTED] / 2002-09-18 12:54:32 +0100: > On Wed, 18 Sep 2002, Roman Neuhauser wrote: > > > # cd /usr/ports/security/openssl > > # make clean build > > ... > >> Patch patch-ac failed to apply cleanly. > Stop in /usr/ports/security/openssl. > *** Error code 1 > > (as before) > > > > if that fails, cvsup your ports *), and try again. > > > > *) if the system is configured well, this will suffice: > > > > # cd /usr/ports > > # make update index > > /usr/ports# make update index > Error: Please define either SUP_UPDATE or CVS_UPDATE first. ok, so it's not configured. this is the relevant part of my /etc/make.conf, you'll want to adjust SUPHOST: SUP=/usr/local/bin/cvsup SUPFLAGS= -g -L 2 SUPHOST=cvsup.cz.FreeBSD.org PORTSSUPFILE= /usr/local/etc/cvsup/supfiles/ports-supfile and this is the ports-supfile: *default base=/usr/local/etc/cvsup *default prefix=/usr *default release=cvs tag=. *default delete use-rel-suffix *default compress ports-all try again with this. -- begin 666 nonexistent.vbs FreeBSD 4.7-RC 2:05PM up 21:20, 13 users, load averages: 2.00, 2.00, 2.02 end To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: openssl upgrade problems - newbie stuck
# [EMAIL PROTECTED] / 2002-09-18 10:23:08 +0100: > make install gives me: > - > ===> Patching for openssl-0.9.6g > ===> Applying FreeBSD patches for openssl-0.9.6g > Ignoring previously applied (or reversed) patch. > 2 out of 2 hunks ignored--saving rejects to Makefile.org.rej > >> Patch patch-ab failed to apply cleanly. > *** Error code 1 # cd /usr/ports/security/openssl # make clean build if that fails, cvsup your ports *), and try again. *) if the system is configured well, this will suffice: # cd /usr/ports # make update index -- begin 666 nonexistent.vbs FreeBSD 4.7-RC 12:56PM up 20:11, 13 users, load averages: 2.76, 2.24, 2.09 end To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
openssl upgrade problems - newbie stuck
Hi, I'm a complete BSD ports newbie. I've inherited a BSD production machine and am belatedly trying to upgrade openssl to the 9.6g version. I'm trying to do this through the ports collection, which originally had 9.6a installed, but which had a partial (broken) installation of a later version over the top. I've tried to override things manually to allow the upgrade (definitely a mistake) but am unable to complete the installation. make install gives me: - ===> Patching for openssl-0.9.6g ===> Applying FreeBSD patches for openssl-0.9.6g Ignoring previously applied (or reversed) patch. 2 out of 2 hunks ignored--saving rejects to Makefile.org.rej >> Patch patch-ab failed to apply cleanly. *** Error code 1 Stop in /usr/ports/security/openssl. *** Error code 1[repeated 5 times] --- is there any clean way to continue (or to back out and restart)? The box is a live one; I can't easily take everything off-line to experiment. thanks for any advice Graham To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message