Fw: Re: OpenSSL/0.9.7c-p1 OpenSSH_3.5p1
From: Matthew Seaman [EMAIL PROTECTED] Date: Thu, 22 Apr 2004 12:31:24 +0100 To: Pelle Andersson [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: OpenSSL/0.9.7c-p1 OpenSSH_3.5p1 User-Agent: Mutt/1.5.6i On Thu, Apr 22, 2004 at 10:27:10AM +0200, Pelle Andersson wrote: Hi! How can I the easiest way update/upgrade OpenSSL OpenSSH on a FreeBSD 4.9 machine? I saw on the net that they where part of the base system and therefore I can't use portupgrade or make deinstall/make reinstall I thought they where updated when running 'make world'? Now I am using: OpenSSL 0.9.7c-p1 30 Sep 2003 OpenSSH_3.5p1 FreeBSD-20030924 uname -a: FreeBSD frodo.domain.xyz 4.9-RELEASE-p5 FreeBSD 4.9-RELEASE-p5 #2: Wed Apr 21 10:21:22 CEST 2004 @frodo.domain.xyz:/usr/obj/usr/src/sys/FIBOPTIMIZED i386 You're running 4.9-RELEASE. One of the points about the -RELEASE branches is that they are guarranteed *not* to have any new functionality introduced. Updates are limited to bugfixes, generally for security bugs only. Now, you are running the latest patchlevel on the 4.9-RELEASE branch, which means that all known bugs in OpenSSL and OpenSSH will have been fixed. However *only* the bugs have been fixed. There haven't been any patches to add features, neither have there been any patches to modify version numbers. Naive security scanners that *just* look at the version numbers of installed packages will tell you incorrectly that you have a problem. If you want the newer versions of those packages, then you have two choices. You can install them from ports, or you can upgrade to and track a different FreeBSD source branch. If you install from ports, there is a facility for you to install the port in such a way as to overwrite the equivalents in the base system. You can certainly do this if you want, but think carefully before doing so. Overwriting bits of the base system will make it harder for you to do regular upgrades. Otherwise, if you choose to upgrade to a different source branch, you will need to choose one of the development branches in order to get new versions of stuff -- that either 4-STABLE or 5-CURRENT. But 5-CURRENT is not really suitable for any use other than developing the system. 4-STABLE is quite close to winding down, and it's not planned to import the very latest versions of OpenSSH etc: the upcoming 4.10-RELEASE will probably be the last release branched from there, and that will have OpenSSH 3.5p1. Other packages may well get updates though. 5-STABLE is planned coincident with 5.3-RELEASE, which is the next release planned to happen after 4.10. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK - End forwarded message - ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
OpenSSL/0.9.7c-p1 OpenSSH_3.5p1
Hi! How can I the easiest way update/upgrade OpenSSL OpenSSH on a FreeBSD 4.9 machine? I saw on the net that they where part of the base system and therefore I can't use portupgrade or make deinstall/make reinstall I thought they where updated when running 'make world'? Now I am using: OpenSSL 0.9.7c-p1 30 Sep 2003 OpenSSH_3.5p1 FreeBSD-20030924 uname -a: FreeBSD frodo.domain.xyz 4.9-RELEASE-p5 FreeBSD 4.9-RELEASE-p5 #2: Wed Apr 21 10:21:22 CEST 2004 @frodo.domain.xyz:/usr/obj/usr/src/sys/FIBOPTIMIZED i386 TIA //Pelle ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: OpenSSL/0.9.7c-p1 OpenSSH_3.5p1
On Thu, Apr 22, 2004 at 10:27:10AM +0200, Pelle Andersson wrote: Hi! How can I the easiest way update/upgrade OpenSSL OpenSSH on a FreeBSD 4.9 machine? I saw on the net that they where part of the base system and therefore I can't use portupgrade or make deinstall/make reinstall I thought they where updated when running 'make world'? Now I am using: OpenSSL 0.9.7c-p1 30 Sep 2003 OpenSSH_3.5p1 FreeBSD-20030924 uname -a: FreeBSD frodo.domain.xyz 4.9-RELEASE-p5 FreeBSD 4.9-RELEASE-p5 #2: Wed Apr 21 10:21:22 CEST 2004 @frodo.domain.xyz:/usr/obj/usr/src/sys/FIBOPTIMIZED i386 You're running 4.9-RELEASE. One of the points about the -RELEASE branches is that they are guarranteed *not* to have any new functionality introduced. Updates are limited to bugfixes, generally for security bugs only. Now, you are running the latest patchlevel on the 4.9-RELEASE branch, which means that all known bugs in OpenSSL and OpenSSH will have been fixed. However *only* the bugs have been fixed. There haven't been any patches to add features, neither have there been any patches to modify version numbers. Naive security scanners that *just* look at the version numbers of installed packages will tell you incorrectly that you have a problem. If you want the newer versions of those packages, then you have two choices. You can install them from ports, or you can upgrade to and track a different FreeBSD source branch. If you install from ports, there is a facility for you to install the port in such a way as to overwrite the equivalents in the base system. You can certainly do this if you want, but think carefully before doing so. Overwriting bits of the base system will make it harder for you to do regular upgrades. Otherwise, if you choose to upgrade to a different source branch, you will need to choose one of the development branches in order to get new versions of stuff -- that either 4-STABLE or 5-CURRENT. But 5-CURRENT is not really suitable for any use other than developing the system. 4-STABLE is quite close to winding down, and it's not planned to import the very latest versions of OpenSSH etc: the upcoming 4.10-RELEASE will probably be the last release branched from there, and that will have OpenSSH 3.5p1. Other packages may well get updates though. 5-STABLE is planned coincident with 5.3-RELEASE, which is the next release planned to happen after 4.10. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgp0.pgp Description: PGP signature
Re: OpenSSL/0.9.7c-p1 OpenSSH_3.5p1
Thanks Matthew for an oustanding answer (Dirk assisted) =) Thats sorted out a few thing for me and hopefully for others to. I feel safe now when I know the following: One of the points about the -RELEASE branches is that they are guarranteed *not* to have any new functionality introduced. Updates are limited to bugfixes, generally for security bugs only. When I now also know that... Now, you are running the latest patchlevel on the 4.9-RELEASE branch, which means that all known bugs in OpenSSL and OpenSSH will have been fixed. However *only* the bugs have been fixed. ...I do not think I shall upgrade to newer versions. It's very good to know: If you want the newer versions of those packages, then you have two choices. Maybe there will be a need for an upgrade in the future. As I wrote in the beginning, thanks a lot for an outstanding reply. Best regards Pelle -Ursprungligt meddelande- Fran: Matthew Seaman [mailto:[EMAIL PROTECTED] Skickat: den 22 april 2004 13:31 Till: Pelle Andersson Kopia: [EMAIL PROTECTED] Amne: Re: OpenSSL/0.9.7c-p1 OpenSSH_3.5p1 On Thu, Apr 22, 2004 at 10:27:10AM +0200, Pelle Andersson wrote: Hi! How can I the easiest way update/upgrade OpenSSL OpenSSH on a FreeBSD 4.9 machine? I saw on the net that they where part of the base system and therefore I can't use portupgrade or make deinstall/make reinstall I thought they where updated when running 'make world'? Now I am using: OpenSSL 0.9.7c-p1 30 Sep 2003 OpenSSH_3.5p1 FreeBSD-20030924 uname -a: FreeBSD frodo.domain.xyz 4.9-RELEASE-p5 FreeBSD 4.9-RELEASE-p5 #2: Wed Apr 21 10:21:22 CEST 2004 @frodo.domain.xyz:/usr/obj/usr/src/sys/FIBOPTIMIZED i386 You're running 4.9-RELEASE. One of the points about the -RELEASE branches is that they are guarranteed *not* to have any new functionality introduced. Updates are limited to bugfixes, generally for security bugs only. Now, you are running the latest patchlevel on the 4.9-RELEASE branch, which means that all known bugs in OpenSSL and OpenSSH will have been fixed. However *only* the bugs have been fixed. There haven't been any patches to add features, neither have there been any patches to modify version numbers. Naive security scanners that *just* look at the version numbers of installed packages will tell you incorrectly that you have a problem. If you want the newer versions of those packages, then you have two choices. You can install them from ports, or you can upgrade to and track a different FreeBSD source branch. If you install from ports, there is a facility for you to install the port in such a way as to overwrite the equivalents in the base system. You can certainly do this if you want, but think carefully before doing so. Overwriting bits of the base system will make it harder for you to do regular upgrades. Otherwise, if you choose to upgrade to a different source branch, you will need to choose one of the development branches in order to get new versions of stuff -- that either 4-STABLE or 5-CURRENT. But 5-CURRENT is not really suitable for any use other than developing the system. 4-STABLE is quite close to winding down, and it's not planned to import the very latest versions of OpenSSH etc: the upcoming 4.10-RELEASE will probably be the last release branched from there, and that will have OpenSSH 3.5p1. Other packages may well get updates though. 5-STABLE is planned coincident with 5.3-RELEASE, which is the next release planned to happen after 4.10. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]