Markus Wernig wrote: > Dear list > > I have a couple of 4.1 firewalls that I would like to upgrade to 4.2. > Before taking them online again I'd like to deploy the openssl patch > from ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.2/common/002_openssl.patch > > Being perimeter firewalls, those systems don't have compile tools > installed.
And by making security updates more difficult, you think you have improved security, right? As you have demonstrated, you have not. If an attacker can use your system's compile tools, they can also install the compile tools. But it DOES take you longer to do all you can to keep them out in the first place. > I would thus need to pre-compile libssl on a 4.2 buildhost > and deploy it onto the firewalls. I've been looking through the > documentation but did not find a "good" way to do this, because openssl > is not a package, but part of the base system. > > Is there any way other than tar - scp - untar after compiling libssl? yes, just make a release, and install that. Or, install the compilation tools where you need them and be done with it. Nick.
