Re: OpenSSL Security Advisory [11 Jun 2015]

Matthew Donovan wrote: > You might want to look at > http://svnweb.freebsd.org/base/user/cperciva/portsnap-build/ might help you > with portsnap. > Fantastic! Exactly what I need. -- Michelle Sullivan http://www.mhix.org/ ___ freebsd-ports@freebsd

Re: OpenSSL Security Advisory [11 Jun 2015]

You might want to look at http://svnweb.freebsd.org/base/user/cperciva/portsnap-build/ might help you with portsnap. On Jun 14, 2015 9:36 AM, "Michelle Sullivan" wrote: > Matthew Seaman wrote: > > On 13/06/2015 19:41, Michelle Sullivan wrote: > > > >> How about one for how to make your own portsn

Re: OpenSSL Security Advisory [11 Jun 2015]

On Sat, 13 Jun 2015 16:03:10 -0700 Eitan Adler wrote > On 13 June 2015 at 15:48, Michelle Sullivan wrote: > > > I'd love to setup my own freebsd-update server - if only there were docs > > about how to do it... I'd have done it a couple of months ago, Google > > didn't reveal anything to me whe

Re: OpenSSL Security Advisory [11 Jun 2015]

Matthew Seaman wrote: > On 13/06/2015 19:41, Michelle Sullivan wrote: > >> How about one for how to make your own portsnap ? :P >> > > Presumably you're wanting to re-distribute local modifications to the > ports tree sources around your machines? > > One relatively easy way to do that is t

Re: OpenSSL Security Advisory [11 Jun 2015]

On 13/06/2015 19:41, Michelle Sullivan wrote: > How about one for how to make your own portsnap ? :P Presumably you're wanting to re-distribute local modifications to the ports tree sources around your machines? One relatively easy way to do that is to grab the ports from GitHub -- https://gi

Re: OpenSSL Security Advisory [11 Jun 2015]

Eitan Adler wrote: > On 13 June 2015 at 15:48, Michelle Sullivan wrote: > > >> I'd love to setup my own freebsd-update server - if only there were docs >> about how to do it... I'd have done it a couple of months ago, Google >> didn't reveal anything to me when I looked though... >> > > ht

Re: OpenSSL Security Advisory [11 Jun 2015]

On 13 June 2015 at 15:48, Michelle Sullivan wrote: > I'd love to setup my own freebsd-update server - if only there were docs > about how to do it... I'd have done it a couple of months ago, Google > didn't reveal anything to me when I looked though... https://www.freebsd.org/doc/en_US.ISO8859-1

Re: OpenSSL Security Advisory [11 Jun 2015]

Miroslav Lachman wrote: > Michelle Sullivan wrote on 06/13/2015 14:29: > > [...] > >> 57 servers around the world that I have to maintain, patch and upgrade >> at the same time as devel and maintain my applications... yeah I don't >> do source stuff ;-) >> >> It would be useful to have that option

Re: OpenSSL Security Advisory [11 Jun 2015]

Don Lewis wrote: > > Something to consider is building your own customized releases and > setting up your own freebsd-update server. It's an additional headache, > but would allow you to eliminate some possible additional hazards, such > as the setuid rsh and rlogin. I'm thinking about doing it h

Re: OpenSSL Security Advisory [11 Jun 2015]

Michelle Sullivan wrote on 06/13/2015 14:29: [...] 57 servers around the world that I have to maintain, patch and upgrade at the same time as devel and maintain my applications... yeah I don't do source stuff ;-) It would be useful to have that option in freebsd-update. I was using freebsd-u

Re: OpenSSL Security Advisory [11 Jun 2015]

Michelle Sullivan wrote on 06/13/2015 14:48: PS: There is a workaround for ssh clients in /etc/ssh/ssh_config to stop it falling back to "insecure" protocols - though every freebsd-update attempts to change this file back to the default... fortunately I have puppet to reset the file in the event

Re: OpenSSL Security Advisory [11 Jun 2015]

On 13 Jun, Michelle Sullivan wrote: > Matt Smith wrote: >> On Jun 13 13:13, Michelle Sullivan wrote: >>> Don Lewis wrote: On 13 Jun, Michelle Sullivan wrote: > SSH would be the biggie that most security departments are scared > of... > Well, ssh is available in

Re: OpenSSL Security Advisory [11 Jun 2015]

On Sat, 13 Jun 2015 14:48:04 +0200, Michelle Sullivan stated: >Carmel NY wrote: >> On Sat, 13 Jun 2015 12:36:44 +0100, Matt Smith stated: >> >> >>> The other alternatives are as you say, put /usr/local/bin before >>> /usr/bin in the $PATH. Or add an alias for commands like ssh to point to >>>

Re: OpenSSL Security Advisory [11 Jun 2015]

Carmel NY wrote: > On Sat, 13 Jun 2015 14:48:04 +0200, Michelle Sullivan stated: > > >> Carmel NY wrote: >> >>> On Sat, 13 Jun 2015 12:36:44 +0100, Matt Smith stated: >>> >>> The other alternatives are as you say, put /usr/local/bin before /usr/bin in the $PATH. Or add an

Re: OpenSSL Security Advisory [11 Jun 2015]

On Sat, 13 Jun 2015 14:48:04 +0200, Michelle Sullivan stated: >Carmel NY wrote: >> On Sat, 13 Jun 2015 12:36:44 +0100, Matt Smith stated: >> >>> The other alternatives are as you say, put /usr/local/bin before >>> /usr/bin in the $PATH. Or add an alias for commands like ssh to point to >>> the

Re: OpenSSL Security Advisory [11 Jun 2015]

Carmel NY wrote: > On Sat, 13 Jun 2015 12:36:44 +0100, Matt Smith stated: > > >> The other alternatives are as you say, put /usr/local/bin before >> /usr/bin in the $PATH. Or add an alias for commands like ssh to point to >> the ports version. These methods aren't quite as clean though. >>

Re: OpenSSL Security Advisory [11 Jun 2015]

On Sat, 13 Jun 2015 12:36:44 +0100, Matt Smith stated: >The other alternatives are as you say, put /usr/local/bin before >/usr/bin in the $PATH. Or add an alias for commands like ssh to point to >the ports version. These methods aren't quite as clean though. Swapping the PATH can, in a few inst

Re: OpenSSL Security Advisory [11 Jun 2015]

Matt Smith wrote: > On Jun 13 13:13, Michelle Sullivan wrote: >> Don Lewis wrote: >>> On 13 Jun, Michelle Sullivan wrote: >>> >>> SSH would be the biggie that most security departments are scared of... >>> >>> Well, ssh is available in ports, though I haven't checked to see >>> that

Re: OpenSSL Security Advisory [11 Jun 2015]

On Jun 13 13:13, Michelle Sullivan wrote: Don Lewis wrote: On 13 Jun, Michelle Sullivan wrote: SSH would be the biggie that most security departments are scared of... Well, ssh is available in ports, though I haven't checked to see that it picks up the correct version of openssl. Probl

Re: OpenSSL Security Advisory [11 Jun 2015]

Don Lewis wrote: > On 13 Jun, Michelle Sullivan wrote: > > >> SSH would be the biggie that most security departments are scared of... >> > > Well, ssh is available in ports, though I haven't checked to see that it > picks up the correct version of openssl. > > Problem is it doesn't have

Re: OpenSSL Security Advisory [11 Jun 2015]

On 13 Jun, Michelle Sullivan wrote: > Don Lewis wrote: >> >> I'm still running 8.4 here (but planning on upgrading to 10.1 in the >> next couple of weeks). I use poudriere to build my own package set with >> customized options, and I mentioned a couple weeks ago on >> freebsd-security@ that I swit

Re: OpenSSL Security Advisory [11 Jun 2015]

Don Lewis wrote: > > I'm still running 8.4 here (but planning on upgrading to 10.1 in the > next couple of weeks). I use poudriere to build my own package set with > customized options, and I mentioned a couple weeks ago on > freebsd-security@ that I switched my packages to use the openssl port >

Re: OpenSSL Security Advisory [11 Jun 2015]

On 12 Jun, Michelle Sullivan wrote: > Andrea Venturoli wrote: >> On 06/12/15 01:34, Michelle Sullivan wrote: >>> Roger Marquis wrote: The ports-secteam knows about this but posting here in case someone wants to update ahead of the port, from this morning's Hackernews:

Re: OpenSSL Security Advisory [11 Jun 2015]

Andrea Venturoli wrote: > On 06/12/15 01:34, Michelle Sullivan wrote: >> Roger Marquis wrote: >>> The ports-secteam knows about this but posting here in case someone >>> wants to >>> update ahead of the port, from this morning's Hackernews: >>> >>>

Re: OpenSSL Security Advisory [11 Jun 2015]

On 06/12/15 01:34, Michelle Sullivan wrote: Roger Marquis wrote: The ports-secteam knows about this but posting here in case someone wants to update ahead of the port, from this morning's Hackernews: *wonders how this will affect 8.x & 9.x

Re: OpenSSL Security Advisory [11 Jun 2015]

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 06/11/15 16:34, Michelle Sullivan wrote: > Roger Marquis wrote: >> The ports-secteam knows about this but posting here in case >> someone wants to update ahead of the port, from this morning's >> Hackernews: >> >>

Re: OpenSSL Security Advisory [11 Jun 2015]

Roger Marquis wrote: > The ports-secteam knows about this but posting here in case someone wants to > update ahead of the port, from this morning's Hackernews: > > > *wonders how this will affect 8.x & 9.x* (seems to be no fix for 0.9.8 which

Re: OpenSSL Security Advisory [11 Jun 2015]

This is really old it was found in the last vulnerability. Guess openssl decided to finally fix it On Jun 11, 2015 1:38 PM, "Roger Marquis" wrote: > The ports-secteam knows about this but posting here in case someone wants > to > update ahead of the port, from this morning's Hackernews: > >

Re: OpenSSL Security Advisory [11 Jun 2015]

The ports-secteam knows about this but posting here in case someone wants to update ahead of the port, from this morning's Hackernews: Roger ___ freebsd-ports@freebsd.org mailing list http://lists.fr