/SSL_CTX_set_tlsext_ticket_key_cb.3:
No such file or directory
install: ///usr/src/secure/usr.bin/openssl/man/c_rehash.1: No such file or
directory
done.
It doesn't look like OpenSSL got updated, and it looks like a bunch of the
attempted updates failed. Was this advisory tested on 10.0?
--Paul Ho
gt; part of a newer sendmail release.
Ah, that wasn't clear from the thread, sorry. Sure, patching Sendmail for this
seems fine. Thanks!
--Paul Hoffman
___
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
sl in 11-CURRENT going to
> be/already been MFC'ed to other branches?
I'm still *really* hesitant for us to be patching OpenSSL for a bug on a
middlebox vendor's system that already has a fix.
--Paul Hoffman
___
freebsd-security@fr
o25276>. I have been told by an
Ironport user that there is already a patch that is available from Cisco. If
that's true (I can't confirm), why would we want to do a patch to our core
crypto?
--Paul Hoffman
___
freebsd-secur
quot;PermitRootLogin no" even
though it has made creating new FreeBSD VMs troublesome for me sometimes.
...and I'm glad we're not discussing the uninformed crypto FUD that started
this thread...
--Paul Hoffman
___
freebsd-security@freebsd.o
On Jan 12, 2015, at 8:40 AM, Zoran Kolic wrote:
> In fact, you got answer on openbsd misc list.
Can you point to that for the rest of us? I'd rather not wade in
openbsd-misc
--Paul Hoffman
___
freebsd-security@freebsd.org mailing l
etc.?
>
> Should instead TLD owners be banned from adding such records? (this still
> could be abused though)
No, no, and no. As you say above, the spec is being followed. You can mitigate
your misuse of the DNS:
<https://www.icann.org/en/system/files/files/name-collision-mitigatio
istressed
that 9.3 seems to be a second-class citizen for security fixes. (And I totally
admit that I could be misreading the situation.)
--Paul Hoffman
___
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/free
has minor
(if any) value over AES-128. I can't tell from your message if you are leaving
CAST >128 in; if so, you should leave CAST 128 in as well. If CAST 128 is the
max in the module, you can either remove all of CAST or leave CAST 128 in, it
doesn't m
t predict any
future values.
--Paul Hoffman
___
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
r.
>
> (There's also the benefit that having many readers from a single
> pseudorandom stream, adds an additional kind of randomness to its output).
How does having an additional *reader* add additional bits?
> This is obviously a complex issue, and some of it will be subjective
Comments/objections?
It seems like a good plan. As long as people who have a different trust list
than Mozilla can easily implement their own trust plan, it's fine, and this
brings a lot of ease-of-use to the ports, particularly to common ones like wget.
--Paul Hoffman
signature.asc
Description: Message signed with OpenPGP using GPGMail
wouldn't know where to look in the code, so I can't
figure out which is right. But it is clear that this is worth clarifying both
in the openssl pkg-descr *and* in the make.conf man page.
--Paul Hoffman
Begin forwarded message:
> From: din...@freebsd.org
> Subject: Re: ports/189208:
On May 1, 2014, at 8:26 AM, Uwe Doering wrote:
> On 01.05.14 16:33, Paul Hoffman wrote:
>> I'll turn in a pr for it.
docs/189199
> Good idea. I would think that this should be mentioned at least in
> "pkg-descr" of the "openssl" port, where it gets displ
umented* feature of make.conf.
I'll turn in a pr for it.
--Paul HOffman
___
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
to fix such a bug without bad actors being able to determine and
exploit some of the fixes in unpatched systems.
--Paul Hoffman
___
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubs
On Apr 10, 2014, at 12:36 PM, ari edelkind
wrote:
> On Thu, Apr 10, 2014 at 10:56 AM, Paul Hoffman wrote:
>
>> Quite right. It is reasonable to assume that, given what we now know about
>> the memory allocation scheme in OpenSSL, that other bugs exist and will
>> o
On Apr 10, 2014, at 12:34 PM, Nathan Dorfman wrote:
> On Thu, Apr 10, 2014 at 10:56 AM, Paul Hoffman wrote:
>> If your reliance on OpenSSL bugs being fixed requires a fix at a rate faster
>> than what the FreeBSD community provides, then you should not rely on the
>&
should not rely on the
FreeBSD community. Install OpenSSL on your mission-critical systems from
OpenSSL source, not from FreeBSD ports or packages. The OpenSSL source will
always be updated before the FreeBSD community fixes are released.
--Paul Hoffman (who will continue to rely on the FreeBSD com
On Dec 24, 2013, at 2:53 PM, Xin Li wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> On 12/24/13 14:36, Paul Hoffman wrote:
>> On Dec 24, 2013, at 12:44 PM, Xin Li wrote:
>>
>>> I think we shouldn't save entropy inside jails, as the data is
might be used by some userland
program (running as root, of course) that knows about the directory and wants
some fresh entropy for its own use.
Is there a problem with saving the directory in jails? It certainly isn't
taking up much spa
t's my fault.
I was wondering about that, but figured it might have moved in FreeBSD 10. Good
to hear that it is not moving.
--Paul Hoffman
___
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-securi
On Nov 19, 2013, at 7:54 AM, Darren Pilgrim
wrote:
> On 11/19/2013 7:44 AM, Paul Hoffman wrote:
>> Greetings again. Why does this announcement only apply to:
>>
>>> Affects:FreeBSD 10.0-BETA
>>
>> That might be the only version where aes128-gcm a
you would need to update all systems
running OpenSSH 6.2 and 6.3, according to the CVE. FWIW, when I did a
freebsd-update on my 9.2-RELEASE system, sshd (6.2) was not updated.
--Paul Hoffman
___
freebsd-security@freebsd.org mailing list
h
24 matches
Mail list logo
