Re: FreeBSD Security Advisory FreeBSD-SA-05:21.openssl

2005-10-11 Thread Andrea Venturoli
FreeBSD Security Advisories wrote: Note that any statically linked applications that are not part of the base system (i.e. from the Ports Collection or other 3rd-party sources) must be recompiled. Ok, is there any way to list installed ports which are statically linked against OpenSSL? bye

Re: FreeBSD Security Advisory FreeBSD-SA-09:16.rtld

2009-12-03 Thread Andrea Venturoli
FreeBSD Security Advisories ha scritto: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = FreeBSD-SA-09:16.rtld Security Advisory

Re: FreeBSD Security Advisory FreeBSD-SA-09:16.rtld

2009-12-03 Thread Andrea Venturoli
Jamie Landeg Jones ha scritto: So, yes, FreeBSD 6.3-RELEASE upwards are affected - FreeBSD 6.2 isn't. Thanks. So, is a patch on the way for 6.[34] too? I guess the sec team just wanted to get out what they had as soon as possible and I agree with them and thanks them. But I just need to plan

Re: FreeBSD Security Advisory FreeBSD-SA-12:05.bind

2012-08-06 Thread Andrea Venturoli
On 08/07/12 00:12, FreeBSD Security Advisories wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = FreeBSD-SA-12:05.bind Security Advisory

Re: FreeBSD Security Advisory FreeBSD-SA-17:02.openssl

2017-02-23 Thread Andrea Venturoli
On 02/23/17 08:39, FreeBSD Security Advisories wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 = FreeBSD-SA-17:02.opensslSecurity Advisory

Re: FreeBSD Security Advisory FreeBSD-SA-18:03.speculative_execution

2018-03-19 Thread Andrea Venturoli
On 03/18/18 18:54, Jan Demter wrote: Of course I find this enabled on the Intel box and not on the AMD one, but... is PTI in any way affected by a microcode update from Intel? From what I have read so far, I'm pretty certain it isn't planned or even possible to patch this via a microcode upd

Re: Let's Encrypt

2019-09-08 Thread Andrea Venturoli
On 2019-09-08 16:58, Victor Sudakov wrote: Dear Colleagues, Which client is now recommended to work with Let's Encrypt? I see numerous clients in the ports tree, some deleted, some renamed... Which one is good? I'm happy with acme.sh. Don't know about the others. bye av. ___

Re: Let's Encrypt

2019-09-09 Thread Andrea Venturoli
On 2019-09-09 14:26, Dan Langille wrote: Whereas, I run acme.sh on a daily basis. My goal: renew certificates at their earliest possibility. This gives me the maximum time to fix any issues. I combine the above with monitoring to raise alerts if any tickets have less than 28 days left before

Re: Let's Encrypt

2019-09-09 Thread Andrea Venturoli
On 2019-09-09 14:36, Dan Langille wrote: My Nagios alerts are on the certs.  It monitors the certs on the services: e.g. www.freshports.org Sure. Probably I wasn't clear: Nagios looks at the certificates in my case too. __

Re: FreeBSD Security Advisory FreeBSD-SA-20:33.openssl

2020-12-11 Thread Andrea Venturoli
On 12/10/20 12:03 AM, FreeBSD Security Advisories wrote: Note: The OpenSSL project has published publicly available patches for versions included in FreeBSD 12.x. This vulnerability is also known to affect OpenSSL versions included in FreeBSD 11.4. However, the OpenSSL project is only giving p

Kerberos: base or port? [Was: FreeBSD Security Advisory FreeBSD-SA-20:33.openssl]

2020-12-12 Thread Andrea Venturoli
On 12/11/20 9:23 PM, Benjamin Kaduk wrote: It would be useful to give more specifics on the failures, as there's a few classes of things that can go wrong. I thought this would be OT in this thread, but I'll gladly comply :) It doesn't look like openssl from ports attempts to support the T

Re: Kerberos: base or port? [Was: FreeBSD Security Advisory FreeBSD-SA-20:33.openssl]

2020-12-13 Thread Andrea Venturoli
On 12/12/20 7:18 PM, Benjamin Kaduk wrote: Having two different instances of libcrypto in the same address space is generally asking for trouble Of course. That's why I was always wary about switching to a newer/shinier OpenSSL from ports (wihtout eradicating the old one from base). You are r

Re: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-21:01.fsdisclosure

2021-01-31 Thread Andrea Venturoli
On 1/31/21 12:29 PM, Miroslav Lachman wrote: Several file systems were not properly initializing the d_off field of the dirent structures returned by VOP_READDIR.  In particular, tmpfs(5), smbfs(5), autofs(5) and mqueuefs(5) were failing to do so.  As a result, eight uninitialized kernel stack b

Re: pkg 1.18.4 refuses local CAcert on 13.1-RELEASE-p2

2022-09-04 Thread Andrea Venturoli
On 9/4/22 18:42, Axel Rau wrote: While accessing my local poudriere repo I’m getting - - - Bootstrapping pkg from https://some_fqdn/131amd64-default, please wait... Certificate verification failed for some_internal_CA 34391269376:error:1416F086:SSL \ routines:tls_process_server_certificate:cert

Re: FreeBSD Security Advisory FreeBSD-SA-24:02.tty

2024-02-14 Thread Andrea Venturoli
On 2/14/24 08:07, FreeBSD Security Advisories wrote: = FreeBSD-SA-24:02.ttySecurity Advisory The FreeBSD Project Topic:

Re: FreeBSD Security Advisory FreeBSD-SA-24:04.openssh

2024-07-01 Thread Andrea Venturoli
On 7/1/24 10:58, FreeBSD Security Advisories wrote: = FreeBSD-SA-24:04.opensshSecurity Advisory The FreeBSD Project Hello.

Re: FreeBSD Security Advisory FreeBSD-SA-18:03.speculative_execution

2018-03-16 Thread Andrea Venturoli via freebsd-security
On 03/14/18 05:29, FreeBSD Security Advisories wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 = FreeBSD-SA-18:03.speculative_execution Security Advisory ... Hello. After upgrading two mach