RE: Installing Security Advisories



Dear ~BAS,

Thank you very much for your quick response.
Here is what I did, as far as I can see exactly according to Security Advisory http://security.freebsd.org/advisories/FreeBSD-SA-07:08.openssl.asc.

<shell>

%fetch http://security.FreeBSD.org/patches/SA-07:08/openssl.patch
openssl.patch 100% of 1051 B 6887 kBps
%fetch http://security.FreeBSD.org/patches/SA-07:08/openssl.patch.asc
openssl.patch.asc 100% of 187 B 1325 kBps
%pgp openssl.patch
Pretty Good Privacy(tm) Version 6.5.8
Internal development version only - not for general release.
(c) 1999 Network Associates Inc.

Export of this software may be restricted by the U.S. government.

File 'openssl.patch.asc' has signature, but with no text.
Text is assumed to be in file 'openssl.patch'.
Good signature from user "FreeBSD Security Officer <security-officer@xxxxxxxxxxx>".
Signature made 2007/10/03 21:48 GMT

WARNING: Because this public key is not certified with a trusted
signature, it is not known with high confidence that this public key
actually belongs to: "FreeBSD Security Officer <security-officer@xxxxxxxxxxx>".
%cd /usr/src
%patch < /root/openssl.patch
Hmm... Looks like a unified diff to me...
The text leading up to this was:
--------------------------
|Index: crypto/openssl/ssl/ssl_lib.c
|===================================================================
|RCS file: /home/ncvs/src/crypto/openssl/ssl/ssl_lib.c,v
|retrieving revision 1.1.1.12.2.1
|diff -u -d -r1.1.1.12.2.1 ssl_lib.c
|--- crypto/openssl/ssl/ssl_lib.c 28 Sep 2006 13:02:36 -0000 1.1.1.12.2.1
|+++ crypto/openssl/ssl/ssl_lib.c 3 Oct 2007 17:01:24 -0000
--------------------------
File to patch:

</shell>

Now it comes up to the point where 'patch' is asking me which file to patch..
The security advisory tells nothing about this as far as I can see.

Actually I did not try cvsup/csup. One of the big advantages of FreeBSD is to me the easy Packages-System in sysinstall. Performance of KDE with all details is outstanding, so I see no need to compile the whole system from source. But maybe I will for the sake of it being cool...

And I striktly refuse to be weak-at-shell!!!! :-)

Best regards, Tino Engel

Subject: Re: Installing Security Advisories
From: bseklecki@xxxxxxxxxxxxxxxxxxxxxxx
To: tino.engel@xxxxxxxxxxx
CC: freebsd-questions@xxxxxxxxxxx
Date: Fri, 26 Oct 2007 13:07:47 -0400


On Fri, 2007-10-26 at 17:42 +0100, Tino Engel wrote:
So how can I find out, which file to tell 'patch' to patch?

Why don't you paste the full input / output dialog from your patch
attempt and we will point out where you're making a syntactical error.

Manual patching is not for the weak-at-shell. Did you try to cvsup/csup
your source tree instead?

~BAS


_________________________________________________________________
Eva sagt: „Kennst du schon den Adressimport für den Messenger?“
http://messenger.live.de/ersteschritte_adressimport.html_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@xxxxxxxxxxx"



Relevant Pages

  • [NT] JRun Source Code Disclosure
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... (i.e. by appending a unicoded NULL to the valid request string, ... Vendor Response: ... vendor released a cumulative patch for JRun that includes the patch for ...
    (Securiteam)
  • Re: Fwd: Re: New Metrics to measure Load average
    ... The tester's signature is a position which is required to include in the patch which will be posted to ... > Please go through our previous correspondence in this regard. ...
    (Linux-Kernel)
  • fetch: Resume errors, help!
    ... Living in South Africa internet access is not what it could be, ... When fetch tries to resume from an ftp site that does not support resuming (or ... See below for my patch. ... problem is that how to handle the -R flag. ...
    (freebsd-hackers)
  • Re: Verifying that a security patch has done its thing...
    ... > I just ran the patch to fix the OpenSSH issue from "Security Advisory ... How do I verify that the patch did what it was supposed to do? ... > understanding is that this will not update the version flag of OpenSSH, ... > or do I have to actually stop sshd entirely and then restart it to load ...
    (FreeBSD-Security)
  • Re: Email Signatures: "The signature "blah blah" could not be located.
    ... Hotfix patch. ... This worked previously but now says "The upgrade patch ... Outlook that you've installed. ... When I edit the signature, ...
    (microsoft.public.outlook.general)