From owner-freebsd-questions@FreeBSD.ORG Fri Jul 23 10:51:34 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 538AA16A4CE for ; Fri, 23 Jul 2004 10:51:34 +0000 (GMT) Received: from mail.8ball.co.za (8ball.co.za [196.22.201.157]) by mx1.FreeBSD.org (Postfix) with ESMTP id A59DD43D53 for ; Fri, 23 Jul 2004 10:51:30 +0000 (GMT) (envelope-from nelis@8ball.co.za) Received: (qmail 29940 invoked by uid 89); 23 Jul 2004 10:51:29 -0000 Received: from unknown (HELO ?192.168.10.9?) (192.168.10.9) by 192.168.10.1 with SMTP; 23 Jul 2004 10:51:29 -0000 From: Nelis Lamprecht To: Bryce In-Reply-To: <20040723062628.98792.qmail@web11601.mail.yahoo.com> References: <20040723062628.98792.qmail@web11601.mail.yahoo.com> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-NLKonkNVJpc8OIK0PS8u" Organization: 8ball Network Solutions Message-Id: <1090579890.7539.29.camel@nelis.brabys.co.za> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.6 Date: Fri, 23 Jul 2004 12:51:44 +0200 cc: Freebsd questions Subject: Re: SSH Client - OpenSSH dependency problem X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: nelis@8ball.co.za List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Jul 2004 10:51:34 -0000 --=-NLKonkNVJpc8OIK0PS8u Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Fri, 2004-07-23 at 08:26, Bryce wrote: > Dependency warning: used OpenSSL version contains > known vulnerabilities > Please update or define either WITH_OPENSSL_BASE or > WITH_OPENSSL_PORT >=20 > Can anyone throw some light on how to fix this? >=20 As already mentioned you can just use the base system ssh. If however you want to upgrade it to a newer version ( advisable if this machine is accessible to the public ) then you will have to do as the above says. By default the base system contains openssl in /usr/bin and the openssl port installs to /usr/local/bin. This is why you're given the option WITH_OPENSSL_BASE, meaning /usr/bin/openssl or WITH_OPENSSL_PORT, meaning /usr/local/bin/openssl. Basically it's saying, if you already have an updated version in base or ports then tell me where it is. The above is also applicable to openssh. To prevent yourself from getting confused you could always do the following to both openssl and openssh after installing/upgrading them from ports: cd /usr/bin; mv openssl openssl.base; ln -s /usr/local/bin/openssl openssl ..and the same with ssh which will make sure you always use the latest version. By default your $PATH is set to use the base version. If you are going to use the ports then you may also want to ensure the following are defined in /etc/make.conf NO_OPENSSH=3D true NO_OPENSSL=3D true Regards, --=20 Nelis Lamprecht PGP: http://www.8ball.co.za/pgpkey/nelis.asc "Unix IS user friendly.. It's just selective about who its friends are." --=-NLKonkNVJpc8OIK0PS8u Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQBBAO2yQfIMKiRMCrERAnJiAJ9A+HthT9KbnXJZiE74dYONFh+coQCgtS13 TvQjOUG36f0e3/GCTKiRNdM= =Wjdu -----END PGP SIGNATURE----- --=-NLKonkNVJpc8OIK0PS8u--