From owner-freebsd-questions@FreeBSD.ORG Wed Mar 16 18:24:36 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9AAB7106564A for ; Wed, 16 Mar 2011 18:24:36 +0000 (UTC) (envelope-from carmel_ny@hotmail.com) Received: from blu0-omc4-s27.blu0.hotmail.com (blu0-omc4-s27.blu0.hotmail.com [65.55.111.166]) by mx1.freebsd.org (Postfix) with ESMTP id 5235C8FC1A for ; Wed, 16 Mar 2011 18:24:36 +0000 (UTC) Received: from BLU0-SMTP173 ([65.55.111.136]) by blu0-omc4-s27.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675); Wed, 16 Mar 2011 11:24:35 -0700 X-Originating-IP: [174.109.142.1] X-Originating-Email: [carmel_ny@hotmail.com] Message-ID: Received: from scorpio.seibercom.net ([174.109.142.1]) by BLU0-SMTP173.blu0.hotmail.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.4675); Wed, 16 Mar 2011 11:24:34 -0700 Received: from scorpio (zeus [192.168.1.1]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: carmel_ny@scorpio.seibercom.net) by scorpio.seibercom.net (Postfix) with ESMTPSA id 89FDEE54833 for ; Wed, 16 Mar 2011 14:24:32 -0400 (EDT) Date: Wed, 16 Mar 2011 14:24:31 -0400 From: Carmel To: FreeBSD In-Reply-To: <4D80CA9D.9010506@infracaninophile.co.uk> References: <4D80CA9D.9010506@infracaninophile.co.uk> Organization: seibercom.net X-Mailer: Claws Mail 3.7.8 (GTK+ 2.22.1; amd64-portbld-freebsd8.2) Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAJFBMVEUeH4oAAI3//v8LDHmw s8gyNZ/b3ej7+vn+/v////+PjIc8Plaj/TnQAAACNElEQVQ4jaXUvW/aQBQAcFtKGZLFT+YY 3D1SR9SKoRMncE3IggU4kicGi1JYOgQwyYrgnLlSzhsoNkTuVJEp+ef6ztiAoV3aJ+QPfufn s987S/5fQvoXYPjztmfc514Ks+5JfGUCfrzt4+VabF+jwEV4DGEXN8N4p16sPLxHX07/V3qX yfF5D2H6K4V8j9NkyAphvkjBembD5PDFk3zeTzP1jcksyaV9w+d4ELmUoOp8N2p8uQVyhTAT uawnKNH2mie5lJp48mscUcbJUvg0mR6APwAoye9AMyWozY4gAh0vcxa5FJ4TKCuODESWtfkB 8AEQSupUXNIYH8FSC2w8X3eMBNbbVJpJ7MgECO5yJ9DUEWCYkzNAlsRsgwLQ1GkWqELbkDOh 1bUzoHagYkNh9MXlK/MQoA42gTxz2bhPM2DJedm8MZx6cNfJgEZJ5cmwPp5FZ/Ye8O2qTrFV dgOrHkZRBoheJiGrRquwAhnQ6GeTePPerWVmQelAQ5lwNqtvQd2lcooAV74/zR1BIRS19fy5 ru+B/8ReW9pYKMPjt609zDaitHHTGOO+Zu7gHvsKE7XbeE1QVuJXomIFuZgUJdXQdhpqEELc /e8RLjfi+cQ01yMdWot8UcCVxEWHEkcUrsDGuhaIEoM9kfgAR6jxHcmEV7tNURAl8KTHN9iF McKGFHGO62O62UMpbmlVuogQ7ndL8zXCiLeBy3xpfrqaXS/+AHDG4o8AvhuPeezD/3xL/hy/ Adjlg2odglF2AAAAAElFTkSuQmCC MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 16 Mar 2011 18:24:34.0908 (UTC) FILETIME=[66B2A9C0:01CBE407] Subject: Re: Updating OpenSSH X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: FreeBSD List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Mar 2011 18:24:36 -0000 On Wed, 16 Mar 2011 14:35:09 +0000 Matthew Seaman articulated: > On 16/03/2011 13:38, Carmel wrote: > > I was just wondering about the version of SSH used on FreeBSD. > > > > According to the OpenSSH page: > > > > OpenSSH 5.8/5.8p1 released February 4, 2011 [contains security fix] > > > > Now, according to my system, FreeBSD-8.2, I have this version: > > > > OpenSSH_5.4p1 FreeBSD-20100308, OpenSSL 0.9.8q 2 Dec 2010 > > > > # openssl version > > OpenSSL 1.0.0d 8 Feb 2011 > > > > So why is an older version shown? Also, when does the FreeBSD > > team intend to update the system OpenSSH version? > > > > I have the following notation in my /etc/make.conf file: > > > > WITH_OPENSSL_PORT=yes > > > > Should I have something else also? I have FreeBSD 8.2-STABLE > > installed. > > > > The version of OpenSSH shipped with any release of the OS is > exceedingly unlikely to be updated within the lifetime of that > release. Not unless there was a killer problem, and it turned out > easier to update the whole shebang rather than just patching the > problem. > > Why wasn't OpenSSH updated in stable/8 before 8.2-RELEASE? Good > question. I don't actually know. It's quite possible that no one had > sufficient spare cycles to do the work required, and that the changes > between 5.4 and 5.8 were not sufficiently compelling for anyone to > make the time. OK, then does that mean that the latest version will be used in the still not released 9 version of FreeBSD? > As for security vulnerabilities: did you check on the OpenSSH site? > The vulnerability fixed in 5.8 (information leak in signed SSH keys) > only applies to versions 5.6 and 5.7 -- that's because the whole > 'signed key' thing isn't in version 5.4 at all. No, all I did was check for the current version. > I can tell you that the FreeBSD Security Team is extremely efficient > and would have had patches and security advisories out for this > problem within a matter of hours of the OpenSSH announcement *if it > had been relevant*. -- Carmel carmel_ny@hotmail.com