RE: Verifying updates to source

["Derrick Lobo" <derrick%givex.com@localhost>]

Thanks Adrian  

The version for bind displays 'BIND 9.4.2-P1'

As for /usr/lib/libcrypto* the dates have changed to the date I put the fix
and completed the built.

And yes I am on netbsd 4.0.

Regards

Derrick

-----Original Message-----
From: Adrian Portelli [mailto:adrianp%stindustries.net@localhost] 
Sent: Wednesday, August 20, 2008 4:40 PM
To: Derrick Lobo
Cc: netbsd-users%netbsd.org@localhost
Subject: Re: Verifying updates to source

Derrick Lobo wrote:
> How do I verify if BIND and ssh have been upgraded after NetBSD Security
> Advisory 2008-009 and 008. I updated the files from source and completed
the
> build, however the banner for ssh still shows OpenSSH_4.4
> NetBSD_Secure_Shell-20061114, OpenSSL 0.9.8e 23 Feb 2007 does it mean that
> the updates did not go through or do the banner not get updated for an
> emergency fix. The date on the src files listed in the advisory have been
> updated..
> 
> 
> Regards
> 
> Derrick 
> 
> 
> 

Hi,

You don't state what release you're on at the moment so I'm going to 
assume netbsd-4.  For 2008-009 the version of BIND was actually 
upgraded.  So if you run '/usr/sbin/named -v' it should report back that 
you're running 'BIND 9.4.2-P1'.  If it reports 'BIND 9.4.1-P1' then 
something is rotten.

2008-008 is a little more tricky as we didn't upgrade the OpenSSL 
version for that advisory, it was just a patch to the existing sources. 
   Once more only the libcrypto libraries were updated.  I'd check if 
the source files have been updated (specifically 
crypto/dist/openssl/crypto/bn/bn_mont.c as stated in the advisory) and 
the date and time stamps have changed on the /usr/lib/libcrypto* files.

adrian.