tech-security: Re: NetBSD Security Advisory 2004-003: OpenSSL 0.9.6 ASN.1 parser vulnerability

Subject: Re: NetBSD Security Advisory 2004-003: OpenSSL 0.9.6 ASN.1 parser vulnerability
To: Ossi Herrala <oherrala@ee.oulu.fi>
From: David Maxwell <david@crlf.net>
List: tech-security
Date: 02/20/2004 11:49:45

On Thu, Feb 19, 2004 at 07:17:38PM +0200, Ossi Herrala wrote:
> On Thu, Feb 19, 2004 at 08:36:46AM -0500, NetBSD Security-Officer wrote:
> > * NetBSD 1.6, 1.6.1:
> Build fails if there is no toolchain installed.
> 
> Commands
> 
> 	make USETOOLS=no cleandir dependall
> 	make USETOOLS=no install
> 
> works better.
> Or is there reason that NetBSD's toolchain should be used?

You're correct. I've updated the advisory. It's something we've often
missed in the past as well, unfortunately.


> I think same applies also:
> 
> > * NetBSD 1.5, 1.5.1, 1.5.2, 1.5.3:

1.5 didn't use build.sh, and has no concept of USETOOLS, so that one is
okay as is.

-- 
David Maxwell, david@vex.net|david@maxwell.net -->
All this stuff in twice the space would only look half as bad!
					      - me