port-cobalt: Q about updates per SA-2004-05 advisory

Subject: Q about updates per SA-2004-05 advisory
To: None <port-cobalt@netbsd.org>
From: Brian <bmcewen@comcast.net>
List: port-cobalt
Date: 04/30/2004 04:36:05
Greetings;

I'm having some trouble getting an update made, per the instructions 
regarding SA-2004-05, which state (I'm running 1.6.1)
-----------------------------------------------------------
* NetBSD 1.6, 1.6.1, 1.6.2:

	The binary distribution of NetBSD 1.6, 1.6.1 and 1.6.2 are vulnerable.

	Systems running NetBSD 1.6 sources dated from before
	2004-04-02 should be upgraded from NetBSD 1.6 sources dated
	2004-04-03 or later.

	NetBSD 1.6.3 will include the fix.

	The following directories need to be updated from the
	netbsd-1-6 CVS branch:
		crypto/dist/openssl

	To update from CVS, re-build, and re-install libcrypto and libssl

		# cd src
		# cvs update -d -P -r netbsd-1-6 crypto/dist/openssl

		# cd lib/libcrypto
		# make cleandir dependall
		# make install
		# cd ../../lib/libssl

		# make USETOOLS=no cleandir dependall
		# make USETOOLS=no install
---------------------------------------------------------

So I :
        setenv CVSROOT anoncvs@anoncvs.NetBSD.org:/cvsroot
	setenv CVS_RSH ssh
	cd /usr/pkgsrc

Then:

Qube# pwd
/usr/pkgsrc
Qube# cvs update -d -P -r netbsd-1-6 crypto/dist/openssl
cvs [update aborted]: no such directory `crypto/dist'

In fact I have no crypto/dist folder hierarchy anywhere. And I can't 
tell if cvs is quitting due to folders missing on my, or the remote 
end...

I just did a
cvs -q update -dP
/usr/pkg/sbin/download-vulnerability-list

and I suppose that I can just update the openssl from pkgsrc and then 
the libcrypto and libssl as well; but why is my pkgsrc tree different 
than they apparently expect?  I've done pretty much a stock install 
from Dennis's .iso...

And an aside, when the NetBSD info articles say dates like 2004-04-03 
above, I'm assuming that since much support for NetBSD seems 
international in origin that this means April 3 2004 not Mar 4 2004?

Thanks,

Brian

-- 
"To announce that there must be no criticism of the president, or that 
we are to stand by the president, right or wrong, is not only 
unpatriotic and servile, but is morally treasonable to the American 
public."
-- Theodore Roosevelt, speaking on President Wilson's crackdown on 
dissent after the U.S. entered W.W.I