# Openssl upgrade freebsd 7.1



## Syed Abdul Rahman (Apr 6, 2017)

I need to upgrade OpenSSL in FreeBSD 7.1 release version. I need to upgrade from current version 0.9.8e to latest version 1.1.0. When I tried to upgrade from ports it's not fetching any files from ftp.

Kindly do needful.


----------



## SirDice (Apr 6, 2017)

Syed Abdul Rahman said:


> I need to upgrade OpenSSL in FreeBSD 7.1 release version


No. You need to update your system. FreeBSD 7.1 has been End-of-Life since February 2011 (more than 6 years!) and is not supported any more.

Topics about unsupported FreeBSD versions
https://www.freebsd.org/security/unsupported.html


----------



## getopt (Apr 6, 2017)

Syed Abdul Rahman said:


> FreeBSD 7.1


If you first tell why you have not updated your FreeBSD, we might help you ... 
Take it as an prerequisite.


----------



## Syed Abdul Rahman (Apr 11, 2017)

Since the system is in production we are not able to upgrade the OS. Could you please tell me any other way to upgrade only the particular package through online and offline also. Thanking you.


----------



## gkontos (Apr 11, 2017)

Syed Abdul Rahman said:


> Since the system is in production we are not able to upgrade the OS. Could you please tell me any other way to upgrade only the particular package through online and offline also. Thanking you.


Since the system is in production YOU SHOULD have upgrade it a long time ago. Now, consider a reinstallation of a supported version and restore your data from the backups that I am sure you maintain.


----------



## SirDice (Apr 11, 2017)

Syed Abdul Rahman said:


> Since the system is in production we are not able to upgrade the OS


It can't be important if it's running on an OS that's been EoL for 6 years. Besides that, if it's _really_ that important it wouldn't depend on a single machine and you would have, at least, one backup/fall-back machine.

Now would be a good time to do things properly. Start with a supported OS, set up fail-over/load-balancing and migrate. Then schedule updates, at the very least once a month.

Having a good fail-over strategy also means you can update without taking things offline. It's the _service_ that's important, not the _server_.


----------



## getopt (Apr 11, 2017)

Syed Abdul Rahman said:


> Since the system is in production we are not able to upgrade the OS.


Muhahaha! Your narrative is an intellectual affront.

Come on tell us the whole truth! What exactly has prevented you from upgrading in the past? 
Which program on your box makes it difficult to upgrade FreeBSD?


----------



## ShelLuser (Apr 11, 2017)

If you make a promise you should keep it getopt, not cool to simply troll the guy. For all we know his hands could be tied by a bunch of beancounters who refuse to give permission to apply this much required maintenance on it. Sure, it could also just as easily be your average lazy sysadmin want-to-be but my point about making promises still stands.



Syed Abdul Rahman said:


> Since the system is in production we are not able to upgrade the OS. Could you please tell me any other way to upgrade only the particular package through online and offline also.


I'm not going in full detail because the others are completely right: it's highly irresponsible to use an OS this old and upgrading should be your main concern. Even so, OpenSSL is a separate product with its own website. The ports collection relies on remote repositories: it usually grabs the source code from an official repository. So can you.

But summing up: no one around here is going to help you with this in detail. Not because we don't want to, but because it wouldn't be in your best interest. Your main priority should be to upgrade your server, for your own safety. Almost every day new exploits are discovered and get released, with the main difference being that they won't be fixed in older versions.

And I'm not just sharing wild doom scenario's. From /usr/src/UPDATING:


```
20161206        p13     FreeBSD-SA-16:36.telnetd
                        FreeBSD-SA-16:37.libc
                        FreeBSD-SA-16:38.bhyve
                        FreeBSD-EN-16:19.tzcode
                        FreeBSD-EN-16:20.tzdata

        Fix possible login(1) argument injection in telnetd(8). [SA-16:36]
        Fix link_ntoa(3) buffer overflow in libc. [SA-16:37]
        Fix possible escape from bhyve(8) virtual machine. [SA-16:38]
        Fix warnings about valid time zone abbreviations. [EN-16:19]
        Update timezone database information. [EN-16:20]

20161102        p12     FreeBSD-SA-16:33.openssh
                        FreeBSD-SA-16:35.openssl

        Fix OpenSSH remote Denial of Service vulnerability. [SA-16:33]

        Fix OpenSSL remote DoS vulnerability. [SA-16:35]

20161010        p10     FreeBSD-SA-16:29.bspatch
                        FreeBSD-SA-16:30.portsnap
                        FreeBSD-SA-16:31.libarchive

        Fix bspatch heap overflow vulnerability. [SA-16:29]

        Fix multiple portsnap vulnerabilities. [SA-16:30]

        Fix multiple libarchive vulnerabilities. [SA-16:31]

20160725        p6      FreeBSD-SA-16:25.bspatch
                        FreeBSD-EN-16:09.freebsd-update

        Fix bspatch heap overflow vulnerability. [SA-16:25]

        Fix freebsd-update(8) support of FreeBSD 11.0 release
        distribution. [EN-16:09]
```
.... and so on.


----------

