Markus Wernig wrote:

quoted text
> Dear list

>

> I have a couple of 4.1 firewalls that I would like to upgrade to 4.2.

> Before taking them online again I'd like to deploy the openssl patch

> from ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.2/common/002_openssl.patch

>

> Being perimeter firewalls, those systems don't have compile tools

> installed. 

And by making security updates more difficult, you think you have

improved security, right?
As you have demonstrated, you have not.  If an attacker can use your

system's compile tools, they can also install the compile tools.  But

it DOES take you longer to do all you can to keep them out in the first

place.
> I would thus need to pre-compile libssl on a 4.2 buildhost

quoted text
> and deploy it onto the firewalls. I've been looking through the

> documentation but did not find a "good" way to do this, because openssl

> is not a package, but part of the base system.

>

> Is there any way other than tar - scp - untar after compiling libssl?

yes, just make a release, and install that.
Or, install the compilation tools where you need them and be done with

it.
Nick.