BSD/OS 4.3.X patches
Courtesy of macnica.net
NOTICE:
This server provides access to the official patches for BSD/OS.
All patches are Copyright 1999 Berkeley Software Design, Inc.,
all rights reserved. Other copyrights may apply to some patches.
Access to some of these patches is restricted to BSDI customers
with valid update or support contracts.
If you are reading this after obtaining it from the patches@BSDI.COM
mail-back server, you have already been authenticated. You can
request any of these files directly through the email server.
If you wish to access the protected files via ftp, you must
first obtain a group-id/password pair from the patches@BSDI.COM
mail-back server and then enter the appropriate `site group'
and `site gpass' commands before requesting the files from the
ftp server. See the help message from the patches@BSDI.COM
mail-back server for more information. Send an empty message
to the address patches@BSDI.COM and the server will respond with
the help message.
Mods ending with a "D" contain domestic versions of applications. U.S.
export laws prohibit transferring of these files outside of the United
States or Canada.
This directory contains patches for i386 architecure BSD/OS 4.2.
In general, all top-level mods will now be named MXXX-YYY where
XXX is the release number against which the mod is meant to be
applied (e.g., 420 for the 4.2 release), and YYY is the mod number
(a monotonically increasing value). If the mod has sub-mods, those
submods are named with the same name as the top level mod that
contains them plus an extension. The usual extensions will be:
utility (Utility fixes)
kernel (Kernel fixes)
PACKAGE (The package that the fixes exist in)
In general the main mod calls the utility and the kernel submods, if
there are any utility or kernel submods. The utility and kernel submods
then call the PACKAGE specific submods. If it appears that the source
or contributed CDROM is loaded on the system a prompt appears asking if that
sub-mod should be applied. Determination of wether a package is installed
or not is made by checking for the existence of a sentinel file. If the
sentinel file exists it is assumed the package, or CDROM, is completely
installed and the submods are applied. If the sentinel file does not exist
the submods are not applied and the mod will check the next PACKAGE mod.
You can use the "about" option to see which files are used as the sentinel
files for each package submod for each patch.
In general you will want to apply the patch by calling the main mod.
It will automatically detect the existence of packages and not attempt
to load any fixes for packages that are not installed. If later a
package is loaded onto the system, it can be brought up to date by
calling the mods with the PACKAGE submod name. When applying submods
this way care must be taken when using undo or commit.
Note for source customers: Any new or changed kernel header files are
usually installed by the SYS_OBJ mod. Source may not build correctly
on a system that is not up to date with SYS_OBJ mods.
Most mods can be applied while the system is running multi-user,
but it is always best to make changes on a quiet, fully backed up
system. Don't forget that kernel mods require a rebuild followed
by rebooting with the new kernel.
The .asc files in the signatures directory are PGP signatures signed
with the official BSDI public key. You can obtain the key from
below. The key is also on the public key ring in the
PGP directory of all BSD/OS CDROMs starting with version 2.1.
===========================================================================
Mod : M430-001
Submods: M430-001.utility M430-001.MAN M430-001.CORE_ROOT_CONFIG
M430-001.DEVELOPMENT M430-001.TEX M430-001.LAP M430-001.NETWORKING
M430-001.CORE_USR M430-001.CORE_ROOT_BINARIES M430-001.kernel
M430-001.SYS_OBJ M430-001.SYS_SOURCE
Utility:
These packages are for i386 type machines only
MAN:
Previous stunnel man page was Postscript NOT a man page.
CORE_ROOT_CONFIG:
Edit /etc/shlib.map to resolve a typo.
DEVELOPMENT:
Fix a bug in yacc that causes yacc to crash on large grammars.
TEX:
xdvi as distributed in 4.3 would not run properly, it was recomp
iled
from source.
LAP:
Fixed some problems in the LAP package.
NETWORKING:
Update Openssh to 3.0.1p2.
Distributed ftp-proxy executable was incorrect.
CORE_USR:
Fix a memory leak in lockd.
Correct syslogd so that some error messages get logged properly.
CORE_ROOT_BINARIES:
Fix a locally exploitable buffer overflow.
Kernel:
Fix a problem in locore.s which causes kernel to lose FP state.
Md5 Checksum: aa3d65fb5c623497bdeb3cf91b4cd595 M430-001
Size: 4774118
======================================================
Mod : M430-002
Submods: M430-002.utility M430-002.MAN M430-002.MANSRC M430-002.DEVELOPMENT
M430-002.CORE_ROOT_BINARIES M430-002.kernel M430-002.SYS_OBJ
M430-002.SYS_SOURCE
Utility:
These packages are for i386 type machines only
MAN:
Add man pages for the ciss driver.
MANSRC:
Add man page sources for the ciss driver and the cisslun.
DEVELOPMENT:
Add header files for the SA5300 adn 5i driver.
Update soem system include files for the 2.2Ghz processors.
CORE_ROOT_BINARIES:
Update sysctl.
Kernel:
Add sources, object code, header files and man pages for the Compaq
SA5300 drivers.
Md5 Checksum: baaf3b27aad0b6fd80fd2daa056416b5 M430-002
Size: 349479
======================================================
Mod : M430-003
Submods: M430-003.utility M430-003.CORE_ROOT_BINARIES M430-003.CORE_USR
M430-003.DEVELOPMENT M430-003.MAN M430-003.MANSRC
M430-003.NETWORKING M430-003.kernel M430-003.SYS_OBJ
M430-003.SYS_SOURCE
Utility:
These packages are for i386 type machines only
CORE_ROOT_BINARIES:
Fix scsicmd - Prevent data corruption problem when
executing some SCSI commands.
CORE_USR:
Upgrade uucp, uuname, uparams. Fixes a buffer overflow
in uucp argument parsing that will allow a user to gain
access as the user/group "uucp".
DEVELOPMENT:
Update /usr/include/sys/socket.h to correct version.
MAN:
Update ppp.sys man page to define actual types used.
MANSRC:
Update ppp.sys.5 man page source so that all the types
used in the /etc/ppp.sys file are defined in the man page.
NETWORKING:
Update ftp to deal with a variety of code changes.
Update tftpd to work properly if you have connected to it
via a link-local IPv6 address.
Update netstat command to NOT show some statistics twice.
Update several applications due to update of
/usr/include/sys/sockets.h.
Kernel:
Update the ATAPI driver.
Update kern_clock It was possible for the microsecond value in a
timeval struct to be 1000000. It should be limited to 999999.
Fix a kernel memory leak.
Upgrade several networking modules in the kernel.
Md5 Checksum: 20b21cf6d22fdbff42b669b0c952bf7c M430-003
Size: 1026077
======================================================
Mod : M430-004
Submods: M430-004.utility M430-004.NETWORKING
Utility:
These packages are for i386 type machines only
NETWORKING:
Update Openssh: scp sftp-server ssh-add ssh ssh-agent
ssh-keygen sshd to 3.1p1.
Kernel:
None.
Md5 Checksum: 6f7a101d545aa15a4e8710ef095d6eda M430-004
Size: 4866720
======================================================
Mod : M430-005
Submods: M430-005.utility M430-005.CORE_USR M430-005.DEVELOPMENT
M430-005.kernel M430-005.SYS_OBJ M430-005.SYS_SOURCE
Utility:
These packages are for i386 type machines only
CORE_USR:
Install a new libz.
DEVELOPMENT:
Install new static libz.
Kernel:
Fix ipfw problems.
Fix problem with Aironet cards.
Address an NFS problem.
Fix a problem with foriegn keyboards.
Update superblock correctly.
Md5 Checksum: cb8dbb7edbd0c700dd67caaf0863ea42 M430-005
Size: 467591
======================================================
Mod : M430-005a
Submods: M430-005a.utility M430-005a.CORE_USR M430-005a.DEVELOPMENT
M430-005a.kernel M430-005a.SYS_OBJ M430-005a.SYS_SOURCE
Utility:
These packages are for i386 type machines only
CORE_USR:
Install a new libz.
DEVELOPMENT:
Install new static libz.
Kernel:
Fix ipfw problems.
Fix problem with Aironet cards.
Address an NFS problem.
Fix a problem with foriegn keyboards.
Update superblock correctly.
Md5 Checksum: 550165f944ad43b94f6214292f4eabbc M430-005a
Size: 471718
======================================================
Mod : M430-006
Submods: M430-006.utility M430-006.MAN M430-006.MANSRC M430-006.kernel
M430-006.SYS_OBJ M430-006.SYS_SOURCE
Utility:
These packages are for i386 type machines only
MAN:
Add man pages for the ciss driver.
MANSRC:
Add man page sources for the ciss driver and the cisslun.
Kernel:
Add sources, object code, header files and man pages for the Compaq
SA5300 drivers.
Md5 Checksum: 655998f430fb4d5778fa6916382995c7 M430-006
Size: 121058
======================================================
Mod : M430-007
Submods: M430-007.utility M430-007.CORE_USR M430-007.NETWORKING
Utility:
These packages are for i386 type machines only
CORE_USR:
New /sbin/popauth to fix a buffer overflow security hole.
NETWORKING:
New /usr/libexec/popper to fix a buffer overflow security hole.
New /usr/sbin/dhcpd to fix a format string
vulnerability - CERT CA-2002-12
Kernel:
None.
Md5 Checksum: f0a8e0d6265f32ad59c295289296a24d M430-007
Size: 369111
======================================================
Mod : M430-008
Submods: M430-008.utility M430-008.DEVELOPMENT M430-008.CONTRIB_USR
M430-008.CORE_ROOT_BINARIES M430-008.MAN M430-008.MANSRC
M430-008.NETWORKING
Utility:
These packages are for i386 type machines only
DEVELOPMENT:
Updates to libc to fix rcmd routines to properly
resolve addresses on multi-homed machines.
CONTRIB_USR:
Updates Apache executables to 1.3.26
CORE_ROOT_BINARIES:
Updates to libc to fix rcmd routines to properly
resolve addresses on multi-homed machines.
MAN:
Update man ages for Apache.
MANSRC:
Man page sources for Apache.
NETWORKING:
New Apache executables.
New openssh executables.
Kernel:
None.
Md5 Checksum: fc6fb53948f1b66b135d05d2786e112b M430-008
Size: 9075791
======================================================
Mod : M430-009
Submods: M430-009.utility M430-009.CONTRIB_USR M430-009.NETWORKING
Utility:
These packages are for i386 type machines only
CONTRIB_USR:
Update the /usr/contrib/bin/apxs command, it was
misconfigured in M430-008.
NETWORKING:
Install a new libssl.so and several other modules that
did not get built properly in M430-008.
Kernel:
None.
Md5 Checksum: ebbaca0685d6f152010d51a26152d5a3 M430-009
Size: 770052
======================================================
Mod : M430-010
Submods: M430-010.utility M430-010.CORE_ROOT_BINARIES
M430-010.DEVELOPMENT M430-010.MAN M430-010.MANSRC
M430-010.NETWORKING
Utility:
These packages are for i386 type machines only
CORE_ROOT_BINARIES:
Update the shared libraries with new libc libraries.
Install a new /var/db/libc.tags file.
DEVELOPMENT:
Install new include files for OpenSSL.
Install a new libcrypto.a.
Install a new lisssl.a
Install a new libc.a to deal with CERT Advisory CA-2002-25 and C
ERT
Advisory CA-2002-19.
MAN:
Install new OpenSSL man pages.
MANSRC:
Install new OpenSSL man page source.
NETWORKING:
Install new OpenSSL binaries.
Kernel:
None.
Md5 Checksum: 2c65f26775cd2bb610f0241faae42954 M430-010
Size: 4639541
======================================================
Mod : M430-011
Submods: M430-011.utility M430-011.CONTRIB_USR M430-011.CORE_ROOT_BINARIES
M430-011.CORE_USR M430-011.DEVELOPMENT M430-011.MAN M430-011.MANSRC
M430-011.NETWORKING M430-011.CORE_ROOT_CONFIG M430-011.kernel
M430-011.SYS_OBJ M430-011.SYS_SOURCE
Utility:
These packages are for i386 type machines only
CONTRIB_USR:
New httpd-MaxIM based on the latest Apache.
CORE_ROOT_BINARIES:
New scsicmd executable.
CORE_USR:
/sbin/bootparams isn't properly installed in 4.3 - this
installs it.
DEVELOPMENT:
Update /usr/include/sys/ucred.h.
MAN:
New man pages:
cisslun.4
ssh, scp sftp, sftp-server, ssh-add, ssh-agent,
ssh-keygen, sshkeyscan, sshd, ssh_config,
sshd_config, ssh=keysign, ssh-rand-helper
NETWORKING:
Install an new ftpd - fixes a hang when client aborted
a transfer.
CORE_ROOT_CONFIG:
Install new shlib/libutil.so.0.0
Kernel:
NFS fixes:
- server locks up after client deletes large number of
file/dirs.
- hangs when NFS writes get interrupted.
- fixes a security hole.
- potential panics on systems with heavy NFS usage and LARGE
local buffer caches.
Enable CMD649 IDE controllers to work in UDMA mode.
Fixes a potential kernel panic when the processes CPU time
limit is reached.
Support for ServerWorks CSB5.
Fixes a problem that prevented the system from doing a core dump if
there was more then 2 GB of memory in the system.
Fixes the vnode block list error.
Md5 Checksum: ab5fcdb8a390f424e230dd1112bbc1ec M430-011
Size: 1512666
======================================================
Mod : M430-012
Utility:
These packages are for i386 type machines only
DEVELOPMENT:
Update sys/sys/disklabel.h to allow aac driver.
MAN:
Adds man pages for the em and the bc drivers.
Add man pages for the dpteng and dptutil utilities.
MANSRC:
Add man page sources for the em and bc driver.
Add man page sources for the dpteng and dptutil utilities.
CORE_USR:
Add the dptutil and dpteng executables to /usr/sbin.
CORE_ROOT_CONFIG:
Add a commented out sample line for dpteng.
CORE_ROOT_BINARIES:
Update /dev/MAKEDEV with aacr info.
Kernel:
Update the kernel with the aac disk controller driver.
Update the kernel with the em NIC driver.
Update the kernel with the bc NIC driver.
Md5 Checksum: d1de82b377da228faed7fa513c1b2c02 M430-012
======================================================
Mod : M430-013
Submods: M430-013.utility M430-013.NETWORKING
Utility:
These packages are for i386 type machines only
NETWORKING:
Update named to deal with CERT Advisory CA-2002-31.
Kernel:
None.
Md5 Checksum: cdf1b01854b2282424a01da748dc7912 M430-013
Size: 404658
======================================================
Mod : M430-014
Submods: M430-014.utility M430-014.CORE_ROOT_CONFIG M430-014.CORE_USR
M430-014.DEVELOPMENT M430-014.MAN M430-014.MANSRC M430-014.kernel
M430-014.SYS_OBJ M430-014.SYS_SOURCE
Utility:
These packages are for i386 type machines only
CORE_ROOT_CONFIG:
Update /etc/rc.local to deal with some dpt utilities.
CORE_USR:
Update /usr/bin/cmp to deal with very large files.
Updates the /usr/sbin/digisetup command.
DEVELOPMENT:
Update /usr/include/apic.h for P4 systems that have I/O APICs at
a 1k alignment.
MAN:
Update cisslun man pages so the source and compiled pages agree.
MANSRC:
Update cisslun man pages so the source and compiled pages agree.
Kernel:
Update wdpi.c so wdpi driver to properly handle DMA mode.
Update cpu.c and apic.h for new P4 systems that have I/O
APICs at a 1k alignment.
Update /sys/i386/stand/Makefile.common - previous typo.
Md5 Checksum: 39c4918257b045609fe4752125370911 M430-014
Size: 1807531
======================================================
Mod : M430-015
Submods: M430-015.utility M430-015.CORE_ROOT_BINARIES
M430-015.CORE_ROOT_CONFIG M430-015.kernel M430-015.SYS_OBJ
Utility:
These packages are for i386 type machines only
CORE_ROOT_BINARIES:
Update the /etc/ttys.conf file to reflect 4.3.1.
CORE_ROOT_CONFIG:
Update the /etc/gettytab and the /etc/rc file to reflect 4.3.1.
Kernel:
Update the /sys/conf/newvers.sh file to reflect 4.3.1.
Md5 Checksum: a091094cbc007ecc91f7cdb1d12b30df M430-015
Size: 18624
======================================================
===========================================================================
Mod : M431-001
Submods: M431-001.utility M431-001.CORE_ROOT_BINARIES M431-001.DEVELOPMENT
M431-001.NETWORKING
Utility:
These packages are for i386 type machines only
CORE_ROOT_BINARIES:
Update dhcp client, and dhcpclient-script to fix recent
CERT advisory.
DEVELOPMENT:
Update the /usr/lib/libdhcpctl.a to fix recent CERT advisory.
NETWORKING:
Update omshell, dhcpd, and dhcrelay to fix recent CERT advisory.
Kernel:
None.
Md5 Checksum: e5c90a5692a5da27459ed5cb835b02dd M431-001
Size: 896317
===========================================================================
Mod : M431-002
Submods: M431-002.utility M431-002.CORE_USR M431-002.contrib_cd
Utility:
These packages are for i386 type machines only
CORE_USR:
Update sendmail to fix CERT/ISS vulnerability #398025
Kernel:
None.
contrib_cd:
Update sendmail to fix CERT vulnerability #398025
Md5 Checksum: dcaeb9cf1c0eb06be05f15a6967f8b02 M431-002
Size: 290829
===========================================================================
Mod : M431-003
Submods: M431-003.kernel M431-003.SYS_OBJ M431-003.SYS_SOURCE
Utility:
None.
Kernel:
Enable building kernels from objects without requiring vlan support.
Enable use of aacr driver for root devices.
Update versions of the Compaq Smart2 driver object modules to resolve
problems with Smart2 controllers after applying patch M430-014.
Allow options set on a listen() socket to propogate to sockets
created by accept() on the listen() socket so options may be
set once on the listen() socket rather than requiring them to
be set on each accept() socket
Increase size of IP input queues for both IPv4 and IPv6 to reduce
dropped packets on newer faster interfaces
Improve performance of the loopback network by eliminating
unncessary data copies
Eliminate memory leak when processing IPv6 options
Allow new label when changing media in SCSI removable devices
Update object modules that were missed when sources were updated
by previous patches. Resolves hangs on >2GHz processors when
booting kernels built from objects
Md5 Checksum: 2a5431bafb8bab187c0e9649a7034edb M431-003
Size: 500991
===========================================================================
Mod : M431-004
Submods: M431-004.utility M431-004.CORE_ROOT_BINARIES M431-004.CORE_USR M431-004.MAN M431-004.MANSRC M431-004.NETWORKING M431-004.contrib_cd
Utility:
These packages are for i386 type machines only
CORE_ROOT_BINARIES:
Update to samba version 2.2.8 to resolve the recently announced
security vulnerabilities found by the SuSE security audit team
CORE_USR:
Update core samba binaries
MAN:
Update samba manual pages
MANSRC:
Update samba manual page sources
NETWORKING:
Update samba binaries and swat hierarchy
Kernel:
None.
contrib_cd:
Update samba sources
Md5 Checksum: 4793845fd7f264d8ba98bcc257a8481e M431-004
Size: 14284479
===========================================================================
Mod : M431-005
Submods: M431-005.utility M431-005.CORE_USR M431-005.contrib_cd
Utility:
These packages are for i386 type machines only
CORE_USR:
Update sendmail to fix CERT vulnerability CA-2003-12
Kernel:
None.
contrib_cd:
Update sendmail to fix CERT vulnerability CA-2003-12
Md5 Checksum: 5e7e2337ee029bc530990cc58f1db41a M431-005
Size: 287405
===========================================================================
Mod : M431-006
Submods: M431-006.utility M431-006.CORE_USR M431-006.contrib_cd
Utility:
These packages are for i386 type machines only
CORE_USR:
Update smbd from 2.2.8 to 2.2.8a to resolve the vulnerability
found by Digital Defense, Inc. (CVE ID: CAN-2003-0201).
Kernel:
None.
contrib_cd:
Update samba sources
Md5 Checksum: 3acc098ab973c2dd4213cb64ed48ac25 M431-006
Size: 871534
===========================================================================
Mod : M431-007
Submods: M431-007.utility M431-007.CORE_ROOT_BINARIES M431-007.NETWORKING M431-007.DEVELOPMENT M431-007.MAN M431-007.MANSRC M431-007.source_cd
Utility:
These packages are for i386 type machines only
CORE_ROOT_BINARIES:
Update shared libc libraries:
Update BIND to 8.3.4
Fix ftrylockfile() return codes
Fix thread signal delivery
NETWORKING:
Update BIND utilities (named, ndc, dig, nslookup, etc.)
DEVELOPMENT:
Update development versions of libc and related header files:
Update BIND to 8.3.4
Fix ftrylockfile() return codes
Fix thread signal delivery
Add prototypes for strlcpy() and strlcat() to
Update zlib.h header file to match newer version of
zlib included in M430-005
MAN:
Update BIND related man pages
MANSRC:
Update BIND related man page sources
Kernel:
None.
source_cd:
Add function prototypes for strlcpy() and strlcat() to
Fix ftrylockfile() return codes
Update BIND sources to 8.3.4
Md5 Checksum: 7de8bf225071506bfd608cd4aa3f6129 M431-007
Size: 6720114
===========================================================================
Mod : M431-008
Submods: M431-008.utility M431-008.CORE_ROOT_BINARIES M431-008.DEVELOPMENT
Utility:
These packages are for i386 type machines only
CORE_ROOT_BINARIES:
Update shared libc libraries to correct build problem
from M431-007
There were no source changes associated with these
updated libraries. The M431-007 version was not built
from a correctly patched set of sources. Libraries
built from completely patched source trees through
M431-007 should be equivalent to these binary libraries.
DEVELOPMENT:
Update development versions of libc to correct build
problem from M431-007
Update zconf.h header file to match newer version of
zlib included in M430-005
Kernel:
None.
Md5 Checksum: ef4280ec7ce7ffac152a4fb2378a1e0f M431-008
Size: 2623161
===========================================================================
---------------------------------------------------------------------
NAME: M431-009
HEADLINE: Add driver for LSI MPT scsi/raid/FC controller Updated AMI driver
DESCRIPTION: Utility:
These packages are for i386 type machines only
MAN:
Update amic(4) man page
MANSRC:
Update amic(4) man page
Kernel:
Add driver for LSI MPT scsi/raid/FC controller
Correct PCI problem which cause probing for 3c595 network controllers
to fail once patch M430-014 was applied
Make the AMI driver recognize additional controllers:
Intel 80960RP (Megaraid)
AMI Megaraid (device ID 0x1960)
LSI Megaraid (device ID 0x1960)
LSI ??? (Device ID 0x407)
DELL PERC/4di
DELL PERK/4di (Verde)
Md5 Checksum:099c40f68b4baa99f13d15e93e871214 M431-009
---------------------------------------------------------------------
NAME: M431-010
HEADLINE: Update shared libc libraries. Fix potentially exploitable off by one error in realpath(3)
DESCRIPTION: Utility:
These packages are for i386 type machines only
CORE_ROOT_BINARIES:
Update shared libc libraries:
Fix potentially exploitable off by one error in realpath(3)
Make bindresvport(3) skip ports of well known services
Add chkprt(8) command to build database of reserved ports
Update /etc/rc to call chkprt appropriately at boot time
DEVELOPMENT:
Update development versions of libc:
Fix potentially exploitable off by one error in realpath(3)
Make bindresvport(3) skip ports of well known services
MAN:
Add chkprt(8) man page
MANSRC:
Add chkprt(8) man page source
Kernel:
None.
source_cd:
Update shared libc library source:
Fix potentially exploitable off by one error in realpath(3)
Make bindresvport(3) skip ports of well known services
Add chkprt(8) command to build database of reserved ports
Update rc to call chkprt appropriately
Md5 Checksum: 82a221ad5c035cc2ff01a28cd788401b M431-010
---------------------------------------------------------------------
NAME: M431-011
HEADLINE: Update sendmail to resolve prescan() vulnerability
Update openssh to resolve buffer manipulation problems
DESCRIPTION: Utility:
These packages are for i386 type machines only
CORE_USR:
Update sendmail to resolve prescan() vulnerability
NETWORKING:
Update openssh to resolve buffer manipulation problems
Kernel:
None.
contrib_cd:
Update openssh to fix buffer manipulation problems in buffer.c
and channels.c
Update sendmail to fix prescan() vulnerability in parseaddr.c
Md5 Checksum:25aae96c643ee47b905d5d7ec5d0b2d1 M431-011
---------------------------------------------------------------------
NAME: M431-012
HEADLINE: Update openssl to version 0.9.7c to resolve ASN.1 parsing vulnerabilities
DESCRIPTION: Utility:
These packages are for i386 type machines only
NETWORKING:
Update openssl to version 0.9.7c to resolve ASN.1 parsing
vulnerabilities
Update binaries for openssh, stunnel, and apache mod_ssl to link
against the new libraries
DEVELOPMENT:
Update openssl header files
MAN:
Update openssl manual pages
MANSRC:
Update openssl man page sources
Kernel:
None.
source_cd:
Update openssl sources to 0.9.7c to resolve ASN.1 parsing
vulnerabilities
Md5 Checksum: d0e25e7613f1f1085ce5bcc16bc37cf2 M431-012
---------------------------------------------------------------------
NAME: M431-013
HEADLINE: Update BIND to 8.3.7
DESCRIPTION: Utility:
These packages are for i386 type machines only
CORE_ROOT_BINARIES:
Update shared libc libraries:
Update BIND to 8.3.7
NETWORKING:
Update BIND utilities (named, ndc, dig, nslookup, etc.)
DEVELOPMENT:
Update development versions of libc and related header files:
Update BIND to 8.3.7
MAN:
Update BIND related man pages
MANSRC:
Update BIND related man page sources
Kernel:
None.
source_cd:
Update BIND sources to 8.3.7
Md5 Checksum: a34fa07ef14d9f8bf057d59c519f94a6 M431-013
---------------------------------------------------------------------
NAME: M431-014
HEADLINE: OpenSSL updates, TCP reassembly
DESCRIPTION: Utility:
These packages are for i386 type machines only
NETWORKING:
Update openssl to resolve security problem
Update openssh and mod_ssl binaries with versions
linked against the new version of libcrypt.a
DEVELOPMENT:
Update openssl libraries and header files
MAN:
Update openssl man pages
MANSRC:
Update openssl man page sources
Kernel:
Limit the size of the TCP reassembly queue to prevent
denial of service attacks. You must run config(8) before
rebuilding your kernel after applying this patch.
contrib_cd:
Update openssl sources to version 0.9.4d to resolve security issues
Md5 Checksum: be8003eece98e118aa2ace970583bbff M431-014
---------------------------------------------------------------------
NAME: M431-015
HEADLINE: Update mod_ssl binaries
DESCRIPTION: Utility:
These packages are for i386 type machines only
NETWORKING:
Update mod_ssl binaries to correctly match the
current mod_ssl and Apache server
Kernel:
Fix a panic due to calling fsync on a bad vnode
Md5 Checksum: ca40163372f2cbee958d1123acee7113 M431-015
---------------------------------------------------------------------
NOTICE:
This server provides access to the official patches for BSD/OS.
All patches are Copyright 1999 Berkeley Software Design, Inc.,
all rights reserved. Other copyrights may apply to some patches.
Access to some of these patches is restricted to BSDI customers
with valid update or support contracts.
If you are reading this after obtaining it from the patches@BSDI.COM
mail-back server, you have already been authenticated. You can
request any of these files directly through the email server.
If you wish to access the protected files via ftp, you must
first obtain a group-id/password pair from the patches@BSDI.COM
mail-back server and then enter the appropriate `site group'
and `site gpass' commands before requesting the files from the
ftp server. See the help message from the patches@BSDI.COM
mail-back server for more information. Send an empty message
to the address patches@BSDI.COM and the server will respond with
the help message.
Mods ending with a "D" contain domestic versions of applications. U.S.
export laws prohibit transferring of these files outside of the United
States or Canada.
This directory contains patches for i386 architecure BSD/OS 4.2.
In general, all top-level mods will now be named MXXX-YYY where
XXX is the release number against which the mod is meant to be
applied (e.g., 420 for the 4.2 release), and YYY is the mod number
(a monotonically increasing value). If the mod has sub-mods, those
submods are named with the same name as the top level mod that
contains them plus an extension. The usual extensions will be:
utility (Utility fixes)
kernel (Kernel fixes)
PACKAGE (The package that the fixes exist in)
In general the main mod calls the utility and the kernel submods, if
there are any utility or kernel submods. The utility and kernel submods
then call the PACKAGE specific submods. If it appears that the source
or contributed CDROM is loaded on the system a prompt appears asking if that
sub-mod should be applied. Determination of wether a package is installed
or not is made by checking for the existence of a sentinel file. If the
sentinel file exists it is assumed the package, or CDROM, is completely
installed and the submods are applied. If the sentinel file does not exist
the submods are not applied and the mod will check the next PACKAGE mod.
You can use the "about" option to see which files are used as the sentinel
files for each package submod for each patch.
In general you will want to apply the patch by calling the main mod.
It will automatically detect the existence of packages and not attempt
to load any fixes for packages that are not installed. If later a
package is loaded onto the system, it can be brought up to date by
calling the mods with the PACKAGE submod name. When applying submods
this way care must be taken when using undo or commit.
Note for source customers: Any new or changed kernel header files are
usually installed by the SYS_OBJ mod. Source may not build correctly
on a system that is not up to date with SYS_OBJ mods.
Most mods can be applied while the system is running multi-user,
but it is always best to make changes on a quiet, fully backed up
system. Don't forget that kernel mods require a rebuild followed
by rebooting with the new kernel.
The .asc files in the signatures directory are PGP signatures signed
with the official BSDI public key. You can obtain the key from
below. The key is also on the public key ring in the
PGP directory of all BSD/OS CDROMs starting with version 2.1.
===========================================================================
Mod : M430-001
Submods: M430-001.utility M430-001.MAN M430-001.CORE_ROOT_CONFIG
M430-001.DEVELOPMENT M430-001.TEX M430-001.LAP M430-001.NETWORKING
M430-001.CORE_USR M430-001.CORE_ROOT_BINARIES M430-001.kernel
M430-001.SYS_OBJ M430-001.SYS_SOURCE
Utility:
These packages are for i386 type machines only
MAN:
Previous stunnel man page was Postscript NOT a man page.
CORE_ROOT_CONFIG:
Edit /etc/shlib.map to resolve a typo.
DEVELOPMENT:
Fix a bug in yacc that causes yacc to crash on large grammars.
TEX:
xdvi as distributed in 4.3 would not run properly, it was recomp
iled
from source.
LAP:
Fixed some problems in the LAP package.
NETWORKING:
Update Openssh to 3.0.1p2.
Distributed ftp-proxy executable was incorrect.
CORE_USR:
Fix a memory leak in lockd.
Correct syslogd so that some error messages get logged properly.
CORE_ROOT_BINARIES:
Fix a locally exploitable buffer overflow.
Kernel:
Fix a problem in locore.s which causes kernel to lose FP state.
Md5 Checksum: aa3d65fb5c623497bdeb3cf91b4cd595 M430-001
Size: 4774118
======================================================
Mod : M430-002
Submods: M430-002.utility M430-002.MAN M430-002.MANSRC M430-002.DEVELOPMENT
M430-002.CORE_ROOT_BINARIES M430-002.kernel M430-002.SYS_OBJ
M430-002.SYS_SOURCE
Utility:
These packages are for i386 type machines only
MAN:
Add man pages for the ciss driver.
MANSRC:
Add man page sources for the ciss driver and the cisslun.
DEVELOPMENT:
Add header files for the SA5300 adn 5i driver.
Update soem system include files for the 2.2Ghz processors.
CORE_ROOT_BINARIES:
Update sysctl.
Kernel:
Add sources, object code, header files and man pages for the Compaq
SA5300 drivers.
Md5 Checksum: baaf3b27aad0b6fd80fd2daa056416b5 M430-002
Size: 349479
======================================================
Mod : M430-003
Submods: M430-003.utility M430-003.CORE_ROOT_BINARIES M430-003.CORE_USR
M430-003.DEVELOPMENT M430-003.MAN M430-003.MANSRC
M430-003.NETWORKING M430-003.kernel M430-003.SYS_OBJ
M430-003.SYS_SOURCE
Utility:
These packages are for i386 type machines only
CORE_ROOT_BINARIES:
Fix scsicmd - Prevent data corruption problem when
executing some SCSI commands.
CORE_USR:
Upgrade uucp, uuname, uparams. Fixes a buffer overflow
in uucp argument parsing that will allow a user to gain
access as the user/group "uucp".
DEVELOPMENT:
Update /usr/include/sys/socket.h to correct version.
MAN:
Update ppp.sys man page to define actual types used.
MANSRC:
Update ppp.sys.5 man page source so that all the types
used in the /etc/ppp.sys file are defined in the man page.
NETWORKING:
Update ftp to deal with a variety of code changes.
Update tftpd to work properly if you have connected to it
via a link-local IPv6 address.
Update netstat command to NOT show some statistics twice.
Update several applications due to update of
/usr/include/sys/sockets.h.
Kernel:
Update the ATAPI driver.
Update kern_clock It was possible for the microsecond value in a
timeval struct to be 1000000. It should be limited to 999999.
Fix a kernel memory leak.
Upgrade several networking modules in the kernel.
Md5 Checksum: 20b21cf6d22fdbff42b669b0c952bf7c M430-003
Size: 1026077
======================================================
Mod : M430-004
Submods: M430-004.utility M430-004.NETWORKING
Utility:
These packages are for i386 type machines only
NETWORKING:
Update Openssh: scp sftp-server ssh-add ssh ssh-agent
ssh-keygen sshd to 3.1p1.
Kernel:
None.
Md5 Checksum: 6f7a101d545aa15a4e8710ef095d6eda M430-004
Size: 4866720
======================================================
Mod : M430-005
Submods: M430-005.utility M430-005.CORE_USR M430-005.DEVELOPMENT
M430-005.kernel M430-005.SYS_OBJ M430-005.SYS_SOURCE
Utility:
These packages are for i386 type machines only
CORE_USR:
Install a new libz.
DEVELOPMENT:
Install new static libz.
Kernel:
Fix ipfw problems.
Fix problem with Aironet cards.
Address an NFS problem.
Fix a problem with foriegn keyboards.
Update superblock correctly.
Md5 Checksum: cb8dbb7edbd0c700dd67caaf0863ea42 M430-005
Size: 467591
======================================================
Mod : M430-005a
Submods: M430-005a.utility M430-005a.CORE_USR M430-005a.DEVELOPMENT
M430-005a.kernel M430-005a.SYS_OBJ M430-005a.SYS_SOURCE
Utility:
These packages are for i386 type machines only
CORE_USR:
Install a new libz.
DEVELOPMENT:
Install new static libz.
Kernel:
Fix ipfw problems.
Fix problem with Aironet cards.
Address an NFS problem.
Fix a problem with foriegn keyboards.
Update superblock correctly.
Md5 Checksum: 550165f944ad43b94f6214292f4eabbc M430-005a
Size: 471718
======================================================
Mod : M430-006
Submods: M430-006.utility M430-006.MAN M430-006.MANSRC M430-006.kernel
M430-006.SYS_OBJ M430-006.SYS_SOURCE
Utility:
These packages are for i386 type machines only
MAN:
Add man pages for the ciss driver.
MANSRC:
Add man page sources for the ciss driver and the cisslun.
Kernel:
Add sources, object code, header files and man pages for the Compaq
SA5300 drivers.
Md5 Checksum: 655998f430fb4d5778fa6916382995c7 M430-006
Size: 121058
======================================================
Mod : M430-007
Submods: M430-007.utility M430-007.CORE_USR M430-007.NETWORKING
Utility:
These packages are for i386 type machines only
CORE_USR:
New /sbin/popauth to fix a buffer overflow security hole.
NETWORKING:
New /usr/libexec/popper to fix a buffer overflow security hole.
New /usr/sbin/dhcpd to fix a format string
vulnerability - CERT CA-2002-12
Kernel:
None.
Md5 Checksum: f0a8e0d6265f32ad59c295289296a24d M430-007
Size: 369111
======================================================
Mod : M430-008
Submods: M430-008.utility M430-008.DEVELOPMENT M430-008.CONTRIB_USR
M430-008.CORE_ROOT_BINARIES M430-008.MAN M430-008.MANSRC
M430-008.NETWORKING
Utility:
These packages are for i386 type machines only
DEVELOPMENT:
Updates to libc to fix rcmd routines to properly
resolve addresses on multi-homed machines.
CONTRIB_USR:
Updates Apache executables to 1.3.26
CORE_ROOT_BINARIES:
Updates to libc to fix rcmd routines to properly
resolve addresses on multi-homed machines.
MAN:
Update man ages for Apache.
MANSRC:
Man page sources for Apache.
NETWORKING:
New Apache executables.
New openssh executables.
Kernel:
None.
Md5 Checksum: fc6fb53948f1b66b135d05d2786e112b M430-008
Size: 9075791
======================================================
Mod : M430-009
Submods: M430-009.utility M430-009.CONTRIB_USR M430-009.NETWORKING
Utility:
These packages are for i386 type machines only
CONTRIB_USR:
Update the /usr/contrib/bin/apxs command, it was
misconfigured in M430-008.
NETWORKING:
Install a new libssl.so and several other modules that
did not get built properly in M430-008.
Kernel:
None.
Md5 Checksum: ebbaca0685d6f152010d51a26152d5a3 M430-009
Size: 770052
======================================================
Mod : M430-010
Submods: M430-010.utility M430-010.CORE_ROOT_BINARIES
M430-010.DEVELOPMENT M430-010.MAN M430-010.MANSRC
M430-010.NETWORKING
Utility:
These packages are for i386 type machines only
CORE_ROOT_BINARIES:
Update the shared libraries with new libc libraries.
Install a new /var/db/libc.tags file.
DEVELOPMENT:
Install new include files for OpenSSL.
Install a new libcrypto.a.
Install a new lisssl.a
Install a new libc.a to deal with CERT Advisory CA-2002-25 and C
ERT
Advisory CA-2002-19.
MAN:
Install new OpenSSL man pages.
MANSRC:
Install new OpenSSL man page source.
NETWORKING:
Install new OpenSSL binaries.
Kernel:
None.
Md5 Checksum: 2c65f26775cd2bb610f0241faae42954 M430-010
Size: 4639541
======================================================
Mod : M430-011
Submods: M430-011.utility M430-011.CONTRIB_USR M430-011.CORE_ROOT_BINARIES
M430-011.CORE_USR M430-011.DEVELOPMENT M430-011.MAN M430-011.MANSRC
M430-011.NETWORKING M430-011.CORE_ROOT_CONFIG M430-011.kernel
M430-011.SYS_OBJ M430-011.SYS_SOURCE
Utility:
These packages are for i386 type machines only
CONTRIB_USR:
New httpd-MaxIM based on the latest Apache.
CORE_ROOT_BINARIES:
New scsicmd executable.
CORE_USR:
/sbin/bootparams isn't properly installed in 4.3 - this
installs it.
DEVELOPMENT:
Update /usr/include/sys/ucred.h.
MAN:
New man pages:
cisslun.4
ssh, scp sftp, sftp-server, ssh-add, ssh-agent,
ssh-keygen, sshkeyscan, sshd, ssh_config,
sshd_config, ssh=keysign, ssh-rand-helper
NETWORKING:
Install an new ftpd - fixes a hang when client aborted
a transfer.
CORE_ROOT_CONFIG:
Install new shlib/libutil.so.0.0
Kernel:
NFS fixes:
- server locks up after client deletes large number of
file/dirs.
- hangs when NFS writes get interrupted.
- fixes a security hole.
- potential panics on systems with heavy NFS usage and LARGE
local buffer caches.
Enable CMD649 IDE controllers to work in UDMA mode.
Fixes a potential kernel panic when the processes CPU time
limit is reached.
Support for ServerWorks CSB5.
Fixes a problem that prevented the system from doing a core dump if
there was more then 2 GB of memory in the system.
Fixes the vnode block list error.
Md5 Checksum: ab5fcdb8a390f424e230dd1112bbc1ec M430-011
Size: 1512666
======================================================
Mod : M430-012
Utility:
These packages are for i386 type machines only
DEVELOPMENT:
Update sys/sys/disklabel.h to allow aac driver.
MAN:
Adds man pages for the em and the bc drivers.
Add man pages for the dpteng and dptutil utilities.
MANSRC:
Add man page sources for the em and bc driver.
Add man page sources for the dpteng and dptutil utilities.
CORE_USR:
Add the dptutil and dpteng executables to /usr/sbin.
CORE_ROOT_CONFIG:
Add a commented out sample line for dpteng.
CORE_ROOT_BINARIES:
Update /dev/MAKEDEV with aacr info.
Kernel:
Update the kernel with the aac disk controller driver.
Update the kernel with the em NIC driver.
Update the kernel with the bc NIC driver.
Md5 Checksum: d1de82b377da228faed7fa513c1b2c02 M430-012
======================================================
Mod : M430-013
Submods: M430-013.utility M430-013.NETWORKING
Utility:
These packages are for i386 type machines only
NETWORKING:
Update named to deal with CERT Advisory CA-2002-31.
Kernel:
None.
Md5 Checksum: cdf1b01854b2282424a01da748dc7912 M430-013
Size: 404658
======================================================
Mod : M430-014
Submods: M430-014.utility M430-014.CORE_ROOT_CONFIG M430-014.CORE_USR
M430-014.DEVELOPMENT M430-014.MAN M430-014.MANSRC M430-014.kernel
M430-014.SYS_OBJ M430-014.SYS_SOURCE
Utility:
These packages are for i386 type machines only
CORE_ROOT_CONFIG:
Update /etc/rc.local to deal with some dpt utilities.
CORE_USR:
Update /usr/bin/cmp to deal with very large files.
Updates the /usr/sbin/digisetup command.
DEVELOPMENT:
Update /usr/include/apic.h for P4 systems that have I/O APICs at
a 1k alignment.
MAN:
Update cisslun man pages so the source and compiled pages agree.
MANSRC:
Update cisslun man pages so the source and compiled pages agree.
Kernel:
Update wdpi.c so wdpi driver to properly handle DMA mode.
Update cpu.c and apic.h for new P4 systems that have I/O
APICs at a 1k alignment.
Update /sys/i386/stand/Makefile.common - previous typo.
Md5 Checksum: 39c4918257b045609fe4752125370911 M430-014
Size: 1807531
======================================================
Mod : M430-015
Submods: M430-015.utility M430-015.CORE_ROOT_BINARIES
M430-015.CORE_ROOT_CONFIG M430-015.kernel M430-015.SYS_OBJ
Utility:
These packages are for i386 type machines only
CORE_ROOT_BINARIES:
Update the /etc/ttys.conf file to reflect 4.3.1.
CORE_ROOT_CONFIG:
Update the /etc/gettytab and the /etc/rc file to reflect 4.3.1.
Kernel:
Update the /sys/conf/newvers.sh file to reflect 4.3.1.
Md5 Checksum: a091094cbc007ecc91f7cdb1d12b30df M430-015
Size: 18624
======================================================
===========================================================================
Mod : M431-001
Submods: M431-001.utility M431-001.CORE_ROOT_BINARIES M431-001.DEVELOPMENT
M431-001.NETWORKING
Utility:
These packages are for i386 type machines only
CORE_ROOT_BINARIES:
Update dhcp client, and dhcpclient-script to fix recent
CERT advisory.
DEVELOPMENT:
Update the /usr/lib/libdhcpctl.a to fix recent CERT advisory.
NETWORKING:
Update omshell, dhcpd, and dhcrelay to fix recent CERT advisory.
Kernel:
None.
Md5 Checksum: e5c90a5692a5da27459ed5cb835b02dd M431-001
Size: 896317
===========================================================================
Mod : M431-002
Submods: M431-002.utility M431-002.CORE_USR M431-002.contrib_cd
Utility:
These packages are for i386 type machines only
CORE_USR:
Update sendmail to fix CERT/ISS vulnerability #398025
Kernel:
None.
contrib_cd:
Update sendmail to fix CERT vulnerability #398025
Md5 Checksum: dcaeb9cf1c0eb06be05f15a6967f8b02 M431-002
Size: 290829
===========================================================================
Mod : M431-003
Submods: M431-003.kernel M431-003.SYS_OBJ M431-003.SYS_SOURCE
Utility:
None.
Kernel:
Enable building kernels from objects without requiring vlan support.
Enable use of aacr driver for root devices.
Update versions of the Compaq Smart2 driver object modules to resolve
problems with Smart2 controllers after applying patch M430-014.
Allow options set on a listen() socket to propogate to sockets
created by accept() on the listen() socket so options may be
set once on the listen() socket rather than requiring them to
be set on each accept() socket
Increase size of IP input queues for both IPv4 and IPv6 to reduce
dropped packets on newer faster interfaces
Improve performance of the loopback network by eliminating
unncessary data copies
Eliminate memory leak when processing IPv6 options
Allow new label when changing media in SCSI removable devices
Update object modules that were missed when sources were updated
by previous patches. Resolves hangs on >2GHz processors when
booting kernels built from objects
Md5 Checksum: 2a5431bafb8bab187c0e9649a7034edb M431-003
Size: 500991
===========================================================================
Mod : M431-004
Submods: M431-004.utility M431-004.CORE_ROOT_BINARIES M431-004.CORE_USR M431-004.MAN M431-004.MANSRC M431-004.NETWORKING M431-004.contrib_cd
Utility:
These packages are for i386 type machines only
CORE_ROOT_BINARIES:
Update to samba version 2.2.8 to resolve the recently announced
security vulnerabilities found by the SuSE security audit team
CORE_USR:
Update core samba binaries
MAN:
Update samba manual pages
MANSRC:
Update samba manual page sources
NETWORKING:
Update samba binaries and swat hierarchy
Kernel:
None.
contrib_cd:
Update samba sources
Md5 Checksum: 4793845fd7f264d8ba98bcc257a8481e M431-004
Size: 14284479
===========================================================================
Mod : M431-005
Submods: M431-005.utility M431-005.CORE_USR M431-005.contrib_cd
Utility:
These packages are for i386 type machines only
CORE_USR:
Update sendmail to fix CERT vulnerability CA-2003-12
Kernel:
None.
contrib_cd:
Update sendmail to fix CERT vulnerability CA-2003-12
Md5 Checksum: 5e7e2337ee029bc530990cc58f1db41a M431-005
Size: 287405
===========================================================================
Mod : M431-006
Submods: M431-006.utility M431-006.CORE_USR M431-006.contrib_cd
Utility:
These packages are for i386 type machines only
CORE_USR:
Update smbd from 2.2.8 to 2.2.8a to resolve the vulnerability
found by Digital Defense, Inc. (CVE ID: CAN-2003-0201).
Kernel:
None.
contrib_cd:
Update samba sources
Md5 Checksum: 3acc098ab973c2dd4213cb64ed48ac25 M431-006
Size: 871534
===========================================================================
Mod : M431-007
Submods: M431-007.utility M431-007.CORE_ROOT_BINARIES M431-007.NETWORKING M431-007.DEVELOPMENT M431-007.MAN M431-007.MANSRC M431-007.source_cd
Utility:
These packages are for i386 type machines only
CORE_ROOT_BINARIES:
Update shared libc libraries:
Update BIND to 8.3.4
Fix ftrylockfile() return codes
Fix thread signal delivery
NETWORKING:
Update BIND utilities (named, ndc, dig, nslookup, etc.)
DEVELOPMENT:
Update development versions of libc and related header files:
Update BIND to 8.3.4
Fix ftrylockfile() return codes
Fix thread signal delivery
Add prototypes for strlcpy() and strlcat() to
Update zlib.h header file to match newer version of
zlib included in M430-005
MAN:
Update BIND related man pages
MANSRC:
Update BIND related man page sources
Kernel:
None.
source_cd:
Add function prototypes for strlcpy() and strlcat() to
Fix ftrylockfile() return codes
Update BIND sources to 8.3.4
Md5 Checksum: 7de8bf225071506bfd608cd4aa3f6129 M431-007
Size: 6720114
===========================================================================
Mod : M431-008
Submods: M431-008.utility M431-008.CORE_ROOT_BINARIES M431-008.DEVELOPMENT
Utility:
These packages are for i386 type machines only
CORE_ROOT_BINARIES:
Update shared libc libraries to correct build problem
from M431-007
There were no source changes associated with these
updated libraries. The M431-007 version was not built
from a correctly patched set of sources. Libraries
built from completely patched source trees through
M431-007 should be equivalent to these binary libraries.
DEVELOPMENT:
Update development versions of libc to correct build
problem from M431-007
Update zconf.h header file to match newer version of
zlib included in M430-005
Kernel:
None.
Md5 Checksum: ef4280ec7ce7ffac152a4fb2378a1e0f M431-008
Size: 2623161
===========================================================================
---------------------------------------------------------------------
NAME: M431-009
HEADLINE: Add driver for LSI MPT scsi/raid/FC controller Updated AMI driver
DESCRIPTION: Utility:
These packages are for i386 type machines only
MAN:
Update amic(4) man page
MANSRC:
Update amic(4) man page
Kernel:
Add driver for LSI MPT scsi/raid/FC controller
Correct PCI problem which cause probing for 3c595 network controllers
to fail once patch M430-014 was applied
Make the AMI driver recognize additional controllers:
Intel 80960RP (Megaraid)
AMI Megaraid (device ID 0x1960)
LSI Megaraid (device ID 0x1960)
LSI ??? (Device ID 0x407)
DELL PERC/4di
DELL PERK/4di (Verde)
Md5 Checksum:099c40f68b4baa99f13d15e93e871214 M431-009
---------------------------------------------------------------------
NAME: M431-010
HEADLINE: Update shared libc libraries. Fix potentially exploitable off by one error in realpath(3)
DESCRIPTION: Utility:
These packages are for i386 type machines only
CORE_ROOT_BINARIES:
Update shared libc libraries:
Fix potentially exploitable off by one error in realpath(3)
Make bindresvport(3) skip ports of well known services
Add chkprt(8) command to build database of reserved ports
Update /etc/rc to call chkprt appropriately at boot time
DEVELOPMENT:
Update development versions of libc:
Fix potentially exploitable off by one error in realpath(3)
Make bindresvport(3) skip ports of well known services
MAN:
Add chkprt(8) man page
MANSRC:
Add chkprt(8) man page source
Kernel:
None.
source_cd:
Update shared libc library source:
Fix potentially exploitable off by one error in realpath(3)
Make bindresvport(3) skip ports of well known services
Add chkprt(8) command to build database of reserved ports
Update rc to call chkprt appropriately
Md5 Checksum: 82a221ad5c035cc2ff01a28cd788401b M431-010
---------------------------------------------------------------------
NAME: M431-011
HEADLINE: Update sendmail to resolve prescan() vulnerability
Update openssh to resolve buffer manipulation problems
DESCRIPTION: Utility:
These packages are for i386 type machines only
CORE_USR:
Update sendmail to resolve prescan() vulnerability
NETWORKING:
Update openssh to resolve buffer manipulation problems
Kernel:
None.
contrib_cd:
Update openssh to fix buffer manipulation problems in buffer.c
and channels.c
Update sendmail to fix prescan() vulnerability in parseaddr.c
Md5 Checksum:25aae96c643ee47b905d5d7ec5d0b2d1 M431-011
---------------------------------------------------------------------
NAME: M431-012
HEADLINE: Update openssl to version 0.9.7c to resolve ASN.1 parsing vulnerabilities
DESCRIPTION: Utility:
These packages are for i386 type machines only
NETWORKING:
Update openssl to version 0.9.7c to resolve ASN.1 parsing
vulnerabilities
Update binaries for openssh, stunnel, and apache mod_ssl to link
against the new libraries
DEVELOPMENT:
Update openssl header files
MAN:
Update openssl manual pages
MANSRC:
Update openssl man page sources
Kernel:
None.
source_cd:
Update openssl sources to 0.9.7c to resolve ASN.1 parsing
vulnerabilities
Md5 Checksum: d0e25e7613f1f1085ce5bcc16bc37cf2 M431-012
---------------------------------------------------------------------
NAME: M431-013
HEADLINE: Update BIND to 8.3.7
DESCRIPTION: Utility:
These packages are for i386 type machines only
CORE_ROOT_BINARIES:
Update shared libc libraries:
Update BIND to 8.3.7
NETWORKING:
Update BIND utilities (named, ndc, dig, nslookup, etc.)
DEVELOPMENT:
Update development versions of libc and related header files:
Update BIND to 8.3.7
MAN:
Update BIND related man pages
MANSRC:
Update BIND related man page sources
Kernel:
None.
source_cd:
Update BIND sources to 8.3.7
Md5 Checksum: a34fa07ef14d9f8bf057d59c519f94a6 M431-013
---------------------------------------------------------------------
NAME: M431-014
HEADLINE: OpenSSL updates, TCP reassembly
DESCRIPTION: Utility:
These packages are for i386 type machines only
NETWORKING:
Update openssl to resolve security problem
Update openssh and mod_ssl binaries with versions
linked against the new version of libcrypt.a
DEVELOPMENT:
Update openssl libraries and header files
MAN:
Update openssl man pages
MANSRC:
Update openssl man page sources
Kernel:
Limit the size of the TCP reassembly queue to prevent
denial of service attacks. You must run config(8) before
rebuilding your kernel after applying this patch.
contrib_cd:
Update openssl sources to version 0.9.4d to resolve security issues
Md5 Checksum: be8003eece98e118aa2ace970583bbff M431-014
---------------------------------------------------------------------
NAME: M431-015
HEADLINE: Update mod_ssl binaries
DESCRIPTION: Utility:
These packages are for i386 type machines only
NETWORKING:
Update mod_ssl binaries to correctly match the
current mod_ssl and Apache server
Kernel:
Fix a panic due to calling fsync on a bad vnode
Md5 Checksum: ca40163372f2cbee958d1123acee7113 M431-015
---------------------------------------------------------------------
Comments
Display comments as Linear | Threaded