*************************************************************************
PLEASE, PLEASE, PLEASE READ THIS FILE BEFORE CALLING BSDI AND SAYING
`I CAN'T FTP THIS PATCH'.
IF YOU CANNOT DOWNLOAD A PARTICULAR PATCH OR FILE VIA FTP IT'S PROBABLY
BECAUSE YOU HAVEN'T AUTHENTICATED YOURSELF VIA THE patches@BSDI.COM
SERVER YET AND THE PATCH YOU'RE TRYING TO DOWNLOAD IS AN ENHANCEMENT
RATHER THAN A BUG-FIX. READ THE INFORMATION BELOW!
Sorry for shouting.
Jeff Polk
*************************************************************************
NOTICE:
This server provides access to the official patches for BSD/OS.
All patches are Copyright 1999 Berkeley Software Design, Inc.,
all rights reserved. Other copyrights may apply to some patches.
Access to some of these patches is restricted to BSDI customers
with valid update or support contracts.
If you are reading this after obtaining it from the patches@BSDI.COM
mail-back server, you have already been authenticated. You can
request any of these files directly through the email server.
If you wish to access the protected files via ftp, you must
first obtain a group-id/password pair from the patches@BSDI.COM
mail-back server and then enter the appropriate `site group'
and `site gpass' commands before requesting the files from the
ftp server. See the help message from the patches@BSDI.COM
mail-back server for more information. Send an empty message
to the address patches@BSDI.COM and the server will respond with
the help message.
Mods ending with a "D" contain domestic versions of applications. U.S.
export laws prohibit transferring of these files outside of the United
States or Canada.
This directory contains patches for i386 architecure BSD/OS 4.3.1.
In general, all top-level mods will now be named MXXX-YYY where
XXX is the release number against which the mod is meant to be
applied (e.g., 431 for the 4.3.1 release), and YYY is the mod number
(a monotonically increasing value). If the mod has sub-mods, those
submods are named with the same name as the top level mod that
contains them plus an extension. The usual extensions will be:
utility (Utility fixes)
kernel (Kernel fixes)
PACKAGE (The package that the fixes exist in)
In general the main mod calls the utility and the kernel submods, if
there are any utility or kernel submods. The utility and kernel submods
then call the PACKAGE specific submods. If it appears that the source
or contributed CDROM is loaded on the system a prompt appears asking if that
sub-mod should be applied. Determination of wether a package is installed
or not is made by checking for the existence of a sentinel file. If the
sentinel file exists it is assumed the package, or CDROM, is completely
installed and the submods are applied. If the sentinel file does not exist
the submods are not applied and the mod will check the next PACKAGE mod.
You can use the "about" option to see which files are used as the sentinel
files for each package submod for each patch.
In general you will want to apply the patch by calling the main mod.
It will automatically detect the existence of packages and not attempt
to load any fixes for packages that are not installed. If later a
package is loaded onto the system, it can be brought up to date by
calling the mods with the PACKAGE submod name. When applying submods
this way care must be taken when using undo or commit. See
http://www.BSDI.COM/support/patches/patches-4.3.1/install for more
details on this heirarchical submod approach.
Note for source customers: Any new or changed kernel header files are
usually installed by the SYS_OBJ mod. Source may not build correctly
on a system that is not up to date with SYS_OBJ mods.
Most mods can be applied while the system is running multi-user,
but it is always best to make changes on a quiet, fully backed up
system. Don't forget that kernel mods require a rebuild followed
by rebooting with the new kernel. See the 'Installation Guide and
Release Notes' for additional information.
For more information about mods and applying them, please read the
file README.mods or go to the 'downloads' page at http://www.bsdi.com
The .asc files in the signatures directory are PGP signatures signed
with the official BSDI public key. You can obtain the key from
below, and/or from the http://www.bsdi.com home page (at the very
end of the page). The key is also on the public key ring in the
PGP directory of all BSD/OS CDROMs starting with version 2.1.
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.7
mQCNAzDPaBUAAAEEANPg5nHVZ8VOw1ql9fywJ4eMWKjXB1W5UH7NMsQ1DMaguoHZ
zyzGUnQYGbXGpBEPSe6j96QAwch26HNCWD6Tifsgp8tm4a/i3pjwXUXL46+mzjNr
kqZsXfdh7NfYCznNdpNnNILbg8dq23FBphQ+9JTwySZWjvFWS/3I/85VaiVLAAUR
tC5CZXJrZWxleSBTb2Z0d2FyZSBEZXNpZ24sIEluYy4gPGJzZGlAQlNESS5DT00+
iQCVAwUQMOGpof3I/85VaiVLAQE3FgQAsb1Mcr+9cxJNw71lny1SnvBsq/DfSKtf
gTmLkvH+/LB10o2iXnpZf+J92a7HZST505gcc05/hOvr1vqKWzkC6xRlo4WMmDlS
2ulHTR+zcyqN+BI8/dBV9FLRgjZkVMkN3ulnIUyQIACggf2SfvdrPuYLoIXz9jKb
vEVpO4Y8HZ6JAJUDBRAwz26o9rE/T01R3ocBAbu7A/9Xa4WE3EcjILLHt06M7uSE
LfZCZF5z50eeI2lOucf6ddvZ4/xkkpKQF+RTSoqcx7bWy0bOaQ9dG1vIQw88nxRE
9+v2i0zAKBVwk0lv3ABJQVfP4g44owHg67WFjPdvNc/LhJZXzApT+ryKeYluVoQq
FXjOSO1Gh83sfUkZmOMz0w==
=gkiP
-----END PGP PUBLIC KEY BLOCK-----
Please contact support@BSDI.COM if you have any questions regarding
the patches in this directory.
===========================================================================
Mod : M431-001
Submods: M431-001.utility M431-001.CORE_ROOT_BINARIES M431-001.DEVELOPMENT
M431-001.NETWORKING
Utility:
These packages are for i386 type machines only
CORE_ROOT_BINARIES:
Update dhcp client, and dhcpclient-script to fix recent
CERT advisory.
DEVELOPMENT:
Update the /usr/lib/libdhcpctl.a to fix recent CERT advisory.
NETWORKING:
Update omshell, dhcpd, and dhcrelay to fix recent CERT advisory.
Kernel:
None.
Md5 Checksum: e5c90a5692a5da27459ed5cb835b02dd M431-001
Size: 896317
===========================================================================
Mod : M431-002
Submods: M431-002.utility M431-002.CORE_USR M431-002.contrib_cd
Utility:
These packages are for i386 type machines only
CORE_USR:
Update sendmail to fix CERT/ISS vulnerability #398025
Kernel:
None.
contrib_cd:
Update sendmail to fix CERT vulnerability #398025
Md5 Checksum: dcaeb9cf1c0eb06be05f15a6967f8b02 M431-002
Size: 290829
===========================================================================
Mod : M431-003
Submods: M431-003.kernel M431-003.SYS_OBJ M431-003.SYS_SOURCE
Utility:
None.
Kernel:
Enable building kernels from objects without requiring vlan support.
Enable use of aacr driver for root devices.
Update versions of the Compaq Smart2 driver object modules to resolve
problems with Smart2 controllers after applying patch M430-014.
Allow options set on a listen() socket to propogate to sockets
created by accept() on the listen() socket so options may be
set once on the listen() socket rather than requiring them to
be set on each accept() socket
Increase size of IP input queues for both IPv4 and IPv6 to reduce
dropped packets on newer faster interfaces
Improve performance of the loopback network by eliminating
unncessary data copies
Eliminate memory leak when processing IPv6 options
Allow new label when changing media in SCSI removable devices
Update object modules that were missed when sources were updated
by previous patches. Resolves hangs on >2GHz processors when
booting kernels built from objects
Md5 Checksum: 2a5431bafb8bab187c0e9649a7034edb M431-003
Size: 500991
===========================================================================
Mod : M431-004
Submods: M431-004.utility M431-004.CORE_ROOT_BINARIES M431-004.CORE_USR M431-004.MAN M431-004.MANSRC M431-004.NETWORKING M431-004.contrib_cd
Utility:
These packages are for i386 type machines only
CORE_ROOT_BINARIES:
Update to samba version 2.2.8 to resolve the recently announced
security vulnerabilities found by the SuSE security audit team
CORE_USR:
Update core samba binaries
MAN:
Update samba manual pages
MANSRC:
Update samba manual page sources
NETWORKING:
Update samba binaries and swat hierarchy
Kernel:
None.
contrib_cd:
Update samba sources
Md5 Checksum: 4793845fd7f264d8ba98bcc257a8481e M431-004
Size: 14284479
===========================================================================
Mod : M431-005
Submods: M431-005.utility M431-005.CORE_USR M431-005.contrib_cd
Utility:
These packages are for i386 type machines only
CORE_USR:
Update sendmail to fix CERT vulnerability CA-2003-12
Kernel:
None.
contrib_cd:
Update sendmail to fix CERT vulnerability CA-2003-12
Md5 Checksum: 5e7e2337ee029bc530990cc58f1db41a M431-005
Size: 287405
===========================================================================
Mod : M431-006
Submods: M431-006.utility M431-006.CORE_USR M431-006.contrib_cd
Utility:
These packages are for i386 type machines only
CORE_USR:
Update smbd from 2.2.8 to 2.2.8a to resolve the vulnerability
found by Digital Defense, Inc. (CVE ID: CAN-2003-0201).
Kernel:
None.
contrib_cd:
Update samba sources
Md5 Checksum: 3acc098ab973c2dd4213cb64ed48ac25 M431-006
Size: 871534
===========================================================================
Mod : M431-007
Submods: M431-007.utility M431-007.CORE_ROOT_BINARIES M431-007.NETWORKING M431-007.DEVELOPMENT M431-007.MAN M431-007.MANSRC M431-007.source_cd
Utility:
These packages are for i386 type machines only
CORE_ROOT_BINARIES:
Update shared libc libraries:
Update BIND to 8.3.4
Fix ftrylockfile() return codes
Fix thread signal delivery
NETWORKING:
Update BIND utilities (named, ndc, dig, nslookup, etc.)
DEVELOPMENT:
Update development versions of libc and related header files:
Update BIND to 8.3.4
Fix ftrylockfile() return codes
Fix thread signal delivery
Add prototypes for strlcpy() and strlcat() to
Update zlib.h header file to match newer version of
zlib included in M430-005
MAN:
Update BIND related man pages
MANSRC:
Update BIND related man page sources
Kernel:
None.
source_cd:
Add function prototypes for strlcpy() and strlcat() to
Fix ftrylockfile() return codes
Update BIND sources to 8.3.4
Md5 Checksum: 7de8bf225071506bfd608cd4aa3f6129 M431-007
Size: 6720114
===========================================================================
Mod : M431-008
Submods: M431-008.utility M431-008.CORE_ROOT_BINARIES M431-008.DEVELOPMENT
Utility:
These packages are for i386 type machines only
CORE_ROOT_BINARIES:
Update shared libc libraries to correct build problem
from M431-007
There were no source changes associated with these
updated libraries. The M431-007 version was not built
from a correctly patched set of sources. Libraries
built from completely patched source trees through
M431-007 should be equivalent to these binary libraries.
DEVELOPMENT:
Update development versions of libc to correct build
problem from M431-007
Update zconf.h header file to match newer version of
zlib included in M430-005
Kernel:
None.
Md5 Checksum: ef4280ec7ce7ffac152a4fb2378a1e0f M431-008
Size: 2623161
===========================================================================
---------------------------------------------------------------------
NAME: M431-009
HEADLINE: Add driver for LSI MPT scsi/raid/FC controller Updated AMI driver
DESCRIPTION: Utility:
These packages are for i386 type machines only
MAN:
Update amic(4) man page
MANSRC:
Update amic(4) man page
Kernel:
Add driver for LSI MPT scsi/raid/FC controller
Correct PCI problem which cause probing for 3c595 network controllers
to fail once patch M430-014 was applied
Make the AMI driver recognize additional controllers:
Intel 80960RP (Megaraid)
AMI Megaraid (device ID 0x1960)
LSI Megaraid (device ID 0x1960)
LSI ??? (Device ID 0x407)
DELL PERC/4di
DELL PERK/4di (Verde)
Md5 Checksum:099c40f68b4baa99f13d15e93e871214 M431-009
---------------------------------------------------------------------
NAME: M431-010
HEADLINE: Update shared libc libraries. Fix potentially exploitable off by one error in realpath(3)
DESCRIPTION: Utility:
These packages are for i386 type machines only
CORE_ROOT_BINARIES:
Update shared libc libraries:
Fix potentially exploitable off by one error in realpath(3)
Make bindresvport(3) skip ports of well known services
Add chkprt(8) command to build database of reserved ports
Update /etc/rc to call chkprt appropriately at boot time
DEVELOPMENT:
Update development versions of libc:
Fix potentially exploitable off by one error in realpath(3)
Make bindresvport(3) skip ports of well known services
MAN:
Add chkprt(8) man page
MANSRC:
Add chkprt(8) man page source
Kernel:
None.
source_cd:
Update shared libc library source:
Fix potentially exploitable off by one error in realpath(3)
Make bindresvport(3) skip ports of well known services
Add chkprt(8) command to build database of reserved ports
Update rc to call chkprt appropriately
Md5 Checksum: 82a221ad5c035cc2ff01a28cd788401b M431-010
---------------------------------------------------------------------
NAME: M431-011
HEADLINE: Update sendmail to resolve prescan() vulnerability
Update openssh to resolve buffer manipulation problems
DESCRIPTION: Utility:
These packages are for i386 type machines only
CORE_USR:
Update sendmail to resolve prescan() vulnerability
NETWORKING:
Update openssh to resolve buffer manipulation problems
Kernel:
None.
contrib_cd:
Update openssh to fix buffer manipulation problems in buffer.c
and channels.c
Update sendmail to fix prescan() vulnerability in parseaddr.c
Md5 Checksum:25aae96c643ee47b905d5d7ec5d0b2d1 M431-011
---------------------------------------------------------------------
NAME: M431-012
HEADLINE: Update openssl to version 0.9.7c to resolve ASN.1 parsing vulnerabilities
DESCRIPTION: Utility:
These packages are for i386 type machines only
NETWORKING:
Update openssl to version 0.9.7c to resolve ASN.1 parsing
vulnerabilities
Update binaries for openssh, stunnel, and apache mod_ssl to link
against the new libraries
DEVELOPMENT:
Update openssl header files
MAN:
Update openssl manual pages
MANSRC:
Update openssl man page sources
Kernel:
None.
source_cd:
Update openssl sources to 0.9.7c to resolve ASN.1 parsing
vulnerabilities
Md5 Checksum: d0e25e7613f1f1085ce5bcc16bc37cf2 M431-012
---------------------------------------------------------------------
NAME: M431-013
HEADLINE: Update BIND to 8.3.7
DESCRIPTION: Utility:
These packages are for i386 type machines only
CORE_ROOT_BINARIES:
Update shared libc libraries:
Update BIND to 8.3.7
NETWORKING:
Update BIND utilities (named, ndc, dig, nslookup, etc.)
DEVELOPMENT:
Update development versions of libc and related header files:
Update BIND to 8.3.7
MAN:
Update BIND related man pages
MANSRC:
Update BIND related man page sources
Kernel:
None.
source_cd:
Update BIND sources to 8.3.7
Md5 Checksum: a34fa07ef14d9f8bf057d59c519f94a6 M431-013
---------------------------------------------------------------------
NAME: M431-014
HEADLINE: OpenSSL updates, TCP reassembly
DESCRIPTION: Utility:
These packages are for i386 type machines only
NETWORKING:
Update openssl to resolve security problem
Update openssh and mod_ssl binaries with versions
linked against the new version of libcrypt.a
DEVELOPMENT:
Update openssl libraries and header files
MAN:
Update openssl man pages
MANSRC:
Update openssl man page sources
Kernel:
Limit the size of the TCP reassembly queue to prevent
denial of service attacks. You must run config(8) before
rebuilding your kernel after applying this patch.
contrib_cd:
Update openssl sources to version 0.9.4d to resolve security issues
Md5 Checksum: be8003eece98e118aa2ace970583bbff M431-014
---------------------------------------------------------------------
NAME: M431-015
HEADLINE: Update mod_ssl binaries
DESCRIPTION: Utility:
These packages are for i386 type machines only
NETWORKING:
Update mod_ssl binaries to correctly match the
current mod_ssl and Apache server
Kernel:
Fix a panic due to calling fsync on a bad vnode
Md5 Checksum: ca40163372f2cbee958d1123acee7113 M431-015
---------------------------------------------------------------------
ftpパッチサイトへ