On Wed Sep 17, 2003 at 08:37:31PM +0200, Jan Ciger wrote: > | There are problems on other platforms as well. I haven't seen any reports > | on Linux platforms yet, but OS X was segfaulting at least. That alone > makes > | me wary of putting it in cooker at this point. > > Yes, I saw that one too on the mailing list :-( I gave up on 3.7.1 and > just backported the changes in the channels.c and buffer.c to the 3.6 > which worked almost out-of-the-box (compilation issues - const vs > non-const pointers). > > I guess it is prudent to take a wait-and-see attitude about this, > rebuilding OpenSSH is not fun.
Agreed. That's why I took the approach of patching. Others on this list who would have updated to the full version could have been in for a rough time. Guess it's a good thing I'm the one doing it. =) > | Yes. Look for 1.2.[ver]mdk; those contain the updated patch for the older > | distribs. 8mdk for cooker has the updated patch. > > OK, so my production boxes are OK, just my cooker box is not yet > completely patched, but that is easy to remedy. Yup. > | I didn't announce the 1.2.x packages last night because at 2am I was too > | tired and wasn't sure if there would be a third round of building. > > I believe you :-) I had this patching frenzy last time when there was a > big hole in PHP and I had to rebuild PHP+Apache+Webmail suite several > times in a row - I finished at 7:00 AM next day. Yeah... that's not fun, but I've also been there. > |>pissed off with the vision of spending night debugging ssh :-(( > | > | You are not alone on that one. > > I managed to get rid of that problem already, but it seems that some of > our Windows boxes are *still* not patched for the recent RPC hole. > Aaaarghhh ... Then you have even bigger problems. =) /me who is now off to test sendmail updates -- MandrakeSoft Security; http://www.mandrakesecure.net/ Online Security Resource Book; http://linsec.ca/ "lynx -source http://linsec.ca/vdanen.asc | gpg --import" {FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}
pgp00000.pgp
Description: PGP signature