From james at blastwave.org Tue Jan 15 11:31:56 2008 From: james at blastwave.org (James Lee) Date: Tue, 15 Jan 2008 10:31:56 GMT Subject: [csw-announce] Stable Release 2008-01 Message-ID: <20080115.10315600.2383338577@gyor.oxdrove.co.uk> Blastwave's 2008-01 stable package collection is released and ready for use. The mirror sites have updated and you are advised to update stable installations. If you use any of the following: CSWmailscanner on Solaris 8 CSWap2worker on Solaris 10 CSWapache2 with SSL on Solaris 10 CSWossh on Solaris 10 please read the release notes below. *** CSWmailscanner on Solaris 8 The outgoing CSWmailscanner has a bug that prevents it from being removed. Before update edit /var/sadm/pkg/CSWmailscanner/install/preremove script and change the "-L" to "-h" on line 34. The following gsed command will make the change: # gsed -i -e 's/-L/-h/' /var/sadm/pkg/CSWmailscanner/install/preremove *** Apache2 with SSL on Solaris 10 The SSL setting does not persist across update. After update: # svccfg -s svc:/network/http:cswapache2 setprop httpd/ssl=true # svcadm refresh svc:/network/http:cswapache2 *** CSWap2worker on Solaris 10 On update Apache 2 with worker MPM mode will restart in pre-fork mode. After update restart: # svcadm disable cswapache2 # svcadm enable cswapache2 *** CSWossh on Solaris 10 Since Openssh 4.7, the pam_unix_cred module is mandatory in the sshd pam configuration under Solaris 10. This module has normally always been required to ensure correct credential settings but openssh 4.6 worked properly without it. Only server with custom sshd pam configuration could hit this problem as the default one is correct. So if you're in that case, make sure your configuration is correct before doing an upgrade. For example, for a standard unix authentication, a good configuration should look like this: sshd auth requisite pam_authtok_get.so.1 sshd auth required pam_dhkeys.so.1 sshd auth required pam_unix_cred.so.1 sshd auth sufficient pam_unix_auth.so.1 debug The following configuration is incorrect although it worked with openssh 4.6: sshd auth requisite pam_authtok_get.so.1 sshd auth required pam_dhkeys.so.1 sshd auth sufficient pam_unix_auth.so.1 debug James Lee. From james at blastwave.org Tue Jan 15 11:31:56 2008 From: james at blastwave.org (James Lee) Date: Tue, 15 Jan 2008 10:31:56 GMT Subject: [csw-announce] Stable Release 2008-01 Message-ID: <20080115.10315600.2383338577@gyor.oxdrove.co.uk> Blastwave's 2008-01 stable package collection is released and ready for use. The mirror sites have updated and you are advised to update stable installations. If you use any of the following: CSWmailscanner on Solaris 8 CSWap2worker on Solaris 10 CSWapache2 with SSL on Solaris 10 CSWossh on Solaris 10 please read the release notes below. *** CSWmailscanner on Solaris 8 The outgoing CSWmailscanner has a bug that prevents it from being removed. Before update edit /var/sadm/pkg/CSWmailscanner/install/preremove script and change the "-L" to "-h" on line 34. The following gsed command will make the change: # gsed -i -e 's/-L/-h/' /var/sadm/pkg/CSWmailscanner/install/preremove *** Apache2 with SSL on Solaris 10 The SSL setting does not persist across update. After update: # svccfg -s svc:/network/http:cswapache2 setprop httpd/ssl=true # svcadm refresh svc:/network/http:cswapache2 *** CSWap2worker on Solaris 10 On update Apache 2 with worker MPM mode will restart in pre-fork mode. After update restart: # svcadm disable cswapache2 # svcadm enable cswapache2 *** CSWossh on Solaris 10 Since Openssh 4.7, the pam_unix_cred module is mandatory in the sshd pam configuration under Solaris 10. This module has normally always been required to ensure correct credential settings but openssh 4.6 worked properly without it. Only server with custom sshd pam configuration could hit this problem as the default one is correct. So if you're in that case, make sure your configuration is correct before doing an upgrade. For example, for a standard unix authentication, a good configuration should look like this: sshd auth requisite pam_authtok_get.so.1 sshd auth required pam_dhkeys.so.1 sshd auth required pam_unix_cred.so.1 sshd auth sufficient pam_unix_auth.so.1 debug The following configuration is incorrect although it worked with openssh 4.6: sshd auth requisite pam_authtok_get.so.1 sshd auth required pam_dhkeys.so.1 sshd auth sufficient pam_unix_auth.so.1 debug James Lee.