[csw-announce] Stable Release 2008-01

James Lee james at blastwave.org
Tue Jan 15 11:31:56 CET 2008


Blastwave's 2008-01 stable package collection is released and ready
for use.  The mirror sites have updated and you are advised to update
stable installations.

If you use any of the following:

    CSWmailscanner on Solaris 8
    CSWap2worker on Solaris 10
    CSWapache2 with SSL on Solaris 10
    CSWossh on Solaris 10

please read the release notes below.




*** CSWmailscanner on Solaris 8

The outgoing CSWmailscanner has a bug that prevents it from being
removed. Before update edit
    /var/sadm/pkg/CSWmailscanner/install/preremove
script and change the "-L" to "-h" on line 34.  The following gsed
command will make the change:

# gsed -i -e 's/-L/-h/' /var/sadm/pkg/CSWmailscanner/install/preremove




*** Apache2 with SSL on Solaris 10

The SSL setting does not persist across update. After update:

# svccfg -s svc:/network/http:cswapache2 setprop httpd/ssl=true
# svcadm refresh svc:/network/http:cswapache2




*** CSWap2worker on Solaris 10

On update Apache 2 with worker MPM mode will restart in pre-fork mode.
After update restart:
# svcadm disable cswapache2
# svcadm enable cswapache2





*** CSWossh on Solaris 10

Since Openssh 4.7, the pam_unix_cred module is mandatory in the sshd pam
configuration under Solaris 10.

This module has normally always been required to ensure correct
credential settings but openssh 4.6 worked properly without it.

Only server with custom sshd pam configuration could hit this problem
as the default one is correct.

So if you're in that case, make sure your configuration is correct before
doing an upgrade.  For example, for a standard unix authentication, a
good configuration should look like this:

sshd auth requisite pam_authtok_get.so.1
sshd auth required pam_dhkeys.so.1
sshd auth required pam_unix_cred.so.1
sshd auth sufficient pam_unix_auth.so.1 debug

The following configuration is incorrect although it worked with openssh
4.6:

sshd auth requisite pam_authtok_get.so.1
sshd auth required pam_dhkeys.so.1
sshd auth sufficient pam_unix_auth.so.1 debug





James Lee.



More information about the announce mailing list