Re: Upgrading sshd?
> Cool. How do you see what the patch date is? I know how to find > the version, but not things like the patch date. Man didn't tell me how to > either. I am assuming that you mean the base system sshd. You can find the details for the patch at CVSweb site: http://www.freebsd.org/cgi/cvsweb.cgi/src/crypto/openssh/?sortby=date#dirlist If you have a look at one of the patched files, buffers.c for example. you can reconstruct all the modifications the led the the current version of the file. To continue the example, if you are running -STABLE a.k.a RELENG_4 (at the present), can see that the current CVS revision of buffers.c is 1.1.1.1.2.7, and that it has been merged from -CURRENT's revision 1.2. Cheers, Simon signature.asc Description: Digital signature
Re: Upgrading sshd?
[Dragoncrest wrote ([EMAIL PROTECTED]) on 9/17/03 10:47 AM] > > Cool. How do you see what the patch date is? I know how to find > the version, but not things like the patch date. Man didn't tell me how to > either. ssh -V, i think... <--> george donnelly ~ http://www.zettai.net/ ~ "Quality Zope Hosting" Shared and Dedicated Zope Hosting ~ Zope Servers ~ Zope Websites Yahoo, AIM: zettainet ~ MSN: [EMAIL PROTECTED] ~ ICQ: 51907738 ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Upgrading sshd?
As of today, the CVS includes the patch for OpenSSH that fixes the vulnerability. Yes, it still says version 3.6.1, but if you read on, it has a patch date of 20030916. Cool. How do you see what the patch date is? I know how to find the version, but not things like the patch date. Man didn't tell me how to either. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Upgrading sshd?
On Tue, 16 Sep 2003 23:25:04 -0700, Dragoncrest wrote: > Silly question. Been trying to update my code today and all I can > seem to update to is 3.6.1, yet I've seen other distros with 3.7.1p1 > already. I think the openssh website also has 3.7.1p1 on it > too. Obviously the ports tree has gotta catch up, but does anyone know > when it will? For right now I can live with just shutting off access to > ssh for now, but I'd like to upgrade to the 3.7.1p1 as soon as it's > available for Freebsd. > As of today, the CVS includes the patch for OpenSSH that fixes the vulnerability. Yes, it still says version 3.6.1, but if you read on, it has a patch date of 20030916. -- David Benfell, LCP [EMAIL PROTECTED] --- Resume available at http://www.parts-unknown.org/resume.html pgp0.pgp Description: PGP signature
Re: Upgrading sshd?
Silly question. Been trying to update my code today and all I can seem to update to is 3.6.1, yet I've seen other distros with 3.7.1p1 already. I think the openssh website also has 3.7.1p1 on it too. Obviously the ports tree has gotta catch up, but does anyone know when it will? For right now I can live with just shutting off access to ssh for now, but I'd like to upgrade to the 3.7.1p1 as soon as it's available for Freebsd. At 03:26 PM 9/16/03 -0400, Lowell Gilbert wrote: Johan Paul <[EMAIL PROTECTED]> writes: > Refering to the latest sshd vurnability > (http://slashdot.org/articles/03/09/16/1327248.shtml?tid=126&tid=172) > I was thinking of upgradeing my sshd as well. So I cvsup'ed my system > (FBSD 4.8) and there seems to be a updated file for sshd. But how do I > upgrade sshd safly since when I type 'pkg_info |grep ssh' it return no > packages. I guess sshd is included somehow by the default install (??) > but how can I now upgrade it? I was thinking of portupgrade, but it > needs a package to upgrade... Right. openssh is part of the base system, and not normally installed as a package. There is a security advisory newly out on the usual FreeBSD mailing lists, and it gives instructions on fixing just this one problem, but it's probably better to update the whole system when you get a chance. [Note that this vulnerability does *not* give attackers an opportunity to run their code on your system.] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Upgrading sshd?
Johan Paul <[EMAIL PROTECTED]> writes: > Refering to the latest sshd vurnability > (http://slashdot.org/articles/03/09/16/1327248.shtml?tid=126&tid=172) > I was thinking of upgradeing my sshd as well. So I cvsup'ed my system > (FBSD 4.8) and there seems to be a updated file for sshd. But how do I > upgrade sshd safly since when I type 'pkg_info |grep ssh' it return no > packages. I guess sshd is included somehow by the default install (??) > but how can I now upgrade it? I was thinking of portupgrade, but it > needs a package to upgrade... Right. openssh is part of the base system, and not normally installed as a package. There is a security advisory newly out on the usual FreeBSD mailing lists, and it gives instructions on fixing just this one problem, but it's probably better to update the whole system when you get a chance. [Note that this vulnerability does *not* give attackers an opportunity to run their code on your system.] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Upgrading sshd?
At 07:24 PM 9/16/03 +0300, you wrote:
>Hi all,
>
>Refering to the latest sshd vurnability
>(http://slashdot.org/articles/03/09/16/1327248.shtml?tid=126&tid=172) I
>was thinking of upgradeing my sshd as well. So I cvsup'ed my system (FBSD
>4.8) and there seems to be a updated file for sshd. But how do I upgrade
>sshd safly since when I type 'pkg_info |grep ssh' it return no packages. I
>guess sshd is included somehow by the default install (??) but how can I
>now upgrade it? I was thinking of portupgrade, but it needs a package to
>upgrade...
There's a FreeBSD Security Advisory out that gives explicit details
on how to implement a fix for OpenSSH running as part of the core
system:
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03%3A12.openssh.asc
There seems to be a typo in one line; in the section on restarting sshd
(. /etc/rc.conf && ${sshd_program:-/usr/bin/sshd} ${sshd_flags})
^
should I think be sbin.
Jesse Sheidlower
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Upgrading sshd?
Ok, that's certainly another way to do it. :) Mine will work too, but so will this. hehe. At 07:53 PM 9/16/03 +0100, Jan Grant wrote: On Tue, 16 Sep 2003, Johan Paul wrote: > Hi all, > > Refering to the latest sshd vurnability > (http://slashdot.org/articles/03/09/16/1327248.shtml?tid=126&tid=172) I > was thinking of upgradeing my sshd as well. So I cvsup'ed my system > (FBSD 4.8) and there seems to be a updated file for sshd. But how do I > upgrade sshd safly since when I type 'pkg_info |grep ssh' it return no > packages. I guess sshd is included somehow by the default install (??) > but how can I now upgrade it? I was thinking of portupgrade, but it > needs a package to upgrade... > > Thanks! cd /usr/src/secure/usr.sbin/sshd; make; make install Then restart it. -- jan grant, ILRT, University of Bristol. http://www.ilrt.bris.ac.uk/ Tel +44(0)117 9287088 Fax +44 (0)117 9287112 http://ioctl.org/jan/ Random act of violence against bread: whole pint. -- extract from the "Hawk the Slayer" drinking game ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Upgrading sshd?
What I had to do to make this work was build OpenSSH 3.6.1 by hand, install it which puts it in /usr/local/sbin/sshd then test it. I fired up the new one on port 2000 and tested it there. When I could prove that worked I killed the process running on port 22, copied sshd to sshd.3.5p1 (just in case something goes bad you still have the old version) then copied sshd from /usr/local/sbin/ to /usr/sbin/, restarted the sshd on port 22, then tested that. Once I was happy that all was working right I killed the one on port 2000 and I was all set. Seemed to work like a charm. Maybe a little overly cautious on my part, but since I was doing the upgrade via ssh I didn't feel like cutting myself off by accident then having to drive 30 miles into work to console in and fix the problem. Believe me, I've done it before. :) At 07:24 PM 9/16/03 +0300, you wrote: Hi all, Refering to the latest sshd vurnability (http://slashdot.org/articles/03/09/16/1327248.shtml?tid=126&tid=172) I was thinking of upgradeing my sshd as well. So I cvsup'ed my system (FBSD 4.8) and there seems to be a updated file for sshd. But how do I upgrade sshd safly since when I type 'pkg_info |grep ssh' it return no packages. I guess sshd is included somehow by the default install (??) but how can I now upgrade it? I was thinking of portupgrade, but it needs a package to upgrade... Thanks! -- Johan Paul ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Upgrading sshd?
On Tue, 16 Sep 2003, Johan Paul wrote: > Hi all, > > Refering to the latest sshd vurnability > (http://slashdot.org/articles/03/09/16/1327248.shtml?tid=126&tid=172) I > was thinking of upgradeing my sshd as well. So I cvsup'ed my system > (FBSD 4.8) and there seems to be a updated file for sshd. But how do I > upgrade sshd safly since when I type 'pkg_info |grep ssh' it return no > packages. I guess sshd is included somehow by the default install (??) > but how can I now upgrade it? I was thinking of portupgrade, but it > needs a package to upgrade... > > Thanks! cd /usr/src/secure/usr.sbin/sshd; make; make install Then restart it. -- jan grant, ILRT, University of Bristol. http://www.ilrt.bris.ac.uk/ Tel +44(0)117 9287088 Fax +44 (0)117 9287112 http://ioctl.org/jan/ Random act of violence against bread: whole pint. -- extract from the "Hawk the Slayer" drinking game ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Upgrading sshd?
Hi all, Refering to the latest sshd vurnability (http://slashdot.org/articles/03/09/16/1327248.shtml?tid=126&tid=172) I was thinking of upgradeing my sshd as well. So I cvsup'ed my system (FBSD 4.8) and there seems to be a updated file for sshd. But how do I upgrade sshd safly since when I type 'pkg_info |grep ssh' it return no packages. I guess sshd is included somehow by the default install (??) but how can I now upgrade it? I was thinking of portupgrade, but it needs a package to upgrade... Thanks! -- Johan Paul ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
