bug #194, was Re: [ntp:hackers] CERT advisory

Frederick Bruckman fredb at immanent.net
Sun Oct 5 20:14:11 PDT 2003


I was baffled, at first, by finding no "openssl" binary in the path,
but I found it easily enough in "/usr/local/openssl/bin", after all.

On Mon, 6 Oct 2003, David L. Mills wrote:

> Frederick,
>
> All the backroom and campus machines have openssl and openssh, although
> not all have the latest versions. As of now, all the backroom machines
> except grundoon do have the latest for both. The campus Solaris machines
> should be upgraded by our system staff at least for binaries. They got
> religion after the latest CERT alert, so that should happen(ed) soon.
> The sources and unSolaris machines have to wait their turn and right now
> Swamped R Us.
>
> The pogo /pogo/dist/ntp4 is current as of 2 October from ntp-dev if that
> helps. At the moment I am tarballing on mort, as that is the fastest
> machine and one I normally use myself.

> Frederick Bruckman wrote:
> >
> > On Sun, 5 Oct 2003, David L. Mills wrote:
> >
> > > I see no reason not to include bugfizzes up until the actual release, as
> > > long as the fixes are "safe". The delay due to bolt and Isabel was
> > > unavoidable. In any case, the two showstoppers mentioned previously are
> > > necessary. I'd like my suggestions to be considered not as orders but as
> > > friendly persuasions.
> >
> > On that pleasant note, I've pushed a couple more changesets to my
> > repository on pogo: a fix for a buglet that I made a bug report for,
> > and some fixes from NetBSD and NetBSD folks for compiler warnings. I
> > tested that it builds on pogo, though it doesn't fix all the warnings
> > on pogo. (I think the latest openssl is the only cure for the -Wshadow
> > nagging. Pogo doesn't have openssl?)

Frederick



More information about the hackers mailing list