From owner-freebsd-hackers Fri Apr 19 7:59:26 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from bodb.mc.mpls.visi.com (bodb.mc.mpls.visi.com [208.42.156.104]) by hub.freebsd.org (Postfix) with ESMTP id 7EA4137B404; Fri, 19 Apr 2002 07:59:16 -0700 (PDT) Received: from sheol.localdomain (hawkeyd-fw.dsl.visi.com [208.42.101.193]) by bodb.mc.mpls.visi.com (Postfix) with ESMTP id A74375005; Fri, 19 Apr 2002 09:59:15 -0500 (CDT) Received: (from hawkeyd@localhost) by sheol.localdomain (8.11.6/8.11.6) id g3JExEh08010; Fri, 19 Apr 2002 09:59:14 -0500 (CDT) (envelope-from hawkeyd) Date: Fri, 19 Apr 2002 09:59:14 -0500 (CDT) Message-Id: <200204191459.g3JExEh08010@sheol.localdomain> Mime-Version: 1.0 X-Newsreader: knews 1.0b.1 Reply-To: hawkeyd@visi.com Organization: if (!FIFO) if (!LIFO) break; References: <20020419220844.D190_IPAustralia.Gov.AU@ns.sol.net> <3CC02BB3.1030209_unt.edu@ns.sol.net> In-Reply-To: <3CC02BB3.1030209_unt.edu@ns.sol.net> From: hawkeyd@visi.com (D J Hawkey Jr) Subject: Re: Older releases? was Re: FreeBSD Security Advisory FreeBSD-SA-02:21.tcpip X-Original-Newsgroups: sol.lists.freebsd.security To: searle@unt.edu, freebsd-security@freebsd.org, freebsd-hackers@freebsd.org Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Terribly sorry for this cross-post, but it seems relevant, if not appropriate, this time. In article <3CC02BB3.1030209_unt.edu@ns.sol.net>, searle@unt.edu writes: > The patch described in the advisory talks about 4.5-RELEASE. > I'm running two systems on 4.3-RELEASE-p28; I am guessing they are > vulnerable. If so, what steps do I follow to patch the system? > > Upgrading is not an option since the fxp (QLogic fibre-channel HAB) > driver is very flaky since 4.4 and above. > > The patches seem to make relavent changes; I just want to be sure. I was going to ask the same thing today, to try to provide backported patches. I assume you're writing of source patches, not binary patches? Let's stay in contact with one another on this. If 4.4 and earlier are vulnerable and patchable (that is, no make world required), I'll create patchfiles and make them available. It may take me a day or two, though. Developers: Userland is affected here - /usr/lib/libz. Would a "make && make install" (sic) in /usr/src/lib/libz before building the kernel suffice for a solid upgrade? > Thanks! Ditto, Dave -- Windows: "Where do you want to go today?" Linux: "Where do you want to go tomorrow?" FreeBSD: "Are you guys coming, or what?" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message