[2436] in Release_7.7_team
Athena 8.4.13/14 patch release October 9
daemon@ATHENA.MIT.EDU (Greg Hudson)
Wed Oct 4 00:59:16 2000
Date: Wed, 4 Oct 2000 00:58:41 -0400
Message-Id: <200010040458.AAA05647@nephthys.mit.edu>
From: Greg Hudson <ghudson@MIT.EDU>
To: release-announce@mit.edu
The Athena 8.4.13 (8.4.14 for Linux) patch release is currently
scheduled for the evening of Tuesday October 9. This patch release
includes:
* The athinfo man page has been updated to include some of the
more recently added standard queries.
* A buffer reuse bug was fixed in finger.
* busyd will reject queries from certain well-known ports, to
help prevent amplification attacks.
* On Solaris and IRIX, services used primarily for testing
(echo, chargen, and a few others) are now disabled by
default, to help prevent amplification attacks. They were
already disabled on Linux.
* desync now seeds its randomizer on the hostname (from
/etc/athena/rc.conf) rather than the IP address, to work
better with machines using DHCP.
* A bug was fixed in dm where it would try to revert an
account when no one had logged in.
* A bug was fixed in liblocker which could result in memory
being freed twice.
* The dash clock will update once per second now.
* xdvi should be able to display postscript now, using gs from
the ghostview locker, and even if it can't it should at
least display the DVI file without the postscript instead of
dying.
* There is now a lastlog attachandrun script pointing at the
consult locker, since Linux has a native lastlog command
which doesn't do what Athena users expect.
* The htmlview script now has a workaround for URLs with
unescaped commas in them.
* /usr/athena/bin/netscape can now be forced to run the
infoagents locker copy of netscape by the infoagents locker
maintainers.
* On Solaris and IRIX, the lp emulation is improved somewhat.
* The save_cluster_info man page has been updated to take into
account modern usage of cluster variables.
* The update script mentions the correct location of
/etc/athena/rc.conf when it notes that variables are being
added.
* glib-config now specifies runtime link path flags in its
--libs output.
* kpasswd now displays Kerberos errors in confusing string
format rather than in confusing number format.
* Several core dump bugs were fixed in nmh's header parsing.
* pdftex now uses a reasonable default paper size for this
country.
* traceroute can compute checksums on Solaris now.
* traceroute will always compute checksums for ICMP packets
now, even when the -x option is specified.
* The xss setuid handling code has been made more robust, so
xss will now run if the user's uid or gid are not listed in
the system passwd or group files.
* The xss man page has been updated so that it no longer
falsely claims that the root password can be used to unlock
a workstation.
* The duplex, bottomtray, and tumble dvips headers are back.
* On Solaris and IRIX, xlock will activate or run xss instead
of displaying some no longer accurate text.
* On Linux, the package athena-read-edid was added to the
release, which includes programs to query monitors for sync
rates and other information. This program will be used
during install time to get the correct sync rates for
monitors (when the video card and monitor supports the
requisite queries) and at boot time on PUBLIC=true machines
to fix up the XF86Config file in case the monitor has
changed.
* On Linux, PUBLIC=true machines will force the maximum
resolution in the XF86Config file down to 1280x1024 at boot
time, since that is the recommended resolution for the newer
cluster monitors.
* On Linux, console logins should have TERM properly defined.
* On Linux, the athena-krb5 package pre-uninstall script has a
typo fix.
* On Linux, vi now uses /var/tmp/vi.recover for recovery files
instead of /var/preserve/vi.recover, eliminating a failure
case where /var/preserve/vi.recover would disappear and vi
would give an error message at startup time.
* On Linux, the athena-locker RPM will ensure the correct mode
on the /mit directory it creates.
* On Linux machines set PUBLIC=true, the OS verification
script has had some typos fixed, and the passwd/shadow/group
files can be updated from AFS as on the other platforms.
* On Linux, syncconf properly reacts to the NETDEV rc.conf
variable changing.
* On Linux, an emacs local security hole has been fixed.
* On Linux, the AFS startup script is a little more robust
about testing rc.conf variables.
* On Linux, the glibc, mailx, perl, ubm-scheme, usermode, and
kernel packages have been upgraded to eliminate some locally
exploitable security holes.
If you have a machine set AUTOUPDATE=false, you can update it manually
after the release goes out by doing a console login as root and
running "update_ws".
Please send any questions or comments to release-team@mit.edu.