[2440] in Release_7.7_team
8.4.13 (8.4.14 for Linux) due out Tuesday evening
daemon@ATHENA.MIT.EDU (Greg Hudson)
Tue Oct 10 01:29:07 2000
Date: Tue, 10 Oct 2000 01:29:02 -0400
Message-Id: <200010100529.BAA28662@egyptian-gods.MIT.EDU>
From: Greg Hudson <ghudson@MIT.EDU>
To: release-announce@MIT.EDU
This is a reminder that the Athena 8.4.13 (8.4.14 for Linux) patch
release is currently scheduled for the evening of Tuesday October 9.
Incidentally, I expect (though we have not formally decided) that
8.4.15 will be going out within 2-4 weeks of this patch release, since
some relatively important changes have been made but didn't get
squeezed into 8.4.13/14 because (as you can see) it was already a
pretty massive patch release.  So, if you have AUTOUPDATE=false
machines which it is bothersome to take patch releases on (e.g. server
machines), you might consider waiting for 8.4.15.  Your choice, of
course.  Note that there are some security issues addressed in
8.4.13/14, as described below.
Changes in this patch release include:
	* The athinfo man page has been updated to include some of the
	  more recently added standard queries.
	* A buffer reuse bug was fixed in finger.
	* busyd will reject queries from certain well-known ports, to
	  help prevent amplification attacks.
	* On Solaris and IRIX, services used primarily for testing
	  (echo, chargen, and a few others) are now disabled by
	  default, to help prevent amplification attacks.  They were
	  already disabled on Linux.
	* desync now seeds its randomizer on the hostname (from
	  /etc/athena/rc.conf) rather than the IP address, to work
	  better with machines using DHCP.
	* A bug was fixed in dm where it would try to revert an
	  account when no one had logged in.
	* A bug was fixed in liblocker which could result in memory
	  being freed twice.
	* The dash clock will update once per second now.
	* xdvi should be able to display postscript now, using gs from
	  the ghostview locker, and even if it can't it should at
	  least display the DVI file without the postscript instead of
	  dying.
	* There is now a lastlog attachandrun script pointing at the
	  consult locker, since Linux has a native lastlog command
	  which doesn't do what Athena users expect.
	* The htmlview script now has a workaround for URLs with
	  unescaped commas in them.
	* /usr/athena/bin/netscape can now be forced to run the
	  infoagents locker copy of netscape by the infoagents locker
	  maintainers.
	* On Solaris and IRIX, the lp emulation is improved somewhat.
	* The save_cluster_info man page has been updated to take into
	  account modern usage of cluster variables.
	* The update script mentions the correct location of
	  /etc/athena/rc.conf when it notes that variables are being
	  added.
	* glib-config now specifies runtime link path flags in its
	  --libs output.
	* kpasswd now displays Kerberos errors in confusing string
	  format rather than in confusing number format.
	* Several core dump bugs were fixed in nmh's header parsing.
	* pdftex now uses a reasonable default paper size for this
	  country.
	* traceroute can compute checksums on Solaris now.
	* traceroute will always compute checksums for ICMP packets
	  now, even when the -x option is specified.
	* The xss setuid handling code has been made more robust, so
	  xss will now run if the user's uid or gid are not listed in
	  the system passwd or group files.
	* The xss man page has been updated so that it no longer
	  falsely claims that the root password can be used to unlock
	  a workstation.
	* The duplex, bottomtray, and tumble dvips headers are back.
	* On Solaris and IRIX, xlock will activate or run xss instead
	  of displaying some no longer accurate text.
	* On Linux, the package athena-read-edid was added to the
	  release, which includes programs to query monitors for sync
	  rates and other information.  This program will be used
	  during install time to get the correct sync rates for
	  monitors (when the video card and monitor supports the
	  requisite queries) and at boot time on PUBLIC=true machines
	  to fix up the XF86Config file in case the monitor has
	  changed.
	* On Linux, PUBLIC=true machines will force the maximum
	  resolution in the XF86Config file down to 1280x1024 at boot
	  time, since that is the recommended resolution for the newer
	  cluster monitors.
	* On Linux, console logins should have TERM properly defined.
	* On Linux, the athena-krb5 package pre-uninstall script has a
	  typo fix.
	* On Linux, vi now uses /var/tmp/vi.recover for recovery files
	  instead of /var/preserve/vi.recover, eliminating a failure
	  case where /var/preserve/vi.recover would disappear and vi
	  would give an error message at startup time.
	* On Linux, the athena-locker RPM will ensure the correct mode
	  on the /mit directory it creates.
	* On Linux machines set PUBLIC=true, the OS verification
	  script has had some typos fixed, and the passwd/shadow/group
	  files can be updated from AFS as on the other platforms.
	* On Linux, syncconf properly reacts to the NETDEV rc.conf
	  variable changing.
	* On Linux, an emacs local security hole has been fixed.
	* On Linux, the AFS startup script is a little more robust
	  about testing rc.conf variables.
	* On Linux, the glibc, mailx, perl, ubm-scheme, usermode, and
	  kernel packages have been upgraded to eliminate some locally
	  exploitable security holes.
If you have a machine set AUTOUPDATE=false, you can update it manually
after the release goes out by doing a console login as root and
running "update_ws".
Please send any questions or comments to release-team@mit.edu.