JISCMail - TB-SUPPORT Archives

Hi,

There is a new release for the application testbed because of the
updated ssh rpms. v2_0_3. Of course there may be another ssh on the way if
the rumours can be untangled.

I will create some generic notes but for those in the upgrade situation
but.

# ./gpp-fetch-edg-release.sh -r v2_0_3 -o /tmp

# cp /tmp/edg-release/ng_updaterep/updaterep.conf /etc/.
# cp /tmp/edg-release/ng_source/* /var/obj/conf/server/source/.
# cp /tmp/edg-release/ng_rpmlist/* /opt/local/linux/7.3/rpmcfg/

With the last two take care not overwrite and modifications you made.

There is no change in the site-cfg.h within any of the v2_0_X releases
so far.

Download the extra rpms.

# updateRPMCache.pl --rpcfg /opt/local/linux/7.3/rpmcfg/*rpm.h

Recompile the profiles.

# /sbin/service mkxprofd reload

Trick, previously I had recommended that you log into all the nodes
and run updaterpms. You can run this centrally if you change the
updaterpms profile.

A simple way to do this is to  edit redhat73-cfg.h, find the line.

updaterpms.rpmcfgdir             /export/local/linux/7.3/rpmcfg

by making a trivial edit to

updaterpms.rpmcfgdir             /export/local/linux/7.3/rpmcfg/

the updaterpms profile is changed and updaterpms is called. By alternating
between these two and compiling the profile you can cause rpms to be
installed.

Don't forget to upgrade openssh on the LCFG server itself.

   Steve





















--
Steve Traylen
[log in to unmask]
http://www.gridpp.ac.uk/


---------- Forwarded message ----------
Date: Wed, 17 Sep 2003 07:49:35 +0200
From: Charles Loomis <[log in to unmask]>
To: ITeam <[log in to unmask]>,
     Site Admin. <[log in to unmask]>
Subject: [SA-HELP] SECURITY upgrade for APP. TB


Hi,

There is a new release for the application testbed--v2_0_3.

This include an upgrade of the openssh rpms.  There is a
rumor of an active exploit of the security hole.

This release also includes a new IDL rpm which removes
the RH4.2 dependencies (as a consequence the RH6.2 paths
in updaterep.conf have been removed).  It may be necessary
to remove IDL and reinstall it; however, the upgrade worked
correctly on my machines.

Also included: a change to site-cfg.h to really turn off GOUT by default.

Please upgrade to this release as soon as possible.

Thanks.

Cal