NetBSD: Multiple Addendums to recent advisories
Posted by Team   
NetBSD Here are three mailings from the NetBSD announce list that discuss various gotchas with the recent advisories.

On Thu, Feb 19, 2004 at 08:36:46AM -0500, NetBSD Security-Officer wrote:

>> * NetBSD 1.6, 1.6.1:


>> 		# cd lib/libcrypto
>> 		# make cleandir dependall
>> 		# make install
>> 		# cd ../../lib/libssl
>> 		# make cleandir dependall
>> 		# make install

Build fails if there is no toolchain installed.


	make USETOOLS=no cleandir dependall
	make USETOOLS=no install

works better.

Or is there reason that NetBSD's toolchain should be used?

I think same applies also:

>> * NetBSD 1.5, 1.5.1, 1.5.2, 1.5.3:


-- Ossi Herrala, OH8HUB PGP key ID: 0x78CD0337 Fingerprint: D343 F9C4 C739 DFFF F619 6170 8D28 8189 78CD 0337 


>> I followed the instructions in 'NetBSD Security Advisory 2004-002' and 
>> this is what I got when rebuilding my kernel:
>> /usr/src/sys/arch/i386/compile/FOOBAR/../../../../netinet/ip_input.c:1808: 
>> warning: implicit declaration of function `rt_timer_queue_remove_all'
>> *** Error code 1

You need to also update sys/net/route.c and sys/net/route.h,
apparently.  These belong together, as seen in doc/CHANGES-1.6.2:

sys/net/route.h                                 1.32
sys/net/route.c                                 1.55
sys/netinet/ip_input.c                          1.163 (via patch)

        Remove all entries in rt timer queue on ip_mtudisc change, instead
        of destroying the queue.
        [itojun, ticket #984]

Yes, it appears that the security advisory is not complete as it
stands right now.


- HÃ¥vard


NetBSD Security-Officer recently published 4 Security Advisories.

We have received a number of notes from people that the PGP signatures
on these were bad. This has been corrected, and re-signed copies
published at:

As always, these locations will contain the most up-to-date versions
of the Advisories, if any other changes are required as new
information comes to hand.

The problem has been traced to an error in committing the signed text
into CVS. Normally, this is done so that the original CVS revision
tags are retained after signing, but on this occasion that step was
unfortunately omitted. The Security Advisories recently mailed out had
CVS revisions updated for the commit of the signed content, breaking
the signature.

We apologise for this error, and thank all those who pointed out the

- --
NetBSD Security-Officer

Version: GnuPG v1.2.4 (NetBSD)