'Re: HEADS UP on master'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       dragonfly-users
Subject:    Re: HEADS UP on master
From:       Matthew Dillon <dillon () backplane ! com>
Date:       2019-06-17 17:21:03
Message-ID: CAOZ7CpBmws58_xnV_sPvTCaeks3gc9F39r8Y1u_P_tqVc_2vJg () mail ! gmail ! com
[Download RAW message or body]

We're going to fix 'make upgrade' to not require this manual intervention,
but it may take a day or two, so anyone using master... beware of this
issue.

-Matt

On Mon, Jun 17, 2019 at 7:21 AM Rimvydas Jasinskas <rimvydasjas@gmail.com>
wrote:

> Hi,
>
> deprecated OPIE removal from base requires manual intervention
> *before* rebooting on updated master,
> The "make upgrade" script only warns about detected opie presence and
> suggest to manually edit or reinstall default PAM configs (cd
> /usr/src/etc/pam.d && make install) on both 5.6-RELEASE and
> 5.7-DEVELOPMENT.
> Make sure that /etc/pam.d/* configs no longer have hardcoded  pam_opie
> entries on master. For more information, see
> ed5666c1699a23a9ae3c0aca97dabaae71e26431
>
> Also OpenSSH was recently updated to 8.0p1. UsePAM option is enabled
> by default if sshd(8) is compiled with -DUSE_PAM.
> From now on default base sshd(8) configs are installed into
> /usr/share/examples/ssh/ together with cert.pem and openssl.cnf in
> /usr/share/examples/ssl/ too.
> Please check your /etc/ssh/sshd_config for deprecated options.
>
> RJ
>

[Attachment #3 (text/html)]

<div dir="ltr">We&#39;re going to fix &#39;make upgrade&#39; to not require this \
manual intervention, but it may take a day or two, so anyone using master... beware \
of this issue.<div><br></div><div>-Matt</div></div><br><div class="gmail_quote"><div \
dir="ltr" class="gmail_attr">On Mon, Jun 17, 2019 at 7:21 AM Rimvydas Jasinskas \
&lt;<a href="mailto:rimvydasjas@gmail.com">rimvydasjas@gmail.com</a>&gt; \
wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hi,<br> <br>
deprecated OPIE removal from base requires manual intervention<br>
*before* rebooting on updated master,<br>
The &quot;make upgrade&quot; script only warns about detected opie presence and<br>
suggest to manually edit or reinstall default PAM configs (cd<br>
/usr/src/etc/pam.d &amp;&amp; make install) on both 5.6-RELEASE and<br>
5.7-DEVELOPMENT.<br>
Make sure that /etc/pam.d/* configs no longer have hardcoded   pam_opie<br>
entries on master. For more information, see<br>
ed5666c1699a23a9ae3c0aca97dabaae71e26431<br>
<br>
Also OpenSSH was recently updated to 8.0p1. UsePAM option is enabled<br>
by default if sshd(8) is compiled with -DUSE_PAM.<br>
From now on default base sshd(8) configs are installed into<br>
/usr/share/examples/ssh/ together with cert.pem and openssl.cnf in<br>
/usr/share/examples/ssl/ too.<br>
Please check your /etc/ssh/sshd_config for deprecated options.<br>
<br>
RJ<br>
</blockquote></div>



[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic