** IMPORTANT ANNOUNCEMENT -- MAILING LIST ADDRESS IS CHANGING ***
The AIX Toolbox developerWorks site has now been migrated to SourceForge.net.
If you wish to send email to the AIX Toolbox mailing list, you should use
the following address effective immediately:
aixtoolbox-list@lists.sourceforge.net
This list contains the same membership(*) and is now functional. Please
discontinue use of aixtoolbox-list@oss.software.ibm.com immediately. That
address will soon be permanently retired.... read more
Version updates for cvs (1.11.7), m4 (1.4.1),
mutt (1.4.2.1), rsync (2.6.2) and unzip (5.51)
are now available in the Toolbox. For more info,
see the mailing list posting:
http://www-124.ibm.com/pipermail/aixtoolbox-list/2004-October/001909.html
gcc and gcc-c++ have been updated to versions 3.3.2.
binutils is now at 2.14, and gdb is at 6.0.
All of these are the FSF GNU versions; they
replace the GNUPro source branch that was used
for earlier Toolbox versions.
For more information, see the mailing list post:
http://www-124.ibm.com/pipermail/aixtoolbox-list/2004-October/001908.html
New versions available:
OpenSSL 0.9.7d
apache 1.3.31
perl 5.8.2
See the email announcement for more details:
http://www-124.ibm.com/pipermail/aixtoolbox-list/2004-August/001887.html
A security update is available for libpng and recommended to anyone who
has this Toolbox package installed. For information on the update and
where to download, see the mailing list announcement at:
http://www-124.ibm.com/pipermail/aixtoolbox-list/2004-August/001868.html
CVS has announced that they have another security
exposure. The Toolbox cvs image has been updated
to include the patch. See the email posting at
the following link:
http://www-124.ibm.com/pipermail/aixtoolbox-list/2004-June/001791.html
Some recent security patches have been added to a few AIX Toolbox packages.
To address these items, the patches have been applied to the current Toolbox
levels of each package. We hope to update to the latest versions sometime
in the future, but these fixed packages will address the security items in
the meantime.
The affected packages are cvs, rsync, libpng, and MySQL.
See the related mailing list posting for more information:
http://www-124.ibm.com/pipermail/aixtoolbox-list/2004-May/001778.html ... read more
Gnome 2.4 images for AIXv5 (5.1.0 and greater) are
now available in the AIX Toolbox.
For more detail, refer to the following Toolbox mailing-list
note:
http://www-124.ibm.com/pipermail/aixtoolbox-list/2004-February/001710.html
Beginning in 2004, Toolbox RPMS will be built on AIX 5.1. This means that to
install future RPM images you will need to be on at least AIX 5.1 or greater
(the only supported levels of AIX).
4.3.3 users are encouraged to update to AIX 5.1 or AIX 5.2. For those that
choose to stay back-level, there are no plans to remove the existing 4.3.3 RPMS
from the FTP site any time in the near future, so these images can still be
installed while available. However, you will not be able to install new RPMS
released beginning in 2004.
If you wish to see a full list of all the final images which are available
to install on 4.3.3, view the following file:
ftp://ftp.software.ibm.com/aix/freeSoftware/aixtoolbox/data/433.finallist
OpenSSL in the Toolbox has now been updated to version 0.9.6k, which includes
all known security fixes.
OpenSSL is not found on the general Toolbox download site because of its
cryptographic content. It is available at a separate site which requires
registration and a password, though it is still a free download.
You can find the updated images at:
http://www6.software.ibm.com/dl/aixtbx/aixtbx-p
ttention all current users of the AIX Toolbox version of openSSH:
The patched version of OpenSSH which addresses the new security advisory
is now available from the AIX Toolbox "Cryptographic Content" page.
These images are for 4.3.3; the 5.1/5.2 images are also being patched but are
being addressed independently; they are not part of the Toolbox.
To clarify about what is included:
This version (3.4p1) is the only level that is authorized for distribution
from this site. However, the security patch applies cleanly and takes
care of the issue.
There was a patch released yesterday to fix the security problem; it was
then replaced this morning by a new revised patch. It is the revised patch
that is included with the Toolbox image.... read more
GNOME 2.2.1 images are now available for the AIX Toolbox.
For more information, please refer to the mailing list posting
of the announcement:
http://www-124.ibm.com/pipermail/aixtoolbox-list/2003-September/001567.html
Another Samba security advisory has been released. The security fix has been added to the AIX Toolbox samba images. All users of the Toolbox samba should update to the 2.2.7-4 images
(includes security fixes backported from 2.2.8a).
For the email announcement, see:
http://www-124.ibm.com/pipermail/aixtoolbox-list/2003-April/001418.html
KDE 3.0 images have been added to the AIX Toolbox and are available for download now.
For more information please refer to the email announcement:
http://www-124.ibm.com/pipermail/aixtoolbox-list/2003-April/001403.html
In addition, new kde-i18n language packages are available.
These are listed in a separate announcement:
http://www-124.ibm.com/pipermail/aixtoolbox-list/2003-April/001404.html
New images of openssl and mod_ssl are available on the AIX
Toolbox cryptographic content site -- these images address security exposures recently announced on www.openssl.org.
For the announcement from the mailng list, see:
http://www-124.ibm.com/pipermail/aixtoolbox-list/2003-March/001385.html
A new build of the Toolbox samba images is available which corrects a recently announced security exposure.
You are encouraged to update any installed Toolbox samba images to version 2.2.7-3, which contains the security patch.
For more information refer to the mailing list posting on this:
http://www-124.ibm.com/pipermail/aixtoolbox-list/2003-March/001378.html
A security advisory has been made for openssl, and www.openssl.org has released a patch. The patch has been
added to the AIX Toolbox cryptographic ftp site.
If you are running openssl from the Toolbox, you are advised to
update. See:
http://www-124.ibm.com/pipermail/aixtoolbox-list/2003-March/001359.html
for the announcement on the Toolbox mailing list.
A security exposure in the cvs package was announced by the
cvs maintainers. The Toolbox cvs image has been patched to
include the security fix.
See the Toolbox announcement note here:
http://www-124.ibm.com/pipermail/aixtoolbox-list/2003-January/001282.html
Due to a security advisory in Samba, the level of Samba in the Toolbox has been updated to 2.2.7. It is recommended that users
update to this level.
For the mailing list announcement, see:
http://www-124.ibm.com/pipermail/aixtoolbox-list/2002-November/001236.html
Date: Tue, 6 Aug 2002 18:05:25 -0500 (CDT)
Some miscellaneous notes to catch up on --
Here is a summary of some of the package changes over the past month or so:
-------------------
*) Security updates
This info is available in previous threads, but to recap, if you have any of
these packages installed, make sure they are at the levels listed:
openssh, openssh-clients, and openssh-server: 3.4p1-3
openssl, openssl-devel, openssl-doc: 0.9.6e-1
squid: 2.4.STABLE7-1 (or 2.4.STABLE7-2)... read more
SECURITY ANNOUNCEMENT for Apache users:
A security bulletin was released this week for the Apache HTTP web server.
See http://httpd.apache.org/info/security_bulletin_20020617.txt
The fixed version, apache 1.3.26, has been made available on the Toolbox
website. Apache users are encouraged to install the new level:
ftp://ftp.software.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/apache/apache-1.3.26-1.aix4.3.ppc.rpm... read more
A few new packages are available in the AIX Toolbox, plus some updates of older package versions.
Below is a link to the e-mail announcement:
http://www-124.ibm.com/pipermail/aixtoolbox-list/2002-June/000906.html
A handful of new package versions have been made over the past month or so. Select this link to see the full announcement:
http://www-124.ibm.com/pipermail/aixtoolbox-list/2002-May/000857.html
A supported OpenSSH is now available for AIX 5.1 that supercedes the unsupported RPM image previously available in the AIX Toolbox. AIX 5.1 users should migrate to the official image.
See details in the full mailinglist announcement:
http://www-124.ibm.com/pipermail/aixtoolbox-list/2002-May/000855.html
All users with sudo installed should update to the latest level to fix a security exposure announced last week.
Follow this link to the AIX Toolbox mailing list announcement:
http://www-124.ibm.com/pipermail/aixtoolbox-list/2002-April/000840.html