Vorlon's Blog » Gentoo

Serious DNS vulnerabilities – update for bind available

vorlon — Wed, 09 Jul 2008 09:24:28 +0000

In the light of yesterday’s large coordinated release of DNS related updates to various products, I would like to point you to the updated bind packages in the portage tree.

net-dns/bind-9.4.2_p1 is currently being marked stable on all supported architectures
net-dns/bind-9.5.0_p1 has been committed with unstable keywords

Nameservers should be updated quite soon, since this issue should be considered serious.

A GLSA will be published after all security architectures have marked the affected package stable. The progress can be followed in bug #231201.

For more information have a look at the following links and the references therein:

Also note that if you are restricting the used outgoing ports of your nameserver by a firewall for example, this policy should be revisited.

Update 2008-07-11:
GLSA 200807-08 has just been released to address this issue.

etckeeper – keeping /etc in a git repository

vorlon — Thu, 28 Feb 2008 21:35:25 +0000

When having a look at git yesterday, I stumbled upon etckeeper, a tool to keep /etc in a git (or mercurial) repository and also keeps the metadata (file permissions, …) in the repo making use of metastore.

It hooks into apt but I used /etc/portage/basrc to call it before and after installing a package:

case “$EBUILD_PHASE” in
preinst)
elog “Running etckeeper pre-install…”
/usr/bin/etckeeper pre-install
;;
postinst)
elog “Running etckeeper post-install…”
/usr/bin/etckeeper post-install
;;
esac

One could also modify /etc/etckeeper/post-install.d/50vcs-commit to include the package name etc. in the commit message while emerging:

— a/post-install.d/50vcs-commit
+++ b/post-install.d/50vcs-commit
@@ -2,5 +2,12 @@
set -e

if etckeeper unclean; then
- etckeeper commit “committing changes after $HIGHLEVEL_PACKAGE_MANAGER run”
+ case $LOWLEVEL_PACKAGE_MANAGER in
+ portage)
+ etckeeper commit “committing changes after $HIGHLEVEL_PACKAGE_MANAGER run ($CATEGORY/$P)”
+ ;;
+ *)
+ etckeeper commit “committing changes after $HIGHLEVEL_PACKAGE_MANAGER run”
+ ;;
+ esac
fi

There are probably other/better ways to accomplish this and more…

Anyways… etckeeper looks like a nice and very flexible tool to keep /etc in a repository if one wants to.

1111111111

vorlon — Fri, 18 Mar 2005 11:10:13 +0000

Just a little side note…
Tonight at 01:58:31 UTC we passed epoch 1111111111 (the number of seconds since 00:00:00 1970-01-01 UTC).

$ date -u --date="Fri Mar 18 01:58:31 UTC 2005" +%s 1111111111

GLSAs released

vorlon — Sat, 12 Mar 2005 17:08:18 +0000

First of all: Hello Planet Gentoo
Great to see the planet alive now

Two GLSAs have just been released:

GLSA 200503-15 – X.org: libXpm vulnerability
GLSA 200503-16 – Ethereal: Multiple vulnerabilities

More are waiting in the queue already of course

Tips for searching Bugzilla for security bugs can be found here by the way.

Koon on “More Advisories, More Security”

vorlon — Tue, 15 Feb 2005 09:01:56 +0000

SecurityFocus published an article by Thierry Carrez (aka koon, operational manager of the Gentoo security team) today about the doubtful rating of the security of a product by the number of published advisory, worth a look