Serious DNS vulnerabilities – update for bind available

In the light of yesterday’s large coordinated release of DNS related updates to various products, I would like to point you to the updated bind packages in the portage tree.

  • net-dns/bind-9.4.2_p1 is currently being marked stable on all supported architectures
  • net-dns/bind-9.5.0_p1 has been committed with unstable keywords

Nameservers should be updated quite soon, since this issue should be considered serious.

A GLSA will be published after all security architectures have marked the affected package stable. The progress can be followed in bug #231201.

For more information have a look at the following links and the references therein:

Also note that if you are restricting the used outgoing ports of your nameserver by a firewall for example, this policy should be revisited.

Update 2008-07-11:
GLSA 200807-08 has just been released to address this issue.

etckeeper – keeping /etc in a git repository

When having a look at git yesterday, I stumbled upon etckeeper, a tool to keep /etc in a git (or mercurial) repository and also keeps the metadata (file permissions, …) in the repo making use of metastore.

It hooks into apt but I used /etc/portage/basrc to call it before and after installing a package:

case “$EBUILD_PHASE” in
elog “Running etckeeper pre-install…”
/usr/bin/etckeeper pre-install
elog “Running etckeeper post-install…”
/usr/bin/etckeeper post-install

One could also modify /etc/etckeeper/post-install.d/50vcs-commit to include the package name etc. in the commit message while emerging:

— a/post-install.d/50vcs-commit
+++ b/post-install.d/50vcs-commit
@@ -2,5 +2,12 @@
set -e

if etckeeper unclean; then
– etckeeper commit “committing changes after $HIGHLEVEL_PACKAGE_MANAGER run”
+ portage)
+ etckeeper commit “committing changes after $HIGHLEVEL_PACKAGE_MANAGER run ($CATEGORY/$P)”
+ ;;
+ *)
+ etckeeper commit “committing changes after $HIGHLEVEL_PACKAGE_MANAGER run”
+ ;;
+ esac

There are probably other/better ways to accomplish this and more…

Anyways… etckeeper looks like a nice and very flexible tool to keep /etc in a repository if one wants to.

Matroska Dateien editieren/erstellen

Auf der Suche nach einer Möglichkeit einen Audio Stream aus einer Matroska Containerdatei zu entfernen bin ich gerade auf MKVToolnix gestossen. Neben den üblichen Kommandozeilentools gibt’s dazu auch eine recht übersichtliche GUI, mit der das Problem im Nu gelöst war. Auch das Erstellen und ich hoffe auch Splitten von Containern sollte recht einfach gehen.

Achja, für Gentoo gibt’s die Tools im Portage Tree als media-video/mkvtoolnix, wxwidgets USE-Flag hierbei nicht vergessen.

vpnc on dd-wrt

I just found out that vpnc now seems to be part of the vpn build of the latest dd-wrt. Looks like I can finally try vpnc on my WRT54GL without too many difficulties. Although I don’t expect it to perform too well. The wiki page explaining vpnc on dd-wrt can be found here:

Looking for that, I also stumbled upon the Firmware Modification Kit, which seems to easily allow the extraction, modification etc. of the firmware images.