In the light of yesterday’s large coordinated release of DNS related updates to various products, I would like to point you to the updated bind packages in the portage tree.
- net-dns/bind-9.4.2_p1 is currently being marked stable on all supported architectures
- net-dns/bind-9.5.0_p1 has been committed with unstable keywords
Nameservers should be updated quite soon, since this issue should be considered serious.
A GLSA will be published after all security architectures have marked the affected package stable. The progress can be followed in bug #231201.
For more information have a look at the following links and the references therein:
Also note that if you are restricting the used outgoing ports of your nameserver by a firewall for example, this policy should be revisited.
GLSA 200807-08 has just been released to address this issue.
When having a look at git yesterday, I stumbled upon etckeeper, a tool to keep /etc in a git (or mercurial) repository and also keeps the metadata (file permissions, …) in the repo making use of metastore.
It hooks into apt but I used /etc/portage/basrc to call it before and after installing a package:
case “$EBUILD_PHASE” in
elog “Running etckeeper pre-install…”
elog “Running etckeeper post-install…”
One could also modify /etc/etckeeper/post-install.d/50vcs-commit to include the package name etc. in the commit message while emerging:
@@ -2,5 +2,12 @@
if etckeeper unclean; then
– etckeeper commit “committing changes after $HIGHLEVEL_PACKAGE_MANAGER run”
+ case $LOWLEVEL_PACKAGE_MANAGER in
+ etckeeper commit “committing changes after $HIGHLEVEL_PACKAGE_MANAGER run ($CATEGORY/$P)”
+ etckeeper commit “committing changes after $HIGHLEVEL_PACKAGE_MANAGER run”
There are probably other/better ways to accomplish this and more…
Anyways… etckeeper looks like a nice and very flexible tool to keep /etc in a repository if one wants to.
Just a little side note…
Tonight at 01:58:31 UTC we passed epoch 1111111111 (the number of seconds since 00:00:00 1970-01-01 UTC).
$ date -u --date="Fri Mar 18 01:58:31 UTC 2005" +%s
First of all: Hello Planet Gentoo
Great to see the planet alive now 🙂
Two GLSAs have just been released:
More are waiting in the queue already of course 😉
Tips for searching Bugzilla for security bugs can be found here by the way.
SecurityFocus published an article by Thierry Carrez (aka koon, operational manager of the Gentoo security team) today about the doubtful rating of the security of a product by the number of published advisory, worth a look 🙂