Serious DNS vulnerabilities – update for bind available

In the light of yesterday’s large coordinated release of DNS related updates to various products, I would like to point you to the updated bind packages in the portage tree.

  • net-dns/bind-9.4.2_p1 is currently being marked stable on all supported architectures
  • net-dns/bind-9.5.0_p1 has been committed with unstable keywords

Nameservers should be updated quite soon, since this issue should be considered serious.

A GLSA will be published after all security architectures have marked the affected package stable. The progress can be followed in bug #231201.

For more information have a look at the following links and the references therein:

Also note that if you are restricting the used outgoing ports of your nameserver by a firewall for example, this policy should be revisited.

Update 2008-07-11:
GLSA 200807-08 has just been released to address this issue.

etckeeper – keeping /etc in a git repository

When having a look at git yesterday, I stumbled upon etckeeper, a tool to keep /etc in a git (or mercurial) repository and also keeps the metadata (file permissions, …) in the repo making use of metastore.

It hooks into apt but I used /etc/portage/basrc to call it before and after installing a package:

case “$EBUILD_PHASE” in
preinst)
elog “Running etckeeper pre-install…”
/usr/bin/etckeeper pre-install
;;
postinst)
elog “Running etckeeper post-install…”
/usr/bin/etckeeper post-install
;;
esac

One could also modify /etc/etckeeper/post-install.d/50vcs-commit to include the package name etc. in the commit message while emerging:

— a/post-install.d/50vcs-commit
+++ b/post-install.d/50vcs-commit
@@ -2,5 +2,12 @@
set -e

if etckeeper unclean; then
– etckeeper commit “committing changes after $HIGHLEVEL_PACKAGE_MANAGER run”
+ case $LOWLEVEL_PACKAGE_MANAGER in
+ portage)
+ etckeeper commit “committing changes after $HIGHLEVEL_PACKAGE_MANAGER run ($CATEGORY/$P)”
+ ;;
+ *)
+ etckeeper commit “committing changes after $HIGHLEVEL_PACKAGE_MANAGER run”
+ ;;
+ esac
fi

There are probably other/better ways to accomplish this and more…

Anyways… etckeeper looks like a nice and very flexible tool to keep /etc in a repository if one wants to.

1111111111

Just a little side note…
Tonight at 01:58:31 UTC we passed epoch 1111111111 (the number of seconds since 00:00:00 1970-01-01 UTC).

$ date -u --date="Fri Mar 18 01:58:31 UTC 2005" +%s
1111111111