FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Development

 
 
LinkBack Thread Tools
 
Old 02-09-2010, 09:29 PM
"Paul W. Frields"
 
Default Notice: dnssec-conf updates in Fedora 11 and 12

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The Fedora Project recently issued an update to the dnssec-conf
package, to fix an issue that caused Fedora 11 and 12 systems using
BIND (named) to put an inordinately heavy load on RIPE nameservers.
However, this update has been found to break some BIND configurations
as seen in this bug:

https://bugzilla.redhat.com/show_bug.cgi?id=563232

The problem occurs in these packages:

dnssec-conf-1.21-3.fc11
dnssec-conf-1.21-7.fc12

To determine if your system is affected, run the following command:

rpm -q dnssec-conf

If one of the above package descriptors does not appear, your system
is not affected and you may safely ignore this message. If you are
affected, please continue reading.

== Workaround ==

If you have already accepted this update, you can downgrade the
package and start the failed BIND (named) daemon again using these
commands:

su -c 'yum downgrade dnssec-conf'
su -c 'service named start'

== Solution ==

System owners running BIND name servers on Fedora 11 or 12 systems are
advised not to accept the specific dnssec-conf pacakge updates listed
above. There are several ways to avoid these specific updates.

* If you use the PackageKit graphical client, or another graphical
client, deselect the dnssec-conf update in the dialog that lists
package updates.

* If you use the yum command-line client, use this command to exclude
dnssec-conf from the list of packages to be updated:

su -c 'yum --exclude=dnssec-conf update'

== Remediation ==

A new update is being prepared to address this problem for Fedora 11
and 12 users, and will be pushed to our mirrors as soon as possible.
Users who are not running BIND nameservers (named) on their Fedora 11
and 12 can safely disregard this notice. When the new updates are
pushed, a follow-up announcement will be made here. At that time,
affected system owners can safely accept the replacement updates.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iD8DBQFLceHHrNvJN70RNxcRAoY1AKDGuYgvJvoRi6sYpBsl3v bYyiMy2QCg3Beh
KNbq55w4R2A4qtLCwQosJPg=
=zRrs
-----END PGP SIGNATURE-----
_______________________________________________
devel-announce mailing list
devel-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel-announce
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 02-10-2010, 06:34 PM
Michael Cronenworth
 
Default Notice: dnssec-conf updates in Fedora 11 and 12

Paul W. Frields wrote:
>
> The problem occurs in these packages:
>
> dnssec-conf-1.21-3.fc11
> dnssec-conf-1.21-7.fc12
>

Has this question been asked of anyone yet:

Why did this update bypass updates-testing?
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 02-10-2010, 07:05 PM
Chuck Anderson
 
Default Notice: dnssec-conf updates in Fedora 11 and 12

On Wed, Feb 10, 2010 at 01:34:51PM -0600, Michael Cronenworth wrote:
> Paul W. Frields wrote:
> >
> > The problem occurs in these packages:
> >
> > dnssec-conf-1.21-3.fc11
> > dnssec-conf-1.21-7.fc12
> >
>
> Has this question been asked of anyone yet:
>
> Why did this update bypass updates-testing?

Probably because it was a "critial" update to remove already expired
DNSSEC keys that were breaking reverse DNS lookups for people who had
DNSSEC validation turned on.
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 02-10-2010, 08:28 PM
Jesse Keating
 
Default Notice: dnssec-conf updates in Fedora 11 and 12

On Wed, 2010-02-10 at 13:34 -0600, Michael Cronenworth wrote:
> Paul W. Frields wrote:
> >
> > The problem occurs in these packages:
> >
> > dnssec-conf-1.21-3.fc11
> > dnssec-conf-1.21-7.fc12
> >
>
> Has this question been asked of anyone yet:
>
> Why did this update bypass updates-testing?

The devs wanted to get it out and stop flooding the servers. They
thought they had tested it well enough. I trusted them.

--
Jesse Keating
Fedora -- Freedom˛ is a feature!
identi.ca: http://identi.ca/jkeating
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 02-11-2010, 03:13 PM
"Paul W. Frields"
 
Default Notice: dnssec-conf updates in Fedora 11 and 12

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, Feb 09, 2010 at 05:29:27PM -0500, Paul W. Frields wrote:
> == Remediation ==
>
> A new update is being prepared to address this problem for Fedora 11
> and 12 users, and will be pushed to our mirrors as soon as possible.
> Users who are not running BIND nameservers (named) on their Fedora 11
> and 12 can safely disregard this notice. When the new updates are
> pushed, a follow-up announcement will be made here. At that time,
> affected system owners can safely accept the replacement updates.

Packages are now available in the updates-testing repository, and most
mirrors should include them at this point. Community testing for
these packages would be appreciated. To install them:

su -c 'yum --enablerepo=updates-testing update dnssec-conf'

To report findings:

Fedora 11: https://admin.fedoraproject.org/updates/F11/FEDORA-2010-1696
Fedora 12: https://admin.fedoraproject.org/updates/F12/FEDORA-2010-1748

- --
Paul W. Frields http://paul.frields.org/
gpg fingerprint: 3DA6 A0AC 6D58 FEC4 0233 5906 ACDB C937 BD11 3717
http://redhat.com/ - - - - http://pfrields.fedorapeople.org/
Where open source multiplies: http://opensource.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iD8DBQFLdCzArNvJN70RNxcRAiFeAJ9mmfLcFDhM88cCR3Dxhc 0krS8luACg0t58
GVWFdZpHU3ekakLbHktXXwE=
=r4Bk
-----END PGP SIGNATURE-----
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
 
Old 02-11-2010, 03:13 PM
"Paul W. Frields"
 
Default Notice: dnssec-conf updates in Fedora 11 and 12

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, Feb 09, 2010 at 05:29:27PM -0500, Paul W. Frields wrote:
> == Remediation ==
>
> A new update is being prepared to address this problem for Fedora 11
> and 12 users, and will be pushed to our mirrors as soon as possible.
> Users who are not running BIND nameservers (named) on their Fedora 11
> and 12 can safely disregard this notice. When the new updates are
> pushed, a follow-up announcement will be made here. At that time,
> affected system owners can safely accept the replacement updates.

Packages are now available in the updates-testing repository, and most
mirrors should include them at this point. Community testing for
these packages would be appreciated. To install them:

su -c 'yum --enablerepo=updates-testing update dnssec-conf'

To report findings:

Fedora 11: https://admin.fedoraproject.org/updates/F11/FEDORA-2010-1696
Fedora 12: https://admin.fedoraproject.org/updates/F12/FEDORA-2010-1748

- --
Paul W. Frields http://paul.frields.org/
gpg fingerprint: 3DA6 A0AC 6D58 FEC4 0233 5906 ACDB C937 BD11 3717
http://redhat.com/ - - - - http://pfrields.fedorapeople.org/
Where open source multiplies: http://opensource.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iD8DBQFLdCzArNvJN70RNxcRAiFeAJ9mmfLcFDhM88cCR3Dxhc 0krS8luACg0t58
GVWFdZpHU3ekakLbHktXXwE=
=r4Bk
-----END PGP SIGNATURE-----
_______________________________________________
devel-announce mailing list
devel-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel-announce
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 

Thread Tools




All times are GMT. The time now is 02:42 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org