Manually upgrading Bind / Named to version 9.9.1-P1 [Security patches].

Hi folks.

Latest Bind / Named version was released several days ago to patch this vulnerability.

The thread was started on PCLinuxOS Forum in the appropriate section to request it being upgraded but from what I can see members / devs are not really in the rush to get this version into the repository as almost no one votes for it or reports it as being looked at… Who would give a hairy rat’s behind about some stupid security patch huh? Right… Well I do.

So I have decided to just compile this thing myself. I have left the repository Bind installed and I have done this:

su

root's password

export PREFIX=`echo /usr/`

export PATH=$PREFIX/bin:$PATH

export PKG_CONFIG_PATH=$PREFIX/lib/pkgconfig:$PREFIX/share/pkgconfig

cd /opt/

mkdir Bind

cd Bind

wget -c ftp://ftp.isc.org/isc/bind9/9.9.1-P1/bind-9.9.1-P1.tar.gz

tar xvzf ./bind-9.9.1-P1.tar.gz

cd bind-9.9.1-P1

./configure --prefix=$PREFIX --sysconfdir=/etc/

You can expect missing dependencies here. I had no problems whatsoever as I have a good few “devel” packages installed – try figuring out what You’re missing if You do run into a snag, then install it from Synaptic (without closing this window) and re-run the above configure step till there are no errors.

make

make install

ls --full /var/lib/named/var/

one of the listed items should look like this:

drwxr-xr-x 7 root root 4096 2012-06-15 23:51:43.468278052 +0100 named/

ls --full /var/lib/named/var/named

chown named:named /var/lib/named/var/named/

drwxr-xr-x 7 named named 4096 2012-06-15 23:51:43.468278052 +0100 named/

Now in this terminal window type in

tail -f /var/log/syslog

and leave it be.

Open another terminal window and run those commands:

su

root's password

named -v

the reply should look like this:

BIND 9.9.1-P1

service named restart

and the reply should look something like this:

Stopping named:                        [ OK ]
Starting named:                          [ OK ]

and in the same time in the first terminal window You should see output similar to this:

Jun 16 00:19:13 icsserver named[791]: starting BIND 9.9.1-P1 -u named -t /var/lib/named
Jun 16 00:19:13 icsserver named[791]: built with ‘–prefix=/usr/’ ‘–sysconfdir=/etc/’
Jun 16 00:19:13 icsserver named[791]: —————————————————-
Jun 16 00:19:13 icsserver named[791]: BIND 9 is maintained by Internet Systems Consortium,
Jun 16 00:19:13 icsserver named[791]: Inc. (ISC), a non-profit 501(c)(3) public-benefit
Jun 16 00:19:13 icsserver named[791]: corporation. Support and training for BIND 9 are
Jun 16 00:19:13 icsserver named[791]: available at https://www.isc.org/support
Jun 16 00:19:13 icsserver named[791]: —————————————————-
Jun 16 00:19:13 icsserver named[791]: using 1 UDP listener per interface
Jun 16 00:19:13 icsserver named[791]: using up to 4096 sockets
Jun 16 00:19:13 icsserver named[791]: loading configuration from ‘/etc/named.conf’
Jun 16 00:19:13 icsserver named[791]: reading built-in trusted keys from file ‘/etc/named.iscdlv.key’
Jun 16 00:19:13 icsserver named[791]: statistics channel listening on 127.0.0.1#5380
Jun 16 00:19:13 icsserver named[791]: using default UDP/IPv4 port range: [1024, 65535]
Jun 16 00:19:13 icsserver named[791]: using default UDP/IPv6 port range: [1024, 65535]
Jun 16 00:19:13 icsserver named[791]: listening on IPv4 interface lo, 127.0.0.1#53
Jun 16 00:19:13 icsserver named[791]: listening on IPv4 interface eth1, 192.168.0.1#53
Jun 16 00:19:13 icsserver named[791]: listening on IPv4 interface ppp0, 31.200.150.65#53
Jun 16 00:19:13 icsserver named[791]: generating session key for dynamic DNS
Jun 16 00:19:13 icsserver named[791]: sizing zone task pool based on 19 zones
Jun 16 00:19:13 icsserver named[791]: using built-in DLV key for view _default
Jun 16 00:19:13 icsserver named[791]: set up managed keys zone for view _default, file ‘/var/named/dynamic/managed-keys.bind’
Jun 16 00:19:13 icsserver named[791]: automatic empty zone: 10.IN-ADDR.ARPA
Jun 16 00:19:13 icsserver named[791]: automatic empty zone: 16.172.IN-ADDR.ARPA
Jun 16 00:19:13 icsserver named[791]: automatic empty zone: 17.172.IN-ADDR.ARPA
Jun 16 00:19:13 icsserver named[791]: automatic empty zone: 18.172.IN-ADDR.ARPA
Jun 16 00:19:13 icsserver named[791]: automatic empty zone: 19.172.IN-ADDR.ARPA
Jun 16 00:19:13 icsserver named[791]: automatic empty zone: 20.172.IN-ADDR.ARPA
Jun 16 00:19:13 icsserver named[791]: automatic empty zone: 21.172.IN-ADDR.ARPA
Jun 16 00:19:13 icsserver named[791]: automatic empty zone: 22.172.IN-ADDR.ARPA
Jun 16 00:19:13 icsserver named[791]: automatic empty zone: 23.172.IN-ADDR.ARPA
Jun 16 00:19:13 icsserver named[791]: automatic empty zone: 24.172.IN-ADDR.ARPA
Jun 16 00:19:13 icsserver named[791]: automatic empty zone: 25.172.IN-ADDR.ARPA
Jun 16 00:19:13 icsserver named[791]: automatic empty zone: 26.172.IN-ADDR.ARPA
Jun 16 00:19:13 icsserver named[791]: automatic empty zone: 27.172.IN-ADDR.ARPA
Jun 16 00:19:13 icsserver named[791]: automatic empty zone: 28.172.IN-ADDR.ARPA
Jun 16 00:19:13 icsserver named[791]: automatic empty zone: 29.172.IN-ADDR.ARPA
Jun 16 00:19:13 icsserver named[791]: automatic empty zone: 30.172.IN-ADDR.ARPA
Jun 16 00:19:13 icsserver named[791]: automatic empty zone: 31.172.IN-ADDR.ARPA
Jun 16 00:19:13 icsserver named[791]: automatic empty zone: 168.192.IN-ADDR.ARPA
Jun 16 00:19:13 icsserver named[791]: automatic empty zone: 127.IN-ADDR.ARPA
Jun 16 00:19:13 icsserver named[791]: automatic empty zone: 254.169.IN-ADDR.ARPA
Jun 16 00:19:13 icsserver named[791]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
Jun 16 00:19:13 icsserver named[791]: automatic empty zone: 100.51.198.IN-ADDR.ARPA
Jun 16 00:19:13 icsserver named[791]: automatic empty zone: 113.0.203.IN-ADDR.ARPA
Jun 16 00:19:13 icsserver named[791]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
Jun 16 00:19:13 icsserver named[791]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Jun 16 00:19:13 icsserver named[791]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Jun 16 00:19:13 icsserver named[791]: automatic empty zone: D.F.IP6.ARPA
Jun 16 00:19:13 icsserver named[791]: automatic empty zone: 8.E.F.IP6.ARPA
Jun 16 00:19:13 icsserver named[791]: automatic empty zone: 9.E.F.IP6.ARPA
Jun 16 00:19:13 icsserver named[791]: automatic empty zone: A.E.F.IP6.ARPA
Jun 16 00:19:13 icsserver named[791]: automatic empty zone: B.E.F.IP6.ARPA
Jun 16 00:19:13 icsserver named[791]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
Jun 16 00:19:13 icsserver named[791]: command channel listening on 127.0.0.1#953

This should be it… You have compiled and are running latest patched version of Bind…

Regards.

Andy

The FOSS Convergance – Hootiegibbon opens 'alternative / open' os online service for friends…

Well done Hootie!

Here is the blog addy and few words from the founder:

Welcome to The FOSS Convergance, the place where like minds with different operatings systems can meet, chat, swap and exchange ideas freely and without confines beyond that listed here.

Keep threads on topic (ie the subject line context)

Be nice – we welcome all here – even Windows users who are curious

You can be a critic , but do not BASH, we do not like bashing here.

Keep it FAMILY friendly, teh Minimum age on this forum is 13 bare that in mind.

Obey the Law (US/UK and your locality) , no copyright or DRM infringements please.

No real world politics, or other “flame-bate”.

Use GOOD subject lines think about your subject

When posting for help in a section add !HELP! to the beginning of the subject and mark it !SOLVED! at the end of subject when it is solved

These simple terms may expand as time and necessity moves on

I am already registered on the forum… Are You?

Service also has IRC channel 🙂 and a Twitter account.

Link for Twitter rss feeder:

http://api.twitter.com/1/statuses/user_timeline.rss?screen_name=fossconvergence

Cheers.

Andy

Forgot to do aptupgrade? Don't panic… You can still try to upgrade Your system.

Hi folks.

Sometime (several months) ago there was a “demand” from PCLinuxOS devs to install and run aptupgrade package. This was a crucial package. Everywhere on the forum (and WoTW) there were reminders about doing this. Why was it so important? Because it was upgrading apt, rpm and their libraries. Also synaptic package manager was upgraded.

Whoever did not upgraded it in time (few months window) should reinstall with fresh copy of the latest iso after creating a list of all the installed apps and backing up their ~ folder… Why? Because the packages created using the latest rpm would not be compatible with the systems that were not upgraded.

That was the suggested solution. Reinstall. BUT what if You do not want to (cannot) install from scratch due to many personal tweaks and / or for any other valid (even if just for You) reasons?

If You are desperate / brave / crazy enough and You are willing to take some risks like myself – please continue reading… I don’t have to tell You that I don’t take any responsibility for borked system right? Right…

Last night I have visited a friend who is dual-booting XP and PCLinuxOS. I tried to install gparted and noticed he did not upgraded his lappy for 10 months or so… I tried to upgrade it but all I got was librpm dependency problems – no matter what I did… SO… I said right – aptupgrade was not done

So here is (more / less) what I did to fix it ;)… (I am skipping all the investigation steps).

Open terminal and run:

su

followed by

root's password

and then…

cd /root/

wget -c http://andrzejl.cyryl.net/WoTW/WoTW_files/aptupgrade/aptupgrade-1.0-7pclos2011.src.rpm

rpm -ivh /root/aptupgrade-1.0-7pclos2011.src.rpm

unxz /root/rpmbuild/SOURCES/aptupgrade-1.0.tar.xz

cd /root/rpmbuild/SOURCES

tar xvf ./aptupgrade-1.0.tar

cd ./aptupgrade-1.0

rpm -ivh --nodeps --force --ignorearch --ignoresize --ignoreos ./*.rpm

rm -f /root/aptupgrade-1.0-7pclos2011.src.rpm

rm -Rf /root/rpmbuild/

BE CAREFUL WHILE USING THE RM COMMANDS!

NOW… Leave this terminal window open and follow this very important step.

Open synaptic. When it reloads you will get (3 or 4) errors (in one error window) about multiple versions of packages (like apt, libapt and synaptic) being installed. Write down the names of these packages and OK the message. Now search for those packages in synaptic. You will find that indeed there are multiple versions installed. Compare their version numbers and “Mark for complete removal” the older versions. Apply the changes. Wait for the packages being removed and synaptic to reload. Close and reopen synaptic. There maybe another message about duplicate packages. Write down their names, find them, mark the older versions for complete removal, apply, wait till finished, close and reopen synaptic. Repeat till there are no duplicate packages error messages when starting synaptic. I guess this could be done by using dupeclean package but I did it by hand just to make sure nothing really important won’t get removed when dealing with duplicates. When this is done close synaptic.

Now go back to that terminal window that You had open and type in:

apt-get update

and when done

apt-get dist-upgrade

wait for the question about installing / upgrading / removing etc etc etc… read, understand and if all ok – confirm by pressing y and punching enter.

Wait till it finishes and reboot. Why not use synaptic to do the upgrade? Because I was afraid that replacing / upgrading so many crucial system libraries after such a long time of not upgrading the system at all could crash synaptic in the middle of the upgrade and it could cause system-wide corruptions and multiple problems.

On a side note…

Last night at my friends house I got 937 packages to be upgraded, 36 new to be installed and 33 to be removed. Over 1080 MB of upgrades… After upgrading and rebooting system worked perfect without a tiniest issue. Even funnier… I forgot that I had testing section enabled and upgraded fully from it… I said I will bite the bullet and will upgrade his kernel to the testing version as well… Kernel 3.2.16-bfs was installed without a tiniest hiccup…

So did You fully rebooted? Check for updates using Synaptic as You normally would. In the future don’t forget to upgrade at least every 2 week and sporadically check forum for any important announcements for Your distro.

Regards.

Andrzej

3 great irssi scripts: autorejoin.pl keepnick.pl splitlong.pl

Hi all.

This is another post about Irssi – awesome irc client… Please make sure that You have read the previous posts before complaining that something is not working. Sometimes solution to Your problem is being posted during the installation process in previous posts.

Today we are gonna install more irssi scripts ;)…

First of them is autorejoin.pl. As the name suggests it automatically reconnects You to a channel after You were kicked or dropped. Second is keepnick.pl. If You haven’t registered with irc network keeping Your default nick can be problematic. Sometimes someone else will be using it. Keepnick will get You that nick whenever the person that uses it leaves the server. Third one is handy too. It’s called splitlong.pl and it splits Your long messages to a shorter ones 🙂 so they don’t get pruned by the server maximal message length setting :).

cd ~/.irssi/scripts/ && wget -c http://scripts.irssi.org/scripts/autorejoin.pl && wget -c http://scripts.irssi.org/scripts/keepnick.pl && wget -c http://scripts.irssi.org/scripts/splitlong.pl && cd ~/.irssi/scripts/autorun/ && ln -s ../autorejoin.pl && ln -s ../keepnick.pl && ln -s ../splitlong.pl

You may want to edit the ~/.irssi/scripts/autorejoin.pl file (line 25) and change the my $delay value from 5 to lets say 15 or 20… Some channel operators hate this script and you may get banned for using it there but normally it’s ok…

In irssi window run the following commands:

/load keepnick.pl

/load autorejoin.pl

/load splitlong.pl

/keepnick YourNick

Don’t forget to change YourNick to Your actual nickname ;).

/set splitlong_max_length 300

Voila… Installed and configured.

Now whenever you get kicked / dropped from the channel You will rejoin in (by default) 5 seconds, Your Irssi will try keeping Your nickname for You and if You type something longer then 300 characters Your irssi will split the text for You so it does not get pruned ;)…

Regards.

Andy

How can I replace './configure –prefix=/usr/ or ./autogen –prefix=/usr/' while using cmake?

Hi all.

I was just wondering how can I replace

./configure --prefix=/usr/

or

./autogen.sh --prefix=/usr/

while using cmake and I have found the answer.

It’s quite simple but worth remembering so I have decided to post it here.

cmake -DCMAKE_INSTALL_PREFIX:PATH=/usr/ ../

Of course prefix /usr/ can be changed to whatever you want it to be…

Regards.

Andy

Filter Of Filters 1.0 for Thunderbird is something to get excited about…

Hi all.

As a full time Mozilla Fanboy :P, Firefox and Thunderbird user I am always excited when I will find something new for me that makes my Mozilla experience even better… Plan for today was – find out how can I filter the message filters in Thunderbird. Why would I want to do that You ask? Well let’s start with bit of explanation about what message filters are. Message filters can be compared to a set of sieves with different size nets in them. They can filter the messages using multiple criteria.

For example if Your account firstname.lastname@domainname.blah gets a lot of unwanted mail from a certain company based at somedomain.net… and you know that You never want to receive / read them or You don’t want them messages in Your inbox folder go to Tools > Message filters in Your thunderbird. Choose Your firstname.lastname@domainname.blah from the dropdown menu in the top part of the popup window and click New

Another popup will appear. Fill in the appropriate fields.

Filtering Messages in Thunderbird

1) Name of the filter – make it something obvious…
2) When is the filter to be used…
3) Should all criteria be met or just any?
4) What are the criteria – you can really have 100’s of them… and You are limited by Your imagination only…
5) What should happen if the criteria matches and filter gets triggered…

Now press Ok and You will be back in the previous window. Click on the filter to highlight it and click Run. All messages from @somedomain.net (does not if it’s noreply@ or service@ or wewillsendyoumorespam@) will be moved / deleted / marked as read… Whatever You chose… Neat huh?

Ok You say… Enough about the darn filters. Why do You want to filter filters? Answer is simple. I have a lot of filters and sometimes I just need to modify / fix one of them and I cannot find it. Filtering filters is extremely helpful… The addon adds little box where You can type in what You are looking for and it allows You to find the filter that You are looking for easier / faster. It’s brilliant really…

Filtering Filter Messages in Thunderbird

Sooo… Where can I find this Filters Filter? Here. And how do I install it? Just like any other Thunderbird add-on – for example FireTray

It made my day really. Thanks wsmwk for the info ;).

Regards.

Andy

HILIGHT in Irssi… Just when I thought that Irssi cannot get any better…

Hi all.

I always found it slightly weird that only when someone started the sentence with MyNickname: I was getting highlighted and beeped… It was annoying.

Today I have found out that Irssi can beep & highlight You whenever someone triggers the keyword that You have setup in the program…

/HILIGHT keyword

for example will highlight You whenever someone uses a word keyword. On the beginning, in the middle, at the end of sentence… It does not matter… You will get beeped even if the word is used inside a url or in case the word used contains keyword in the middle of it ;).

To find out more about the magic HILIGHT command use:

/help HILIGHT

Fantastic… Irssi just simply rocks…

Regards.

Andy