CentOS 6.3 released – features….and bugs :)

CentOS logo


Well folks its finally here ; http://lists.centos.org/pipermail/centos-announce/2012-July/018706.html

Among the changes, imitating its parent RedHat6.3, OpenOffice is replaced by libreoffice, I have yet to try it out but apparently has a bit more community support and can read .docx files.   They are also deprecating matahari, a management API I know little about, in favor of another suite (CIM).  RedHat even recommends matahari removal, which is fine by me since I never bothered to learn it 🙂

Bind9.7 is also replaced by Bind9.8 (yea!), a rare move by RedHat in my memory since they dislike changing version numbers in the lifecycle of each distribution.

Another notable addition to CentOS6.3 is the tools to convert physical to virtual machines for use with KVM, virt-p2v and virt-v2v (for migrationg a virtual-to-virtual installation).  Unlike RedHat6.3 that ships an .ISO image seperately to boot from in order to use these tools, CentOS includes that .ISO in the .rpm.   I look forward to trying it out.

I have already upgraded a number of guests (my KVM host however is still running 6.2, I have not worked up the courage to give it a go yet, it should go well but I can’t be bothered with glitches right about now), and all seems to work smoothly; I did come across one issue however, if you utilize IPv6 resolvers, a new(?) bug in libresolv causes a segmentation fault crash in applications that make a particular call to it;  sendmail, freshclam/clamav, emacs, openvpn, chrony, postfix.  Here is the Redhat bugzilla entry, as well as the CentOS entry.

Even if only one of your resolvers is an IPv6 address, affected software will crash;


freshclam[6598]: segfault at 1 ip 00007f9be8b37596 sp 00007fff9ffac0b0
 error 6 in libresolv-2.12.so[7f9be8b2b000+16000]

sendmail[7374]: segfault at 1 ip 00007f95d7b73596 sp 00007fffa93295a0 
error 6 in libresolv-2.12.so[7f95d7b67000+16000]


I look forward to the fix.  In the meantime I will get to tinker with P2V/V2V tools.






Time Flies – BIND, CentOS4 and Spammers

Its been over a month since I have been able to take a moment and say hello to my blog.  After my own time off, my colleagues have dared to take their own time off and I am stuck with extra work while they are gone.  What goes around, comes around, I guess.


In the meantime, the only work I have been able to do around here is moderate spammy comments to the trashbin.  Viagra, Online Loans, Escort services, they all seem to come over here with their bots and spam my admin panel with bogus comments with links back to their crap…



One thing I guess they are trying to exploit are the WordPress pingbacks.  Much to my annoyance since I really don’t mind speaking out loud to nobody on this blog, its crappy to have bots polluting my space with their spam.   I might try a WordPress CAPTCHA plugin of some sort, was too lazy to look for one since I didn’t figure I needed one….little did I know!


In any case, as time goes on, people still (*shiver*) running RHEL4/CentOS4 systems are getting more and more vulnerabilities.  CVE-2012-1823 being the first reasonably big bug that will go unpatched with RHEL4/CentOS4, and now BIND has announced CVE-2012-1667, a rather nasty one that apparently can in some cases expose system memory (!!!).  RHEL4 and clones shiiped with BIND 9.2, and it is of course vulnerable.  Thankfully systems I manage have been moved past EL4, however I do have a server or two that is still yet to be replaced.  I came across a blog that had shown promise of a rebuild of BIND 9.7.3 (which ships with CentOS 6.2 I believe), yet I was never able to get the .src.rpm for that.  I ended up building my own.  Its based on Fedora Linux’s FC14 9.7.4 RPM, with the 9.7.6_P1 source from ISC.ORG.  You can download my .src.rpm here.  I have tested it happily for a few weeks now, your mileage may vary.  Rebuild at your own risk! 🙂  I have it running on a mail server for DNS caching as well as a reasonably busy authoritative server and so far, no issues at all.    At least now RHEL4/CentOS4 can have allow-recursion { acl; } in named.conf!!! (yay)

Anyway, if you do download the source and compile it, let me know your results.