msec writes the lines: nospoof on spoofalert on to /etc/host.conf see /usr/share/msec/plugins/network.py as of glibc 2.26 those options are not recognized anymore and need to be removed from that file, as they now causes warnings: /etc/host.conf: line 3: bad command `nospoof on' /etc/host.conf: line 4: bad command `spoofalert on' preferably msec would remove those lines on package update, improving user experience
Assigning to all packagers collectively, since there is no registered maintainer for this package.
Assignee: bugsquad => pkg-bugsCC: (none) => marja11
Hi Thomas, Thus, do you mean that the option in msec enable_dns_spoofing_protection should be deleted? This option deal with "nospoof" and "spoofalert" I can deal with it. Or are there replaced with other ones?
CC: (none) => yves.brungard_mageia
Assignee: pkg-bugs => bugsquad
Thanks for assigning back to bugsquad, Yves, I had indeed assigned to the wrong group. Msec is a Mageia tool, so assigning better, now :-)
Assignee: bugsquad => mageiatools
(In reply to papoteur from comment #2) > Hi Thomas, > Thus, do you mean that the option in msec > enable_dns_spoofing_protection > should be deleted? > This option deal with "nospoof" and "spoofalert" > Yes, > I can deal with it. > > Or are there replaced with other ones? Nope, new glibc setup is rewritten to be "better secured by default, no option to disable" it... (the earlier setup was "less secure (compat with older stuff) by default, add nospoof/spoofalert for hardening")
Thanks Thomas. For the update, should I provide a script which delete the options nospoof on spoofalert on in /etc/host.conf if present? And then, the packager includes a trigger to execute it at the update? I never managed such feature until now. Papoteur
No need to provide a script, as 2 simple sed commands in versioned %post trigger in msec.spec can do the removal
Summary: msec needs adoption for glibc 2.26 => msec needs adaptation for glibc 2.26
commit 315473c53155054c3ba1abe906c25f4211842897 Author: Papoteur <papoteur@...> Date: Tue Sep 5 09:40:38 2017 +0200 suppress DNS_SPOOFING_PROTECTION (mga#21621). --- Commit Link: http://gitweb.mageia.org/software/msec/commit/?id=315473c53155054c3ba1abe906c25f4211842897
Fixed in msec-2.5-1.mga6.
Status: NEW => RESOLVEDResolution: (none) => FIXED
To be user-friendly msec should nuke those 2 lines on package upgrade
Reopening to deal with the post script to delete the lines nospoof on spoofalert on in /etc/host.conf when upgrading
Status: RESOLVED => REOPENEDResolution: FIXED => (none)
Assignee: mageiatools => pkg-bugs
*** Bug 23640 has been marked as a duplicate of this bug. ***
CC: (none) => sebsweb
(In reply to papoteur from comment #10) > Reopening to deal with the post script to delete the lines > nospoof on > spoofalert on > > in /etc/host.conf when upgrading Thank you for reopening, because this doesn't seem to be really fixed ;-) $ rpm -q msec /etc/host.conf : ligne 3 : commande erronée« nospoof on » /etc/host.conf : ligne 4 : commande erronée« spoofalert on » msec-2.6-4.mga7
for me after a Mga7 net-install today, host.config does not include those 2 lines
CC: (none) => westel
msec was updated yesterday in Cauldron but those two lines are still printed: $ rpm -q msec /etc/host.conf : ligne 3 : commande erronée« nospoof on » /etc/host.conf : ligne 4 : commande erronée« spoofalert on » msec-2.6-5.mga7 @ ben mcmonagle: this bug affects systems upgraded from Mageia6, it doesn't concern fresh installs of Mageia7 (Cauldron)
(In reply to Sébastien Morin from comment #14) > @ ben mcmonagle: this bug affects systems upgraded from Mageia6, it doesn't > concern fresh installs of Mageia7 (Cauldron) thanks. upgrade yesterday (24/1/2019) issue is still evident.
still valid upgrade x86_64
To summarize exchanges on dev ml: On Fri, Mar 22, 2019 at 09:42:38AM +0100, Dan Fandrich wrote: > On Fri, Mar 22, 2019 at 09:26:45AM +0100, Papoteur wrote: >> the post script has to delete the lines >> nospoof on >> spoofalert on >> >> in /etc/host.conf when upgrading. > > If that's all it is, this should do: > > sed -E -i.bak '/^ *(nospoof|spoofalert) +on *(#.*)?$/d' /etc/host.conf > On 22/03/19 10:44, Giuseppe Ghibò wrote: > > The problem of the nospoof warning arises due to glibc upgrade, in particular it was this patch that somewhere around glibc 2.26 was applied upstream (mga6 had glibc 2.22), i.e. this one: > > https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=7d68cdaa4f748e87ee921f587ee2d483db624b3d;hp=5c6e6747356f5d473c2c62e818bc24432ddef3e2 > > that let glibc no longer recognizing that option. A dirty trick is to fake glibc, revering that patch and providing "fake" compatibility. But in that way the nospoof will continue to be around in /etc/host.conf. Actually the bug report is https://bugs.mageia.org/show_bug.cgi?id=21621 which belongs to msec. > > Another is probably to add the scripts above in some trigger, maybe meta-task? > or alternative setup-2.27-2.mga7 itself which is the package /etc/host.conf belongs to. > Le sam. 23 mars 2019 à 00:29, "David W. Hodgins" <dev@ml.mageia.org> a écrit : >> I agree the setup package is the proper place. >> To delete the lines ... >> >> grep -v -e ^nospoof -e ^spoofalert /etc/host.conf > /etc/host.conf.rpmnew >> mv -f /etc/host.conf /etc/host.conf.rpmsave >> mv /etc/host.conf.rpmnew /etc/host.conf >> >> Regards, Dave Hodgins Le 23/03/2019 à 02:24, Thierry Vignaud a écrit : > setup is set up very early, in fisrt rpm transaction, so no %post, > %trigger must be used instead > eg: > %triggerpostun -- setup < 2.7.24-2 > > either the above sed command or: > perl -pi -e 'undef $_ if /\s+(nospoof|spoofalert)\s+on\s+.*/' /etc/host.conf > Note that the above sed doesn't handle tabs. >
Source RPM: msec => setup
Summary: msec needs adaptation for glibc 2.26 => setup needs adaptation for glibc 2.26
Should be fixed with setup-2.7.24-3.mga7.
Updated my cauldron. After update, host.conf contains: order hosts, bind multi on thus no more nospoof on spoofalert on Thanks Jani :)
Resolution: (none) => FIXEDStatus: REOPENED => RESOLVED