announce April 2015

announce@lists.centos.org

3 participants
82 discussions

CESA-2015:0766 Critical CentOS 5 firefox Security Update
by Johnny Hughes 31 Mar '15

31 Mar '15

CentOS Errata and Security Advisory 2015:0766 Critical Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-0766.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: beaac586f844c81489edecdef29f700d6463b2781a6cce2c335bb21eb39c871a firefox-31.6.0-2.el5.centos.i386.rpm x86_64: beaac586f844c81489edecdef29f700d6463b2781a6cce2c335bb21eb39c871a firefox-31.6.0-2.el5.centos.i386.rpm b3b0a4830df3143e8de64f822b28aae25117a56cbdf9911770d4bd2b5980b16d firefox-31.6.0-2.el5.centos.x86_64.rpm Source: 562625fd007c32f416a37cfccf50e9c206aed8810b0759728f140f4ae67cee01 firefox-31.6.0-2.el5.centos.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #centos(a)irc.freenode.net

1 0

Update to Release for CentOS Linux 7 (1503)
by Karanbir Singh 31 Mar '15

31 Mar '15

--- Important Update to CentOS Linux 7 1503 release --- In order to better communicate the upstream code relationship, we changed the way we handle /etc/centos-release and /etc/redhat-release in CentOS Linux 7. However, a fallout of this change was that some config management and automation tools were unable to parse the version id properly. We felt this problem had a wide enough impact that it deserved immediate action to resolve. And, to address this issue, we have immediately issued updates for the 'centos-release' package and are working to deliver an install time solution in the next few hours. Our recommendation for authors of these tools is to consider using the /etc/os-release file as the source of metadata; by design this file is set up to export script consumable content that defines the environment. Furthermore the os-release file can be easily extended to suit site specific requirements. To verify you have the currect centos-release file, running 'file /etc/redhat-release' should return '/etc/redhat-release: symbolic link to `centos-release`' In case you have made local edits to these files, there will be no change and your edits would have been preserved through this update cycle. --- Details What are we doing - We have issued the updated centos-release into centos/7/updates/; this file has Release marked as el7.centos.2.8; everyone running a 'yum update' will get this new content automatically. - We have updated the base os/ repos with the new centos-release so all network driven installs (nfs, pxe, netinstall, http, ftp) will deliver the right content right from the start, facilitating automation and config management tools to function right away. - New ISOS for the following media have been rebuilt and are currently syncing out, note the 01 at the end of the filename, this indicates it is a subsequent release. Once these images are widely available, we will remove the older ones. Details on how we hope to run this are available in the mirror section below. Media types impacted: * DVD :: new file CentOS-7-x86_64-DVD-1503-01.iso sha256: 85bcf62462fb678adc0cec159bf8b39ab5515404bc3828c432f743a1b0b30157 torrent: http://mirror.centos.org/centos/7/isos/x86_64/CentOS-7-x86_64-DVD-1503-01.t… * Everything :: new file: CentOS-7-x86_64-Everything-1503-01.iso sha256: 8c3f66efb4f9a42456893c658676dc78fe12b3a7eabca4f187de4855d4305cc7 torrent: http://mirror.centos.org/centos/7/isos/x86_64/CentOS-7-x86_64-Everything-15… * Minimal :: new file: CentOS-7-x86_64-Minimal-1503-01.iso sha256: 7cf1ac8da13f54d6be41e3ccf228dc5bb35792f515642755ff4780d5714d4278 torrent: http://mirror.centos.org/centos/7/isos/x86_64/CentOS-7-x86_64-Minimal-1503-… Media types not impacted, and therefore not reissued: * NetInstall * Live CD * Live GNOME * Live KDE - The CentOS Linux 1503 Cloud and Docker images will also be rebuilt and refreshed. Impact to users: - This issue does not impact most users. Only people who run automation software that parses /etc/redhat-release would be affected, if they had run yum update on their machines between 17:00 UTC to 22:30 UTC on 31st March 2015. - If you already have a CentOS-7 install, and are yum updating to the new release, you might need to run one further yum update, but will see no impact from this issue. Content needed to mitigate this issue is already in the updates/ repos on mirror.centos.org - If you have an existing CentOS-7 install, and had been consuming content from the CR/ repo then you too will have no impact, but might need to run yum update once again. Content needed to mitigate this issue is already in the updates/ repo on mirror.centos.org - If you have already run a fresh install and have a new CentOS Linux 7 install, you will need to run yum update to get the new centos-release file. - People currently running downloads will need to restart their downloads as new torrent files are issued. The older stale torrent files will be removed. --- Mirror Activity and process Step-1: We have created new images via 'cp -al' to duplicate the existing images to their new names. This will allow the new content to rsync straight into place, with a very small delta. We estimated this will reduce the overall rsync network traffic down by almost 98% for new isos. This action was done at 22:30 UTC hrs on 31st Mar. A large bulk of the public mirrors would now have this in place. Step-2: New iso images for DVD, Everything and Minimal are dropped into the right place, and we let the mirror network sync up; this typically takes a few days, but with the step-1 action being complete, we feel this step-2 action should complete within 3 to 4 hrs. This action will be executed from our side by 02:00 UTC; At this point we will also have new torrent files to match these new isos. The initial torrents will stop running to be replaced with the new ones. Step-3: Once the mirror network is stable, we will remove the original ISO files and update all documentation to reflect the changes. These changes will spread across all the www.centos.org, wiki.centos.org and announcement contents. --- Future Actions Into the near future, we are going to try and bring onboard as many of these automation tools as possible into the CentOS QA cycles to ensure that we always maintain compatibility with them. We will also look at expanding the QA effort to include a large number of people from a more diverse set of roles. As the first step towards this, I hope to run a public retrospective on this release cycle, and I welcome all feedback towards that. My aim is to have a report on that posted within the month of April 2015. One of the most important things for us, in the CentOS Project, is to ensure that all content is tested and sanitised so as to never break an existing install or an existing workflow. This time we tripped up, but I hope we were able to rectify this rapidly enough that it does not cause too much trouble for our sysadmin friends. -- Karanbir Singh, Project Lead, The CentOS Project +44-207-009 4455 | http://www.centos.org/ | twitter.com/CentOS

1 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

announce April 2015