nss_ldap (was Re: [CentOS] Could this be an advantage of CentOS over the PNAELV distribution?_
There is a bug with nss_ldap and bash32 ... I created a new RPM for the nss_ldap that is currently in our testing repo.
Johnny,
I was wondering if that RPM includes the security fixes detailed in https://rhn.redhat.com/errata/RHSA-2008-0389.html
Thanks in advance,
M
Meenoo Shivdasani wrote:
There is a bug with nss_ldap and bash32 ... I created a new RPM for the nss_ldap that is currently in our testing repo.
Johnny,
I was wondering if that RPM includes the security fixes detailed in https://rhn.redhat.com/errata/RHSA-2008-0389.html
Yes, it contains all the pathces for that issue and has a work around for the bash32 issue.
Note: This file is in our testing repo and will not be released on the ISOs or in the Updates repo ... but will be in the release notes and can be used by users who would LIKE to try it.
We also created a kernel for bz321111 that is in testing repo as well (that is fixed in 5.2).
CentOS routinely creates patched RPMs like these to make available to our users (and upstream users / testers if they want). We also actively submit and track bugs and patches (if we have a fix) to the upstream bugzilla all the time. However, we do NOT roll these fixes in until they come down from upstream ... as we aim for binary compatibility, even for bugs. That is the only way to ensure things work the same. We also want to make the entire EL codebase better, not fork our EL codebase away from upsream like Oracle does with unbreakable linux.
Thanks, Johnny Hughes
on 6-18-2008 6:34 AM Johnny Hughes spake the following:
Meenoo Shivdasani wrote:
There is a bug with nss_ldap and bash32 ... I created a new RPM for the nss_ldap that is currently in our testing repo.
Johnny,
I was wondering if that RPM includes the security fixes detailed in https://rhn.redhat.com/errata/RHSA-2008-0389.html
Yes, it contains all the pathces for that issue and has a work around for the bash32 issue.
Note: This file is in our testing repo and will not be released on the ISOs or in the Updates repo ... but will be in the release notes and can be used by users who would LIKE to try it.
We also created a kernel for bz321111 that is in testing repo as well (that is fixed in 5.2).
CentOS routinely creates patched RPMs like these to make available to our users (and upstream users / testers if they want). We also actively submit and track bugs and patches (if we have a fix) to the upstream bugzilla all the time. However, we do NOT roll these fixes in until they come down from upstream ... as we aim for binary compatibility, even for bugs. That is the only way to ensure things work the same. We also want to make the entire EL codebase better, not fork our EL codebase away from upsream like Oracle does with unbreakable linux.
Thanks, Johnny Hughes
I am sure that RH appreciates it also. The fact that CentOS contributes so much probably give them a "favored stepchild" status, instead of just a user.
-
Johnny Hughes -
Meenoo Shivdasani -
Scott Silva