Bug 1118368

Summary: Please include proper dependencies in named.service against nss-lookup.target
Product: [openSUSE] openSUSE Tumbleweed Reporter: Franck Bui <fbui>
Component: NetworkAssignee: Navin Kukreja <navin.kukreja>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None Flags: fbui: needinfo? (navin.kukreja)
Version: Current   
Target Milestone: ---   
Hardware: Other   
OS: Other   
See Also: https://bugzilla.opensuse.org/show_bug.cgi?id=1118367
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on:    
Bug Blocks: 1052837    

Description Franck Bui 2018-12-04 17:15:47 UTC 
(duplicate of boo#1118367 but for named.service)

Hi,

It would be great if named.service would stop relying on /etc/insserv.conf (which is obsolete and subject to future removal) and instead would include proper dependencies directly.

For this purpose, it would mean adding the 2 following dependencies in the service unit file:

 [Unit]
 ...
 Wants=nss-lookup.target
 Before=nss-lookup.target

Thanks.
Comment 1 Franck Bui 2019-05-27 08:44:14 UTC 
FTR this has been done last year: https://build.opensuse.org/package/rdiff/network/bind?linkrev=base&rev=253
Comment 2 Franck Bui 2019-06-13 14:20:29 UTC 
Navin, can you submit a similar fix for SLE12-SP2+ and SLE15 ?

Thanks.
Comment 3 Franck Bui 2019-07-01 11:39:15 UTC 
Hi Navin,

After some more investigation, here is a description of what needs to be done:

For SLE12-SP2+
--------------
bind package ships 2 sysv init scripts for these distros: "named" and "lwresd".

It appears that the sysv-generator already provides the deps automtically to "named" (because "named" provides the "named" facility). So for "named" nothing needs to be done.

OTOH the deps needs to be added to "lwresd". In order to do so, please ship the following drop-in along with the sysv init script:

# mkdir /usr/lib/systemd/system/lwresd.service.d/
# cat >/usr/lib/systemd/system/lwresd.service.d/insserv.conf <<EOF
[Unit]
Before=nss-lookup.target
Wants=nss-lookup.target
EOF

For SLE15+ and Factory
----------------------
For those platforms, the 2 services have been converted into systemd units. Therefore "named" doesn't get the deps automatically anymore so both services need to be patched like it's been done for Factory, see comment #1.

Thanks !
Comment 9 Swamp Workflow Management 2019-10-01 16:20:47 UTC 
SUSE-SU-2019:2502-1: An update that solves 5 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 1104129,1118367,1118368,1126068,1126069,1128220,1133185,1138687
CVE References: CVE-2018-5740,CVE-2018-5743,CVE-2018-5745,CVE-2019-6465,CVE-2019-6471
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    bind-9.11.2-3.10.1
SUSE Linux Enterprise Server 12-SP4 (src):    bind-9.11.2-3.10.1
SUSE Linux Enterprise Desktop 12-SP4 (src):    bind-9.11.2-3.10.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 10 Navin Kukreja 2019-10-04 12:29:20 UTC 
FIXED
Comment 11 Swamp Workflow Management 2019-10-04 16:15:46 UTC 
SUSE-SU-2019:2550-1: An update that solves one vulnerability and has two fixes is now available.

Category: security (important)
Bug References: 1118367,1118368,1138687
CVE References: CVE-2019-6471
Sources used:
SUSE Linux Enterprise Module for Server Applications 15-SP1 (src):    bind-9.11.2-12.13.2
SUSE Linux Enterprise Module for Server Applications 15 (src):    bind-9.11.2-12.13.2
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    bind-9.11.2-12.13.2
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    bind-9.11.2-12.13.2
SUSE Linux Enterprise Module for Basesystem 15-SP1 (src):    bind-9.11.2-12.13.2
SUSE Linux Enterprise Module for Basesystem 15 (src):    bind-9.11.2-12.13.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 12 Swamp Workflow Management 2019-10-06 13:16:14 UTC 
openSUSE-SU-2019:2265-1: An update that solves one vulnerability and has two fixes is now available.

Category: security (important)
Bug References: 1118367,1118368,1138687
CVE References: CVE-2019-6471
Sources used:
openSUSE Leap 15.1 (src):    bind-9.11.2-lp151.11.6.1
Comment 13 Swamp Workflow Management 2019-10-06 13:22:15 UTC 
openSUSE-SU-2019:2263-1: An update that solves one vulnerability and has two fixes is now available.

Category: security (important)
Bug References: 1118367,1118368,1138687
CVE References: CVE-2019-6471
Sources used:
openSUSE Leap 15.0 (src):    bind-9.11.2-lp150.8.16.1
Comment 16 Swamp Workflow Management 2020-07-15 13:25:40 UTC 
SUSE-SU-2020:1914-1: An update that solves three vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1109160,1118367,1118368,1171740
CVE References: CVE-2018-5741,CVE-2020-8616,CVE-2020-8617
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    bind-9.9.9P1-63.17.1
SUSE OpenStack Cloud 8 (src):    bind-9.9.9P1-63.17.1
SUSE OpenStack Cloud 7 (src):    bind-9.9.9P1-63.17.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    bind-9.9.9P1-63.17.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    bind-9.9.9P1-63.17.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    bind-9.9.9P1-63.17.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    bind-9.9.9P1-63.17.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    bind-9.9.9P1-63.17.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    bind-9.9.9P1-63.17.1
SUSE Enterprise Storage 5 (src):    bind-9.9.9P1-63.17.1
HPE Helion Openstack 8 (src):    bind-9.9.9P1-63.17.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 17 Swamp Workflow Management 2020-10-13 20:15:19 UTC 
SUSE-SU-2020:2914-1: An update that solves 12 vulnerabilities, contains one feature and has 8 fixes is now available.

Category: security (moderate)
Bug References: 1100369,1109160,1118367,1118368,1128220,1156205,1157051,1161168,1170667,1170713,1171313,1171740,1172958,1173307,1173311,1173983,1175443,1176092,1176674,906079
CVE References: CVE-2017-3136,CVE-2018-5741,CVE-2019-6477,CVE-2020-8616,CVE-2020-8617,CVE-2020-8618,CVE-2020-8619,CVE-2020-8620,CVE-2020-8621,CVE-2020-8622,CVE-2020-8623,CVE-2020-8624
JIRA References: ECO-1402
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    bind-9.16.6-12.32.1, sysuser-tools-2.0-4.2.8
SUSE Linux Enterprise Server 15-LTSS (src):    bind-9.16.6-12.32.1, sysuser-tools-2.0-4.2.8
SUSE Linux Enterprise Module for Server Applications 15-SP2 (src):    bind-9.16.6-12.32.1
SUSE Linux Enterprise Module for Server Applications 15-SP1 (src):    bind-9.16.6-12.32.1
SUSE Linux Enterprise Module for Development Tools 15-SP2 (src):    sysuser-tools-2.0-4.2.8
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    bind-9.16.6-12.32.1, sysuser-tools-2.0-4.2.8
SUSE Linux Enterprise Module for Basesystem 15-SP1 (src):    bind-9.16.6-12.32.1, sysuser-tools-2.0-4.2.8
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    bind-9.16.6-12.32.1, sysuser-tools-2.0-4.2.8
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    bind-9.16.6-12.32.1, sysuser-tools-2.0-4.2.8

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 18 Swamp Workflow Management 2020-10-19 22:15:02 UTC 
openSUSE-SU-2020:1699-1: An update that solves 12 vulnerabilities and has 8 fixes is now available.

Category: security (moderate)
Bug References: 1100369,1109160,1118367,1118368,1128220,1156205,1157051,1161168,1170667,1170713,1171313,1171740,1172958,1173307,1173311,1173983,1175443,1176092,1176674,906079
CVE References: CVE-2017-3136,CVE-2018-5741,CVE-2019-6477,CVE-2020-8616,CVE-2020-8617,CVE-2020-8618,CVE-2020-8619,CVE-2020-8620,CVE-2020-8621,CVE-2020-8622,CVE-2020-8623,CVE-2020-8624
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    bind-9.16.6-lp152.14.3.1, libuv-1.18.0-lp152.4.3.1, sysuser-tools-2.0-lp152.5.3.1
Comment 19 Swamp Workflow Management 2020-10-20 10:16:59 UTC 
openSUSE-SU-2020:1701-1: An update that solves 12 vulnerabilities and has 8 fixes is now available.

Category: security (moderate)
Bug References: 1100369,1109160,1118367,1118368,1128220,1156205,1157051,1161168,1170667,1170713,1171313,1171740,1172958,1173307,1173311,1173983,1175443,1176092,1176674,906079
CVE References: CVE-2017-3136,CVE-2018-5741,CVE-2019-6477,CVE-2020-8616,CVE-2020-8617,CVE-2020-8618,CVE-2020-8619,CVE-2020-8620,CVE-2020-8621,CVE-2020-8622,CVE-2020-8623,CVE-2020-8624
JIRA References: 
Sources used:
openSUSE Leap 15.1 (src):    bind-9.16.6-lp151.11.9.1, libuv-1.18.0-lp151.3.3.1, sysuser-tools-2.0-lp151.4.3.1