FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 05-19-2008, 12:33 AM
Marty
 
Default apt/dselect anomaly

I usually keep current with the Debian archive using apt-get. Sometimes,
however, I install programs using dselect.


After upgrading to the latest Debian archive using apt-get update/upgrade,
I got the following message while running dselect:

The following packages will be upgraded:
openssh-client openssh-server

It happened on two different similarly configured machines.

I'm pretty sure this has never happened to me before. I have always thought
that upgrading using either apt-get or dselect (using the apt method) were
equivalent, at least with respect to staying current with the archive.


Am I missing something major? Thanks for any illumination.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 05-19-2008, 01:58 AM
"s. keeling"
 
Default apt/dselect anomaly

Marty <martyb@ix.netcom.com>:
> I usually keep current with the Debian archive using apt-get. Sometimes,
> however, I install programs using dselect.
>
> After upgrading to the latest Debian archive using apt-get update/upgrade,
> I got the following message while running dselect:
>
> The following packages will be upgraded:
> openssh-client openssh-server
>
> It happened on two different similarly configured machines.
>
> I'm pretty sure this has never happened to me before. I have always thought
> that upgrading using either apt-get or dselect (using the apt method) were
> equivalent, at least with respect to staying current with the archive.
>
> Am I missing something major? Thanks for any illumination.

http://svn.debian.org/viewsvn/pkg-openssl/openssl/trunk/rand/md_rand.c?rev=141&r1=140&r2=141

A major flaw has been discovered in the way Debian has been creating
ssh and ssl keys. I'm surprised anyone's not heard of it yet. Upgrading
those two packages places you in a position to fix the problem as it
affects your systems.


--
Any technology distinguishable from magic is insufficiently advanced.
(*) http://blinkynet.net/comp/uip5.html Linux Counter #80292
- - http://www.faqs.org/rfcs/rfc1855.html Please, don't Cc: me.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 05-19-2008, 01:25 PM
Daniel Burrows
 
Default apt/dselect anomaly

On Sun, May 18, 2008 at 08:33:35PM -0400, Marty <martyb@ix.netcom.com> was heard to say:
> I usually keep current with the Debian archive using apt-get. Sometimes,
> however, I install programs using dselect.
>
> After upgrading to the latest Debian archive using apt-get update/upgrade,
> I got the following message while running dselect:
>
> The following packages will be upgraded:
> openssh-client openssh-server
>
> It happened on two different similarly configured machines.
>
> I'm pretty sure this has never happened to me before. I have always
> thought that upgrading using either apt-get or dselect (using the apt
> method) were equivalent, at least with respect to staying current with
> the archive.
>
> Am I missing something major? Thanks for any illumination.

The latest version of openssh-server depends on openssh-blacklist due
to the security problems with openssl that came up recently. If you
only use "apt-get upgrade", openssh-server won't get upgraded because
"upgrade" refuses to install new packages. Did openssh-blacklist get
installed too when you used dselect?

Daniel


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 05-20-2008, 12:54 AM
Marty
 
Default apt/dselect anomaly

Daniel Burrows wrote:

On Sun, May 18, 2008 at 08:33:35PM -0400, Marty <martyb@ix.netcom.com> was heard to say:
I usually keep current with the Debian archive using apt-get. Sometimes,
however, I install programs using dselect.


After upgrading to the latest Debian archive using apt-get update/upgrade,
I got the following message while running dselect:

The following packages will be upgraded:
openssh-client openssh-server

It happened on two different similarly configured machines.

I'm pretty sure this has never happened to me before. I have always
thought that upgrading using either apt-get or dselect (using the apt
method) were equivalent, at least with respect to staying current with
the archive.


Am I missing something major? Thanks for any illumination.


The latest version of openssh-server depends on openssh-blacklist due
to the security problems with openssl that came up recently. If you
only use "apt-get upgrade", openssh-server won't get upgraded because
"upgrade" refuses to install new packages. Did openssh-blacklist get
installed too when you used dselect?


Yes. I had missed the warning about the kept back packages. Thanks.

I have repeated the upgrade with another machine to confirm this explanation:

apt-get update/upgrade outputs in part:

The following packages have been kept back:
openssh-client openssh-server
The following packages will be upgraded:
libssl0.9.8 linux-source-2.6.18 openssl rdesktop ssh

dselect outputs in part:

The following NEW packages will be installed:
openssh-blacklist
The following packages will be upgraded:
openssh-client openssh-server
2 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 

Thread Tools




All times are GMT. The time now is 07:25 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org