[Gllug] Debian Sarge security updates

Paul Cupis paul at cupis.co.uk
Fri Sep 29 08:11:46 UTC 2006 

Chris Bell wrote:
> On Fri 29 Sep, Paul Cupis wrote:
>> Chris Bell wrote:
>>> Hello,
>>>    I have done a security update to Sarge using "aptitude" which included an
>>> update to the 2.6.8 kernel. All appeared to go well after the reboot, so I
>>> continued to update some other boxes.
>>>    I have just checked for any further security updates, and each box shows
>>> a couple of updated packages available plus a large number of important base
>>> packages to be removed. I can understand the old kernel being listed for
>>> deletion, but not all the rest, more a series of updates to later versions.
>>>    I quit aptitude and rebooted again, but no change.
>> Do you want to share the output of the program so we can see
>> specifically what you are seeing?
> 
> A typical line would be shown in magenta
> 
> idA  locales                        -10.5MB 2.3.2.dsl- 2.3.2.dsl-
> idA  sysklogd                        -209kB 1.4.1-17   1.4.1-17
> 
>    Could there be two complete sets of these packages present, and one set
> only is being deleted?

No, this suggests that aptitude believes that these packages are not
required, not depended on by anything and so can be removed.

>> Also, can we see the contents of /etc/apt/source.list,
> 
> Typically:
> 
> deb http://172.21.3.5:9999/debian/ sarge main non-free contrib
> deb-src http://172.21.3.5:9999/debian/ sarge main non-free contrib
> 
> deb http://ftp.uk.debian.org/debian/ stable main non-free contrib
> deb-src http://ftp.uk.debian.org/debian/ stable main non-free contrib
> 
> deb http://172.21.3.5:9999/security/ sarge/updates main non-free contrib
> deb-src http://172.21.3.5:9999/security/ sarge/updates main non-free contrib
> 
> deb http://security.debian.org/ sarge/updates main contrib non-free
> deb-src http://security.debian.org/ sarge/updates main contrib non-free
> 
> deb http://security.debian.org/ stable/updates main contrib non-free
> 
>  /etc/apt/apt.conf and /etc/apt/preferences do not exist
> 
>> (and any interesting files in
>> /etc/apt/apt.conf.d) ?
> 
> // Pre-configure all packages with debconf before they are installed.
> // If you don't like it, comment it out.
> DPkg::Pre-Install-Pkgs {"/usr/sbin/dpkg-preconfigure --apt || true";}

That all looks reasonable except for the duplication in your
sources.list (which I imagine is just due to the way you are presenting
the example).

>>>    I normally use a local apt-proxy mirror, so quit aptitude again, edited
>>> the sources.list to include an official mirror site, re-booted and ran
>>> aptitude again, no difference.
>>>    I feel that I should hold the majority of the packages, remove the old
>>> kernel, then repeat the process.
>>>    Has anyone else found a problem?
>> Just to confirm, you've been running apt-get update after editting the
>> sources.list?
> 
>    I type "u" while running aptitude which runs apt-get update, but I
> spotted the huge amount of magenta text that appeared, so I have not hit "U"
> to select all apgradeable packages to be upgraded, or "g" to show the
> list/go ahead.

Go through the list of highlighted packages and press "+" and "m" over
each one to indicate a) that you want the package installed and b) that
aptitude should not consider them for removal just because they are not
depended on.
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug

More information about the GLLUG mailing list