[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: password expire and sshd doesn't allow ppl to change it

In nixu.lists.debian.security, you wrote:
>Content-Type: text/plain; charset=us-ascii
>Content-Disposition: inline
>Content-Transfer-Encoding: quoted-printable
>On Sat, Sep 22, 2001 at 05:55:01PM +0300, Ilkka Tuohela wrote:
>> >It resulted in me getting the whole OpenSSH, OpenSSL and zlib,
>> >compiling and putting it under a new directory
>> >/usr/local/noapt/ to avoid collisions with apt-get.
>> >
>> >Is there a clean way of upgrading the SSH package and avoid the
>> >conflicts?
>> Add a deb-src line to /etc/apt/sources.list, pointing to unstable,
>> something like:
>> deb-src ftp://ftp.fti.debian.org/debian-non-US unstable non-US/main
>> non-US/contrib non-US/non-free
>you don't need contrib and non-free.
>> Then, do=20
>> apt-get update
>> apt-get -b source ssh
>> Quite likely the build fails first if you don't have all the libraries
>> and -dev packets the build needs. You can continue in openssh-2.9b2
>> directory with dpkg-buildpackage, for example.
>grep ^Build debian/control

Yeah. You can't do this before you have unpacked the source, though...
how do I see source package descriptions with apt-cache? I didn't see
any command there to do this, like apt-cache showpkg, apt-get build-dep
doesn't exist in potato's apt. 

Anyway, apt-get source package && dpkg-buildpackage manually works quite
well and then you can of course check control file. 

>and install all listed build-depends packages.
>> This leaves you with custom ssh packages: this is the only way until=20
>> the new version is backported.
>which will never happen, except possibly by someone doing it unofficially.

Quite true. Only thing which could cause this is that there were a severe
security flaw found with version of ssh for potato, for which a patch were
not available and only way to fix the bug were to upgrade to the 2.9 
version. This is really unprobable, anyway.

One thing users of these custom packages must remember is that their 
system now has something which is not supported: if a security flaw
were found from openssh 2.9xx which doesn't exist in potato version
the user must compile a new version by themselves, it's never upgraded
with apt-get upgrade from official servers. 

       /"\                           |    Ilkka Tuohela / Nixu Oy
       \ /     ASCII Ribbon Campaign |    ilkka.tuohela@nixu.com
        X      Against HTML Mail     |    +358-40-5233174 
       / \

Reply to: