LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Debian (http://www.linuxquestions.org/questions/debian-26/)
-   -   How to stay on top of security patches for source packages (http://www.linuxquestions.org/questions/debian-26/how-to-stay-on-top-of-security-patches-for-source-packages-4175418223/)

padeen 07-23-2012 07:17 AM

How to stay on top of security patches for source packages
 
I built my own package for squid 3.1.6 because I needed a ./configure option that the pre-built package does not set. That worked fine and it installed correctly and everything is sweet.

Now, apt-get upgrade wants to "upgrade" my squid back to the pre-built version. I gather I should have somehow changed the version of my package so that apt-get does not want to upgrade it.

How do I change the version of my package and what should I have changed it to?

Should I just pin the package and be done with it?

Looking forward, how can I make sure I get the future security patches for squid3? Or at least get notified of them.

Thanks.

Debian 6.0.5 (Squeeze)

cynwulf 07-23-2012 09:36 AM

You can change the epoch of your package to make it appear newer, or use apt-pinning to prevent upgrades...

In your case however, why not just put it on hold?

Code:

# echo squid hold | dpkg --set-selections
(to undo the hold - same command but substitute "hold" with "install".)

evo2 07-23-2012 06:52 PM

Hi,

Quote:

Originally Posted by padeen (Post 4735796)
Looking forward, how can I make sure I get the future security patches for squid3? Or at least get notified of them.

You should be subscribed to debian-security@lists.debian.org

Also, if you have your squid3 package on hold apt-get should explicitly tell you when you do an upgrade and there is an new version of squid3 that is "kept back".
This would be your prompt to get the new/patched source package for squid3 and rebuild and install your binary package.

However, depending on what the additional configure flag is, it may be worth filing a bug to get it included in the default Debian build.
What configure option is it that you need?

Evo2.

padeen 07-23-2012 07:25 PM

The flag is --enable-http-violations, I can understand why it is not in the default build.

Thanks for the info.


All times are GMT -5. The time now is 05:34 PM.