Re: Upgrading from Debian 6.0 LTS to 7

2016-02-20 Thread Matus UHLAR - fantomas 

On 02/20/2016 01:17 PM, Alexis Grigoriou wrote:

or is there more that I need to do since my installation has LTS
support? One thing that comes to mind is the "squeeze-lts" entry
in /etc/apt/sources.list. Does that need to be removed prior to
upgrading or does the upgrade process take care of that itself?


On 20.02.16 20:46, Miroslav Skoric wrote:
Probably it would be enough to do the following: at first to update 
as much as possible with the actual "squeeze-lts" entry, following by 
changing all "squeeze-lts" and "squeeze" entries to "wheezy" and 
update/upgrade it again in some way of a 'safe upgrade' (there is 
some syntax on the web how to do that, and that step will upgrade 
only the kernel parts of the system), and finally to do full upgrade 
again (all the rest packages in the system).


I see currently two possible issues in replacing squeeze with wheezy:

1. does wheezy-lts exist already on mirrors? (doesn't seem so)

2. there's still ongoing security support for wheezy, but there is not for
squeeze.  If anyone removed security mirror from squeeze's sources.list,
will stop having security updates.

I know that shouldn't happen - I have asked about this some time ago and was
advised to leave sources.list as they were, including volatile and security
updates.

BUT: https://wiki.debian.org/LTS/Using 
- only mentions having only squeeze and squeeze-lts, so user updating that

config for wheezy would lose updates (including security).

It would be much better to keep all currently archives working and being
used.


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Support bacteria - they're the only culture some people have.

Re: Upgrading from Debian 6.0 LTS to 7

2016-02-20 Thread Jan Ingvoldstad 

On 2016-02-20 20:46, Miroslav Skoric wrote:


Probably it would be enough to do the following: at first to update as
much as possible with the actual "squeeze-lts" entry, following by
changing all "squeeze-lts" and "squeeze" entries to "wheezy" and
update/upgrade it again in some way of a 'safe upgrade' (there is some
syntax on the web how to do that, and that step will upgrade only the
kernel parts of the system), and finally to do full upgrade again (all
the rest packages in the system).


For upgrading _to_ squeeze, I believe the recommendation was to apt-get 
update && apt-get install linux-image... etc. as one of the earliest 
steps, probably due to udev and initrd finicky bits.


For the systems I've upgraded from squeeze to wheezy, I've essentially 
followed the bog standard instructions:


Commented out the squeeze-lts entry, and added wheezy entries:

deb http://ftp.no.debian.org/debian/ wheezy main contrib non-free
deb-src http://ftp.no.debian.org/debian/ wheezy main contrib non-free

deb http://security.debian.org/ wheezy/updates main contrib non-free
deb-src http://security.debian.org/ wheezy/updates main contrib non-free

deb http://ftp.no.debian.org/debian/ wheezy-updates main contrib non-free
deb-src http://ftp.no.debian.org/debian/ wheezy-updates main contrib 
non-free



After that:

apt-get update && apt-get upgrade

Pay attention to any errors and warnings, and if successful, followup with:

apt-get dist-upgrade


However, the devil is in the details of "pay attention".

One system failed to update initrd and also failed to install Grub 2 
properly, which resulted in an unbootable system. Using a Wheezy USB 
disk in rescue mode solved that quickly enough.


Additionally, pay very close attention to all config files that are 
changed; several of these need a bit of manual editing to get services 
back up and running.

--
Cheers,
Jan

Re: Upgrading from Debian 6.0 LTS to 7

2016-02-20 Thread Ben Hutchings 
On Sat, 2016-02-20 at 14:17 +0200, Alexis Grigoriou wrote:
> Hello list,
> I just read today that Debian squeeze is reaching its EOL. I have
> followed  instructions to add LTS support to squeeze and it served me
> well. And now it is time to upgrade to wheezy. What are the actions I
> need to do? Are the steps the same as
> 
> https://www.debian.org/releases/wheezy/i386/release-notes/ch-upgrading.html
> 
> or is there more that I need to do since my installation has LTS
> support?

The same process should still work.

> One thing that comes to mind is the "squeeze-lts" entry
> in /etc/apt/sources.list. Does that need to be removed prior to
> upgrading or does the upgrade process take care of that itself?

You should remove that at some point since it will eventually result in
HTTP errors when the suite is removed from the archive, but it does not
matter whether you do so before or after upgrading.

Ben.

> Any help would be much appreciated.
> And a big thanks to LTS team for providing us LTS :)
> 
-- 
Ben Hutchings
Tomorrow will be cancelled due to lack of interest.

signature.asc
Description: This is a digitally signed message part

wheezy-security to wheezy-lts transition

2016-02-20 Thread Adam D. Barratt 
[apologies to anyone who's ended up with three copies of this; the
original got eaten due to a misconfiguration on my side - please only
reply to this copy]

Hi,

As I understand it, the plan is for wheezy-lts to re-use
security.d.o:wheezy/updates directly, rather than a separate suite on
ftp-master. Is that correct?

If so then we need to consider how the transition works in the short
term. For example, the final point release of oldstable occurs after
security support ceases, so that we can fold in as many of the remaining
packages from the security archive as possible, including those that
failed to build on some architectures originally - it would be confusing
if we ended up pulling in any packages that were actually from
wheezy-lts, or even having those appear in oldstable-new.

Regards,

Adam

[SECURITY] [DLA 421-1] openssl security update

2016-02-20 Thread Kurt Roeckx 
Package: openssl
Version: 0.9.8o-4squeeze23
CVE ID : CVE-2015-3197

CVE-2015-3197:
A malicious client can negotiate SSLv2 ciphers that have been disabled on the
server and complete SSLv2 handshakes even if all SSLv2 ciphers have been
disabled, provided that the SSLv2 protocol was not also disabled via
SSL_OP_NO_SSLv2.

Additionally, when using a DHE cipher suite a new DH key will always be
generated for each connection.


This will be the last security update for the squeeze version of the package.
The 0.9.8 version is no longer supported and the squeeze LTS support will end
soon.  If you are using openssl you should upgrade to wheezy or preferably
jessie.  The version in those versions contain many security improvements.


Kurt Roeckx



signature.asc
Description: PGP signature

Accepted openssl 0.9.8o-4squeeze23 (source amd64) into squeeze-lts

2016-02-20 Thread Kurt Roeckx 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sat, 20 Feb 2016 12:31:42 +0100
Source: openssl
Binary: openssl libssl0.9.8 libcrypto0.9.8-udeb libssl-dev libssl0.9.8-dbg
Architecture: source amd64
Version: 0.9.8o-4squeeze23
Distribution: squeeze-lts
Urgency: medium
Maintainer: Debian OpenSSL Team 
Changed-By: Kurt Roeckx 
Description: 
 libcrypto0.9.8-udeb - crypto shared library - udeb (udeb)
 libssl-dev - SSL development libraries, header files and documentation
 libssl0.9.8 - SSL shared libraries
 libssl0.9.8-dbg - Symbol tables for libssl and libcrypto
 openssl- Secure Socket Layer (SSL) binary and related cryptographic tools
Changes: 
 openssl (0.9.8o-4squeeze23) squeeze-lts; urgency=medium
 .
   * Fix CVE-2015-3197
   * Always generate new key for DHE.
Checksums-Sha1: 
 b5338a9b0b20b7827b92e15c247057d5d9a3d8ee 1989 openssl_0.9.8o-4squeeze23.dsc
 f171a7195098630faa8225e271a00743ab796258 143218 
openssl_0.9.8o-4squeeze23.debian.tar.gz
 645a5d54939eb0ab8d4845714247e506a1b377d7 1062132 
openssl_0.9.8o-4squeeze23_amd64.deb
 dd6a9306b898d682b0151ae92dc5bb0c05942d9f 1006322 
libssl0.9.8_0.9.8o-4squeeze23_amd64.deb
 852dc938663fe10d1de7ff80f67f8d8f2d445fbe 645396 
libcrypto0.9.8-udeb_0.9.8o-4squeeze23_amd64.udeb
 f1991eb71a5c1397ba436155288e84353c459575 2309044 
libssl-dev_0.9.8o-4squeeze23_amd64.deb
 dd2a3b11d526400f6d5eaafc262a67ad72602485 1624314 
libssl0.9.8-dbg_0.9.8o-4squeeze23_amd64.deb
Checksums-Sha256: 
 ae152fc44696d1143a10ffc30efbe729c14ed069698fff71666482dd172480bc 1989 
openssl_0.9.8o-4squeeze23.dsc
 a02023d121f088073d070ead4086a62f722bb4dffb15a36977dc014499034738 143218 
openssl_0.9.8o-4squeeze23.debian.tar.gz
 e76cdefb96b9a7727cfeaf2ceb580875efb766c5d0b62e1be69d4a52abda022d 1062132 
openssl_0.9.8o-4squeeze23_amd64.deb
 7859da235541ee906fc08a2c65c3fee9493ab1186c4c2e260bbd023ec7b9fd7b 1006322 
libssl0.9.8_0.9.8o-4squeeze23_amd64.deb
 8ccbe107f6e670e957660b0642fb926b00aa7958e4e5609f6e842c2972ab7465 645396 
libcrypto0.9.8-udeb_0.9.8o-4squeeze23_amd64.udeb
 1bf7e00cbabd12d51df11c65bc39dd02063eba859854fc0f6959292b28378b27 2309044 
libssl-dev_0.9.8o-4squeeze23_amd64.deb
 8be059f6d06d6d1507d33dc66599b15b1f68db5a881ebb01bdc381de5b6275c8 1624314 
libssl0.9.8-dbg_0.9.8o-4squeeze23_amd64.deb
Files: 
 34aea509b286ae1c60f5dab3983d1498 1989 utils optional 
openssl_0.9.8o-4squeeze23.dsc
 9799bc2c8ee7a6e6b2a17783c495353d 143218 utils optional 
openssl_0.9.8o-4squeeze23.debian.tar.gz
 aa30e5dbeaae9987f26ac797a9b81462 1062132 utils optional 
openssl_0.9.8o-4squeeze23_amd64.deb
 bc45c2ce9473307439a1be2d8c5d799a 1006322 libs important 
libssl0.9.8_0.9.8o-4squeeze23_amd64.deb
 917a8d990f540610fe0d382dfaf877a9 645396 debian-installer optional 
libcrypto0.9.8-udeb_0.9.8o-4squeeze23_amd64.udeb
 af60a90c0ab333be1b74042554e3addc 2309044 libdevel optional 
libssl-dev_0.9.8o-4squeeze23_amd64.deb
 fa4052df0b638a61c81ba7f3cfbbaf6f 1624314 debug extra 
libssl0.9.8-dbg_0.9.8o-4squeeze23_amd64.deb
Package-Type: udeb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBCgAGBQJWyFkPAAoJEOPE3c0eTBJEKasP/1dAo+X7NZRlBE2tonHYi5y7
OsJJ5KnNa+RLttBDu1Qr8JISCojxeO1Rc6Ss7mUk3lpx4U9ibbNIogLuwBppve8N
kUcQK4ZSqbTs/H0LyQC9tLamEpM3n4Sb6jqxgJu0OC5S/mBUVCfiDN9G0yNwa16A
czSP0qz0+HR5CR+ZeHyyfyEMnjVypu4fAK82m97oi/SUlqH2XlOTvYuenve4ePLI
4frKW/SaJQ4KALpyhP3DMuulEbctYxejzwfH29PO1KcEA2W1bUrJWR8voVm1h7tm
awjDexR6hXX75pdJvVQK40xyqnfIT64UMR4vmFzhFnkoX/FoHjUROO5ZyM5xZosw
dMWBfwsdUYP10DBkWEnEvPWZr0MPQA7JUROZUyPd1SMq/BCSvH72KHdDOC6iS/pW
TJeogRU2Jq/QMYKieTClAeGSlLARdRz2kfof2NozQyLWoSO0gEpnXai9KPD/vGDI
3zGialo8/xAeZ03yS6+5OBQf3lgUDFuKvSBdx88rTp2opzd4eeuHdKYyofU3pxOK
R5MbcogFCV+KiOAb8uGxl24BGacen1ZD+vK8sLQ7R+GcFIa8NBL0GiED6wRnA98v
PNV22nvudEGN8qZb5ksR8k1Gik9MVqS5w0m7yQFZ+QzL4eu4InyvMf7YNrqPdDKY
/RuDwDqWkdkGag7Q7Tdf
=mJAp
-END PGP SIGNATURE-

Upgrading from Debian 6.0 LTS to 7

2016-02-20 Thread Alexis Grigoriou 
Hello list,
I just read today that Debian squeeze is reaching its EOL. I have
followed  instructions to add LTS support to squeeze and it served me
well. And now it is time to upgrade to wheezy. What are the actions I
need to do? Are the steps the same as

https://www.debian.org/releases/wheezy/i386/release-notes/ch-upgrading.html

or is there more that I need to do since my installation has LTS
support? One thing that comes to mind is the "squeeze-lts" entry
in /etc/apt/sources.list. Does that need to be removed prior to
upgrading or does the upgrade process take care of that itself?
Any help would be much appreciated.
And a big thanks to LTS team for providing us LTS :)