Page 3 of 3 FirstFirst 123
Results 21 to 28 of 28
  1. #21
    Untangler
    Join Date
    May 2008
    Posts
    394

    Default

    Code:
    grep dns       
    ii  dnsmasq                                 2.80-1
    So dnsmasq is still not getting updated on my Untangle. Is it a problem with apt or has it not yet been uploaded to the repo?

  2. #22
    Newbie
    Join Date
    Mar 2021
    Posts
    1

    Default

    Thanks a lot for all these informations, they were a great help in my case.
    I'm always pleased to have nothing to do
    (I'm reassured)

  3. #23
    Untangler
    Join Date
    May 2008
    Posts
    394

    Default

    Seems apt is working. Two packages were updated since March 4th.
    Code:
    diff untangleapt2.txt untangleapt.txt
    724,725d723
    < ii  python-apt                              1.8.4.2                                                        amd64        Python interface to libapt-pkg
    < ii  python-apt-common                       1.8.4.2                                                        all          Python interface to libapt-pkg (locales)
    Still dnsmasq 2.80-1. Why?

  4. #24
    Untangler
    Join Date
    May 2008
    Posts
    394

    Default

    Time to add openssl to the things not being updated by apt. Who knows how many others?

    Package: openssl (1.1.1d-0+deb10u6) [security]

    Code:
    [root @ homeuntangle] ~ # dpkg -l |grep openssl
    ii  libcrypt-openssl-bignum-perl            0.09-1+b1                                                      amd64        Perl module to access OpenSSL multiprecision integer arithmetic libraries
    ii  libcrypt-openssl-random-perl            0.15-1+b1                                                      amd64        module to access the OpenSSL pseudo-random number generator
    ii  libcrypt-openssl-rsa-perl               0.31-1+b1                                                      amd64        module for RSA encryption using OpenSSL
    ii  openssl                                 1.1.1d-0+deb10u4                                               amd64        Secure Sockets Layer toolkit - cryptographic utility
    ii  perl-openssl-defaults:amd64             3                                                              amd64        version compatibility baseline for Perl OpenSSL packages
    Untangle claims to be secure because it is based on debian. If it is not kept updated with debian is it still secure? I understand the need to test. I also understand the urgency to update.

    So is apt being used, yes. Is it being used as intended?

  5. #25
    Untangler
    Join Date
    May 2008
    Posts
    394

    Default

    16.3 beta finally updates these and a bunch of other stuff. Why do we need to wait so long to get debian updates? Defeats debian security updates as a security feature.

  6. #26
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,161

    Default

    I'm of two minds on the topic...

    Rapid automatic updates is great to remediate known issues if and only of the updates come from a trusted source. But that's the rub isn't it? Debian's repos have been victimized before...

    Building trust into Untangle's supply chain will require a certain amount of buffer between Untangle released and supported updates and the upstream repos. But where do you put that line?
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  7. #27
    Untangler
    Join Date
    May 2008
    Posts
    394

    Default

    Quote Originally Posted by sky-knight View Post
    But where do you put that line?
    I don't know were the line should be. I understand the need to test against Untangles modifications. I think for such critical updates it needs more priority than it gets now. If it was based on some bleeding edge distro I could see the long delay. Debian is a very conservative stable distro. If they deem it needs to be updated pay attention.

    As for trust would bet on debian long before Untangle at this point. Untangle has been based on "old" debian for years. Now it is much closer than it has in the past. A good trend. Only a few months behind. Is that good enough?

    As for automatic updates I don't run them on anything. I want to test before applying them. But they usually happen within a week.

  8. #28
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,161

    Default

    On non-critical systems like desktops yes. But on servers the game changes, and on a server that will bork the connection everything uses to get updates? How much more so?

    Yes... on the DNSMasq patch specifically I feel that should have been faster, because it's left every Untangle in the wild vulnerable to real risk. But, that's the first time to my memory this has happened. Usually Untangle's conservative approach has been to our collective benefit.

    Though I no longer know if that benefit is via intent or accident. Which is the largest issue for me.
    tjk and donhwyo like this.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Page 3 of 3 FirstFirst 123

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2