Бессонница, Debian Apt-get, dpkg... step by step и стратегия обновлений Linux

Бессоница не способствует сосредоточению. Я включил Kali компьютер в 4 утра... он предложил мне обновить 800mb... и, естественно, произошел сбой... И тут я "вспомнил все"... Если команда apt-get upgrade flashplugin-no не находит пакет flashplugin-no, то она предлагает обновить всё... соглашаться нельзя! Выводы:
1. Обновлять только используемые пакеты поштучно, но каждую неделю!!!
2. Раз в год переустанававливать всю сборку.
3. Все файлы пользователей хранить на отдельном диске\разделе.
4. Посещать askubuntu.com не реже, чем stackoverflow

Chapter 8 - The Debian package management tools
Руководство по Ubuntu Server » Управление пакетами
Using dpkg to install upgrade and dist-upgrade packages

Итак сегодня ранним утром я сделал очередную глупость на 800mb при помощи apt-get upgrade¶

Я задал обновление плагина для флеш-плеера (имени не помнил), то, что надо задавать имя пакета, а не файла - не помнил, то, как узнать имя пакета - не помнил... И так далее ... получим приблизительно вот такой ответ:

In []:

root@kali:/home/kiss# apt-get upgrade flashplugin-no
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following packages have been kept back:
  greenbone-security-assistant hackrf-tools kali-linux kali-linux-sdr libgnuradio-osmosdr
  libgnuradio-osmosdr-apps mitmproxy openvas openvas-cli openvas-manager openvas-scanner
  python-netlib python-openssl python-tornado sleuthkit volatility w3af w3af-console
The following packages will be upgraded:
  aircrack-ng apache2 apache2-mpm-prefork apache2-utils apache2.2-bin apache2.2-common apt
  apt-utils armitage at bind9-host binutils bsd-mailx ca-certificates cpio cups-bsd cups-client
  cups-common curl dbus dbus-x11 debian-archive-keyring dhcpig dnschef dnsrecon dnsutils
  evolution-data-server evolution-data-server-common exim4 exim4-base exim4-config
  exim4-daemon-light exploitdb extlinux fern-wifi-cracker file firebird2.5-common
  firebird2.5-common-doc firmware-adi firmware-atheros firmware-bnx2 firmware-bnx2x
  firmware-brcm80211 firmware-intelwimax firmware-ipw2x00 firmware-ivtv firmware-iwlwifi
  firmware-libertas firmware-linux firmware-linux-free firmware-linux-nonfree firmware-myricom
  firmware-netxen firmware-qlogic firmware-ralink firmware-realtek flashplugin-nonfree gnupg
  gpgv gqrx graphviz hashcat hashcat-utils hashid host icedtea-6-jre-cacao icedtea-6-jre-jamvm
  icedtea-7-jre-jamvm iceweasel intel-microcode ipython ipython-notebook
  ipython-notebook-common ipython-qtconsole iucode-tool kali-linux-full krb5-locales lbd
  libapache2-mod-php5 libapt-inst1.5 libapt-pkg4.12 libavcodec53 libavdevice53 libavformat53
  libavutil51 libbind9-80 libc-bin libc-dev-bin libc6 libc6-dev libc6-i686 libcamel-1.2-33
  libcdt4 libcgraph5 libcups2 libcupsimage2 libcurl3 libcurl3-gnutls libdbi-perl libdbus-1-3
  libdns88 libebackend-1.2-2 libebook-1.2-13 libecal-1.2-11 libedata-book-1.2-13
  libedata-cal-1.2-15 libedataserver-1.2-16 libedataserverui-3.0-1 libevent-2.0-5
  libevent-core-2.0-5 libevent-openssl-2.0-5 libevent-pthreads-2.0-5 libfbclient2 libflac8
  libgcrypt11 libgpgme11 libgraph4 libgssapi-krb5-2 libgssrpc4 libgvc5 libgvpr1 libisc84
  libisccc80 libisccfg82 libjasper1 libjpeg-progs libjpeg8 libk5crypto3 libkadm5clnt-mit8
  libkadm5srv-mit8 libkdb5-6 libkeyutils1 libkrb5-3 libkrb5support0 libksba8 liblua5.1-0
  liblwres80 liblzo2-2 libmagic-dev libmagic1 libmapi0 libmapiadmin0 libmozjs24d
  libmysqlclient18 libnss3 libnss3-1d libocpf0 libopenobex1 libopenobex1-dev libpathplan4
  libperl5.14 libpostproc52 libpq5 libproxychains3 libpurple-bin libpurple0 libsnmp-base
  libsnmp-perl libsnmp15 libssl-dev libssl-doc libssl1.0.0 libsvn1 libswscale2 libtasn1-3
  libxdot4 libxml2 libxml2-dev libxml2-utils libyaml-0-2 locales locales-all man-db
  maskprocessor metasploit metasploit-framework mfcuk mime-support
  mobile-broadband-provider-info multiarch-support mutt mysql-client-5.5 mysql-common
  mysql-server mysql-server-5.5 mysql-server-core-5.5 nginx nginx-common nginx-full nmap ntp
  oclhashcat oclhashcat-lite oclhashcat-plus openchangeclient openjdk-6-jdk openjdk-6-jre
  openjdk-6-jre-headless openjdk-6-jre-lib openjdk-7-jdk openjdk-7-jre openjdk-7-jre-headless
  openjdk-7-jre-lib openssh-client openssh-server openssl openvpn pdfid perl perl-base
  perl-modules php5 php5-cli php5-common php5-mysql pidgin-data postgresql-9.1
  postgresql-client-9.1 ppp procmail proxychains python-imaging python-imaging-tk
  python-libxml2 python-magic python-reportbug python-six python-yaml recon-ng reportbug
  responder rsyslog ruby-ansi ruby-ruby-progressbar set snmp snmpd spidermonkey-bin
  statsprocessor subversion syslinux syslinux-common tcpdump theharvester tor tor-dbg
  tor-geoipdb tzdata tzdata-java unzip wget wireless-regdb wpscan xdg-utils xserver-common
  xserver-xephyr xserver-xorg-core xulrunner-24.0 xvfb zaproxy zenmap
261 upgraded, 0 newly installed, 0 to remove and 18 not upgraded.
Need to get 0 B/840 MB of archives.
After this operation, 2,678 MB disk space will be freed.
Do you want to continue [Y/n]? 

И согласился, и пару часов качал пакеты..., потом (естественно) произошел сбой... И сколько раз я наступал на эти грабли (yum Centos, Anaconda, ... Windows update) Очевидно, что при большом перерыве в работе накапливаются обновления системы и приложений, кроме того, очень вероятны и конфликты приложений ... И я это "разгребал" с Conda последний раз в апреле прошлого года... Linux не умеет управлять процессом установки обновлений...

Нагуглил документацию и начал искать плагин¶

Внимание! Записи ниже моно использовать, как пошаговую инструкцию для обновлений :
1. Уточняем имя пакета dpkg -l | grep ... (как правило, имя программы с номером релиза, а пакета - нет)
2. Проверяем, установлен ли и где dpkg -L ...
3. Или устанавливаем apt-get install flashplugin-nonfree
4. Или обновляем apt-get upgrade ...

In [17]:

!dpkg -l | grep flash

ii  deblaze        0.1-1kali1   all          Performs testing against flash re

ii  flashplugin-no 1:3.2        i386         Adobe Flash Player - browser plug

Для получения списка файлов, установленных пакетом (в нашем случае flashplugin-no):

In [19]:

!dpkg -L flashplugin-no

dpkg-query: package 'flashplugin-no' is not installed

Use dpkg --info (= dpkg-deb --info) to examine archive files,

and dpkg --contents (= dpkg-deb --contents) to list their contents.

Я толком еще не понял, что плагин не установлен, наверное в процессе тотального обновления старый был снесен, потом произошел сбой, так я остался без плагина (это только полусонная версия)

In []:

root@kali:/home/kiss# apt-get upgrade flashplugin-no
E: dpkg was interrupted, you must manually run 'dpkg --configure -a' to correct the problem

Восстановление я выполнил не сразу, потому что не понимал, что я делаю, и что с этим делать дальше...

In []:

root@kali:/home/kiss# dpkg --configure -a
Processing triggers for menu ...
Processing triggers for man-db ...
Setting up bash (4.2+dfsg-0.1+deb7u3) ...
update-alternatives: using /usr/share/man/man7/bash-builtins.7.gz to provide /usr/share/man/man7/builtins.7.gz (builtins.7.gz) in auto mode
Processing triggers for menu ...

И вот здесь сработал метод тыка, и результаты чтения мануала Chapter 8 - The Debian package management tools¶

Я прочитал, что надо использовать имя пакета, а не файла, скопировал сюда (первый блок поста) сообщение из консоли, задал поиск по этой страице и обнаружил подходящее имя пакета flashplugin-nonfree

In []:

root@kali:/home/kiss# apt-get install flashplugin-nonfree
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following packages were automatically installed and are no longer required:
  libmozjs22d openjdk-7-jre-lib python-apsw python-utidylib xulrunner-22.0
Use 'apt-get autoremove' to remove them.
Suggested packages:
  konqueror-nsplugins ttf-mscorefonts-installer ttf-xfree86-nonfree
  flashplugin-nonfree-extrasound
The following packages will be upgraded:
  flashplugin-nonfree
1 upgraded, 0 newly installed, 0 to remove and 278 not upgraded.
Need to get 0 B/18.3 kB of archives.
After this operation, 152 kB disk space will be freed.
Reading changelogs... Done
(Reading database ... 376826 files and directories currently installed.)
Preparing to replace flashplugin-nonfree 1:3.2 (using .../flashplugin-nonfree_1%3a3.2+wheezy1_i386.deb) ...
Unpacking replacement flashplugin-nonfree ...
Processing triggers for man-db ...
Processing triggers for hicolor-icon-theme ...
Processing triggers for desktop-file-utils ...
Processing triggers for gnome-menus ...
Setting up flashplugin-nonfree (1:3.2+wheezy1) ...
--2015-01-12 17:25:44--  http://fpdownload.macromedia.com/get/flashplayer/pdc/11.2.202.425/install_flash_player_11_linux.i386.tar.gz
Resolving fpdownload.macromedia.com (fpdownload.macromedia.com)... 84.53.166.70
Connecting to fpdownload.macromedia.com (fpdownload.macromedia.com)|84.53.166.70|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 6926590 (6.6M) [application/x-gzip]
Saving to: `/tmp/flashplugin-nonfree.8br6kHQYzM/install_flash_player_11_linux.i386.tar.gz'

     0K .......... .......... .......... .......... ..........  0%  475K 14s
    50K .......... .......... .......... .......... ..........  1%  719K 12s
...
...
    6650K .......... .......... .......... .......... .......... 99%  131K 0s
    6700K .......... .......... .......... .......... .......... 99%  163K 0s
    6750K .......... ....                                       100%  110K=28s

2015-01-12 17:26:12 (242 KB/s) - `/tmp/flashplugin-nonfree.8br6kHQYzM/install_flash_player_11_linux.i386.tar.gz' saved [6926590/6926590]

Плагин (вроде бы) установился, попробовал открыть новое окно браузера (без перезагрузки Debian), но видеоплагин опять не просматривается ..., но уже с сообщением о том, что у меня браузер устарел....

In []:

root@kali:/home/kiss# apt-get install iceweasel
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following packages were automatically installed and are no longer required:
  libmozjs22d libmozjs24d openjdk-7-jre-lib python-apsw python-utidylib xulrunner-22.0
  xulrunner-24.0
Use 'apt-get autoremove' to remove them.
Suggested packages:
  fonts-stix otf-stix fonts-oflb-asana-math fonts-mathjax mozplugger libgnomeui-0
The following packages will be upgraded:
  iceweasel
1 upgraded, 0 newly installed, 0 to remove and 277 not upgraded.
Need to get 0 B/32.7 MB of archives.
After this operation, 71.7 MB of additional disk space will be used.
Reading changelogs... Done
(Reading database ... 376826 files and directories currently installed.)
Preparing to replace iceweasel 24.6.0esr-1~deb7u1 (using .../iceweasel_31.3.0esr-1~deb7u1_i386.deb) ...
Leaving 'diversion of /usr/bin/firefox to /usr/bin/firefox.real by iceweasel'
Unpacking replacement iceweasel ...
Processing triggers for menu ...
Processing triggers for man-db ...
Processing triggers for hicolor-icon-theme ...
Processing triggers for desktop-file-utils ...
Processing triggers for gnome-menus ...
Processing triggers for mime-support ...
Setting up iceweasel (31.3.0esr-1~deb7u1) ...
Installing new version of config file /etc/iceweasel/searchplugins/locale/en-US/yahoo.xml ...
Installing new version of config file /etc/iceweasel/searchplugins/locale/en-US/wikipedia.xml ...
Installing new version of config file /etc/iceweasel/searchplugins/locale/en-US/twitter.xml ...
Installing new version of config file /etc/iceweasel/searchplugins/locale/en-US/google.xml ...
Installing new version of config file /etc/iceweasel/searchplugins/locale/en-US/eBay.xml ...
Installing new version of config file /etc/iceweasel/searchplugins/locale/en-US/bing.xml ...
Installing new version of config file /etc/iceweasel/searchplugins/locale/en-US/amazondotcom.xml ...
Processing triggers for menu ...

Параллельно с этим процессом я установил графический менеджер пакетов Synaotic при помощи ltajknyjq графической оболочки Add/remove Packetsв Kali. Надеюсь, что она удобнее дефолтной обновлялки.

Приложение 1. Справка по apt-get¶

In [1]:

!apt-get -h

apt 0.9.7.9 for i386 compiled on Jun 12 2014 16:18:15

Usage: apt-get [options] command

       apt-get [options] install|remove pkg1 [pkg2 ...]

       apt-get [options] source pkg1 [pkg2 ...]



apt-get is a simple command line interface for downloading and

installing packages. The most frequently used commands are update

and install.



Commands:

   update - Retrieve new lists of packages

   upgrade - Perform an upgrade

   install - Install new packages (pkg is libc6 not libc6.deb)

   remove - Remove packages

   autoremove - Remove automatically all unused packages

   purge - Remove packages and config files

   source - Download source archives

   build-dep - Configure build-dependencies for source packages

   dist-upgrade - Distribution upgrade, see apt-get(8)

   dselect-upgrade - Follow dselect selections

   clean - Erase downloaded archive files

   autoclean - Erase old downloaded archive files

   check - Verify that there are no broken dependencies

   changelog - Download and display the changelog for the given package

   download - Download the binary package into the current directory



Options:

  -h  This help text.

  -q  Loggable output - no progress indicator

  -qq No output except for errors

  -d  Download only - do NOT install or unpack archives

  -s  No-act. Perform ordering simulation

  -y  Assume Yes to all queries and do not prompt

  -f  Attempt to correct a system with broken dependencies in place

  -m  Attempt to continue if archives are unlocatable

  -u  Show a list of upgraded packages as well

  -b  Build the source package after fetching it

  -V  Show verbose version numbers

  -c=? Read this configuration file

  -o=? Set an arbitrary configuration option, eg -o dir::cache=/tmp

See the apt-get(8), sources.list(5) and apt.conf(5) manual

pages for more information and options.

                       This APT has Super Cow Powers.

Приложение 2. Некоторые распечатки справки dpkg¶

In [2]:

!dpkg -h

dpkg: error: unknown option -h



Type dpkg --help for help about installing and deinstalling packages [*];

Use `dselect' or `aptitude' for user-friendly package management;

Type dpkg -Dhelp for a list of dpkg debug flag values;

Type dpkg --force-help for a list of forcing options;

Type dpkg-deb --help for help about manipulating *.deb files;



Options marked [*] produce a lot of output - pipe it through `less' or `more' !

In [3]:

!dpkg --help

Usage: dpkg [<option> ...] <command>



Commands:

  -i|--install       <.deb file name> ... | -R|--recursive <directory> ...

  --unpack           <.deb file name> ... | -R|--recursive <directory> ...

  -A|--record-avail  <.deb file name> ... | -R|--recursive <directory> ...

  --configure        <package> ... | -a|--pending

  --triggers-only    <package> ... | -a|--pending

  -r|--remove        <package> ... | -a|--pending

  -P|--purge         <package> ... | -a|--pending

  --get-selections [<pattern> ...] Get list of selections to stdout.

  --set-selections                 Set package selections from stdin.

  --clear-selections               Deselect every non-essential package.

  --update-avail <Packages-file>   Replace available packages info.

  --merge-avail <Packages-file>    Merge with info from file.

  --clear-avail                    Erase existing available info.

  --forget-old-unavail             Forget uninstalled unavailable pkgs.

  -s|--status <package> ...        Display package status details.

  -p|--print-avail <package> ...   Display available version details.

  -L|--listfiles <package> ...     List files `owned' by package(s).

  -l|--list [<pattern> ...]        List packages concisely.

  -S|--search <pattern> ...        Find package(s) owning file(s).

  -C|--audit                       Check for broken package(s).

  --add-architecture <arch>        Add <arch> to the list of architectures.

  --remove-architecture <arch>     Remove <arch> from the list of architectures.

  --print-architecture             Print dpkg architecture.

  --print-foreign-architectures    Print allowed foreign architectures.

  --compare-versions <a> <op> <b>  Compare version numbers - see below.

  --force-help                     Show help on forcing.

  -Dh|--debug=help                 Show help on debugging.



  -?, --help                       Show this help message.

      --version                    Show the version.



Use dpkg -b|--build|-c|--contents|-e|--control|-I|--info|-f|--field|

 -x|--extract|-X|--vextract|--fsys-tarfile  on archives (type dpkg-deb --help).



For internal use: dpkg --assert-support-predepends | --predep-package |

  --assert-working-epoch | --assert-long-filenames | --assert-multi-conrep |

  --assert-multi-arch.



Options:

  --admindir=<directory>     Use <directory> instead of /var/lib/dpkg.

  --root=<directory>         Install on a different root directory.

  --instdir=<directory>      Change installation dir without changing admin dir.

  --path-exclude=<pattern>   Do not install paths which match a shell pattern.

  --path-include=<pattern>   Re-include a pattern after a previous exclusion.

  -O|--selected-only         Skip packages not selected for install/upgrade.

  -E|--skip-same-version     Skip packages whose same version is installed.

  -G|--refuse-downgrade      Skip packages with earlier version than installed.

  -B|--auto-deconfigure      Install even if it would break some other package.

  --[no-]triggers            Skip or force consequential trigger processing.

  --no-debsig                Do not try to verify package signatures.

  --no-act|--dry-run|--simulate

                             Just say what we would do - don't do it.

  -D|--debug=<octal>         Enable debugging (see -Dhelp or --debug=help).

  --status-fd <n>            Send status change updates to file descriptor <n>.

  --status-logger=<command>  Send status change updates to <command>'s stdin.

  --log=<filename>           Log status changes and actions to <filename>.

  --ignore-depends=<package>,...

                             Ignore dependencies involving <package>.

  --force-...                Override problems (see --force-help).

  --no-force-...|--refuse-...

                             Stop when problems encountered.

  --abort-after <n>          Abort after encountering <n> errors.



Comparison operators for --compare-versions are:

  lt le eq ne ge gt       (treat empty version as earlier than any version);

  lt-nl le-nl ge-nl gt-nl (treat empty version as later than any version);

  < << <= = >= >> >       (only for compatibility with control file syntax).



Use `dselect' or `aptitude' for user-friendly package management.

In [20]:

!dpkg-deb --help

Usage: dpkg-deb [<option> ...] <command>



Commands:

  -b|--build <directory> [<deb>]   Build an archive.

  -c|--contents <deb>              List contents.

  -I|--info <deb> [<cfile> ...]    Show info to stdout.

  -W|--show <deb>                  Show information on package(s)

  -f|--field <deb> [<cfield> ...]  Show field(s) to stdout.

  -e|--control <deb> [<directory>] Extract control info.

  -x|--extract <deb> <directory>   Extract files.

  -X|--vextract <deb> <directory>  Extract & list files.

  -R|--raw-extract <deb> <directory>

                                   Extract control info and files.

  --fsys-tarfile <deb>             Output filesystem tarfile.



  -?, --help                       Show this help message.

      --version                    Show the version.



<deb> is the filename of a Debian format archive.

<cfile> is the name of an administrative file component.

<cfield> is the name of a field in the main `control' file.



Options:

  --showformat=<format>            Use alternative format for --show.

  -v, --verbose                    Enable verbose output.

  -D                               Enable debugging output.

  --old, --new                     Select archive format.

  --nocheck                        Suppress control file check (build bad

                                     packages).

  -z#                              Set the compression level when building.

  -Z<type>                         Set the compression type used when building.

                                     Allowed types: gzip, xz, bzip2, none.

  -S<strategy>                     Set the compression strategy when building.

                                     Allowed values: none, extreme (xz).



Format syntax:

  A format is a string that will be output for each package. The format

  can include the standard escape sequences \n (newline), \r (carriage

  return) or \\ (plain backslash). Package information can be included

  by inserting variable references to package fields using the ${var[;width]}

  syntax. Fields will be right-aligned unless the width is negative in which

  case left alignment will be used.



Use `dpkg' to install and remove packages from your system, or

`dselect' or `aptitude' for user-friendly package management.  Packages

unpacked using `dpkg-deb --extract' will be incorrectly installed !

Приложение 3. "Страшное" сообщение о непонятных атаках Wget¶

Страшное потому, что оно выскочило в 6 часов утра после сбоя обновления. Обновление было тотальным на 800mb теперь мне надо разбитаься, как работает apt-get... что, собственно написано... похоже на куски из обычного лога с уровнем INFO .... Но при этом apt-get "растерял" все связи с репозиториями:

In []:

root@kali:/home/kiss# apt-get upgrade flashplugin-no
E: dpkg was interrupted, you must manually run 'dpkg --configure -a' to correct the problem

Поэтому вот это я скопировал сегодня утром себе в назидание

In []:

  From 18b0979357ed7dc4e11d4f2b1d7e0f5932d82aa7 Mon Sep 17 00:00:00 2001
  From: Darshit Shah <darnir@gmail.com>
  Date: Sun, 07 Sep 2014 19:11:17 +0000
  Subject: CVE-2014-4877: Arbitrary Symlink Access
  
  Wget was susceptible to a symlink attack which could create arbitrary
  files, directories or symbolic links and set their permissions when
  retrieving a directory recursively through FTP. This commit changes the
  default settings in Wget such that Wget no longer creates local symbolic
  links, but rather traverses them and retrieves the pointed-to file in
  such a retrieval.
  
  The old behaviour can be attained by passing the --retr-symlinks=no
  option to the Wget invokation command.

 -- Thorsten Alteholz <debian@alteholz.de>  Wed, 29 Oct 2014 19:00:14 +0100

apache2 (2.2.22-13+deb7u2) stable; urgency=medium

  * This release adds support for SSL/TLS ECC keys and ECDH ciphers.

    If this change causes problems with some older clients, see
    /usr/share/doc/apache2/README.Debian.gz for a work-around.

 -- Stefan Fritsch <sf@debian.org>  Sun, 25 May 2014 13:05:40 +0200

iceweasel (31.0-1) unstable; urgency=medium

  * Since version 30.0, NTLMv1 authentication has been disabled because
    it's known as insecure. Companies and organizations still deploying
    the older protocol should upgrade to NTLMv2, unfortunately, it's not
     supported by iceweasel.
    It is however still possible to toggle the preference to continue using
    NTLMv1, though the NTLM auth support is considered deprecated, by
    switching the network.negotiate-auth.allow-insecure-ntlm-v1 preference
    in about:config.

    See https://developer.mozilla.org/en-US/Firefox/Releases/30/Site_Compatibility#Security
    for more details.

 -- Mike Hommey <glandium@debian.org>  Wed, 23 Jul 2014 07:38:31 +0900

ca-certificates (20130119+deb7u1) stable; urgency=low

  Update mozilla/certdata.txt to version 1.97
    Certificates added (+), removed (-), and renamed (~):
    + "ACCVRAIZ1"
    + "Atos TrustedRoot 2011"
    + "CA Disig Root R1"
    + "CA Disig Root R2"
    + "China Internet Network Information Center EV Certificates Root"
    + "D-TRUST Root Class 3 CA 2 2009"
    + "D-TRUST Root Class 3 CA 2 EV 2009"
    + "E-Tugra Certification Authority"
    + "PSCProcert"
    + "SG TRUST SERVICES RACINE"
    + "StartCom Certification Authority"
    ~ "StartCom Certification Authority"_2
      (both StartCom CAs now included with duplicate CKA_LABEL fix)
    + "Swisscom Root CA 2"
    + "Swisscom Root EV CA 2"
    + "T-TeleSec GlobalRoot Class 2"
    + "TURKTRUST Certificate Services Provider Root 2007"
    + "TWCA Global Root CA"
    + "TeliaSonera Root CA v1"
    + "Verisign Class 3 Public Primary Certification Authority"
    ~ "Verisign Class 3 Public Primary Certification Authority"_2
      (both Verisign Class 3 CAs now included with duplicate CKA_LABEL fix)
    - "Equifax Secure eBusiness CA 2"




 -- Michael Shuler <michael@pbandjelly.org>  Sun, 30 Mar 2014 17:49:01 -0500

firebird2.5 (2.5.2.26540.ds4-1) unstable; urgency=low

  Important for big-endian server installations:

  It has been discovered that before Firebird 2.5.2 (as packaged in debian
  package version 2.5.2.26539.ds4-1), CHAR_TO_UUID and UUID_TO_CHAR
  built-in functions work incorrectly on big-endian servers. On such machines,
  bytes/characters are swapped and go in wrong positions when converting. The
  bug is fixed in this release, but that means these functions now return
  different values than before for the same input parameter.

  Additionally, the CHAR_TO_UUID2/UUID_TO_CHAR2 functions that were added as
  fixed variants of the buggy functions in the 2.5.2 development cycle are
  dropped in this release.

 -- Damyan Ivanov <dmn@debian.org>  Wed, 07 Nov 2012 17:52:10 +0200

intel-microcode (1.20140913.1) stable; urgency=low

    This release drops support for automatically applying microcode
    updates without a reboot.  The microcode updates can still be applied
    without a reboot through manual action of the system administrator,
    but this operation is not considered safe anymore.

    Microcodes known to be dangerous have been renamed so that they will
    not be found by the microcode module, except inside the initramfs.
    This is a reactive blacklisting: it is unlikely to be complete at any
    point in time.

    Refer to /usr/share/doc/intel-microcode/README.Debian for details.

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Fri, 10 Oct 2014 12:27:57 -0300

(q to quit)

Посты чуть ниже также могут вас заинтересовать