|
|
| (9 intermediate revisions by one other user not shown) |
| Line 1: |
Line 1: |
| ==Sissejuhatus== | | ==Sissejuhatus== |
| Järgnev artikkel kirjeldab programmi apticron, selle paigaldamist ja seadistamist Linux operatsioonisüsteemides. Juhendi dokumentatsioon on koostatud Ubuntu 10.10 ja Ubuntu Server põhjal. Selleks, et apticron töötaks peab olema paigaldatud ja korrektselt seadistatud postiedastusagent (ing k Mail Transport Agent) , milleks on näiteks postfix. | | Järgnev artikkel kirjeldab programmi apticron, selle paigaldamist ja seadistamist Linux operatsioonisüsteemides. Juhendi dokumentatsioon on koostatud Ubuntu 10.10 ja Ubuntu Server 2.6.35-28 põhjal. Selleks, et apticron töötaks peab olema paigaldatud ja korrektselt seadistatud postiedastusagent (ing k Mail Transport Agent) , milleks on näiteks postfix. |
|
| |
|
| ==Programmist== | | ==Programmist== |
| Line 15: |
Line 15: |
|
| |
|
| */etc/apticron/apticron.conf | | */etc/apticron/apticron.conf |
| | Konfiguratsiooni fail, et seadistada e-posti aadress, kuhu teated saadetakse. Samuti saab seadistada apt-listchanges profiili, kui soovitakse seda programmi kasutada koos apticroniga, mida vaikimisi ei kasutata. |
| | |
| */etc/cron.d/apticron | | */etc/cron.d/apticron |
| | Süsteemi protsessi cron töö, mis käivitab apticron'i vastavalt määratud ajakavale. |
| | |
| */etc/cron.daily/apticron | | */etc/cron.daily/apticron |
| | Süsteemi protsessi cron asendustoimingu skript apticron’i igapäevaseks käivitamiseks (juhul kui cron.d ei tööta või süsteem on maas cron.d’s määratud programmi käivitamise ajal). |
| | |
| */var/lib/misc/apticron.cron | | */var/lib/misc/apticron.cron |
| | Ajatempli fail |
| | |
| */usr/sbin/apticron | | */usr/sbin/apticron |
| | Programmi apticron skript |
|
| |
|
| ==Seadistamine== | | ==Seadistamine== |
| Selleks, et apticron saadaks uuenduste nimekirja soovitud e-posti aadressile tuleb juurkasutaja õigustes avada teksti redaktoriga apticroni konfiguratsiooni fail. | | Selleks, et apticron saadaks uuenduste nimekirja soovitud e-posti aadressile tuleb juurkasutaja õigustes avada tekstiredaktoriga (näites on see avatud programmiga nano) apticroni konfiguratsiooni fail. |
|
| |
|
| <source lang="bash">/etc/apticron/apticron.conf</source> | | <source lang="bash">nano /etc/apticron/apticron.conf</source> |
|
| |
|
| Konfiguratsiooni failis tuleb muuta kirje EMAIL=“root“ ning selle asemel sisestada: | | Konfiguratsiooni failis tuleb muuta kirje EMAIL=“root“ ning selle asemel sisestada: |
| Line 75: |
Line 84: |
| Järgnevalt on välja toodud näidis, milline näeb välja apticron'i poolt e-postiga saadetud teade süsteemis ootel olevatest uuendustest. | | Järgnevalt on välja toodud näidis, milline näeb välja apticron'i poolt e-postiga saadetud teade süsteemis ootel olevatest uuendustest. |
|
| |
|
| Järgnev teade on saadetud programmi apticron poolt operatsioonisüsteemis Ubuntu 10.10: | | Järgnev teade on saadetud programmi apticron poolt operatsioonisüsteemis Ubuntu Server: |
|
| |
|
| <source lang="bash"> | | <source lang="bash"> |
| apticron report [Mon, 25 Apr 2011 16:24:37 +0300] ======================================================================== | | apticron report [Fri, 29 Apr 2011 12:10:28 +0300] ======================================================================== |
|
| |
|
| apticron has detected that some packages need upgrading on: | | apticron has detected that some packages need upgrading on: |
|
| |
|
| arvi-VirtualBox | | ubuntu-server.itcollege.ee |
| [ ::1 127.0.1.1 10.0.2.15 10.0.2.15 ] | | [ 127.0.1.1 10.0.2.15 ] |
|
| |
|
| The following packages are currently pending an upgrade: | | The following packages are currently pending an upgrade: |
|
| |
|
| chromium-browser 10.0.648.205~r81283-0ubuntu0.10.10.1 | | ntpdate 1:4.2.4p8+dfsg-1ubuntu6.1 |
| chromium-browser-inspector 10.0.648.205~r81283-0ubuntu0.10.10.1
| | rsync 3.0.7-2ubuntu1.1 |
| chromium-codecs-ffmpeg 10.0.648.205~r81283-0ubuntu0.10.10.1
| | tzdata 2011g-0ubuntu0.10.10 |
| dhcp3-client 3.1.3-2ubuntu6.2
| |
| dhcp3-common 3.1.3-2ubuntu6.2
| |
| gdm 2.30.5-0ubuntu4.1
| |
| gnome-power-manager 2.32.0-0ubuntu1.1
| |
| gnome-terminal 2.32.0-0ubuntu1.1
| |
| gnome-terminal-data 2.32.0-0ubuntu1.1
| |
| indicator-application 0.2.9-0ubuntu1.1
| |
| initscripts 2.87dsf-4ubuntu19.1
| |
| language-selector 0.6.8
| |
| language-selector-common 0.6.8
| |
| libappindicator0.1-cil 0.2.9-0ubuntu1.1
| |
| libappindicator1 0.2.9-0ubuntu1.1
| |
| libgssapi-krb5-2 1.8.1+dfsg-5ubuntu0.7
| |
| libk5crypto3 1.8.1+dfsg-5ubuntu0.7
| |
| libkrb5-3 1.8.1+dfsg-5ubuntu0.7
| |
| libkrb5support0 1.8.1+dfsg-5ubuntu0.7
| |
| libldap-2.4-2 2.4.23-0ubuntu3.5 | |
| libnss3-1d 3.12.9+ckbi-1.82-0ubuntu0.10.10.1
| |
| libpolkit-agent-1-0 0.96-2ubuntu1.1
| |
| libpolkit-backend-1-0 0.96-2ubuntu1.1
| |
| libpolkit-gobject-1-0 0.96-2ubuntu1.1
| |
| libslp1 1.2.1-7.7ubuntu0.1
| |
| libsmbclient 2:3.5.4~dfsg-1ubuntu8.4
| |
| libtiff4 3.9.4-2ubuntu0.4
| |
| libwbclient0 2:3.5.4~dfsg-1ubuntu8.4
| |
| linux-firmware 1.38.6
| |
| linux-generic 2.6.35.28.36
| |
| linux-headers-2.6.35-28 2.6.35-28.50
| |
| linux-headers-2.6.35-28-generic 2.6.35-28.50
| |
| linux-headers-generic 2.6.35.28.36
| |
| linux-image-2.6.35-28-generic 2.6.35-28.50
| |
| linux-image-generic 2.6.35.28.36
| |
| policykit-1 0.96-2ubuntu1.1
| |
| python-appindicator 0.2.9-0ubuntu1.1
| |
| python-cupshelpers 1.2.3+20100723-0ubuntu8.2
| |
| python-gnomeapplet 2.30.0-1ubuntu5.1
| |
| python-gnomekeyring 2.30.0-1ubuntu5.1
| |
| python-gtkspell 2.25.3-5ubuntu2.1
| |
| python-wnck 2.30.0-1ubuntu5.1
| |
| samba-common 2:3.5.4~dfsg-1ubuntu8.4
| |
| samba-common-bin 2:3.5.4~dfsg-1ubuntu8.4
| |
| smbclient 2:3.5.4~dfsg-1ubuntu8.4
| |
| system-config-printer-common 1.2.3+20100723-0ubuntu8.2
| |
| system-config-printer-gnome 1.2.3+20100723-0ubuntu8.2
| |
| system-config-printer-udev 1.2.3+20100723-0ubuntu8.2
| |
| sysv-rc 2.87dsf-4ubuntu19.1
| |
| sysvinit-utils 2.87dsf-4ubuntu19.1
| |
| tomboy 1.4.2-0ubuntu2
| |
| tzdata 2011e-0ubuntu0.10.10 | |
| update-manager 1:0.142.23
| |
| update-manager-core 1:0.142.23
| |
| w3m 0.5.2-6ubuntu1
| |
| x11-xserver-utils 7.5+2ubuntu1.1
| |
|
| |
|
| ======================================================================== | | ======================================================================== |
| Line 149: |
Line 105: |
|
| |
|
| Reading changelogs... | | Reading changelogs... |
| --- Changes for chromium-browser (chromium-browser chromium-browser-inspector chromium-codecs-ffmpeg) --- chromium-browser (10.0.648.205~r81283-0ubuntu0.10.10.1) maverick-security; urgency=high | | --- Changes for ntp (ntpdate) --- |
| | | ntp (1:4.2.4p8+dfsg-1ubuntu6.1) maverick-proposed; urgency=low |
| * New upstream minor release from the Stable Channel (LP: #762275)
| |
| This release fixes the following security issues:
| |
| - [75629] Critical, CVE-2011-1301: Use-after-free in the GPU process.
| |
| Credit to Google Chrome Security Team (Inferno).
| |
| - [78524] Critical, CVE-2011-1302: Heap overflow in the GPU process. Credit
| |
| to Christoph Diehl.
| |
| This releasse also contains the security fixes from 10.0.648.204~r79063
| |
| (which has been skipped by the sponsors) (LP: #742118)
| |
| + Webkit bugs:
| |
| - [73216] High, CVE-2011-1292: Use-after-free in the frame loader. Credit
| |
| to Sławomir Błażek.
| |
| - [73595] High, CVE-2011-1293: Use-after-free in HTMLCollection. Credit
| |
| to Sergey Glazunov.
| |
| - [74562] High, CVE-2011-1294: Stale pointer in CSS handling. Credit to
| |
| Sergey Glazunov.
| |
| - [74991] High, CVE-2011-1295: DOM tree corruption with broken node
| |
| parentage. Credit to Sergey Glazunov.
| |
| - [75170] High, CVE-2011-1296: Stale pointer in SVG text handling. Credit
| |
| to Sergey Glazunov.
| |
| + Chromium bugs:
| |
| - [72517] High, CVE-2011-1291: Buffer error in base string handling.
| |
| Credit to Alex Turpin.
| |
| Packaging changes:
| |
| * Set arm_fpu=vfpv3-d16 on arm (less restrictive than the default vfpv3)
| |
| preventing a SIGILL crash on some boards (LP: #735877)
| |
| - update debian/control
| |
| * Install libppGoogleNaClPluginChrome.so (LP: #738331)
| |
| - update debian/rules
| |
| - update debian/chromium-browser.install
| |
| * Fix the apport hooks to pass the expected 'ui' to add_info(), needed when
| |
| called from apport/ubuntu-bug (LP: #759635)
| |
| - update debian/apport/chromium-browser.py
| |
| * NaCL may be blacklisted, so only include it when it's actually been
| |
| built (fixes the ftbfs on arm) (LP: #745854)
| |
| - update debian/rules
| |
| - update debian/chromium-browser.install
| |
| * Harden the apport hooks in the extensions section
| |
| - update debian/apport/chromium-browser.py
| |
| | |
| -- Fabien Tassin <fta@ubuntu.com> Thu, 14 Apr 2011 22:36:16 +0200
| |
| | |
| --- Changes for dhcp3 (dhcp3-client dhcp3-common) ---
| |
| dhcp3 (3.1.3-2ubuntu6.2) maverick-security; urgency=low
| |
| | |
| * SECURITY UPDATE: arbitrary code execution via crafted hostname
| |
| - Patch for CVE-2011-0997 was getting reverted during the build
| |
| because of special quilt handling in debian/rules for the ldap
| |
| patches.
| |
| - debian/patches/00list: move CVE-2011-0997 patch before the ldap
| |
| patches, and add comment.
| |
| - CVE-2011-0997
| |
| | |
| -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 19 Apr 2011 09:03:47 -0400
| |
| | |
| dhcp3 (3.1.3-2ubuntu6.1) maverick-security; urgency=low
| |
| | |
| * SECURITY UPDATE: arbitrary code execution via crafted hostname
| |
| - debian/patches/CVE-2011-0997.dpatch: filter strings in
| |
| client/dhclient.c, common/options.c.
| |
| - CVE-2011-0997
| |
| | |
| -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 11 Apr 2011 08:55:27 -0400
| |
| | |
| --- Changes for gdm ---
| |
| gdm (2.30.5-0ubuntu4.1) maverick-security; urgency=low
| |
| | |
| * SECURITY UPDATE: race condition allowing privilege escalation
| |
| - debian/patches/91_CVE-2011-0727.patch: fix
| |
| daemon/gdm-session-worker.c to copy files as session user rather
| |
| than root followed by a subsequent chown.
| |
| - CVE-2011-0727
| |
| | |
| -- Steve Beattie <sbeattie@ubuntu.com> Tue, 29 Mar 2011 09:27:07 -0700
| |
| | |
| --- Changes for gnome-power-manager ---
| |
| gnome-power-manager (2.32.0-0ubuntu1.1) maverick-proposed; urgency=low
| |
| | |
| * debian/patches/12-add-appindicators.patch:
| |
| - Fix leak by working around a libappindicator bug. LP: #569273
| |
| | |
| -- Michael Terry <mterry@ubuntu.com> Wed, 16 Mar 2011 15:55:26 -0400
| |
| | |
| --- Changes for gnome-python-desktop (python-gnomeapplet python-gnomekeyring python-wnck) --- gnome-python-desktop (2.30.0-1ubuntu5.1) maverick-proposed; urgency=low
| |
| | |
| * 01_wnck_enums.patch: Patch from upstream bugzilla, fix flags in the wnck
| |
| module that were declared as enums. (LP: #642913)
| |
| | |
| -- Stefano Rivera <stefanor@ubuntu.com> Sat, 12 Mar 2011 23:55:41 +0200
| |
| | |
| --- Changes for gnome-python-extras (python-gtkspell) --- gnome-python-extras (2.25.3-5ubuntu2.1) maverick-proposed; urgency=low
| |
| | |
| * Have dh_xulrunner install a dependency on xulrunner for python-gtkmozembed
| |
| again (LP: #695728)
| |
| - update debian/rules
| |
| | |
| -- Micah Gersten <micahg@ubuntu.com> Fri, 07 Jan 2011 09:21:14 -0600
| |
| | |
| --- Changes for gnome-terminal (gnome-terminal gnome-terminal-data) --- gnome-terminal (2.32.0-0ubuntu1.1) maverick-proposed; urgency=low
| |
| | |
| * debian/patches/21_watch_clipboard.patch:
| |
| - Watch clipboard contents for paste shorkey to work. (LP: #630383)
| |
| | |
| -- Omer Akram <om26er@ubuntu.com> Sun, 13 Mar 2011 20:20:13 +0500
| |
| | |
| --- Changes for indicator-application (indicator-application libappindicator0.1-cil libappindicator1 python-appindicator) --- indicator-application (0.2.9-0ubuntu1.1) maverick-proposed; urgency=low
| |
| | |
| * debian/patches/10-fix-theme-changed-crash.patch:
| |
| - Don't crash due to theme changes. LP: #708188
| |
| | |
| -- Michael Terry <mterry@ubuntu.com> Wed, 16 Mar 2011 15:28:25 -0400
| |
| | |
| --- Changes for krb5 (libgssapi-krb5-2 libk5crypto3 libkrb5-3 libkrb5support0) ---
| |
| krb5 (1.8.1+dfsg-5ubuntu0.7) maverick-security; urgency=low
| |
| | |
| * SECURITY UPDATE: kadmind denial of service from freeing of uninitialized
| |
| pointer.
| |
| - src/kadmin/server/{network,schpw}.c: fix, thanks to upstream.
| |
| - CVE-2011-0285
| |
| - MITKRB5-SA-2011-004
| |
| | |
| -- Kees Cook <kees@ubuntu.com> Mon, 18 Apr 2011 15:40:00 -0700
| |
| | |
| --- Changes for language-selector (language-selector language-selector-common) --- language-selector (0.6.8) maverick-security; urgency=low
| |
| | |
| * debian/language-selector-common.postinst: allow missing backend.
| |
| | |
| -- Kees Cook <kees@ubuntu.com> Tue, 19 Apr 2011 13:08:16 -0700
| |
| | |
| language-selector (0.6.7) maverick-security; urgency=low
| |
| | |
| [ Kees Cook ]
| |
| * SECURITY UPDATE: language selector backend did not verify policy kit
| |
| authentication.
| |
| - debian/language-selector-common.postinst: shut down old backend.
| |
| - CVE-2011-0729
| |
| | |
| [ Martin Pitt ]
| |
| * dbus_backend/ls-dbus-backend: Actually look at the PolicyKit check result
| |
| and only proceed if it succeeded. Thanks to Romain Perier for finding this
| |
| and providing the patch! This fixes a local root privilege escalation, as
| |
| this allows any authenticated user to write arbitrary shell commands into
| |
| /etc/default/locale. (LP: #764397)
| |
| * dbus_backend/ls-dbus-backend: Reject locale names with invalid characters
| |
| in it, to further prevent injecting shell code into /etc/default/locale
| |
| for authenticated users. Thanks to Felix Geyer for the initial patch!
| |
| (LP: #764397)
| |
| * debian/control: Update Vcs-Bzr: for newly created maverick branch.
| |
| | |
| -- Kees Cook <kees@ubuntu.com> Tue, 19 Apr 2011 10:31:37 -0700
| |
| | |
| --- Changes for linux-firmware ---
| |
| linux-firmware (1.38.6) maverick-proposed; urgency=low
| |
| | |
| * iwlwifi: add updated firmware for 5000 devices
| |
| update iwlwifi-5000-5.ucode for 5000 series devices
| |
| version: 8.83.5.1 - fix "tid mismatch" issue
| |
| - LP: #728510
| |
| | |
| -- Tim Gardner <tim.gardner@canonical.com> Thu, 03 Mar 2011 09:05:44 -0700
| |
| | |
| --- Changes for linux-meta (linux-generic linux-headers-generic linux-image-generic) --- linux-meta (2.6.35.28.36) maverick-proposed; urgency=low
| |
| | |
| * Bump ABI - Maverick ABI 28
| |
| | |
| -- Brad Figg <brad.figg@canonical.com> Mon, 28 Feb 2011 14:46:01 -0800
| |
|
| |
|
| linux-meta (2.6.35.27.35) maverick-proposed; urgency=low
| | * debian/patches/fix-noipv4.patch: support running in IPv6 only |
| | environments (LP: #715152). |
|
| |
|
| [ Tim Gardner ]
| | -- James Page <james.page@canonical.com> Wed, 06 Apr 2011 11:19:26 +0100 |
|
| |
|
| * LBM generic-pae packages are only built for i386
| | --- Changes for rsync --- |
| - LP: #720139
| | rsync (3.0.7-2ubuntu1.1) maverick-security; urgency=low |
| * LBM server packages are only built for amd64
| |
| - LP: #720139
| |
|
| |
|
| -- Stefan Bader <stefan.bader@canonical.com> Thu, 17 Feb 2011 14:55:31 +0100
| | * SECURITY UPDATE: denial of service and possible arbitrary code |
| | execution via malformed data |
| | - debian/patches/security-CVE-2011-1097.diff: introduce and use |
| | FLAG_OWNED_BY_US in flist.c, generator.c, log.c, rsync.*. |
| | - CVE-2011-1097 |
|
| |
|
| linux-meta (2.6.35.27.34) maverick-proposed; urgency=low
| | -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 08 Apr 2011 10:05:29 -0400 |
| | |
| * Bump ABI - Maverick ABI 26
| |
| | |
| -- Brad Figg <brad.figg@canonical.com> Thu, 10 Feb 2011 13:54:00 -0800
| |
| | |
| linux-meta (2.6.35.26.33) maverick-proposed; urgency=low
| |
| | |
| * Bump ABI - Maverick ABI 26
| |
| | |
| -- Steve Conklin <sconklin@canonical.com> Fri, 28 Jan 2011 14:50:56 -0600
| |
| | |
| --- Changes for nss (libnss3-1d) ---
| |
| nss (3.12.9+ckbi-1.82-0ubuntu0.10.10.1) maverick-security; urgency=low
| |
| | |
| * New upstream release v3.12.9 with updated ckbi module
| |
| (NSS_3_12_9_WITH_CKBI_1_82_RTM)
| |
| - SECURITY UPDATE: Update "builtin certificates" module (ckbi) to
| |
| explicitly mark the recently issued and revoked fraudulent certificates
| |
| as explicitly not trusted; NSS will report SEC_ERROR_UNTRUSTED_CERT when
| |
| attempting to verify one of these fraudulent certificates (LP: #741729)
| |
| * Add new symbols
| |
| - update debian/libnss3-1d.symbols
| |
| | |
| -- Micah Gersten <micahg@ubuntu.com> Tue, 29 Mar 2011 03:13:10 -0500
| |
| | |
| --- Changes for openldap (libldap-2.4-2) --- openldap (2.4.23-0ubuntu3.5) maverick-security; urgency=low
| |
| | |
| * SECURITY UPDATE: fix successful anonymous bind via chain overlay when
| |
| using forwarded authentication failures
| |
| - debian/patches/CVE-2011-1024
| |
| - CVE-2011-1024
| |
| * SECURITY UPDATE: verify password when authenticating to rootdn and using ndb
| |
| backend. Note: Ubuntu is not compiled with --enable-ndb by default
| |
| - debian/patches/CVE-2011-1025
| |
| - CVE-2011-1025
| |
| * SECURITY UPDATE: fix DoS when processing unauthenticated modrdn requests
| |
| and requestDN is empty
| |
| - debian/patches/CVE-2011-1081
| |
| - CVE-2011-1081
| |
| | |
| -- Jamie Strandboge <jamie@ubuntu.com> Wed, 16 Mar 2011 09:48:17 -0500
| |
| | |
| --- Changes for openslp-dfsg (libslp1) --- openslp-dfsg (1.2.1-7.7ubuntu0.1) maverick-security; urgency=low
| |
| | |
| * SECURITY UPDATE: denial of service via circular reference
| |
| - debian/patches/CVE-2010-3609.patch: detect circular reference in
| |
| common/slp_message.c. Patch thanks to SUSE.
| |
| - CVE-2010-3609
| |
| * debian/rules: add dh_quilt_patch and dh_quilt_unpatch so patches in
| |
| debian/patches actually get applied.
| |
| * debian/patches/series: disable 01_have_net_if_arp.diff and
| |
| 99_autoreconf.diff since they had never been applied.
| |
| | |
| -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 05 Apr 2011 14:50:59 -0400 | |
| | |
| --- Changes for policykit-1 (libpolkit-agent-1-0 libpolkit-backend-1-0 libpolkit-gobject-1-0 policykit-1) ---
| |
| policykit-1 (0.96-2ubuntu1.1) maverick-security; urgency=low
| |
| | |
| * SECURITY UPDATE: avoid /proc race conditions when checking privileges
| |
| for pkexec.
| |
| - 10_fix_proc_race.patch
| |
| - CVE-2011-1485
| |
| | |
| -- Kees Cook <kees@ubuntu.com> Tue, 19 Apr 2011 12:25:33 -0700
| |
| | |
| --- Changes for samba (libsmbclient libwbclient0 samba-common samba-common-bin smbclient) --- samba (2:3.5.4~dfsg-1ubuntu8.4) maverick-proposed; urgency=low
| |
| | |
| * debian/patches/ntlm-auth-lp623342.patch: ntlm_auth returns an invalid
| |
| response key. (LP: #623342) Patch taken from upstream
| |
| (https://bugzilla.samba.org/show_bug.cgi?id=7568)
| |
| | |
| -- Stefano Rivera <stefanor@ubuntu.com> Wed, 02 Mar 2011 22:38:19 +0100
| |
| | |
| --- Changes for system-config-printer (python-cupshelpers system-config-printer-common system-config-printer-gnome system-config-printer-udev) --- system-config-printer (1.2.3+20100723-0ubuntu8.2) maverick-proposed; urgency=low
| |
| | |
| * debian/patches/75_do-not-list-duplicate-ppd-nicknames.patch: Fixed the
| |
| patch to suppress duplicate listings of the same PPD file. The wrong
| |
| entries were correctly suppressed, but the selection was applied to list
| |
| which still contained them and so it often came to another driver than the
| |
| selected one being set up (LP: #739375).
| |
| | |
| -- Till Kamppeter <till.kamppeter@gmail.com> Tue, 22 Mar 2010 20:54:06 +0100
| |
| | |
| --- Changes for sysvinit (initscripts sysv-rc sysvinit-utils) --- sysvinit (2.87dsf-4ubuntu19.1) maverick-proposed; urgency=low
| |
| | |
| * debian/initscripts/etc/init.d/umountroot: Improve handling of
| |
| respawn of init: we now wait for inits map file to change. If this doesn't
| |
| happen within 5 seconds, we unmount forcibly. (LP: #672177)
| |
| | |
| -- James Hunt <james.hunt@ubuntu.com> Fri, 28 Jan 2011 11:45:35 +0000
| |
| | |
| --- Changes for tiff (libtiff4) ---
| |
| tiff (3.9.4-2ubuntu0.4) maverick-security; urgency=low
| |
| | |
| * SECURITY UPDATE: arbitrary code execution via malformed JPEG
| |
| - debian/patches/CVE-2009-5022.patch: check width in
| |
| libtiff/tif_ojpeg.c.
| |
| - CVE-2009-5022
| |
| | |
| -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 20 Apr 2011 13:04:56 -0400
| |
| | |
| tiff (3.9.4-2ubuntu0.3) maverick-security; urgency=low
| |
| | |
| * SECURITY UPDATE: arbitrary code execution via crafted
| |
| THUNDER_2BITDELTAS data
| |
| - debian/patches/CVE-2011-1167.patch: validate bitspersample and
| |
| make sure npixels is sane in libtiff/tif_thunder.c.
| |
| - CVE-2011-1167
| |
| | |
| -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 30 Mar 2011 13:02:48 -0400
| |
| | |
| --- Changes for tomboy ---
| |
| tomboy (1.4.2-0ubuntu2) maverick-proposed; urgency=low
| |
| | |
| * debian/patches/06_use_ubuntu_sso.patch
| |
| - Use the Ubuntu One production services instead of edge
| |
| servers (LP: #745721)
| |
| | |
| -- Ken VanDine <ken.vandine@canonical.com> Wed, 30 Mar 2011 10:28:48 -0400
| |
|
| |
|
| --- Changes for tzdata --- | | --- Changes for tzdata --- |
| tzdata (2011e-0ubuntu0.10.10) maverick-proposed; urgency=low | | tzdata (2011g-0ubuntu0.10.10) maverick-proposed; urgency=low |
| | |
| * New upstream release 2011e: (LP: #747946)
| |
| - africa: Add start and end of DST in 2011 in Morocco.
| |
| - southamerica: For Chile, delay end of DST in 2011 from April 2nd to May 7th
| |
|
| |
|
| -- Gary Lasker <gary.lasker@canonical.com> Sat, 02 Apr 2011 11:21:16 -0400
| | * New upstream release 2011g: (LP: #770622) |
| | - Egypt abandons DST in 2011 (and forward) |
| | (thanks to Alexander Krivenyshev) |
|
| |
|
| --- Changes for update-manager (update-manager update-manager-core) --- update-manager (1:0.142.23) maverick-proposed; urgency=low
| | -- Gary Lasker <gary.lasker@canonical.com> Mon, 25 Apr 2011 21:42:07 -0400 |
| | |
| * DistUpgrade/DistUpgradeController.py:
| |
| - add quirks handler for upgrade form the kubuntu ppa
| |
| (LP: #680088)
| |
| * UpdateManager/Core/DistUpgradeFetcherCore.py, do-release-upgrade:
| |
| - fix deprecation warnings (LP: #744990)
| |
| | |
| -- Michael Vogt <michael.vogt@ubuntu.com> Wed, 30 Mar 2011 10:01:59 +0200 | |
| | |
| --- Changes for w3m ---
| |
| w3m (0.5.2-6ubuntu1) maverick-proposed; urgency=low
| |
| | |
| * debian/patches/091_button.patch:
| |
| - Support the button element as defined in HTML 4.01.
| |
| Backport of 020_button.patch from natty.
| |
| (LP: #683337, Closes: #136810)
| |
| | |
| -- Tuomas Heino <iheino+ub@cc.hut.fi> Mon, 17 Jan 2011 09:57:32 +0200
| |
| | |
| --- Changes for x11-xserver-utils ---
| |
| x11-xserver-utils (7.5+2ubuntu1.1) maverick-security; urgency=low
| |
| | |
| * SECURITY UPDATE: root escalation via rogue hostname (LP: #752315)
| |
| - xrdb: Create shell-escape-safe cpp options in the non-pathetic-cpp
| |
| case.
| |
| - http://cgit.freedesktop.org/xorg/app/xrdb/commit/?id=1027d5df07398c1507fb1fe3a9981aa6b4bc3a56
| |
| - CVE-2011-0465
| |
| | |
| -- Timo Aaltonen <tjaalton@ubuntu.com> Wed, 06 Apr 2011 17:44:41 +0300
| |
|
| |
|
| ======================================================================== | | ======================================================================== |
| Line 495: |
Line 139: |
| aptitude full-upgrade | | aptitude full-upgrade |
|
| |
|
| as root on arvi-VirtualBox | | as root on ubuntu-server.itcollege.ee |
|
| |
|
| -- | | -- |
| apticron | | apticron |
| | </source> |
|
| |
|
| </source>
| | ==Kokkuõte== |
| | Lühidalt võib öelda, et apticron on väike programm, mida on lihtne paigaldada ja seadistada. Apticron pakub automaatset meeldetuletust e-posti aadressile, süsteemis ootel olevatest uuendustest. |
| | |
| | ==Kasutatud kirjandus== |
| | *[http://tfm.cz/man/1/apticron http://tfm.cz/man/1/apticron] |
| | *[http://www.scrounge.org/linux/cron.html http://www.scrounge.org/linux/cron.html] |
| | *[http://www.debian-administration.org/articles/491 http://www.debian-administration.org/articles/491] |
| | *[http://charles.lescampeurs.org/tag/apticron http://charles.lescampeurs.org/tag/apticron] |
| | *[http://packages.ubuntu.com/lucid/apticron http://packages.ubuntu.com/lucid/apticron] |
| | |
| | ==Autor== |
| | Arvi Alamaa A21 |
| | |
| | [[Category:Operatsioonisüsteemide administreerimine ja sidumine]] |
Sissejuhatus
Järgnev artikkel kirjeldab programmi apticron, selle paigaldamist ja seadistamist Linux operatsioonisüsteemides. Juhendi dokumentatsioon on koostatud Ubuntu 10.10 ja Ubuntu Server 2.6.35-28 põhjal. Selleks, et apticron töötaks peab olema paigaldatud ja korrektselt seadistatud postiedastusagent (ing k Mail Transport Agent) , milleks on näiteks postfix.
Programmist
Apticron on shell’i skript, mis saadab e-posti teel nimekirja kõikidest saadaolevatest uuendustest, mida saab antud süsteemis paigaldada ning kokkuvõtte muudatuste kohta kõikides pakkides. Teadete plaanipäraseks saatmiseks kasutab apticron Linuxi süsteemi protsessi cron. Algselt oli programm mõeldud ootel olevate turvauuenduste teatamiseks, kuid seda saab kasutada ka paljudes teistes situatsioonides, kus vajatakse automaatset teate saatmist uuendustest. Apticron oli algselt välja töötatud Colm MacCarthaigh poolt koos Marc Sherman abiga. Alates 2006-st aastast on seda täiendanud Tiago Bortoletto Vaz.
Paigaldamine
Apticroni paigaldamiseks tuleb käsureale sisestada juurkasutaja õigustes järgmine käsk:
Selle tulemusena paigaldatakse apticron koos teiste programmi tööks vajalike pakkidega.
Paigaldatakse järgmised failid:
- /etc/apticron/apticron.conf
Konfiguratsiooni fail, et seadistada e-posti aadress, kuhu teated saadetakse. Samuti saab seadistada apt-listchanges profiili, kui soovitakse seda programmi kasutada koos apticroniga, mida vaikimisi ei kasutata.
Süsteemi protsessi cron töö, mis käivitab apticron'i vastavalt määratud ajakavale.
Süsteemi protsessi cron asendustoimingu skript apticron’i igapäevaseks käivitamiseks (juhul kui cron.d ei tööta või süsteem on maas cron.d’s määratud programmi käivitamise ajal).
- /var/lib/misc/apticron.cron
Ajatempli fail
Programmi apticron skript
Seadistamine
Selleks, et apticron saadaks uuenduste nimekirja soovitud e-posti aadressile tuleb juurkasutaja õigustes avada tekstiredaktoriga (näites on see avatud programmiga nano) apticroni konfiguratsiooni fail.
nano /etc/apticron/apticron.conf
Konfiguratsiooni failis tuleb muuta kirje EMAIL=“root“ ning selle asemel sisestada:
EMAIL=“<e-posti aadress>“
Selle tulemusena saadetakse uuenduste nimekiri sisestatud e-posti aadressile.
Alternatiiviks eelnevale on ka käsurea käsk:
dpkg-reconfigure apticron
Selle tulemusena avaneb käsureal sinine aken kuhu saab kirjutada soovitud e-posti aadressi uuenduste nimekirja saatmiseks.
Ajakava seadistamine
Vaikimisi käivitatakse apticron kord päevas. Kui on soov käsitsi määrata aeg millal süsteemi protsess cron käivitab apticron'i tuleks juurkasutaja õigustes tekstiredaktoriga (näites on see avatud programmiga nano) avada järgnev fail:
nano /etc/cron.d/apticron
Selle tulemusena kuvatakse faili sisu, kus vaikimis peaks olema kaks rida teksti, mis näeb välja järgmine:
# cron entry for apticron
6 5 * * * root test -x /usr/sbin/apticron && /usr/sbin/apticron --cron
Antud näites käivitatakse apticron iga päeva hommikul kell 05:06
Alumise rea esimesed viis sümbolit on aja parameetrid:
6 5 * * *
[minut] [tund] [kuupäev] [kuu] [nädalapäev]
[minut] - saab valida väärtusi 0-59 või * mis tähendab, et see programm käivitatakse iga minut
[tund] - saab valida väärtusi 0-23 või * mis tähendab, et see programm käivitatakse iga tund
[kuupäev] - saab valida väärtusi 1-31 või * mis tähendab, et see programm käivitatakse iga päev
[kuu] - saab valida väärtusi 1-12 või * mis tähendab, et see programm käivitatakse iga kuu
[nädalapäev] - saab täpsustada millistel päevadel nädalas programm käivitatakse, kus 0=pühapäev, 1=esmaspäev, 2=teisipäev, 3=kolmapäev, 4=neljapäev, 5=reede, 6=laupäev või * mis tähendab et see programm käivitatakse iga nädalapäev
Näidis teade
Järgnevalt on välja toodud näidis, milline näeb välja apticron'i poolt e-postiga saadetud teade süsteemis ootel olevatest uuendustest.
Järgnev teade on saadetud programmi apticron poolt operatsioonisüsteemis Ubuntu Server:
apticron report [Fri, 29 Apr 2011 12:10:28 +0300] ========================================================================
apticron has detected that some packages need upgrading on:
ubuntu-server.itcollege.ee
[ 127.0.1.1 10.0.2.15 ]
The following packages are currently pending an upgrade:
ntpdate 1:4.2.4p8+dfsg-1ubuntu6.1
rsync 3.0.7-2ubuntu1.1
tzdata 2011g-0ubuntu0.10.10
========================================================================
Package Details:
Reading changelogs...
--- Changes for ntp (ntpdate) ---
ntp (1:4.2.4p8+dfsg-1ubuntu6.1) maverick-proposed; urgency=low
* debian/patches/fix-noipv4.patch: support running in IPv6 only
environments (LP: #715152).
-- James Page <james.page@canonical.com> Wed, 06 Apr 2011 11:19:26 +0100
--- Changes for rsync ---
rsync (3.0.7-2ubuntu1.1) maverick-security; urgency=low
* SECURITY UPDATE: denial of service and possible arbitrary code
execution via malformed data
- debian/patches/security-CVE-2011-1097.diff: introduce and use
FLAG_OWNED_BY_US in flist.c, generator.c, log.c, rsync.*.
- CVE-2011-1097
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 08 Apr 2011 10:05:29 -0400
--- Changes for tzdata ---
tzdata (2011g-0ubuntu0.10.10) maverick-proposed; urgency=low
* New upstream release 2011g: (LP: #770622)
- Egypt abandons DST in 2011 (and forward)
(thanks to Alexander Krivenyshev)
-- Gary Lasker <gary.lasker@canonical.com> Mon, 25 Apr 2011 21:42:07 -0400
========================================================================
You can perform the upgrade by issuing the command:
aptitude full-upgrade
as root on ubuntu-server.itcollege.ee
--
apticron
Kokkuõte
Lühidalt võib öelda, et apticron on väike programm, mida on lihtne paigaldada ja seadistada. Apticron pakub automaatset meeldetuletust e-posti aadressile, süsteemis ootel olevatest uuendustest.
Kasutatud kirjandus
Autor
Arvi Alamaa A21
