subject:"Re\: \[CentOS\] mismatch in openssh latest rpm available at centos"

Re: [CentOS] mismatch in openssh latest rpm available at centos

2012-03-29 Thread Johnny Hughes

On 03/28/2012 08:05 PM, Vinay Nagrik wrote:
 Hello Group,

 The latest rpm in openssh is 5.8, however, the corresponding latest rpm
 available in centos 5.7  is only

 openssh-4.3p2-72.el5_6.3.x86_64.rpm


 and
 in 6.0 centos is

 openssh-5.3p1-20.el6.x86_64.rpm

 I have following questions.

 1. I want to start from src.rpm and where can I get the src.rpm for
 openssh-5.3p1-20.el6.x86_64.rpm.

 2. Can I install openssh-5.3p1-20.el6.x86_64.rpm SAFELY with 5.7 centos
 without causing any problems.

If you rebuild it, if it rebuilds, and if you rebuild anything that
depends on the old one, then yes.  It may not build without newer
buildrequires being met though.  And now, every time there is an
upgrade, you have to remember to get the new one and rebuild again.  You
also have to track any changes of the new buildrequires that you had
to build.


 3. Which of these two rpms will be most compatible with latest openssh rpm
 version 5.8.

They are all compatible ... I don't think any is more compatible than
another.


 Please let me know.  It is important for my work.

 Any help will be greatly appreciated.


Unless you are going to look at the CVE website every day for ssh
vulnerabilities and roll in patches or get new code from openssh
directly for every one, then you want to stay with what is in the distro.

Red Hat uses backporting for security issues:

https://access.redhat.com/security/updates/backporting/

If you rebuild a new ssh, you will also have to rebuild any packages
that are built against the old openssh against the new openssh.

If you are concerned about security ... that is the whole purpose of
enterprise linux ... it backports security patches for 10 years while
maintaining consistent APIs/ABIs. 

If you want the latest packages on your machine, then you want Fedora
and not CentOS.



signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] mismatch in openssh latest rpm available at centos

2012-03-29 Thread m . roth

Johnny Hughes wrote:
 On 03/28/2012 08:05 PM, Vinay Nagrik wrote:

 The latest rpm in openssh is 5.8, however, the corresponding latest rpm
 available in centos 5.7  is only
 openssh-4.3p2-72.el5_6.3.x86_64.rpm
 and in 6.0 centos is
 openssh-5.3p1-20.el6.x86_64.rpm

 I have following questions.

 1. I want to start from src.rpm and where can I get the src.rpm for
 openssh-5.3p1-20.el6.x86_64.rpm.

 2. Can I install openssh-5.3p1-20.el6.x86_64.rpm SAFELY with 5.7 centos
 without causing any problems.

 If you rebuild it, if it rebuilds, and if you rebuild anything that
 depends on the old one, then yes.  It may not build without newer
 buildrequires being met though.  And now, every time there is an
 upgrade, you have to remember to get the new one and rebuild again.  You
 also have to track any changes of the new buildrequires that you had
 to build.

 3. Which of these two rpms will be most compatible with latest openssh
 rpm version 5.8.
snip
 If you rebuild a new ssh, you will also have to rebuild any packages
 that are built against the old openssh against the new openssh.

 If you are concerned about security ... that is the whole purpose of
 enterprise linux ... it backports security patches for 10 years while
 maintaining consistent APIs/ABIs.

 If you want the latest packages on your machine, then you want Fedora
 and not CentOS.

Well... I can see it. We had to build a newer package for 5.x, because we
*had* to have PIV-II/pkcs11 support. That's *just* come in with 6.2, to be
able to log in with a smart card. Even so, there's a bug/enhancement (and
my manager has this in w/ Redhat, and it's been escalated) needed, that it
insists on showing the userlist of recent logins.

   mark

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] mismatch in openssh latest rpm available at centos

2012-03-29 Thread Johnny Hughes

On 03/29/2012 09:56 AM, m.r...@5-cent.us wrote:
 Johnny Hughes wrote:
 On 03/28/2012 08:05 PM, Vinay Nagrik wrote:
 The latest rpm in openssh is 5.8, however, the corresponding latest rpm
 available in centos 5.7  is only
 openssh-4.3p2-72.el5_6.3.x86_64.rpm
 and in 6.0 centos is
 openssh-5.3p1-20.el6.x86_64.rpm

 I have following questions.

 1. I want to start from src.rpm and where can I get the src.rpm for
 openssh-5.3p1-20.el6.x86_64.rpm.

 2. Can I install openssh-5.3p1-20.el6.x86_64.rpm SAFELY with 5.7 centos
 without causing any problems.
 If you rebuild it, if it rebuilds, and if you rebuild anything that
 depends on the old one, then yes.  It may not build without newer
 buildrequires being met though.  And now, every time there is an
 upgrade, you have to remember to get the new one and rebuild again.  You
 also have to track any changes of the new buildrequires that you had
 to build.
 3. Which of these two rpms will be most compatible with latest openssh
 rpm version 5.8.
 snip
 If you rebuild a new ssh, you will also have to rebuild any packages
 that are built against the old openssh against the new openssh.

 If you are concerned about security ... that is the whole purpose of
 enterprise linux ... it backports security patches for 10 years while
 maintaining consistent APIs/ABIs.

 If you want the latest packages on your machine, then you want Fedora
 and not CentOS.
 Well... I can see it. We had to build a newer package for 5.x, because we
 *had* to have PIV-II/pkcs11 support. That's *just* come in with 6.2, to be
 able to log in with a smart card. Even so, there's a bug/enhancement (and
 my manager has this in w/ Redhat, and it's been escalated) needed, that it
 insists on showing the userlist of recent logins.

And this can be the case ... they will roll back security items, but
there will be some new functionality that is not rolled back.

If you really need some new function, then yes, a rebuild is in order.

That entails all the things I outlined above though ... figuring out
what else you need to build first to use as a BuildRequires, figure
out what you have to build after because they depend on the built Share
libraries of the package (or one they depend on one of your Newer
BuildRequires that you needed).  Then you need to set up a method to
track all the out of band packages that you are adding so you keep
them up2date.

This can sometimes just be the package in question ... but sometimes it
can be a whole bunch of other packages too ... for example, if you built
a newer openssl, you would also need to rebuild all of these afterwards
(which build against openssl):

[hughesjr@localhost SRPMS]$ for srpms in $(ls *.src.rpm); do
is_openssl=$(rpm -qp --requires $srpms | grep openssl); if [
$is_openssl !=   ]; then echo $srpms; fi; done
authd-1.4.3-14.src.rpm
autofs-5.0.1-0.rc2.163.el5.src.rpm
bind-9.3.6-20.P1.el5.src.rpm
bind97-9.7.0-6.P2.el5_7.4.src.rpm
certmonger-0.50-3.el5.src.rpm
clustermon-0.12.1-7.el5.centos.src.rpm
conga-0.12.2-51.el5.centos.src.rpm
crypto-utils-2.3-2.el5.src.rpm
curl-7.15.5-15.el5.src.rpm
cyrus-imapd-2.3.7-12.el5_7.2.src.rpm
cyrus-sasl-2.1.22-5.el5_4.3.src.rpm
desktop-printing-0.19-20.2.el5.src.rpm
distcache-1.4.5-14.1.src.rpm
dovecot-1.0.7-7.el5_7.1.src.rpm
ecryptfs-utils-75-8.el5.src.rpm
elinks-0.11.1-6.el5_4.1.src.rpm
epic-2.4-1.src.rpm
evolution-connector-2.12.3-11.el5.src.rpm
evolution-data-server-1.12.3-18.el5.src.rpm
exim-4.63-10.el5.src.rpm
fetchmail-6.3.6-4.el5.src.rpm
fipscheck-1.2.0-1.el5.src.rpm
freeradius-1.1.3-1.6.el5.src.rpm
freeradius2-2.1.12-3.el5.src.rpm
gftp-2.0.18-3.2.2.src.rpm
gnome-vfs2-2.16.2-8.el5.src.rpm
hplip-1.6.7-6.el5_6.1.src.rpm
hplip3-3.9.8-11.el5_6.1.src.rpm
htdig-3.2.0b6-11.el5.src.rpm
httpd-2.2.3-63.el5.centos.src.rpm
ipsec-tools-0.6.5-14.el5_5.5.src.rpm
iscsi-initiator-utils-6.2.0.872-13.el5.src.rpm
isns-utils-0.93-1.0.el5.src.rpm
java-1.6.0-openjdk-1.6.0.0-1.24.1.10.4.el5.src.rpm
kdelibs-3.5.4-26.el5.centos.1.src.rpm
kdenetwork-3.5.4-13.el5_6.1.src.rpm
libc-client-2004g-2.2.1.src.rpm
libdbi-drivers-0.8.1a-1.2.2.src.rpm
libgnomeprint22-2.12.1-10.el5.src.rpm
libwvstreams-4.2.2-2.1.src.rpm
lynx-2.8.5-28.1.el5_2.1.src.rpm
m2crypto-0.16-8.el5.src.rpm
mod_authz_ldap-0.26-11.el5.src.rpm
mutt-1.4.2.2-3.0.2.el5.src.rpm
mysql-5.0.77-4.el5_6.6.src.rpm
neon-0.25.5-10.el5_4.1.src.rpm
net-snmp-5.3.2.2-17.el5.src.rpm
NetworkManager-0.7.0-13.el5.src.rpm
nmap-4.11-2.src.rpm
nss_ldap-253-49.el5.src.rpm
ntp-4.2.2p1-15.el5.centos.1.src.rpm
openCryptoki-2.2.4-25.el5.src.rpm
openhpi-2.14.0-5.el5.src.rpm
OpenIPMI-2.0.16-12.el5.src.rpm
openldap-2.3.43-25.el5.src.rpm
openldap24-libs-2.4.23-5.el5.src.rpm
openssh-4.3p2-82.el5.src.rpm
pam_ccreds-3-5.src.rpm
perl-Crypt-SSLeay-0.51-11.el5.src.rpm
perl-Net-SSLeay-1.30-4.fc6.src.rpm
php-5.1.6-32.el5.src.rpm
php53-5.3.3-5.el5.src.rpm
postfix-2.3.3-2.3.el5_6.src.rpm
postgresql-8.1.23-1.el5_7.3.src.rpm
postgresql84-8.4.9-1.el5_7.1.src.rpm
postgresql-odbc64-09.00.0200-1.el5.src.rpm

Re: [CentOS] mismatch in openssh latest rpm available at centos

2012-03-29 Thread Ross Walker

On Mar 29, 2012, at 11:39 AM, Johnny Hughes joh...@centos.org wrote:

 On 03/29/2012 09:56 AM, m.r...@5-cent.us wrote:
 Johnny Hughes wrote:
 On 03/28/2012 08:05 PM, Vinay Nagrik wrote:
 The latest rpm in openssh is 5.8, however, the corresponding latest rpm
 available in centos 5.7  is only
 openssh-4.3p2-72.el5_6.3.x86_64.rpm
 and in 6.0 centos is
 openssh-5.3p1-20.el6.x86_64.rpm
 
 I have following questions.
 
 1. I want to start from src.rpm and where can I get the src.rpm for
 openssh-5.3p1-20.el6.x86_64.rpm.
 
 2. Can I install openssh-5.3p1-20.el6.x86_64.rpm SAFELY with 5.7 centos
 without causing any problems.
 If you rebuild it, if it rebuilds, and if you rebuild anything that
 depends on the old one, then yes.  It may not build without newer
 buildrequires being met though.  And now, every time there is an
 upgrade, you have to remember to get the new one and rebuild again.  You
 also have to track any changes of the new buildrequires that you had
 to build.
 3. Which of these two rpms will be most compatible with latest openssh
 rpm version 5.8.
 snip
 If you rebuild a new ssh, you will also have to rebuild any packages
 that are built against the old openssh against the new openssh.
 
 If you are concerned about security ... that is the whole purpose of
 enterprise linux ... it backports security patches for 10 years while
 maintaining consistent APIs/ABIs.
 
 If you want the latest packages on your machine, then you want Fedora
 and not CentOS.
 Well... I can see it. We had to build a newer package for 5.x, because we
 *had* to have PIV-II/pkcs11 support. That's *just* come in with 6.2, to be
 able to log in with a smart card. Even so, there's a bug/enhancement (and
 my manager has this in w/ Redhat, and it's been escalated) needed, that it
 insists on showing the userlist of recent logins.
 
 And this can be the case ... they will roll back security items, but
 there will be some new functionality that is not rolled back.
 
 If you really need some new function, then yes, a rebuild is in order.
 
 That entails all the things I outlined above though ... figuring out
 what else you need to build first to use as a BuildRequires, figure
 out what you have to build after because they depend on the built Share
 libraries of the package (or one they depend on one of your Newer
 BuildRequires that you needed).  Then you need to set up a method to
 track all the out of band packages that you are adding so you keep
 them up2date.
 
 This can sometimes just be the package in question ... but sometimes it
 can be a whole bunch of other packages too ... for example, if you built
 a newer openssl, you would also need to rebuild all of these afterwards
 (which build against openssl):
 
 [hughesjr@localhost SRPMS]$ for srpms in $(ls *.src.rpm); do
 is_openssl=$(rpm -qp --requires $srpms | grep openssl); if [
 $is_openssl !=   ]; then echo $srpms; fi; done
 authd-1.4.3-14.src.rpm
 autofs-5.0.1-0.rc2.163.el5.src.rpm
 bind-9.3.6-20.P1.el5.src.rpm
 bind97-9.7.0-6.P2.el5_7.4.src.rpm
 certmonger-0.50-3.el5.src.rpm
 clustermon-0.12.1-7.el5.centos.src.rpm
 conga-0.12.2-51.el5.centos.src.rpm
 crypto-utils-2.3-2.el5.src.rpm
 curl-7.15.5-15.el5.src.rpm
 cyrus-imapd-2.3.7-12.el5_7.2.src.rpm
 cyrus-sasl-2.1.22-5.el5_4.3.src.rpm
 desktop-printing-0.19-20.2.el5.src.rpm
 distcache-1.4.5-14.1.src.rpm
 dovecot-1.0.7-7.el5_7.1.src.rpm
 ecryptfs-utils-75-8.el5.src.rpm
 elinks-0.11.1-6.el5_4.1.src.rpm
 epic-2.4-1.src.rpm
 evolution-connector-2.12.3-11.el5.src.rpm
 evolution-data-server-1.12.3-18.el5.src.rpm
 exim-4.63-10.el5.src.rpm
 fetchmail-6.3.6-4.el5.src.rpm
 fipscheck-1.2.0-1.el5.src.rpm
 freeradius-1.1.3-1.6.el5.src.rpm
 freeradius2-2.1.12-3.el5.src.rpm
 gftp-2.0.18-3.2.2.src.rpm
 gnome-vfs2-2.16.2-8.el5.src.rpm
 hplip-1.6.7-6.el5_6.1.src.rpm
 hplip3-3.9.8-11.el5_6.1.src.rpm
 htdig-3.2.0b6-11.el5.src.rpm
 httpd-2.2.3-63.el5.centos.src.rpm
 ipsec-tools-0.6.5-14.el5_5.5.src.rpm
 iscsi-initiator-utils-6.2.0.872-13.el5.src.rpm
 isns-utils-0.93-1.0.el5.src.rpm
 java-1.6.0-openjdk-1.6.0.0-1.24.1.10.4.el5.src.rpm
 kdelibs-3.5.4-26.el5.centos.1.src.rpm
 kdenetwork-3.5.4-13.el5_6.1.src.rpm
 libc-client-2004g-2.2.1.src.rpm
 libdbi-drivers-0.8.1a-1.2.2.src.rpm
 libgnomeprint22-2.12.1-10.el5.src.rpm
 libwvstreams-4.2.2-2.1.src.rpm
 lynx-2.8.5-28.1.el5_2.1.src.rpm
 m2crypto-0.16-8.el5.src.rpm
 mod_authz_ldap-0.26-11.el5.src.rpm
 mutt-1.4.2.2-3.0.2.el5.src.rpm
 mysql-5.0.77-4.el5_6.6.src.rpm
 neon-0.25.5-10.el5_4.1.src.rpm
 net-snmp-5.3.2.2-17.el5.src.rpm
 NetworkManager-0.7.0-13.el5.src.rpm
 nmap-4.11-2.src.rpm
 nss_ldap-253-49.el5.src.rpm
 ntp-4.2.2p1-15.el5.centos.1.src.rpm
 openCryptoki-2.2.4-25.el5.src.rpm
 openhpi-2.14.0-5.el5.src.rpm
 OpenIPMI-2.0.16-12.el5.src.rpm
 openldap-2.3.43-25.el5.src.rpm
 openldap24-libs-2.4.23-5.el5.src.rpm
 openssh-4.3p2-82.el5.src.rpm
 pam_ccreds-3-5.src.rpm
 perl-Crypt-SSLeay-0.51-11.el5.src.rpm
 perl-Net-SSLeay-1.30-4.fc6.src.rpm
 php-5.1.6-32.el5.src.rpm
 php53-5.3.3-5.el5.src.rpm

Re: [CentOS] mismatch in openssh latest rpm available at centos

2012-03-28 Thread Brian Mathis

On Wed, Mar 28, 2012 at 9:05 PM, Vinay Nagrik vnag...@gmail.com wrote:
 Hello Group,

 The latest rpm in openssh is 5.8, however, the corresponding latest rpm
 available in centos 5.7  is only
 openssh-4.3p2-72.el5_6.3.x86_64.rpm
 and in 6.0 centos is
openssh-5.3p1-20.el6.x86_64.rpm

 I have following questions.
 1. I want to start from src.rpm and where can I get the src.rpm for
 openssh-5.3p1-20.el6.x86_64.rpm.
 2. Can I install openssh-5.3p1-20.el6.x86_64.rpm SAFELY with 5.7 centos
 without causing any problems.
 3. Which of these two rpms will be most compatible with latest openssh rpm
 version 5.8.

 Please let me know.  It is important for my work.

 Any help will be greatly appreciated.
 Nagrik


You may want to read about how Redhat and thus CentOS handles package
versions with regard to security patches, etc...  There is information
here:
https://access.redhat.com/security/updates/backporting/

As for obtaining the most recent version of openssh for other reasons
(such as features), it is strongly recommended against compiling your
own, and instead installing the package from another publicly accepted
repository, such as EPEL or RepoForge.  Any packages on there have
already been compiled and tested to work with your version of CentOS.
I would avoid installing the C6 version of openssh on C5, and instead
make sure to get the proper package meant for C5.


❧ Brian Mathis
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] mismatch in openssh latest rpm available at centos

Re: [CentOS] mismatch in openssh latest rpm available at centos

Re: [CentOS] mismatch in openssh latest rpm available at centos

Re: [CentOS] mismatch in openssh latest rpm available at centos

Re: [CentOS] mismatch in openssh latest rpm available at centos

5 matches

Site Navigation

Mail list logo

Footer information