Security updates for devuan jessie

leloft · 2017-08-10 06:36:19

New forum member greets the community. Very happy with devuan: running it on all seven machines at work. Finding it extremely stable even under heavily loaded production machines. Well done you all! I am struggling to understand how to apt-get security updates now that debian jessie has gone oldstable. Could I ask a possibly dumb question please.

What should I have in my sources.list to keep my devuan jessie up to date.?I am particularly concerned with the 23 CVEs in the security advisory 3926-1 (chromium) and the 10 CVEs in 3927-1 (kernel), although the debian oldstable patches are not yet available for the kernel. I only run chromium on two of the machines, chrome on a third, the rest are headless.

So: should I upgrade chromium to chrome and use the google repository, or is there an additional repository that I should include in sources.list to keep things devuan. I am not getting any updates at all at the moment.

Hope it's not too dumb a question.

Many Thanks for the hard work going on behind the scenes. It's very much appreciated.

darry1966 · 2017-08-10 08:51:35

Fist of all Welcome to Devuan.

Jessie is supported until April 2020. There is a Devuan Backports repo.
Explanation of what backports is
https://backports.debian.org/Instructions/

Setting up Backports in Devuan (Not Debian)
https://devuan.org/os/etc/apt/sources.list

garyz.dev1 · 2017-08-10 22:24:06

What does the /etc/apt/sources.list show -- can you list it for us?

leloft · 2017-08-11 06:50:55

garyz.dev1 wrote:

What does the /etc/apt/sources.list show -- can you list it for us?

# deb cdrom:[Debian GNU/Linux 1.0 _Jessie_ - Official Beta2 amd64 DVD Binary-1 20161128-18:28]/ jessie contrib main non-free

#deb cdrom:[Debian GNU/Linux 1.0 _Jessie_ - Official Beta2 amd64 DVD Binary-1 20161128-18:28]/ jessie contrib main non-free

deb http://auto.mirror.devuan.org/merged/ jessie main
#deb-src http://gb.mirror.devuan.org/merged/ jessie main

# jessie-security, previously known as 'volatile'
deb http://packages.devuan.org/merged/ jessie-security main
#deb-src http://gb.mirror.devuan.org/merged/ jessie-security main

# jessie-updates, previously known as 'volatile'
deb http://auto.mirror.devuan.org/merged/ jessie-updates main
#deb-src http://gb.mirror.devuan.org/merged/ jessie-updates main

# jessie-backports, previously on backports.debian.org
deb http://auto.mirror.devuan.org/merged/ jessie-backports main
#deb-src http://gb.mirror.devuan.org/merged/ jessie-backports main

# Devuan repositories
deb http://packages.devuan.org/merged jessie main
#deb-src http://packages.devuan.org/merged jessie main

deb http://auto.mirror.devuan.org/devuan jessie-proposed main
#deb-src http://auto.mirror.devuan.org/devuan jessie-proposed main

Thanks for your responses

darry1966 · 2017-08-11 07:24:38

Well you have backports and security repos enabled so thats what you need.

leloft · 2017-08-11 09:56:04

darry1966 wrote:

Well you have backports and security repos enabled so thats what you need.

$ cat /var/log/apt/history.log.1 | tail -n 5

Start-Date: 2017-07-29 10:17:48
Commandline: apt-get upgrade
Upgrade: mysql-server-core-5.5:amd64 (5.5.55-0+deb8u1, 5.5.57-0+deb8u1), mysql-server-5.5:amd64 (5.5.55-0+deb8u1, 5.5.57-0+deb8u1), mysql-client:amd64 (5.5.55-0+deb8u1, 5.5.57-0+deb8u1), mysql-client-5.5:amd64 (5.5.55-0+deb8u1, 5.5.57-0+deb8u1), mysql-common:amd64 (5.5.55-0+deb8u1, 5.5.57-0+deb8u1), libmysqlclient18:amd64 (5.5.55-0+deb8u1, 5.5.57-0+deb8u1), mysql-server:amd64 (5.5.55-0+deb8u1, 5.5.57-0+deb8u1)
End-Date: 2017-07-29 10:18:21

$ cat /var/log/apt/history.log

Start-Date: 2017-08-05 08:43:27
Commandline: apt-get install --reinstall devuan-keyring
Reinstall: devuan-keyring:amd64 (2016.11.22)
End-Date: 2017-08-05 08:43:30

Start-Date: 2017-08-11 10:51:39
Commandline: apt-get upgrade
Upgrade: geoip-database:amd64 (20170512-1~bpo8+1, 20170713-1~bpo9+1), libsoup2.4-1:amd64 (2.48.0-1, 2.48.0-1+deb8u1), fonts-opensymbol:amd64 (102.7+LibO5.2.7-1~bpo8+1, 102.10+LibO5.4.0-1~bpo9+1), libsoup-gnome2.4-1:amd64 (2.48.0-1, 2.48.0-1+deb8u1), libreoffice-nlpsolver:amd64 (0.9+LibO5.2.7-1~bpo8+1, 0.9+LibO5.4.0-1~bpo9+1), manpages-dev:amd64 (4.10-2~bpo8+1, 4.12-1~bpo9+1), manpages:amd64 (4.10-2~bpo8+1, 4.12-1~bpo9+1), libreoffice-wiki-publisher:amd64 (1.2.0+LibO5.2.7-1~bpo8+1, 1.2.0+LibO5.4.0-1~bpo9+1), libreoffice-librelogo:amd64 (5.2.7-1~bpo8+1, 5.4.0-1~bpo9+1), linux-libc-dev:amd64 (4.9.30-2+deb9u2~bpo8+1, 4.11.6-1~bpo9+1)
End-Date: 2017-08-11 10:52:21

# apt-get update && apt-get -t jessie-backports install chromium
Reading package lists...
Building dependency tree...
Reading state information...
chromium is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 23 not upgraded.

#apt-get -t stretch-backports install chromium
Reading package lists...
Building dependency tree...
Reading state information...
chromium is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 38 not upgraded.

$ apt-cache show chromium | sed -n 1,3p
Package: chromium
Source: chromium-browser
Version: 57.0.2987.98-1~deb8u1

_________________________________________________________________
Debian Security Advisory DSA-3926-1 security@debian.org
https://www.debian.org/security/ Michael Gilbert
August 04, 2017 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : chromium-browser
CVE ID : CVE-2017-5087 CVE-2017-5088 CVE-2017-5089 CVE-2017-5091
CVE-2017-5092 CVE-2017-5093 CVE-2017-5094 CVE-2017-5095
CVE-2017-5097 CVE-2017-5098 CVE-2017-5099 CVE-2017-5100
CVE-2017-5101 CVE-2017-5102 CVE-2017-5103 CVE-2017-5104
CVE-2017-5105 CVE-2017-5106 CVE-2017-5107 CVE-2017-5108
CVE-2017-5109 CVE-2017-5110 CVE-2017-7000

For the stable distribution (stretch), these problems have been fixed in
version 60.0.3112.78-1~deb9u1.

For the unstable distribution (sid), these problems have been fixed in
version 60.0.3112.78-1 or earlier versions.
__________________________________________________________________

So what am I doing wrong? Any help with the following four questions would be appreciated.

Q1. Why is apt not replacing chromium v57 with v60?
Q2. Why are there no log entries for the failed updates, which included an aborted 'unauthenticated packages' warning which prompted the reinstallion of devuan-keyring and the subsequent apt-key update?
Q3. Devuan bug report logs - #24 devuan-project: Cannot update Chromium (https://bugs.devuan.org/db/24/24.html) refers to a solution at https://dev1galaxy.org/viewtopic.php?id=444, but the link is broken. Does anyone have a working link?
Q4. Why am I not getting any security updates at all: kernel and postgresql are still unpatched, but the jessie-
and stretch-backports updates worked ok?

Any ideas what might be going on?

Many Thanks

fsmithred · 2017-08-11 12:16:31

I'll take the easy ones...

Q1: You won't get chromium v.60 in jessie because it's not there. 57 is in jessie and jessie-security. In fact, you won't get 60 in ascii or stretch, either. It's 59 there. Chromium-60 is in ceres/sid. I don't see any chromium in jessie-backports. (Note: I hope your "stretch-backports" is a typo. Don't use debian repos in your sources.)

Q3: The link works fine here. Maybe you tried to access it yesterday during forum maintenance. It's a thread about problems upgrading to chromium 56 or 57, back in March. Probably not relevant.

The following is for informational purposes. If you can get output that looks like this, you are in deep trouble. Don't use debian repos in your sources. (If I ever do an upgrade without fixing my sources first, I'm screwed.)

apt-cache policy chromium
chromium:
  Installed: 57.0.2987.98-1~deb8u1
  Candidate: 57.0.2987.98-1~deb8u1
  Version table:
     60.0.3112.78-1 0
         10 http://debian.csail.mit.edu/debian/ buster/main amd64 Packages
         10 http://debian.csail.mit.edu/debian/ sid/main amd64 Packages
        100 http://auto.mirror.devuan.org/merged/ ceres/main amd64 Packages
     59.0.3071.86-1 0
         10 http://debian.csail.mit.edu/debian/ stretch/main amd64 Packages
        100 http://us.mirror.devuan.org/merged/ ascii/main amd64 Packages
 *** 57.0.2987.98-1~deb8u1 0
        500 http://us.mirror.devuan.org/merged/ jessie/main amd64 Packages
        500 http://auto.mirror.devuan.org/merged/ jessie-security/main amd64 Packages
        100 /var/lib/dpkg/status

Somewhat Reticent · 2017-08-11 15:43:12

For keeping up with rapidly-changing apps, would (something like) a "fire-jail-ed" "appimage" make more sense?
Expecting speedy service on oldstable seems ludicrous.

fungus · 2017-08-11 16:07:56

Is it possible you have auto-updates/unattended-updates turned on? If you do there is nothing
for you to ever upgrade. I've only larked around jessie for the amount of time it takes to switch
repositories, update/upgrade and go upstream.
Jessie was stable for debian last month, so we are a few weeks behind. Big deal, try Arch if you
don't worry about security bugs popping up all the time about what you have been running for
months if not years.

If you chose an off distribution package that does not bring any dependencies on of its own or even
worse replacing some of the existing ones, at worse case scenario it may not work. If you mix
match dependencies then you are on your own and things may get irreversibly messed up.

Then there is the case of someone jumping up to testing or unstable, don't like how things work and
reverses back to stable and expects updates. They may not come for months or even years unless
they are a security patch that affects everyone.

Replacing common dependency packages with something newer will have the same ill effects on the
rest of the system whether you jail the package or not.

gnath · 2017-08-12 11:49:03

Hi,

My devuan ascii also not getting any updates since last few days. This may be fine , but I am really
worried about " ascii-security".According to DSA , few packages need to be upgraded for my system
( firefox-esr etc.). Apart from " rsyslog " my system is also stable for now.

Regards,

Last edited by gnath (2017-08-12 14:36:25)

garyz.dev1 · 2017-08-12 17:30:18

@gnath - did you backport 'rsyslog' or replace it ?? there are two suggested replacements - I did one of them
'
AFAIK - there aren't really any 'updates' published for ASCII- they are still working on the alpha version.
You might take the DSA info (not familiar with it) and do a manual apt-get on the specific packages.
[all part of testing a new distro - please report any findings or updates] the devs might incorporate
some of the changes as needed for the ascii-alpha
hopefully helpful

gnath · 2017-08-13 14:42:12

@garyz.dev1-
My system was updated from devuan jessie, which was a clean install from devuan DVD installer. I only have
devuan ascii-updates & ascii-security, no backport or proposed.What is other choice? Dist-upgrade have given

rsyslog : Depends: liblognorm2 (>= 1.1.2) which is a virtual package. 
State: installed (8.4.2-1+deb8u2), upgrade available (8.14.0-2+devuan1.0)

Devuan community are really helpful.I know the dev's are pre-occupied and updates will be available when ready.
Devuan security updates probably come from Debian Security Advisory (DSA) published on debian main page.
These updates covers related CVE's for debian packages like firefox-esr, linux (kernel), chromium-browser,
postgresql ( @leloft ) etc. for respective suits.
I incorporated debian security repo. in my sources.list as

deb http://security.debian.org/ stretch/updates main contrib non-free

and received few updates also last night including above first two packages. Ensured that does not include
devuan packages.This may not be the right way, but for time being ascii users may like this path.

Regards,

Last edited by gnath (2017-08-13 15:08:54)

golinux · 2017-08-13 16:31:12

To get around the liblognorm2 dependency, install rsyslog from backports or else replace it with syslog-ng or busybox-syslogd.

Not a good idea to use Debian repos directly. Could possibly get some systemd 'stuff' and the numbering will be different from devuan's merged repo which could affect updates down the line.

gnath · 2017-08-14 10:54:58

Thanks for your concern. True this is not right. I have only ascii, -updates, -security & don't mix repo.
I am fine with present rsyslog & waiting for update. Shall try other two for enhanced functionality.

I was tempted for the security updates only for forked firefox-esr & linux-image- as those were not
available from ascii-security. Checked for any systemd intrusion other than libsystemd0 which is already
in my ascii. Those two pakg's are being most used. I use ascii & ceres knowing well their implications.
As a general user I shall not try for the same and wait for better. Ver. no. will not be problem for forked
debian packages. You would appreciate that in unix/linux world declared exposer has its own importance
at least for stable server/production system. Regular updates of any repo will be healthy sign for a distro.

Regards,

Ogis1975 · 2017-08-14 15:11:49

fsmithred wrote:

In fact, you won't get 60 in ascii or stretch, either. It's 59 there. Chromium-60 is in ceres/sid.

Hello. You are wrong . Chromium version in Stretch is 60.0.3112.78

 apt-cache policy chromium
chromium:
  Įdiegta:    60.0.3112.78-1~deb9u1
  Kandidatas: 60.0.3112.78-1~deb9u1
  Versijų lentelė:
 *** 60.0.3112.78-1~deb9u1 500
        500 http://deb.debian.org/debian-security stretch/updates/main amd64 Packages
        100 /var/lib/dpkg/status
     59.0.3071.86-1 500
        500 http://deb.debian.org/debian stretch/main amd64 Packages]

But in Jessie, Chromium is 57.0.2987.98-1.
Sorry. I don't understand Devuan security policies

Last edited by Ogis1975 (2017-08-14 15:18:43)

garyz.dev1 · 2017-08-14 16:17:46

@gnath & @Ogis1975 you both are using debian-security sources. {it appears to me}
I think this is the 'mixed repos' that @golinux was refering to;
and that is why there is a difference in the version numbers
'
I do believe Devuan Jessie is the Debian-oldstable (has some systemd-stuff)
Devuan ASCII is our next release that won't have systemd-stuff -
( I don't think there is a direct cross from Debian series)
AFAIK Devuan relies on Debian packages/etc UNLESS they have some systemd-stuff
'
Devuan modified packages come first then filled in with Debian
'
HTH - GaryZ

fsmithred · 2017-08-14 18:47:47

Ogis1975 wrote:

fsmithred wrote:
In fact, you won't get 60 in ascii or stretch, either. It's 59 there. Chromium-60 is in ceres/sid.
Hello. You are wrong . Chromium version in Stretch is 60.0.3112.78

I'm not entirely wrong. 59 is in stretch and 60 is in stretch-security, which I did not enable. Guess I should do that if I want to see all versions.

About mixing repos: I don't know what these other folks are running, but I always disable all the extra repos before I install anything or upgrade. They are only enabled so I can see all versions with 'apt-cache policy <package>'.

leloft · 2017-09-02 07:44:44

I can offer half an answer to my own question (Q2, post#6):

If Amprolla is down or otherwise unavailable, apt-get appears to use the underlying debian repos in consequence. This results in a whole bunch of unauthenticated packages (because I have the devuan keyring not the debian) including packages which are normally held back. Although this constitutes using mixed repos, it appears like normal behaviour to apt-get, and so it simply gets logged as a striaghtforward upgrade. This has happened three times now: it appears that this behaviour is reproducible. I don't know enough to call it a bug, but it seems serious enough to warrant flagging up. Perhaps someone who knows more than me could confirm and escalate if necessary. For the rest of us noobs, just exercise caution if Amprolla is unavailable.

fungus · 2017-09-02 10:08:12

This makes some sense and explains some breakage in ascii/ceres where the block on sysD dependencies may not be as effective yet. So, would a solution be to remove or mess up the Debian keyring so nothing that is not in Devuan comes in? I have noticed times with the devuan repositories either being slow or partially available (2 may work one produces errors) which questions the above. If it automatically switches to debian when devuan is not available how come the error is produced?
I've had one installation left where between X and dm the input devices freeze, which never happens in debian or other installations. Unplugging and plugging them back (usb) fixes the problem till next reboot. It happened on cers then days later in ascii. I dumped the ceres and kept the ascii. This is more than a month ago. I have two other installations both running ascii with very similar setup to starting and the problem never occurred. I never touched any X configuration, it is all as it was installed and happens with all dm that I tried.
Leloft's explanation is the only logical I have found, a mix-match of devuan/debian upgrades.

fungus · 2017-09-02 11:48:10

$ ls /etc/apt/trusted.gpg.d

-rw-r--r-- 1 root root 7.4K May 25 21:17 debian-archive-stretch-automatic.gpg
-rw-r--r-- 1 root root 7.4K May 25 21:17 debian-archive-stretch-security-automatic.gpg
-rw-r--r-- 1 root root 2.3K May 25 21:17 debian-archive-stretch-stable.gpg
-rw-r--r-- 1 root root 3.6K Nov 22  2016 devuan-keyring-2016-archive.gpg
-rw-r--r-- 1 root root 2.2K Nov 22  2016 devuan-keyring-2016-cdimage.gpg
-rw-r--r-- 1 root root 5.1K Nov 30  2014 debian-archive-jessie-automatic.gpg
-rw-r--r-- 1 root root 5.1K Nov 30  2014 debian-archive-jessie-security-automatic.gpg
-rw-r--r-- 1 root root 2.8K Nov 30  2014 debian-archive-jessie-stable.gpg
-rw-r--r-- 1 root root 3.7K Nov 30  2014 debian-archive-wheezy-automatic.gpg
-rw-r--r-- 1 root root 2.8K Nov 30  2014 debian-archive-wheezy-stable.gpg

to

$ ls /etc/apt/trusted.gpg.d

-rw-r--r-- 1 root root 3.6K Nov 22  2016 devuan-keyring-2016-archive.gpg
-rw-r--r-- 1 root root 2.2K Nov 22  2016 devuan-keyring-2016-cdimage.gpg

Should something like this produce errors, or only devuan specific packages come from devuan and the rest from debian?

fsmithred · 2017-09-02 11:50:40

leloft wrote:

I can offer half an answer to my own question (Q2, post#6):
If Amprolla is down or otherwise unavailable, apt-get appears to use the underlying debian repos in consequence. This results in a whole bunch of unauthenticated packages (because I have the devuan keyring not the debian) including packages which are normally held back. Although this constitutes using mixed repos, it appears like normal behaviour to apt-get, and so it simply gets logged as a striaghtforward upgrade. This has happened three times now: it appears that this behaviour is reproducible. I don't know enough to call it a bug, but it seems serious enough to warrant flagging up. Perhaps someone who knows more than me could confirm and escalate if necessary. For the rest of us noobs, just exercise caution if Amprolla is unavailable.

I checked with someone who knows more than both of us put together (CenturionDan):

if that happens then there is a debian stanza in either /etc/apt/sources or /etc/apt/sources.d/

leloft · 2017-09-02 13:09:37

fsmithred wrote:

I checked with someone who knows more than both of us put together (CenturionDan):
if that happens then there is a debian stanza in either /etc/apt/sources or /etc/apt/sources.d/

Can't see it:

$ ls -al /etc/apt
total 84
drwxr-xr-x 6 root root 4096 Sep 1 09:03 .
drwxr-xr-x 126 root root 12288 Sep 2 05:14 ..
drwxr-xr-x 2 root root 4096 Sep 1 09:03 apt.conf.d
-rw-r--r-- 1 root root 99 Sep 1 09:03 listchanges.conf
drwxr-xr-x 2 root root 4096 Sep 1 09:03 preferences.d
-rw-r--r-- 1 root root 1240 Sep 1 09:03 sources.list
-rw-r--r-- 1 root root 0 Sep 1 09:03 sources.list~
drwxr-xr-x 2 root root 4096 Sep 1 09:03 sources.list.d
-rw-r--r-- 1 root root 40508 Sep 1 09:03 trusted.gpg
-rw-r--r-- 1 root root 3530 Sep 1 09:03 trusted.gpg~
drwxr-xr-x 2 root root 4096 Sep 1 09:03 trusted.gpg.d

$ ls -al /etc/apt/sources.list.d
total 12
drwxr-xr-x 2 root root 4096 Sep 1 09:03 .
drwxr-xr-x 6 root root 4096 Sep 1 09:03 ..
-rw-r--r-- 1 root root 247 Sep 1 09:03 devuan.list

$ cat /etc/apt/sources.list.d/devuan.list
# autogenerated by devuan-baseconf
# decomment following lines to enable the developers devuan repository
#deb http://packages.devuan.org/devuan jessie main contrib non-free
#deb-src http://packages.devuan.org/devuan jessie main contrib non-free

$ cat /etc/apt/sources.list
#
deb http://linux-libre.fsfla.org/pub/linux-libre/freesh freesh main

# deb cdrom:[Debian GNU/Linux 1.0 _Jessie_ - Official Beta2 amd64 DVD Binary-1 20161128-18:28]/ jessie contrib main non-free

#deb cdrom:[Debian GNU/Linux 1.0 _Jessie_ - Official Beta2 amd64 DVD Binary-1 20161128-18:28]/ jessie contrib main non-free

deb http://auto.mirror.devuan.org/merged/ jessie main
#deb-src http://gb.mirror.devuan.org/merged/ jessie main

# jessie-security, previously known as 'volatile'
deb http://packages.devuan.org/merged/ jessie-security main
#deb-src http://gb.mirror.devuan.org/merged/ jessie-security main

# jessie-updates, previously known as 'volatile'
deb http://auto.mirror.devuan.org/merged/ jessie-updates main
#deb-src http://gb.mirror.devuan.org/merged/ jessie-updates main

# jessie-backports, previously on backports.debian.org
#deb http://auto.mirror.devuan.org/merged/ jessie-backports main
#deb-src http://gb.mirror.devuan.org/merged/ jessie-backports main

#Devuan repositories
deb http://packages.devuan.org/merged jessie main
#deb-src http://packages.devuan.org/merged jessie main

Silly question for my own clarity: are CenturianDan's '/etc/apt/sources' and '/etc/apt/sources.d' missing from my '/etc/apt/*' or are they shorthand for '/etc/apt/sources.list' and '/etc/apt/sources.list.d'? Where else should I be looking? Sorry if i've missed the point.

fungus · 2017-09-02 18:20:54

Don't use backports unless there is a specific reason you want a backport. Backports make sense in oldstable in debian as there are several editions. Here we only have one. I made the same mistake earlier on my devuan student session. So everything looks fine.
In my opinion, as light as it may be, this jessie was too early to be called 1.0, it should have retained its beta tag till ascii gets finished/audited. Ascii seems barely started, and stretch on the other side seems a bit problematic as compared to previous stable editions. If I am not mistaken, stretch went into freeze for the longest time in debian history. Unlucky timing for devuan? Jessie 8 had more than 500 bug tickets open before stretch became stable.
One systemd mess chasing another.

RIP good old wheezy

fsmithred · 2017-09-02 20:59:34

leloft,

I'm sure Dan meant sources.list and sources.list.d. I don't see any debian sources in what you posted. What packages did you get from debian that you should not have gotten?

sgage · 2017-09-02 21:31:35

fungus wrote:

In my opinion, as light as it may be, this jessie was too early to be called 1.0, it should have retained its beta tag till ascii gets finished/audited. Ascii seems barely started, and stretch on the other side seems a bit problematic as compared to previous stable editions. If I am not mistaken, stretch went into freeze for the longest time in debian history. Unlucky timing for devuan? Jessie 8 had more than 500 bug tickets open before stretch became stable.
One systemd mess chasing another.

In my opinion, the mistake wasn't calling jessie stable, it was calling it jessie! Of course, jessie is Devuan stable, but jessie is Debian oldstable. Debian stable is stretch, but the Devuan branch that tracks stretch is not even alpha - call it testing. So people say 'jessie', or 'stable' or 'testing' or this or that, and it gets very confusing very fast. Whose stable? Which jessie? Yes, often you can tell from context, but sometimes not so much.

And yes, Debian is dealing with one systemd mess chasing another... I did some testing with Stretch this morning, and I feel like I need to take a shower :-) I don't think it's any stretch (ha ha!) to say that systemd disgusts me. I'm back to my usual dual-boot between ascii and (Devuan!) jessie...

The officially official Devuan Forum!

#1 2017-08-10 06:36:19

Security updates for devuan jessie

#2 2017-08-10 08:51:35

Re: Security updates for devuan jessie

#3 2017-08-10 22:24:06

Re: Security updates for devuan jessie

#4 2017-08-11 06:50:55

Re: Security updates for devuan jessie

#5 2017-08-11 07:24:38

Re: Security updates for devuan jessie

#6 2017-08-11 09:56:04

Re: Security updates for devuan jessie

#7 2017-08-11 12:16:31

Re: Security updates for devuan jessie

#8 2017-08-11 15:43:12

Re: Security updates for devuan jessie

#9 2017-08-11 16:07:56

Re: Security updates for devuan jessie

#10 2017-08-12 11:49:03

Re: Security updates for devuan jessie

#11 2017-08-12 17:30:18

Re: Security updates for devuan jessie

#12 2017-08-13 14:42:12

Re: Security updates for devuan jessie

#13 2017-08-13 16:31:12

Re: Security updates for devuan jessie

#14 2017-08-14 10:54:58

Re: Security updates for devuan jessie

#15 2017-08-14 15:11:49

Re: Security updates for devuan jessie

#16 2017-08-14 16:17:46

Re: Security updates for devuan jessie

#17 2017-08-14 18:47:47

Re: Security updates for devuan jessie

#18 2017-09-02 07:44:44

Re: Security updates for devuan jessie

#19 2017-09-02 10:08:12

Re: Security updates for devuan jessie

#20 2017-09-02 11:48:10

Re: Security updates for devuan jessie

#21 2017-09-02 11:50:40

Re: Security updates for devuan jessie

#22 2017-09-02 13:09:37

Re: Security updates for devuan jessie

#23 2017-09-02 18:20:54

Re: Security updates for devuan jessie

#24 2017-09-02 20:59:34

Re: Security updates for devuan jessie

#25 2017-09-02 21:31:35

Re: Security updates for devuan jessie

Board footer