0

A client has a few Vyatta installations that they're eventually wanting to replace with VyOS. In the interim, they're running Vyatta 6.6 (last version prior to the sale to Brocade). It's an internal router without any external interfaces, but would still prefer its version of bash to be patched.

Updating the system with sudo apt-get update results in these errors. Presumably Brocade has made these old repos unavailable now:

W: Failed to fetch http://packages.vyatta.com/vyatta/dists/stable/Release.gpg Could not connect to packages.vyatta.com:80 (144.49.164.21). – connect (110: Connection timed out)

W: Failed to fetch http://packages.vyatta.com/vyatta/dists/stable/main/i18n/Translation-en.gz  Unable to connect to packages.vyatta.com:http:

W: Failed to fetch http://packages.vyatta.com/vyatta/dists/stable/main/binary-i386/Packages.gz Unable to connect to packages.vyatta.com:http:

The documentation lists the following steps to install the Debian Squeeze repos:

$ configure
$ set system package repository squeeze components 'main contrib non-free'
$ set system package repository squeeze distribution 'squeeze'
$ set system package repository squeeze url 'http://mirrors.kernel.org/debian'
$ commit
$ save
$ exit

But then when I try updating with sudo apt-get upgrade bash, it says

bash is already the newest version

I tried squeeze-backports and squeeze-ltr, same result.

Anyone know of an alternative way to update bash in these pre-Brocade Vyatta boxes?

Ruben Schade
  • 107
  • 2
  • 8
  • Researching further, looks like Vyatta runs its own version of bash called vbash, which is vulnerable to Shellshock. Need to figure out how to update this then. – Ruben Schade Oct 24 '14 at 04:16

1 Answers1

0

I found this and it works: http://qiita.com/Yaggytter/items/f603511ab0c67d415b21

commands:

sudo dpkg-divert --remove /bin/sh
sudo dpkg-divert --remove /usr/share/man/man1/sh.1.gz
sudo dpkg-divert --package dash --divert /bin/sh.distrib --add /bin/sh
sudo dpkg-divert --package dash --divert /usr/share/man/man1/sh.distrib.1.gz  --add /usr/share/man/man1/sh.1.gz

configure
set system package repository squeeze components 'main'
set system package repository squeeze distribution 'squeeze'
set system package repository squeeze url 'http://ftp.jp.debian.org/debian/'
set system package repository squeezeupdates components 'main'
set system package repository squeezeupdates distribution 'squeeze/updates'
set system package repository squeezeupdates url 'http://security.debian.org/'
set system package repository squeeze-updates components 'main'
set system package repository squeeze-updates distribution 'squeeze-updates'
set system package repository squeeze-updates url 'http://ftp.us.debian.org/debian/'
set system package repository squeeze-lts url http://ftp.jp.debian.org/debian/
set system package repository squeeze-lts distribution squeeze-lts
set system package repository squeeze-lts components 'main contrib non-free'
commit
save
exit
sudo aptitude update
sudo aptitude install bash

though Im sure the ftps can be changed to us if thats where you are.

This removes vbash and installs the debian squeeze version.

J.Milliscone
  • 26
  • 3
  • For future reference, I've been told YMMV when replacing vbash. This solution does work to address immediate issue though, and I haven't had any problems. Thanks :) – Ruben Schade May 20 '15 at 04:38