Updating a Debian package with a new upstream release

Sometimes, but not often, it’s necessary on a Debian system to install a newer version of a package then the stable APT-repositories or even Debian Backports can offer. Figuring out how to correctly compile a package and it’s dependencies to fit your system can be a hard chore. Wouldn’t it be nice to be able to update the Debian package to a newer upstream release whilst preserving the work of the package maintainer? Uupdate to the rescue!

Scenario

I personally came across this problem when I needed a newer (expiremental) version of Pound, a HTTPS front-end / loadbalancer. Debian Wheezy includes version 2.6-2, but due to a lack of Subject Alternate Names (SAN) support I needed at least version 2.7a (according to the Pound changelogs). Also the Qualys SSL server test indicated a vulnarability to CRIME attacks – which newer versions of Pound have fixed by disabling TLS compression. Okay so I digress..

Uupdating the package

Taking the above scenario as an example, here is a great method of updating a package to a newer upstream version while still keeping it maintainable within your Debian system using the normal apt/aptitude tools:

First get the latest version from upstream

$ cd ~
$ wget http://www.apsis.ch/pound/Pound-2.7c.tgz

Next install the needed dependencies

$ sudo apt-get install devscripts
$ sudo apt-get build-dep pound
$ sudo apt-get source pound

Then copy and update the debian version of pound onto the new version using uupdate

$ cd pound-2.6
$ uupdate ../Pound-2.7c.tgz -v 2.7c

Build a new package using dpkg-buildpackage

$ cd ../pound-2.7c
$ dpkg-buildpackage -us -uc -nc

Finally install the new package to your system

$ sudo dpkg -i ~/pound_2.7c-1_amd64.deb

The new version should be up and running

$ /usr/sbin/pound -V
Version 2.7c

It might not always work, depending on what changed in the newer version (maybe a dependency for example) especially if you skipped a lot of versions ahead. And also note that you won’t get security support for the newer version until it hits the Debian repository. So keep yourself notified of vulnerabilities and patches!

Thx a lot, this was very helpfull getting my A rating @ssllabs :)

Marko

Thank you! This has been a great help for me.

First attempt ended with:
dpkg-genchanges: error: cannot read ../pound_2.7-1.dsc: No such file or directory

So I copied the file from the debian package:
cp pound_2.6-6+deb8u1.dsc pound_2.7-1.dsc

apt-get build-dep pound
Reading package lists… Done
Building dependency tree
Reading state information… Done
E: You must put some ‘source’ URIs in your sources.list

How do I fix this? thanks!

It appears that your /etc/apt/sources.list is empty, is missing sources links. How did that happen? Depending on what Debian version your running this file should be populated with repository links, like such:

deb http://httpredir.debian.org/debian jessie main
deb-src http://httpredir.debian.org/debian jessie main

deb http://httpredir.debian.org/debian jessie-updates main
deb-src http://httpredir.debian.org/debian jessie-updates main

deb http://security.debian.org/ jessie/updates main
deb-src http://security.debian.org/ jessie/updates main

Add a remark