search

mvo5 / unattended-upgrades

Automatic installation of security upgrades on apt based systems
GNU General Public License v2.0
286 stars 77 forks source link

Not only latest candidate should be checked but every newer than currently installed, v0.90 #127

Open zerkms opened 6 years ago

zerkms commented 6 years ago

I'm not sure this is the right place to post, but it's still better to post it somewhere :-)

@rbalint, I know you told

i'm backporting it to bionic and xenial is not affected. When bionic's u-u gets backported to xenial this patch will be carried, too.

but today I discovered that the latest available xenial package 0.90ubuntu0.9 is actually affected by the same problem.

Details:

# unattended-upgrade -d -v
Initial blacklisted packages: haproxy linux-aws linux-virtual linux-generic mongodb nginx pgbouncer php.*fpm postgresql rabbitmq redis supervisor
Initial whitelisted packages: 
Starting unattended upgrades script
Allowed origins are: ['o=Ubuntu,a=xenial-security']
adjusting candidate version: 'apparmor=2.10.95-0ubuntu2.6'
adjusting candidate version: 'apt=1.2.15ubuntu0.2'
adjusting candidate version: 'apt-transport-https=1.2.15ubuntu0.2'
adjusting candidate version: 'apt-utils=1.2.15ubuntu0.2'
adjusting candidate version: 'isc-dhcp-client=4.3.3-5ubuntu12.9'
adjusting candidate version: 'isc-dhcp-common=4.3.3-5ubuntu12.9'
adjusting candidate version: 'libapparmor-perl=2.10.95-0ubuntu2.6'
adjusting candidate version: 'libapparmor1=2.10.95-0ubuntu2.6'
adjusting candidate version: 'libapt-inst2.0=1.2.15ubuntu0.2'
adjusting candidate version: 'libapt-pkg5.0=1.2.15ubuntu0.2'
adjusting candidate version: 'libldap-2.4-2=2.4.42+dfsg-2ubuntu3.2'
adjusting candidate version: 'libpam-systemd=229-4ubuntu21.1'
adjusting candidate version: 'libpq5=9.5.12-0ubuntu0.16.04'
adjusting candidate version: 'libpython2.7-minimal=2.7.12-1ubuntu0~16.04.2'
adjusting candidate version: 'libpython2.7-stdlib=2.7.12-1ubuntu0~16.04.2'
adjusting candidate version: 'libsystemd0=229-4ubuntu21.1'
adjusting candidate version: 'libudev1=229-4ubuntu21.1'
adjusting candidate version: 'lxd=2.0.2-0ubuntu1~16.04.1'
adjusting candidate version: 'lxd-client=2.0.2-0ubuntu1~16.04.1'
adjusting candidate version: 'postgresql-9.5=9.5.12-0ubuntu0.16.04'
adjusting candidate version: 'postgresql-client-9.5=9.5.12-0ubuntu0.16.04'
adjusting candidate version: 'postgresql-contrib-9.5=9.5.12-0ubuntu0.16.04'
adjusting candidate version: 'python2.7=2.7.12-1ubuntu0~16.04.2'
adjusting candidate version: 'python2.7-minimal=2.7.12-1ubuntu0~16.04.2'
adjusting candidate version: 'python3-cryptography=1.2.3-1ubuntu0.1'
adjusting candidate version: 'python3-update-manager=1:16.04.12'
adjusting candidate version: 'systemd=229-4ubuntu21.1'
adjusting candidate version: 'systemd-sysv=229-4ubuntu21.1'
adjusting candidate version: 'ubuntu-core-launcher=1.0.27.1'
adjusting candidate version: 'udev=229-4ubuntu21.1'
adjusting candidate version: 'unattended-upgrades=0.90ubuntu0.1'
adjusting candidate version: 'update-manager-core=1:16.04.12'
adjusting candidate version: 'update-notifier-common=3.168.7'
Checking: base-files ([<Origin component:'main' archive:'xenial-updates' origin:'Ubuntu' label:'Ubuntu' site:'ubuntu.mirror.wialus.co.nz' isTrusted:True>])
Checking: bsdutils ([<Origin component:'main' archive:'xenial-updates' origin:'Ubuntu' label:'Ubuntu' site:'ubuntu.mirror.wialus.co.nz' isTrusted:True>])
Checking: certbot ([<Origin component:'main' archive:'xenial' origin:'LP-PPA-certbot-certbot' label:'Certbot PPA' site:'ppa.launchpad.net' isTrusted:True>])
Checking: cloud-guest-utils ([<Origin component:'main' archive:'xenial-updates' origin:'Ubuntu' label:'Ubuntu' site:'ubuntu.mirror.wialus.co.nz' isTrusted:True>])
Checking: cloud-init ([<Origin component:'main' archive:'xenial-updates' origin:'Ubuntu' label:'Ubuntu' site:'ubuntu.mirror.wialus.co.nz' isTrusted:True>])
Checking: cloud-initramfs-copymods ([<Origin component:'main' archive:'xenial-updates' origin:'Ubuntu' label:'Ubuntu' site:'ubuntu.mirror.wialus.co.nz' isTrusted:True>])
Checking: cloud-initramfs-dyn-netconf ([<Origin component:'main' archive:'xenial-updates' origin:'Ubuntu' label:'Ubuntu' site:'ubuntu.mirror.wialus.co.nz' isTrusted:True>])
Checking: console-setup ([<Origin component:'main' archive:'xenial-updates' origin:'Ubuntu' label:'Ubuntu' site:'ubuntu.mirror.wialus.co.nz' isTrusted:True>])
Checking: console-setup-linux ([<Origin component:'main' archive:'xenial-updates' origin:'Ubuntu' label:'Ubuntu' site:'ubuntu.mirror.wialus.co.nz' isTrusted:True>])
Checking: dpkg ([<Origin component:'main' archive:'xenial-updates' origin:'Ubuntu' label:'Ubuntu' site:'ubuntu.mirror.wialus.co.nz' isTrusted:True>])
Checking: friendly-recovery ([<Origin component:'main' archive:'xenial-updates' origin:'Ubuntu' label:'Ubuntu' site:'ubuntu.mirror.wialus.co.nz' isTrusted:True>])
Checking: hdparm ([<Origin component:'main' archive:'xenial-updates' origin:'Ubuntu' label:'Ubuntu' site:'ubuntu.mirror.wialus.co.nz' isTrusted:True>])
Checking: ifupdown ([<Origin component:'main' archive:'xenial-updates' origin:'Ubuntu' label:'Ubuntu' site:'ubuntu.mirror.wialus.co.nz' isTrusted:True>])
Checking: initramfs-tools ([<Origin component:'main' archive:'xenial-updates' origin:'Ubuntu' label:'Ubuntu' site:'ubuntu.mirror.wialus.co.nz' isTrusted:True>])
Checking: initramfs-tools-bin ([<Origin component:'main' archive:'xenial-updates' origin:'Ubuntu' label:'Ubuntu' site:'ubuntu.mirror.wialus.co.nz' isTrusted:True>])
Checking: initramfs-tools-core ([<Origin component:'main' archive:'xenial-updates' origin:'Ubuntu' label:'Ubuntu' site:'ubuntu.mirror.wialus.co.nz' isTrusted:True>])
Checking: iproute2 ([<Origin component:'main' archive:'xenial-updates' origin:'Ubuntu' label:'Ubuntu' site:'ubuntu.mirror.wialus.co.nz' isTrusted:True>])
Checking: keyboard-configuration ([<Origin component:'main' archive:'xenial-updates' origin:'Ubuntu' label:'Ubuntu' site:'ubuntu.mirror.wialus.co.nz' isTrusted:True>])
Checking: libaudit-common ([<Origin component:'main' archive:'xenial-updates' origin:'Ubuntu' label:'Ubuntu' site:'ubuntu.mirror.wialus.co.nz' isTrusted:True>])
Checking: libaudit1 ([<Origin component:'main' archive:'xenial-updates' origin:'Ubuntu' label:'Ubuntu' site:'ubuntu.mirror.wialus.co.nz' isTrusted:True>])
Checking: libblkid1 ([<Origin component:'main' archive:'xenial-updates' origin:'Ubuntu' label:'Ubuntu' site:'ubuntu.mirror.wialus.co.nz' isTrusted:True>])
Checking: libdrm2 ([<Origin component:'main' archive:'xenial-updates' origin:'Ubuntu' label:'Ubuntu' site:'ubuntu.mirror.wialus.co.nz' isTrusted:True>])
Checking: libfdisk1 ([<Origin component:'main' archive:'xenial-updates' origin:'Ubuntu' label:'Ubuntu' site:'ubuntu.mirror.wialus.co.nz' isTrusted:True>])
Checking: libmount1 ([<Origin component:'main' archive:'xenial-updates' origin:'Ubuntu' label:'Ubuntu' site:'ubuntu.mirror.wialus.co.nz' isTrusted:True>])
Checking: libpam-modules ([<Origin component:'main' archive:'xenial-updates' origin:'Ubuntu' label:'Ubuntu' site:'ubuntu.mirror.wialus.co.nz' isTrusted:True>])
Checking: libpam-modules-bin ([<Origin component:'main' archive:'xenial-updates' origin:'Ubuntu' label:'Ubuntu' site:'ubuntu.mirror.wialus.co.nz' isTrusted:True>])
Checking: libpam-runtime ([<Origin component:'main' archive:'xenial-updates' origin:'Ubuntu' label:'Ubuntu' site:'ubuntu.mirror.wialus.co.nz' isTrusted:True>])
Checking: libpam0g ([<Origin component:'main' archive:'xenial-updates' origin:'Ubuntu' label:'Ubuntu' site:'ubuntu.mirror.wialus.co.nz' isTrusted:True>])
Checking: libparted2 ([<Origin component:'main' archive:'xenial-updates' origin:'Ubuntu' label:'Ubuntu' site:'ubuntu.mirror.wialus.co.nz' isTrusted:True>])
Checking: libpci3 ([<Origin component:'main' archive:'xenial-updates' origin:'Ubuntu' label:'Ubuntu' site:'ubuntu.mirror.wialus.co.nz' isTrusted:True>])
Checking: libplymouth4 ([<Origin component:'main' archive:'xenial-updates' origin:'Ubuntu' label:'Ubuntu' site:'ubuntu.mirror.wialus.co.nz' isTrusted:True>])
Checking: libpython-stdlib ([<Origin component:'main' archive:'xenial-updates' origin:'Ubuntu' label:'Ubuntu' site:'ubuntu.mirror.wialus.co.nz' isTrusted:True>])
Checking: libseccomp2 ([<Origin component:'main' archive:'xenial-updates' origin:'Ubuntu' label:'Ubuntu' site:'ubuntu.mirror.wialus.co.nz' isTrusted:True>])
Checking: libsmartcols1 ([<Origin component:'main' archive:'xenial-updates' origin:'Ubuntu' label:'Ubuntu' site:'ubuntu.mirror.wialus.co.nz' isTrusted:True>])
Checking: libuuid1 ([<Origin component:'main' archive:'xenial-updates' origin:'Ubuntu' label:'Ubuntu' site:'ubuntu.mirror.wialus.co.nz' isTrusted:True>])
Checking: lshw ([<Origin component:'main' archive:'xenial-updates' origin:'Ubuntu' label:'Ubuntu' site:'ubuntu.mirror.wialus.co.nz' isTrusted:True>])
Checking: mount ([<Origin component:'main' archive:'xenial-updates' origin:'Ubuntu' label:'Ubuntu' site:'ubuntu.mirror.wialus.co.nz' isTrusted:True>])
Checking: overlayroot ([<Origin component:'main' archive:'xenial-updates' origin:'Ubuntu' label:'Ubuntu' site:'ubuntu.mirror.wialus.co.nz' isTrusted:True>])
Checking: parted ([<Origin component:'main' archive:'xenial-updates' origin:'Ubuntu' label:'Ubuntu' site:'ubuntu.mirror.wialus.co.nz' isTrusted:True>])
Checking: pciutils ([<Origin component:'main' archive:'xenial-updates' origin:'Ubuntu' label:'Ubuntu' site:'ubuntu.mirror.wialus.co.nz' isTrusted:True>])
Checking: plymouth ([<Origin component:'main' archive:'xenial-updates' origin:'Ubuntu' label:'Ubuntu' site:'ubuntu.mirror.wialus.co.nz' isTrusted:True>])
Checking: plymouth-theme-ubuntu-text ([<Origin component:'main' archive:'xenial-updates' origin:'Ubuntu' label:'Ubuntu' site:'ubuntu.mirror.wialus.co.nz' isTrusted:True>])
Checking: postfix ([<Origin component:'main' archive:'xenial-updates' origin:'Ubuntu' label:'Ubuntu' site:'ubuntu.mirror.wialus.co.nz' isTrusted:True>])
Checking: postgresql-9.5 ([<Origin component:'main' archive:'xenial-security' origin:'Ubuntu' label:'Ubuntu' site:'ubuntu-security.mirror.wialus.co.nz' isTrusted:True>])
skipping blacklisted package 'postgresql-9.5'
Checking: postgresql-client-9.5 ([<Origin component:'main' archive:'xenial-security' origin:'Ubuntu' label:'Ubuntu' site:'ubuntu-security.mirror.wialus.co.nz' isTrusted:True>])
skipping blacklisted package 'postgresql-client-9.5'
Checking: postgresql-contrib-9.5 ([<Origin component:'main' archive:'xenial-security' origin:'Ubuntu' label:'Ubuntu' site:'ubuntu-security.mirror.wialus.co.nz' isTrusted:True>])
skipping blacklisted package 'postgresql-contrib-9.5'
Checking: python ([<Origin component:'main' archive:'xenial-updates' origin:'Ubuntu' label:'Ubuntu' site:'ubuntu.mirror.wialus.co.nz' isTrusted:True>])
Checking: python-acme ([<Origin component:'main' archive:'xenial' origin:'LP-PPA-certbot-certbot' label:'Certbot PPA' site:'ppa.launchpad.net' isTrusted:True>])
Checking: python-apt ([<Origin component:'main' archive:'xenial-updates' origin:'Ubuntu' label:'Ubuntu' site:'ubuntu.mirror.wialus.co.nz' isTrusted:True>])
Checking: python-apt-common ([<Origin component:'main' archive:'xenial-updates' origin:'Ubuntu' label:'Ubuntu' site:'ubuntu.mirror.wialus.co.nz' isTrusted:True>])
Checking: python-configobj ([<Origin component:'main' archive:'xenial' origin:'LP-PPA-certbot-certbot' label:'Certbot PPA' site:'ppa.launchpad.net' isTrusted:True>])
Checking: python-minimal ([<Origin component:'main' archive:'xenial-updates' origin:'Ubuntu' label:'Ubuntu' site:'ubuntu.mirror.wialus.co.nz' isTrusted:True>])
Checking: python-parsedatetime ([<Origin component:'main' archive:'xenial' origin:'LP-PPA-certbot-certbot' label:'Certbot PPA' site:'ppa.launchpad.net' isTrusted:True>])
Checking: python-zope.component ([<Origin component:'main' archive:'xenial' origin:'LP-PPA-certbot-certbot' label:'Certbot PPA' site:'ppa.launchpad.net' isTrusted:True>])
Checking: python-zope.hookable ([<Origin component:'main' archive:'xenial' origin:'LP-PPA-certbot-certbot' label:'Certbot PPA' site:'ppa.launchpad.net' isTrusted:True>])
Checking: python-zope.interface ([<Origin component:'main' archive:'xenial' origin:'LP-PPA-certbot-certbot' label:'Certbot PPA' site:'ppa.launchpad.net' isTrusted:True>])
Checking: python3-apt ([<Origin component:'main' archive:'xenial-updates' origin:'Ubuntu' label:'Ubuntu' site:'ubuntu.mirror.wialus.co.nz' isTrusted:True>])
Checking: python3-cffi-backend ([<Origin component:'main' archive:'xenial' origin:'LP-PPA-certbot-certbot' label:'Certbot PPA' site:'ppa.launchpad.net' isTrusted:True>])
Checking: python3-chardet ([<Origin component:'main' archive:'xenial' origin:'LP-PPA-certbot-certbot' label:'Certbot PPA' site:'ppa.launchpad.net' isTrusted:True>])
Checking: python3-configobj ([<Origin component:'main' archive:'xenial' origin:'LP-PPA-certbot-certbot' label:'Certbot PPA' site:'ppa.launchpad.net' isTrusted:True>])
Checking: python3-idna ([<Origin component:'main' archive:'xenial' origin:'LP-PPA-certbot-certbot' label:'Certbot PPA' site:'ppa.launchpad.net' isTrusted:True>])
Checking: python3-pkg-resources ([<Origin component:'main' archive:'xenial' origin:'LP-PPA-certbot-certbot' label:'Certbot PPA' site:'ppa.launchpad.net' isTrusted:True>])
Checking: python3-pyasn1 ([<Origin component:'main' archive:'xenial' origin:'LP-PPA-certbot-certbot' label:'Certbot PPA' site:'ppa.launchpad.net' isTrusted:True>])
Checking: python3-requests ([<Origin component:'main' archive:'xenial' origin:'LP-PPA-certbot-certbot' label:'Certbot PPA' site:'ppa.launchpad.net' isTrusted:True>])
Checking: python3-six ([<Origin component:'main' archive:'xenial' origin:'LP-PPA-certbot-certbot' label:'Certbot PPA' site:'ppa.launchpad.net' isTrusted:True>])
Checking: python3-urllib3 ([<Origin component:'main' archive:'xenial' origin:'LP-PPA-certbot-certbot' label:'Certbot PPA' site:'ppa.launchpad.net' isTrusted:True>])
Checking: resolvconf ([<Origin component:'main' archive:'xenial-updates' origin:'Ubuntu' label:'Ubuntu' site:'ubuntu.mirror.wialus.co.nz' isTrusted:True>])
Checking: snapd ([<Origin component:'main' archive:'xenial-updates' origin:'Ubuntu' label:'Ubuntu' site:'ubuntu.mirror.wialus.co.nz' isTrusted:True>])
Checking: sosreport ([<Origin component:'main' archive:'xenial-updates' origin:'Ubuntu' label:'Ubuntu' site:'ubuntu.mirror.wialus.co.nz' isTrusted:True>])
Checking: squashfs-tools ([<Origin component:'main' archive:'xenial-updates' origin:'Ubuntu' label:'Ubuntu' site:'ubuntu.mirror.wialus.co.nz' isTrusted:True>])
Checking: sysstat ([<Origin component:'main' archive:'xenial-updates' origin:'Ubuntu' label:'Ubuntu' site:'ubuntu.mirror.wialus.co.nz' isTrusted:True>])
Checking: util-linux ([<Origin component:'main' archive:'xenial-updates' origin:'Ubuntu' label:'Ubuntu' site:'ubuntu.mirror.wialus.co.nz' isTrusted:True>])
Checking: uuid-runtime ([<Origin component:'main' archive:'xenial-updates' origin:'Ubuntu' label:'Ubuntu' site:'ubuntu.mirror.wialus.co.nz' isTrusted:True>])
Checking: vlan ([<Origin component:'main' archive:'xenial-updates' origin:'Ubuntu' label:'Ubuntu' site:'ubuntu.mirror.wialus.co.nz' isTrusted:True>])
Checking: xdg-user-dirs ([<Origin component:'main' archive:'xenial-updates' origin:'Ubuntu' label:'Ubuntu' site:'ubuntu.mirror.wialus.co.nz' isTrusted:True>])
pkgs that look like they should be upgraded: 
Fetched 0 B in 0s (0 B/s)                                                                                                                                                                                           
fetch.run() result: 0
blacklist: ['haproxy', 'linux-aws', 'linux-virtual', 'linux-generic', 'mongodb', 'nginx', 'pgbouncer', 'php.*fpm', 'postgresql', 'rabbitmq', 'redis', 'supervisor']
whitelist: []
adjusting candidate version: 'apparmor=2.10.95-0ubuntu2.6'
adjusting candidate version: 'apt=1.2.15ubuntu0.2'
adjusting candidate version: 'apt-transport-https=1.2.15ubuntu0.2'
adjusting candidate version: 'apt-utils=1.2.15ubuntu0.2'
adjusting candidate version: 'isc-dhcp-client=4.3.3-5ubuntu12.9'
adjusting candidate version: 'isc-dhcp-common=4.3.3-5ubuntu12.9'
adjusting candidate version: 'libapparmor-perl=2.10.95-0ubuntu2.6'
adjusting candidate version: 'libapparmor1=2.10.95-0ubuntu2.6'
adjusting candidate version: 'libapt-inst2.0=1.2.15ubuntu0.2'
adjusting candidate version: 'libapt-pkg5.0=1.2.15ubuntu0.2'
adjusting candidate version: 'libldap-2.4-2=2.4.42+dfsg-2ubuntu3.2'
adjusting candidate version: 'libpam-systemd=229-4ubuntu21.1'
adjusting candidate version: 'libpq5=9.5.12-0ubuntu0.16.04'
adjusting candidate version: 'libpython2.7-minimal=2.7.12-1ubuntu0~16.04.2'
adjusting candidate version: 'libpython2.7-stdlib=2.7.12-1ubuntu0~16.04.2'
adjusting candidate version: 'libsystemd0=229-4ubuntu21.1'
adjusting candidate version: 'libudev1=229-4ubuntu21.1'
adjusting candidate version: 'lxd=2.0.2-0ubuntu1~16.04.1'
adjusting candidate version: 'lxd-client=2.0.2-0ubuntu1~16.04.1'
adjusting candidate version: 'postgresql-9.5=9.5.12-0ubuntu0.16.04'
adjusting candidate version: 'postgresql-client-9.5=9.5.12-0ubuntu0.16.04'
adjusting candidate version: 'postgresql-contrib-9.5=9.5.12-0ubuntu0.16.04'
adjusting candidate version: 'python2.7=2.7.12-1ubuntu0~16.04.2'
adjusting candidate version: 'python2.7-minimal=2.7.12-1ubuntu0~16.04.2'
adjusting candidate version: 'python3-cryptography=1.2.3-1ubuntu0.1'
adjusting candidate version: 'python3-update-manager=1:16.04.12'
adjusting candidate version: 'systemd=229-4ubuntu21.1'
adjusting candidate version: 'systemd-sysv=229-4ubuntu21.1'
adjusting candidate version: 'ubuntu-core-launcher=1.0.27.1'
adjusting candidate version: 'udev=229-4ubuntu21.1'
adjusting candidate version: 'unattended-upgrades=0.90ubuntu0.1'
adjusting candidate version: 'update-manager-core=1:16.04.12'
adjusting candidate version: 'update-notifier-common=3.168.7'
No packages found that can be upgraded unattended and no pending auto-removals
# apt-cache policy postgresql-9.5
postgresql-9.5:
  Installed: 9.5.11-0ubuntu0.16.04
  Candidate: 9.5.13-0ubuntu0.16.04
  Version table:
     9.5.13-0ubuntu0.16.04 500
        500 http://ubuntu.mirror.wialus.co.nz/ubuntu xenial-updates/main amd64 Packages
     9.5.12-0ubuntu0.16.04 500
        500 http://ubuntu-security.mirror.wialus.co.nz/ubuntu xenial-security/main amd64 Packages
 *** 9.5.11-0ubuntu0.16.04 100
        100 /var/lib/dpkg/status
     9.5.2-1 500
        500 http://ubuntu.mirror.wialus.co.nz/ubuntu xenial/main amd64 Packages

I'm not sure whether it's installation bug or reporting bug - but when unattended-upgrade was run without arguments it exited with status code 0, and stderr & stdout completely empty.

While I would expect either a report that a package was blacklisted, or a package actually installed.

rbalint commented 6 years ago

@zerkms Thanks, it will be fixed with the SRU, then.