group.of.nepali.translators team mailing list archive

Thread
Date

[Bug 1624641] Re: security updates with a new dependency don't get installed

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Brian Murray <brian@xxxxxxxxxx>
Date: Mon, 07 Nov 2016 21:09:55 -0000
Reply-to: Bug 1624641 <1624641@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

I've reuploaded this to the Yakkety queue for review as the patch was
not properly applied to the package because the package's source format
was native not quilt.  The new upload does not use quilt and just
modifies the file directly.

** Changed in: unattended-upgrades (Ubuntu Yakkety)
       Status: Fix Released => In Progress

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1624641

Title:
  security updates with a new dependency don't get installed

Status in unattended-upgrades package in Ubuntu:
  Fix Released
Status in unattended-upgrades source package in Xenial:
  Fix Released
Status in unattended-upgrades source package in Yakkety:
  In Progress

Bug description:
  Test Case
  ---------
  1) Boot a xenial system w/o chromium browser and w/o libspeechd2 installed
  2) Install the release version of chromium browser e.g. "sudo apt-get install chromium-browser=49.0.2623.108-0ubuntu1.1233 chromium-browser-l10n=49.0.2623.108-0ubuntu1.1233 chromium-codecs-ffmpeg-extra=49.0.2623.108-0ubuntu1.1233"
  3) Run apt-get update if you didn't already
  4) Run "sudo /usr/bin/unattended-upgrades -v -d"
  5) Observe the following output "Checking: chromium-browser ([<Origin component:'universe' archive:'xenial-updates' origin:'Ubuntu' label:'Ubuntu' site:'192.168.10.7' isTrusted:True>, <Origin component:'universe' archive:'xenial-security' origin:'Ubuntu' label:'Ubuntu' site:'192.168.10.7' isTrusted:True>])
  pkg 'libspeechd2' not in allowed origin
  sanity check failed"

  With the version of unattended-upgrades from -proposed libspeechd2
  should be from an allowed origin and chromium-browser will get
  updated.

  Regression Potential
  --------------------
  This change modifies the behavior of unattended-upgrades such that new packages will be installed on a user's system and they may not except such behavior (e.g. why was libspeechd2 insalled?).  However, this seems better than not installing security updates and leaving people's systems vulnerable to attack.

  Original Description
  --------------------
  E.g. chromium-browser has an update, but U-U does not update it. I saw in update-manager that the security update is available before running U-U. Afterwards I can install the update by update-manager.

  ProblemType: BugDistroRelease: Ubuntu 16.04
  Package: unattended-upgrades 0.90
  ProcVersionSignature: Ubuntu 4.4.0-36.55-generic 4.4.16
  Uname: Linux 4.4.0-36-generic i686
  ApportVersion: 2.20.1-0ubuntu2.1
  Architecture: i386
  CurrentDesktop: XFCE
  Date: Sat Sep 17 11:13:40 2016
  InstallationDate: Installed on 2016-09-05 (11 days ago)
  InstallationMedia: Mythbuntu 16.04.1 LTS "Xenial Xerus" - Release i386 (20160719)
  PackageArchitecture: allSourcePackage: unattended-upgrades
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/1624641/+subscriptions