[Bug 1781176] Re: Blacklisted packages are included in the "upgradable origin", while they should not

Brian Murray brian at ubuntu.com
Mon Dec 3 19:19:56 UTC 2018 

Hello Balint, or anyone else affected,

Accepted unattended-upgrades into xenial-proposed. The package will
build now and be available at https://launchpad.net/ubuntu/+source
/unattended-upgrades/1.1ubuntu1.18.04.7~16.04.0 in a few hours, and then
in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed.  Your feedback will aid us getting this
update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested and change the tag from
verification-needed-xenial to verification-done-xenial. If it does not
fix the bug for you, please add a comment stating that, and change the
tag to verification-failed-xenial. In either case, without details of
your testing we will not be able to proceed.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance for helping!

N.B. The updated package will be released to -updates after the bug(s)
fixed by this package have been verified and the package has been in
-proposed for a minimum of 7 days.

** Changed in: unattended-upgrades (Ubuntu Xenial)
       Status: New => Fix Committed

** Tags removed: verification-failed
** Tags added: verification-needed verification-needed-xenial

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to unattended-upgrades in Ubuntu.
https://bugs.launchpad.net/bugs/1781176

Title:
  Blacklisted packages are included in the "upgradable origin", while
  they should not

Status in unattended-upgrades:
  Fix Released
Status in unattended-upgrades package in Ubuntu:
  Fix Released
Status in unattended-upgrades source package in Xenial:
  Fix Committed
Status in unattended-upgrades source package in Bionic:
  Fix Released

Bug description:
  [Impact]

   * Reports from u-u incorrectly list packages from non-upgradable
  origins as "Packages with upgradable origin but kept back"

   * Listing the packages incorrectly is a result of
  is_pkgname_in_blacklist() having a side effect and removing the side
  effect is part of fixing LP: #1396787 which fix is also being SRU-d.

   * The fix is removing the side effect of is_pkgname_in_blacklist()

  [Test Case]

   * There is a build-time test in test/test_blacklisted_wrong_origin.py
   * To reproduce the original problem set up a system where all security updates are installed but ebtables (from bionic-updates) is not updated:
  $ sudo unattended-upgrade  --verbose
  Initial blacklisted packages:
  Initial whitelisted packages:
  Starting unattended upgrades script
  Allowed origins are: o=Ubuntu,a=bionic, o=Ubuntu,a=bionic-security, o=UbuntuESM,a=bionic
  No packages found that can be upgraded unattended and no pending auto-removals
  $ sudo apt upgrade
  Reading package lists... Done
  Building dependency tree
  Reading state information... Done
  Calculating upgrade... Done
  The following packages will be upgraded:
    apt apt-utils ebtables initramfs-tools initramfs-tools-bin initramfs-tools-core libapt-inst2.0 libapt-pkg5.0
    liblxc-common liblxc1 libpython3-stdlib lxcfs lxd lxd-client netplan.io networkd-dispatcher nplan
    python-apt-common python3 python3-apt python3-minimal python3-update-manager snapd squashfs-tools
    unattended-upgrades update-manager-core update-notifier-common
  27 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
  Need to get 24.1 MB of archives.
  After this operation, 1454 kB of additional disk space will be used.
  Do you want to continue? [Y/n] n
  Abort.

  * blacklist ebtables, set up emails from u-u, then run u-u again:
  $ sudo echo 'Unattended-Upgrade::Package-Blacklist {"ebtables";};' > /etc/apt/apt.conf.d/51unattended-upgrades-blacklist-ebtables
  $ sudo echo 'Unattended-Upgrade::Mail "root";' > /etc/apt/apt.conf.d/51unattended-upgrades-mail
  $ sudo unattended-upgrade  --verbose
  Initial blacklisted packages: ebtables
  Initial whitelisted packages:
  Starting unattended upgrades script
  Allowed origins are: o=Ubuntu,a=bionic, o=Ubuntu,a=bionic-security, o=UbuntuESM,a=bionic
  Packages that will be upgraded:

  * Observe ebtables listed as being kept back and having upgradable origin with buggy u-u:
  $ sudo cat /var/mail/mail
  ...
  Packages with upgradable origin but kept back:
   ebtables=20
  ...

  * Upgrade u-u to a fixed version and run it, observing ebtables to be
  not listed as having upgradable origin

  [Regression Potential]

   * Regressions may make packages incorrectly missing from u-u's
  report, but the autopkgtests also cover that to some extent.

  [Other Info]

   * Original report: https://github.com/mvo5/unattended-
  upgrades/issues/116

To manage notifications about this bug go to:
https://bugs.launchpad.net/unattended-upgrades/+bug/1781176/+subscriptions

More information about the foundations-bugs mailing list