[Bug 1883082] Re: Crash when using Package-Whitelist-Strict

Brian Murray 1883082 at bugs.launchpad.net
Wed Jul 22 15:41:01 UTC 2020 

Hello Jose, or anyone else affected,

Accepted unattended-upgrades into focal-proposed. The package will build
now and be available at https://launchpad.net/ubuntu/+source/unattended-
upgrades/2.3ubuntu0.1 in a few hours, and then in the -proposed
repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed.  Your feedback will aid us getting this
update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, what testing has been
performed on the package and change the tag from verification-needed-
focal to verification-done-focal. If it does not fix the bug for you,
please add a comment stating that, and change the tag to verification-
failed-focal. In either case, without details of your testing we will
not be able to proceed.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance for helping!

N.B. The updated package will be released to -updates after the bug(s)
fixed by this package have been verified and the package has been in
-proposed for a minimum of 7 days.

** Changed in: unattended-upgrades (Ubuntu Focal)
       Status: New => Fix Committed

** Tags added: verification-needed verification-needed-focal

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to unattended-upgrades in Ubuntu.
https://bugs.launchpad.net/bugs/1883082

Title:
  Crash when using Package-Whitelist-Strict

Status in unattended-upgrades package in Ubuntu:
  Fix Released
Status in unattended-upgrades source package in Focal:
  Fix Committed

Bug description:
  [Impact]

   * Unattended-upgrades crashes when strict whitelist is enabled and
  there is an update available.

  [Test Case]

  Set up a system with at least one updated package available:

   $ lxc launch ubuntu:focal ff-uu-strict
   Creating ff-uu-strict
   Starting ff-uu-strict                       
   $ lxc shell ff-uu-strict 
   root at ff-uu-strict:~# apt update
   ...
   root at ff-uu-strict:~# apt list --upgradable 
   Listing... Done
   open-vm-tools/focal-updates 2:11.1.0-2~ubuntu20.04.1 amd64 [upgradable  from: 2:11.0.5-4]
   N: There is 1 additional version. Please use the '-a' switch to see it

  Set up strict whitelist not covering the package:

   root at ff-uu-strict:~# echo 'Unattended-Upgrade::Package-Whitelist-Strict "true";' > /etc/apt/apt.conf.d/51unattended-upgrades-whitelist
   root at ff-uu-strict:~# echo 'Unattended-Upgrade::Package-Whitelist {"foo";}' >> /etc/apt/apt.conf.d/51unattended-upgrades-whitelist

  Run unattended-upgrades:
   root at ff-uu-strict:~# unattended-upgrade 

  The fixed version does not crash here, the not fixed one does.

  
  [Regression Potential] 

  Minimal. The fix adds only one extra check to not crash dereferencing
  None.

  [Original Bug Text]

  
  Hi,

  I'm trying to use unattended-upgrades only with a few packages from a
  list; to do that I tried this simple /etc/apt/apt.conf.d/51local-ua
  file:

  root at focal-ua:~# cat /etc/apt/apt.conf.d/51local-ua
  Unattended-Upgrade::Package-Whitelist-Strict "true";
  Unattended-Upgrade::Package-Whitelist {
  "firefox";
  "bash";
  "openssh-server";
  }

  When running unattended-upgrades in dry run mode I get this crash:

  root at focal-ua:~# unattended-upgrade --debug --dry-run
  Running on the development release
  Starting unattended upgrades script
  Allowed origins are: o=Ubuntu,a=focal, o=Ubuntu,a=focal-security, o=UbuntuESMApps,a=focal-apps-security, o=UbuntuESM,a=focal-infra-security, o=UbuntuESM,a=focal-security
  Initial blacklist:
  Initial whitelist (strict): firefox bash openssh-server
  Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_focal-backports_universe_i18n_Translation-en'  a=focal-backports,c=universe,v=20.04,o=Ubuntu,l=Ubuntu arch='' site='archive.ubuntu.com' IndexType='Debian Translation Index' Size=2895 ID:17> with -32768 pin
  Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_focal-backports_universe_binary-amd64_Packages'  a=focal-backports,c=universe,v=20.04,o=Ubuntu,l=Ubuntu arch='amd64' site='archive.ubuntu.com' IndexType='Debian Package Index' Size=11575 ID:16> with -32768 pin
  Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_focal-updates_multiverse_i18n_Translation-en'  a=focal-updates,c=multiverse,v=20.04,o=Ubuntu,l=Ubuntu arch='' site='archive.ubuntu.com' IndexType='Debian Translation Index' Size=783 ID:15> with -32768 pin
  Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_focal-updates_multiverse_binary-amd64_Packages'  a=focal-updates,c=multiverse,v=20.04,o=Ubuntu,l=Ubuntu arch='amd64' site='archive.ubuntu.com' IndexType='Debian Package Index' Size=2025 ID:14> with -32768 pin
  Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_focal-updates_universe_i18n_Translation-en'  a=focal-updates,c=universe,v=20.04,o=Ubuntu,l=Ubuntu arch='' site='archive.ubuntu.com' IndexType='Debian Translation Index' Size=297335 ID:13> with -32768 pin
  Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_focal-updates_universe_binary-amd64_Packages'  a=focal-updates,c=universe,v=20.04,o=Ubuntu,l=Ubuntu arch='amd64' site='archive.ubuntu.com' IndexType='Debian Package Index' Size=658122 ID:12> with -32768 pin
  Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_focal-updates_restricted_i18n_Translation-en'  a=focal-updates,c=restricted,v=20.04,o=Ubuntu,l=Ubuntu arch='' site='archive.ubuntu.com' IndexType='Debian Translation Index' Size=34222 ID:11> with -32768 pin
  Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_focal-updates_restricted_binary-amd64_Packages'  a=focal-updates,c=restricted,v=20.04,o=Ubuntu,l=Ubuntu arch='amd64' site='archive.ubuntu.com' IndexType='Debian Package Index' Size=76674 ID:10> with -32768 pin
  Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_focal-updates_main_i18n_Translation-en'  a=focal-updates,c=main,v=20.04,o=Ubuntu,l=Ubuntu arch='' site='archive.ubuntu.com' IndexType='Debian Translation Index' Size=660043 ID:9> with -32768 pin
  Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_focal-updates_main_binary-amd64_Packages'  a=focal-updates,c=main,v=20.04,o=Ubuntu,l=Ubuntu arch='amd64' site='archive.ubuntu.com' IndexType='Debian Package Index' Size=1198660 ID:8> with -32768 pin
  An error occurred: '>' not supported between instances of 'apt_pkg.Version' and 'int'
  Traceback (most recent call last):
    File "/usr/bin/unattended-upgrade", line 1983, in main
      res = run(options, rootdir, mem_log, logfile_dpkg,
    File "/usr/bin/unattended-upgrade", line 2124, in run
      cache = UnattendedUpgradesCache(rootdir=rootdir)
    File "/usr/bin/unattended-upgrade", line 171, in __init__
      apt.Cache.__init__(self, rootdir=rootdir)
    File "/usr/lib/python3/dist-packages/apt/cache.py", line 170, in __init__
      self.open(progress)
    File "/usr/bin/unattended-upgrade", line 330, in open
      self.apply_pinning(self.pinning_from_config())
    File "/usr/bin/unattended-upgrade", line 302, in pinning_from_config
      and policy.get_candidate_ver(pkg) > -1:  # type: ignore
  TypeError: '>' not supported between instances of 'apt_pkg.Version' and 'int'
  Extracting content from /var/log/unattended-upgrades/unattended-upgrades-dpkg.log since 2020-06-11 09:38:25
  Traceback (most recent call last):
    File "/usr/bin/unattended-upgrade", line 2512, in <module>
      sys.exit(main(options))
    File "/usr/bin/unattended-upgrade", line 1983, in main
      res = run(options, rootdir, mem_log, logfile_dpkg,
    File "/usr/bin/unattended-upgrade", line 2124, in run
      cache = UnattendedUpgradesCache(rootdir=rootdir)
    File "/usr/bin/unattended-upgrade", line 171, in __init__
      apt.Cache.__init__(self, rootdir=rootdir)
    File "/usr/lib/python3/dist-packages/apt/cache.py", line 170, in __init__
      self.open(progress)
    File "/usr/bin/unattended-upgrade", line 330, in open
      self.apply_pinning(self.pinning_from_config())
    File "/usr/bin/unattended-upgrade", line 302, in pinning_from_config
      and policy.get_candidate_ver(pkg) > -1:  # type: ignore
  TypeError: '>' not supported between instances of 'apt_pkg.Version' and 'int'

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/1883082/+subscriptions

More information about the foundations-bugs mailing list