Package: apt
Version: 1.0.9.8.1
Followup-For: Bug #788865
Dear Maintainer,
apologies for the incomplete first report, I accidentally hit "continue" too
early.
Here's the missing part:
When apt-get update is called while the network connection is temporarily down,
pinning is no longer respected.
This leads to a situation, where a subsequent apt-get dist-upgrade tries (and
actually does, in case the network connection was re-established in the
meantime) to perform unwanted upgrades.
This may be a serious problem on systems where apt-get update is run from
within a cron job without user interaction, this can easily lead to installing
unwanted packages from backports, or even worse testing or experimental if
these are in the sources.list.
The session I inserted below shows the problem by the difference in the output
of apt-cache policy for the "stress" package:
# apt-cache policy stress
stress:
Installed: 1.0.1-1
Candidate: 1.0.1-1
Version table:
1.0.4-1~bpo8+1 0
100 http://ftp.de.debian.org/debian/ jessie-backports/main amd64
Packages
*** 1.0.1-1 0
500 http://ftp.de.debian.org/debian/ jessie/main amd64 Packages
100 /var/lib/dpkg/status
# ifdown eth0
Killed old client process
(...)
DHCPRELEASE on eth0 to 192.168.178.1 port 67
# apt-get update
Err http://ftp.de.debian.org jessie InRelease
(...)
W: Some index files failed to download. They have been ignored, or old ones
used instead.
# apt-cache policy stress
stress:
Installed: 1.0.1-1
Candidate: 1.0.4-1~bpo8+1
Version table:
1.0.4-1~bpo8+1 0
500 http://ftp.de.debian.org/debian/ jessie-backports/main amd64
Packages
*** 1.0.1-1 0
500 http://ftp.de.debian.org/debian/ jessie/main amd64 Packages
100 /var/lib/dpkg/status
# ifup eth0
Internet Systems Consortium DHCP Client 4.3.1
(...)
bound to 192.168.178.30 -- renewal in 431273 seconds.
# apt-get update
Get:1 http://security.debian.org jessie/updates InRelease [63.1 kB]
(...)
Reading package lists... Done
# apt-cache policy stress
stress:
Installed: 1.0.1-1
Candidate: 1.0.1-1
Version table:
1.0.4-1~bpo8+1 0
100 http://ftp.de.debian.org/debian/ jessie-backports/main amd64
Packages
*** 1.0.1-1 0
500 http://ftp.de.debian.org/debian/ jessie/main amd64 Packages
100 /var/lib/dpkg/status
The following shows the difference with dist-upgrade:
# apt-get dist-upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... The following packages were automatically installed and
are no longer required:
crda dns-root-data dnsmasq-base gdebi-core iw libjansson4 libjim0.75 libmbim-
glib4 libmbim-proxy libndp0 libqmi-glib1 libqmi-proxy libteamdctl0 libxnvctrl0
usb-modeswitch usb-modeswitch-data wireless-regdb
Use 'apt-get autoremove' to remove them.
Done
The following packages will be upgraded:
libpq5 p7zip p7zip-full
3 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 1364 kB of archives.
After this operation, 135 kB disk space will be freed.
Do you want to continue? [Y/n] n
Abort.
# ifdown eth0
Killed old client process
(...)
# apt-get update
Err http://ftp.de.debian.org jessie InRelease
W: Some index files failed to download. They have been ignored, or old ones
used instead.
# apt-get dist-upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... The following packages were automatically installed and
are no longer required:
crda dns-root-data dnsmasq-base gdebi-core iw libcmis-0.4-4 libjansson4
libjim0.75 libmbim-glib4 libmbim-proxy libmwaw-0.3-3 libndp0 libqmi-glib1
libqmi-proxy
libteamdctl0 libxnvctrl0 usb-modeswitch usb-modeswitch-data wireless-regdb
Use 'apt-get autoremove' to remove them.
Done
The following packages will be REMOVED:
python-uno
The following NEW packages will be installed:
libpagemaker-0.0-0 python-enum34 python3-uno
The following packages will be upgraded:
fonts-opensymbol libnet-dbus-perl libpq5 libreoffice-avmedia-backend-
gstreamer libreoffice-base libreoffice-base-core libreoffice-base-drivers
libreoffice-calc libreoffice-common libreoffice-core libreoffice-draw
libreoffice-help-de libreoffice-impress libreoffice-java-common libreoffice-
l10n-de
libreoffice-math libreoffice-script-provider-js libreoffice-sdbc-firebird
libreoffice-sdbc-hsqldb libreoffice-style-crystal libreoffice-style-galaxy
libreoffice-style-oxygen libreoffice-style-tango libreoffice-writer lintian
p7zip p7zip-full python-cryptography python-six python3-six stress
supertuxkart-data uno-libs3 ure
34 upgraded, 3 newly installed, 1 to remove and 0 not upgraded.
Need to get 479 MB of archives.
After this operation, 216 MB of additional disk space will be used.
Do you want to continue? [Y/n] n
Abort.
# ifup eth0
Internet Systems Consortium DHCP Client 4.3.1
(...)
bound to 192.168.178.30 -- renewal in 385940 seconds.
# apt-get update
Hit http://debian.mxchange.org stable InRelease
(...)
Reading package lists... Done
# apt-get dist-upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... The following packages were automatically installed and
are no longer required:
crda dns-root-data dnsmasq-base gdebi-core iw libjansson4 libjim0.75 libmbim-
glib4 libmbim-proxy libndp0 libqmi-glib1 libqmi-proxy libteamdctl0 libxnvctrl0
usb-modeswitch usb-modeswitch-data wireless-regdb
Use 'apt-get autoremove' to remove them.
Done
The following packages will be upgraded:
libpq5 p7zip p7zip-full
3 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 1364 kB of archives.
After this operation, 135 kB disk space will be freed.
Do you want to continue? [Y/n] n
Abort.
-- Package-specific info:
-- (/etc/apt/preferences present, but not submitted) --
-- (/etc/apt/sources.list present, but not submitted) --
-- System Information:
Debian Release: 8.1
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500,
'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)
Versions of packages apt depends on:
ii debian-archive-keyring 2014.3
ii gnupg 1.4.18-7
ii libapt-pkg4.12 1.0.9.8.1
ii libc6 2.19-18
ii libgcc1 1:4.9.2-10
ii libstdc++6 4.9.2-10
apt recommends no packages.
Versions of packages apt suggests:
pn apt-doc <none>
ii aptitude 0.6.11-1+b1
ii dpkg-dev 1.17.25
ii python-apt 0.9.3.11
ii synaptic 0.81.2
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
