[Bug 1847496] Re: [trusty] policy not always initialized when building depcache

Mathew Hodson mathew.hodson at gmail.com
Sat Oct 12 01:30:19 UTC 2019 

Already fixed upstream and in Ubuntu since Utopic.

** Bug watch added: Debian Bug tracker #753297
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753297

** Also affects: apt (Debian) via
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753297
   Importance: Unknown
       Status: Unknown

** Changed in: apt (Ubuntu)
   Importance: Undecided => Medium

** Changed in: apt (Ubuntu)
       Status: Invalid => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1847496

Title:
  [trusty] policy not always initialized when building depcache

Status in apt package in Ubuntu:
  Fix Released
Status in apt source package in Trusty:
  Fix Committed
Status in apt package in Debian:
  Unknown

Bug description:
  [Impact]
  apt in trusty does not always initialize the policy before constructing the depcache. This means that if you access the depcache, it does not respect pinning when calculating upgrades.

  This is not a general problem - according to current knowledge, it
  only affects apt list. It does affect any code that requests a
  depCache from pkgCacheFile without having explicitly build caches, or
  explicitly initialized policy (which other parts of apt do).

  
  [Test case]

  1. Add deb https://esm.ubuntu.com/ubuntu/ trusty-infra-security main to sources.list
  2. Pin it down

  Package: *
  Pin: release trusty-infra-security
  Pin-Priority: -1

  3. Look at apt list apport

  Currently it shows:

  apport/trusty-updates,trusty-security,now 2.14.1-0ubuntu3.29 all
  [installed,upgradable to: 2.14.1-0ubuntu3.29]

  because when calculating whether the package is upgradable, it did not
  see the pinning.

  Correct would be:

  apport/trusty-updates,trusty-security,now 2.14.1-0ubuntu3.29 all
  [installed]

  [Regression potential]
  Behavior of code that only initializes depcache, but not policy will change. For example, pinning will be applied in such code (as it is in later versions, and should be). This adds some more error cases as well, such as parsing failures for preferences files.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1847496/+subscriptions

More information about the foundations-bugs mailing list