The officially official Devuan Forum!

You are not logged in.

#26 2019-06-19 09:27:12

anonymous
Member
Registered: 2019-03-05
Posts: 7  

Re: [SOLVED] Security update delays

waiting for firefox-esr security update....

https://security-tracker.debian.org/tra … irefox-esr

stretch (security)    60.7.1esr-1~deb9u1

------------

devuan (64bit) in  apt policy firefox-esr  still has

ascii  60.7.0esr-1~deb9u1(candidate)  (edited -> 60.6.1esr-1~deb9u1)

refreshing...

Last edited by anonymous (2019-06-19 10:28:57)

Offline

#27 2019-06-19 11:58:29

fsmithred
Administrator
Registered: 2016-11-25
Posts: 1,571  

Re: [SOLVED] Security update delays

Adjusted the subject line again.
Reported the issue again.

Stay tuned...

fsr

Offline

#28 2019-06-19 13:14:12

Ogis1975
Member
Registered: 2017-04-21
Posts: 137  
Website

Re: [SOLVED] Security update delays

fsmithred wrote:

Here's the explanation that was posted on devuan-dev mailing list yesterday. (The script failed if there was a read timeout.)

Thanks for the answer.

Offline

#29 2019-06-24 22:25:40

pcalvert
Member
Registered: 2017-05-15
Posts: 75  

Re: [SOLVED] Security update delays

Update: The problem seems to have been fixed.

$ apt policy firefox-esr
firefox-esr:
  Installed: 60.7.1esr-1~deb9u1
  Candidate: 60.7.1esr-1~deb9u1
  Version table:
 *** 60.7.1esr-1~deb9u1 500
        500 http://deb.devuan.org/merged ascii-security/main i386 Packages
        100 /var/lib/dpkg/status
     60.6.3esr-1~deb9u1 500
        500 http://deb.devuan.org/merged ascii-updates/main i386 Packages
     60.6.1esr-1~deb9u1 500
        500 http://deb.devuan.org/merged ascii/main i386 Packages

Phil


“Property is the fruit of labor; property is desirable; it is a positive good
in the world. That some should be rich shows that others may become
rich, and hence is just encouragement to industry and enterprise.”
— Abraham Lincoln

Offline

#30 2019-07-13 16:52:55

anonymous
Member
Registered: 2019-03-05
Posts: 7  

Re: [SOLVED] Security update delays

AGAIN waiting for firefox-esr security update....

https://security-tracker.debian.org/tracker/firefox-esr

stretch (security)    60.8.0esr-1~deb9u1

------------

ascii  devuan (64bit) in  apt policy firefox-esr  still has

NOT UPDATED

Offline

#31 2019-07-14 02:16:50

pcalvert
Member
Registered: 2017-05-15
Posts: 75  

Re: [SOLVED] Security update delays

My results:

$ apt policy firefox-esr
firefox-esr:
  Installed: 60.7.2esr-1~deb9u1
  Candidate: 60.7.2esr-1~deb9u1
  Version table:
 *** 60.7.2esr-1~deb9u1 500
        500 http://deb.devuan.org/merged ascii-security/main i386 Packages
        100 /var/lib/dpkg/status
     60.6.3esr-1~deb9u1 500
        500 http://deb.devuan.org/merged ascii-updates/main i386 Packages
     60.6.1esr-1~deb9u1 500
        500 http://deb.devuan.org/merged ascii/main i386 Packages

Debian Stretch version: 60.8.0esr-1~deb9u1


Phil


“Property is the fruit of labor; property is desirable; it is a positive good
in the world. That some should be rich shows that others may become
rich, and hence is just encouragement to industry and enterprise.”
— Abraham Lincoln

Offline

#32 2019-07-14 10:55:19

yeti
Member
Registered: 2017-02-23
Posts: 185  

Re: [SOLVED] Security update delays

I was lazy and now have 2 repositories in my sources list.
If this is a bad idea, please someone enlighten me...

$ apt policy firefox-esr
firefox-esr:
  Installed: (none)
  Candidate: 60.8.0esr-1~deb9u1
  Version table:
     60.8.0esr-1~deb9u1 500
        500 http://auto.mirror.devuan.org/merged ascii-security/main armhf Packages
     60.7.2esr-1~deb9u1 500
        500 http://deb.devuan.org/merged ascii-security/main armhf Packages
     60.6.3esr-1~deb9u1 500
        500 http://deb.devuan.org/merged ascii-updates/main armhf Packages
        500 http://auto.mirror.devuan.org/merged ascii-updates/main armhf Packages
     60.6.1esr-1~deb9u1 500
        500 http://deb.devuan.org/merged ascii/main armhf Packages
        500 http://auto.mirror.devuan.org/merged ascii/main armhf Packages

"I toggle, therefor I am." — Clock Bit.
"There is no PLANET-B!" — ???
"Vrijdag voor VT100!" — Yeti.
"Stop slavery! Free all mitochondria!" — Yeti.

Offline

#33 2019-07-14 11:14:05

fsmithred
Administrator
Registered: 2016-11-25
Posts: 1,571  

Re: [SOLVED] Security update delays

yeti wrote:

I was lazy and now have 2 repositories in my sources list.
If this is a bad idea, please someone enlighten me...

I see only devuan and ascii in your sources. You're safe. If you started adding non-devuan or non-ascii sources, you could run into problems. Without pinning, apt will take the highest available version, so right now, if you installed/upgraded firefox-esr, you'd get 60.8 from ascii-security on auto.mirror, because that's a higher version than what's in deb.devuan.

But that will change in a few minutes or a couple hours. Repo is updating again. (Thanks, Ralph.)

I'm not marking the thread as Solved this time. Let's wait and see what happens.

Offline

#34 2019-07-14 12:59:17

Marjorie
Member
From: Teignmouth, UK
Registered: 2019-06-09
Posts: 56  

Re: [SOLVED] Security update delays

Firefox-esr 60.8.0esr-1~deb9u1 hit the gb.deb.devuan.org/merged archive sometime before 2019-07-14  13:12:27 +0100 as that was when my unattended upgrades program downloaded it.

Both the previous Firefox-esr secuirty 60.7.1 and 60.7.2 security updates also downloaded shortly after Debian put them in their stable archive (though they hit Debian experimental and then testing sooner). I see no problem here.

Any idea when we might expect to see Firefox-esr 68 on ascii? I understand there will be another 2 months of security updates still to come on 60 before it becomes unsupported which implies it might be best to have a backpost before Beowulf becomes our new stable.

Online

#35 2020-01-09 15:41:04

anonymous
Member
Registered: 2019-03-05
Posts: 7  

Re: [SOLVED] Security update delays

devuan

$ apt policy firefox-esr
firefox-esr:
  Installed: 68.3.0esr-1~deb9u1
  Candidate: 68.3.0esr-1~deb9u1
  Version table:
*** 68.3.0esr-1~deb9u1 500
        500 http://deb.devuan.org/merged ascii-security/main amd64 Packages
        100 /var/lib/dpkg/status
     60.7.1esr-1~deb9u1 500
        500 http://deb.devuan.org/merged ascii-updates/main amd64 Packages
     60.6.3esr-1~deb9u1 500
        500 http://deb.devuan.org/merged ascii/main amd64 Packages
-------------------------------------

debian:

firefox-esr:
  Installed: 68.4.1esr-1~deb10u1
  Candidate: 68.4.1esr-1~deb10u1
  Version table:
*** 68.4.1esr-1~deb10u1 500
        500 http://deb.debian.org/debian-security stable/updates/main amd64 Packages
        100 /var/lib/dpkg/status
     68.2.0esr-1~deb10u1 500
        500 http://deb.debian.org/debian stable/main amd64 Packages

Last edited by anonymous (2020-01-09 15:46:20)

Offline

#36 2020-01-10 01:21:48

fsmithred
Administrator
Registered: 2016-11-25
Posts: 1,571  

Re: [SOLVED] Security update delays

This (below) is a different problem. The security update delays have been fixed. The problem you're seeing here is the reason we recommend using the codenames in sources.list.

ascii is stretch
beowulf is buster

stable is not the same release in debian and devuan right now.  They will be the same again when beowulf is released. Until debian moves to their next release.

anonymous wrote:

devuan

$ apt policy firefox-esr
firefox-esr:
  Installed: 68.3.0esr-1~deb9u1
  Candidate: 68.3.0esr-1~deb9u1
  Version table:
*** 68.3.0esr-1~deb9u1 500
        500 http://deb.devuan.org/merged ascii-security/main amd64 Packages
        100 /var/lib/dpkg/status
     60.7.1esr-1~deb9u1 500
        500 http://deb.devuan.org/merged ascii-updates/main amd64 Packages
     60.6.3esr-1~deb9u1 500
        500 http://deb.devuan.org/merged ascii/main amd64 Packages
-------------------------------------

debian:

firefox-esr:
  Installed: 68.4.1esr-1~deb10u1
  Candidate: 68.4.1esr-1~deb10u1
  Version table:
*** 68.4.1esr-1~deb10u1 500
        500 http://deb.debian.org/debian-security stable/updates/main amd64 Packages
        100 /var/lib/dpkg/status
     68.2.0esr-1~deb10u1 500
        500 http://deb.debian.org/debian stable/main amd64 Packages

devuan (beowulf)

firefox-esr:
  Installed: 68.3.0esr-1~deb10u1
  Candidate: 68.4.1esr-1~deb10u1
  Version table:
     68.4.1esr-1~deb10u1 500
        500 http://pkgmaster.devuan.org/merged beowulf-security/main amd64 Packages

Offline

#37 2020-06-13 04:31:45

pcalvert
Member
Registered: 2017-05-15
Posts: 75  

Re: [SOLVED] Security update delays

I found some evidence that this problem is back (or maybe it's a new, but related problem):

DSA-4701-1 intel-microcode -- security update
[Date Reported: 11 Jun 2020]

The update hasn't shown up for me yet, so I did some checking:

$ apt policy intel-microcode
intel-microcode:
  Installed: (none)
  Candidate: 3.20200609.2~deb9u1
  Version table:
     3.20200609.2~deb9u1 500
        500 http://deb.devuan.org/merged ascii-security/non-free i386 Packages
     3.20191115.2~deb9u1 500
        500 http://deb.devuan.org/merged ascii/non-free i386 Packages

When I first looked at that, I was a little confused. And then I remembered that I am using a 64-bit kernel (it's a multi-arch system).

So I checked again:

$ apt policy intel-microcode:amd64
intel-microcode:amd64:
  Installed: 3.20191115.2~deb9u1
  Candidate: 3.20191115.2~deb9u1
  Version table:
 *** 3.20191115.2~deb9u1 500
        500 http://deb.devuan.org/merged ascii/non-free amd64 Packages
        500 http://deb.devuan.org/merged ascii-security/non-free amd64 Packages
        100 /var/lib/dpkg/status

Okay, so that explains (partially) why I am not seeing the update. I then wondered, "Is this a Devuan problem, or is the problem on Debian's end?" To help answer that question, I added the repository for Debian Stretch security updates.

And here's the result that gave me:

$ apt policy intel-microcode:amd64
intel-microcode:amd64:
  Installed: 3.20191115.2~deb9u1
  Candidate: 3.20200609.2~deb9u1
  Version table:
     3.20200609.2~deb9u1 500
        500 http://deb.debian.org/debian-security stretch/updates/non-free amd64 Packages
 *** 3.20191115.2~deb9u1 500
        500 http://deb.devuan.org/merged ascii/non-free amd64 Packages
        500 http://deb.devuan.org/merged ascii-security/non-free amd64 Packages
        100 /var/lib/dpkg/status

That tells me that the problem is not on Debian's end.


Phil


“Property is the fruit of labor; property is desirable; it is a positive good
in the world. That some should be rich shows that others may become
rich, and hence is just encouragement to industry and enterprise.”
— Abraham Lincoln

Offline

#38 2020-06-13 22:45:04

fsmithred
Administrator
Registered: 2016-11-25
Posts: 1,571  

Re: [SOLVED] Security update delays

Thanks. For some reason, security updates on pkgmaster are going to *-proposed-updates. We're not yet sure why. Until then you can add ascii-proposed-updates or beowulf-proposed-updtates, whichever is appropriate.

e.g.

deb http://deb.devuan.org/merged ascii-proposed-updates main contrib non-free

Offline

#39 2020-06-14 09:20:57

Marjorie
Member
From: Teignmouth, UK
Registered: 2019-06-09
Posts: 56  

Re: [SOLVED] Security update delays

Maybe working again?

On my mail-server unattended-upgrades (beowulf-security updates only)  downloaded an intel-microcode package at 03:45 BST.

Unattended upgrade result: All upgrades installed 

Packages that were upgraded:
 intel-microcode 

Package installation log:
Log started: 2020-06-14  03:45:13
apt-listchanges: Reading changelogs...
Preparing to unpack .../intel-microcode_3.20200609.2~deb10u1_amd64.deb ...
Unpacking intel-microcode (3.20200609.2~deb10u1) over (3.20191115.2~deb10u1) ...
Setting up intel-microcode (3.20200609.2~deb10u1) ...
update-initramfs: deferring update (trigger activated)
intel-microcode: microcode will be updated at next boot
Processing triggers for initramfs-tools (0.133+deb10u1) ...
update-initramfs: Generating /boot/initrd.img-4.19.0-9-amd64
Log ended: 2020-06-14  03:45:24

Unattended-upgrades log:
Enabled logging to syslog via daemon facility 
Initial blacklist : 
Initial whitelist: 
Starting unattended upgrades script
Allowed origins are: o=Devuan,n=beowulf-security
Packages that will be upgraded: intel-microcode
Writing dpkg log to /var/log/unattended-upgrades/unattended-upgrades-dpkg.log
All upgrades installed

Online

Board footer