The officially official Devuan Forum!

anonymous

Member

Registered: 2019-03-05

Posts: 6  

Re: [NOT Solved] Security update delays

waiting for firefox-esr security update....

https://security-tracker.debian.org/tra … irefox-esr

stretch (security)    60.7.1esr-1~deb9u1

------------

devuan (64bit) in  apt policy firefox-esr  still has

ascii  60.7.0esr-1~deb9u1(candidate)  (edited -> 60.6.1esr-1~deb9u1)

refreshing...

Last edited by anonymous (2019-06-19 10:28:57)

fsmithred

Administrator

Registered: 2016-11-25

Posts: 1,286  

Re: [NOT Solved] Security update delays

Adjusted the subject line again.
Reported the issue again.

Stay tuned...

fsr

Ogis1975

Member

Registered: 2017-04-21

Posts: 110  

Website

Re: [NOT Solved] Security update delays

Here's the explanation that was posted on devuan-dev mailing list yesterday. (The script failed if there was a read timeout.)

Thanks for the answer.

---

My config files in github

pcalvert

Member

Registered: 2017-05-15

Posts: 50  

Re: [NOT Solved] Security update delays

Update: The problem seems to have been fixed.

$ apt policy firefox-esr
firefox-esr:
  Installed: 60.7.1esr-1~deb9u1
  Candidate: 60.7.1esr-1~deb9u1
  Version table:
 *** 60.7.1esr-1~deb9u1 500
        500 http://deb.devuan.org/merged ascii-security/main i386 Packages
        100 /var/lib/dpkg/status
     60.6.3esr-1~deb9u1 500
        500 http://deb.devuan.org/merged ascii-updates/main i386 Packages
     60.6.1esr-1~deb9u1 500
        500 http://deb.devuan.org/merged ascii/main i386 Packages

Phil

---

“Property is the fruit of labor; property is desirable; it is a positive good
in the world. That some should be rich shows that others may become
rich, and hence is just encouragement to industry and enterprise.”
— Abraham Lincoln

anonymous

Member

Registered: 2019-03-05

Posts: 6  

Re: [NOT Solved] Security update delays

AGAIN waiting for firefox-esr security update....

https://security-tracker.debian.org/tracker/firefox-esr

stretch (security)    60.8.0esr-1~deb9u1

------------

ascii  devuan (64bit) in  apt policy firefox-esr  still has

NOT UPDATED

pcalvert

Member

Registered: 2017-05-15

Posts: 50  

Re: [NOT Solved] Security update delays

My results:

$ apt policy firefox-esr
firefox-esr:
  Installed: 60.7.2esr-1~deb9u1
  Candidate: 60.7.2esr-1~deb9u1
  Version table:
 *** 60.7.2esr-1~deb9u1 500
        500 http://deb.devuan.org/merged ascii-security/main i386 Packages
        100 /var/lib/dpkg/status
     60.6.3esr-1~deb9u1 500
        500 http://deb.devuan.org/merged ascii-updates/main i386 Packages
     60.6.1esr-1~deb9u1 500
        500 http://deb.devuan.org/merged ascii/main i386 Packages

Debian Stretch version: 60.8.0esr-1~deb9u1

Phil

---

“Property is the fruit of labor; property is desirable; it is a positive good
in the world. That some should be rich shows that others may become
rich, and hence is just encouragement to industry and enterprise.”
— Abraham Lincoln

yeti

Member

Registered: 2017-02-23

Posts: 155  

Re: [NOT Solved] Security update delays

I was lazy and now have 2 repositories in my sources list.
If this is a bad idea, please someone enlighten me...

$ apt policy firefox-esr
firefox-esr:
  Installed: (none)
  Candidate: 60.8.0esr-1~deb9u1
  Version table:
     60.8.0esr-1~deb9u1 500
        500 http://auto.mirror.devuan.org/merged ascii-security/main armhf Packages
     60.7.2esr-1~deb9u1 500
        500 http://deb.devuan.org/merged ascii-security/main armhf Packages
     60.6.3esr-1~deb9u1 500
        500 http://deb.devuan.org/merged ascii-updates/main armhf Packages
        500 http://auto.mirror.devuan.org/merged ascii-updates/main armhf Packages
     60.6.1esr-1~deb9u1 500
        500 http://deb.devuan.org/merged ascii/main armhf Packages
        500 http://auto.mirror.devuan.org/merged ascii/main armhf Packages

---

"I toggle, therefor I am." — Clock Bit.
"There is no PLANET-B!" — ???
"Vrijdag voor VT100!" — Yeti.
"Stop slavery! Free all mitochondria!" — Yeti.

fsmithred

Administrator

Registered: 2016-11-25

Posts: 1,286  

Re: [NOT Solved] Security update delays

I was lazy and now have 2 repositories in my sources list.
If this is a bad idea, please someone enlighten me...

I see only devuan and ascii in your sources. You're safe. If you started adding non-devuan or non-ascii sources, you could run into problems. Without pinning, apt will take the highest available version, so right now, if you installed/upgraded firefox-esr, you'd get 60.8 from ascii-security on auto.mirror, because that's a higher version than what's in deb.devuan.

But that will change in a few minutes or a couple hours. Repo is updating again. (Thanks, Ralph.)

I'm not marking the thread as Solved this time. Let's wait and see what happens.

Marjorie

Member

From: Teignmouth, UK

Registered: 2019-06-09

Posts: 5  

Re: [NOT Solved] Security update delays

Firefox-esr 60.8.0esr-1~deb9u1 hit the gb.deb.devuan.org/merged archive sometime before 2019-07-14  13:12:27 +0100 as that was when my unattended upgrades program downloaded it.

Both the previous Firefox-esr secuirty 60.7.1 and 60.7.2 security updates also downloaded shortly after Debian put them in their stable archive (though they hit Debian experimental and then testing sooner). I see no problem here.

Any idea when we might expect to see Firefox-esr 68 on ascii? I understand there will be another 2 months of security updates still to come on 60 before it becomes unsupported which implies it might be best to have a backpost before Beowulf becomes our new stable.