Package: aptitude
Version: 0.8.10-6
Severity: normal
Tags: confirmed upstream

aptitude uses the hostname of APT repository (e.g. "security.debian.org"
to determine what is a security update and what isn't instead of using
the repository metadata provided by apt's libraries.

>From src/generic/apt/apt.cc:

bool is_security(const pkgCache::VerIterator &ver)
{
  static std::regex site_regex { "^security\\.(.+\\.)?debian.org$" };
  std::smatch site_match;

  for (pkgCache::VerFileIterator F = ver.FileList(); !F.end(); ++F)
    {
      pkgCache::PkgFileIterator fileit = F.File();
      if (!fileit.end())
        {
          string site  = fileit.Site()  ? fileit.Site()  : "";
          string label = fileit.Label() ? fileit.Label() : "";
          std::regex_search(site, site_match, site_regex);

          if (!site_match.empty() && label == "Debian-Security")
            return true;
        }
    }

  return false;
}

This should rather look at metadata (especially the label) like this:

$ apt-cache policy | fgrep -i security
 990 http://security.debian.org stretch/updates/non-free i386 Packages
     release v=9,o=Debian,a=stable,n=stretch,l=Debian-Security,c=non-free,b=i386
     origin security.debian.org
 990 http://security.debian.org stretch/updates/contrib i386 Packages
     release v=9,o=Debian,a=stable,n=stretch,l=Debian-Security,c=contrib,b=i386
     origin security.debian.org
 990 http://security.debian.org stretch/updates/main i386 Packages
     release v=9,o=Debian,a=stable,n=stretch,l=Debian-Security,c=main,b=i386
     origin security.debian.org
 990 https://security.debian.ethz.ch stretch/updates/non-free i386 Packages
     release v=9,o=Debian,a=stable,n=stretch,l=Debian-Security,c=non-free,b=i386
     origin security.debian.ethz.ch
 990 https://security.debian.ethz.ch stretch/updates/contrib i386 Packages
     release v=9,o=Debian,a=stable,n=stretch,l=Debian-Security,c=contrib,b=i386
     origin security.debian.ethz.ch
 990 https://security.debian.ethz.ch stretch/updates/main i386 Packages
     release v=9,o=Debian,a=stable,n=stretch,l=Debian-Security,c=main,b=i386
     origin security.debian.ethz.ch

-- Package-specific info:
Terminal: eterm-color
$DISPLAY is set.
which aptitude: /usr/bin/aptitude

aptitude version information:
aptitude 0.8.10
Compiler: g++ 7.2.0
Compiled against:
  apt version 5.0.2
  NCurses version 6.0
  libsigc++ version: 2.10.0
  Gtk+ support disabled.
  Qt support disabled.

Current library versions:
  NCurses version: ncurses 6.1.20180127
  cwidget version: 0.5.17
  Apt version: 5.0.2

aptitude linkage:
        linux-vdso.so.1 (0x00007ffe162c2000)
        libapt-pkg.so.5.0 => /usr/lib/x86_64-linux-gnu/libapt-pkg.so.5.0 
(0x00007f25c9b42000)
        libncursesw.so.5 => /lib/x86_64-linux-gnu/libncursesw.so.5 
(0x00007f25c9912000)
        libtinfo.so.5 => /lib/x86_64-linux-gnu/libtinfo.so.5 
(0x00007f25c96e8000)
        libsigc-2.0.so.0 => /usr/lib/x86_64-linux-gnu/libsigc-2.0.so.0 
(0x00007f25c94e1000)
        libcwidget.so.3 => /usr/lib/x86_64-linux-gnu/libcwidget.so.3 
(0x00007f25c91e9000)
        libsqlite3.so.0 => /usr/lib/x86_64-linux-gnu/libsqlite3.so.0 
(0x00007f25c8edc000)
        libboost_iostreams.so.1.62.0 => 
/usr/lib/x86_64-linux-gnu/libboost_iostreams.so.1.62.0 (0x00007f25c8cc4000)
        libboost_filesystem.so.1.62.0 => 
/usr/lib/x86_64-linux-gnu/libboost_filesystem.so.1.62.0 (0x00007f25c8aab000)
        libboost_system.so.1.62.0 => 
/usr/lib/x86_64-linux-gnu/libboost_system.so.1.62.0 (0x00007f25c88a7000)
        libxapian.so.30 => /usr/lib/x86_64-linux-gnu/libxapian.so.30 
(0x00007f25c849c000)
        libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 
(0x00007f25c827e000)
        libstdc++.so.6 => /usr/lib/x86_64-linux-gnu/libstdc++.so.6 
(0x00007f25c7ef9000)
        libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x00007f25c7b66000)
        libgcc_s.so.1 => /lib/x86_64-linux-gnu/libgcc_s.so.1 
(0x00007f25c794e000)
        libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f25c7594000)
        libresolv.so.2 => /lib/x86_64-linux-gnu/libresolv.so.2 
(0x00007f25c737d000)
        libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x00007f25c7163000)
        libbz2.so.1.0 => /lib/x86_64-linux-gnu/libbz2.so.1.0 
(0x00007f25c6f53000)
        liblzma.so.5 => /lib/x86_64-linux-gnu/liblzma.so.5 (0x00007f25c6d2d000)
        liblz4.so.1 => /usr/lib/x86_64-linux-gnu/liblz4.so.1 
(0x00007f25c6b18000)
        libudev.so.1 => /lib/x86_64-linux-gnu/libudev.so.1 (0x00007f25c68fa000)
        /lib64/ld-linux-x86-64.so.2 (0x00007f25ca511000)
        libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f25c66f6000)
        librt.so.1 => /lib/x86_64-linux-gnu/librt.so.1 (0x00007f25c64ee000)
        libuuid.so.1 => /lib/x86_64-linux-gnu/libuuid.so.1 (0x00007f25c62e7000)
-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (990, 'unstable'), (600, 'testing'), (500, 'unstable-debug'), 
(500, 'buildd-unstable'), (110, 'experimental'), (1, 'experimental-debug'), (1, 
'buildd-experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.15.0-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
LSM: AppArmor: enabled

Versions of packages aptitude depends on:
ii  aptitude-common            0.8.10-6
ii  libapt-pkg5.0              1.6~beta1
ii  libboost-filesystem1.62.0  1.62.0+dfsg-5
ii  libboost-iostreams1.62.0   1.62.0+dfsg-5
ii  libboost-system1.62.0      1.62.0+dfsg-5
ii  libc6                      2.27-3
ii  libcwidget3v5              0.5.17-7
ii  libgcc1                    1:8-20180402-1
ii  libncursesw5               6.1-1
ii  libsigc++-2.0-0v5          2.10.0-2
ii  libsqlite3-0               3.23.0-1
ii  libstdc++6                 8-20180402-1
ii  libtinfo5                  6.1-1
ii  libxapian30                1.4.5-1

Versions of packages aptitude recommends:
ii  libparse-debianchangelog-perl  1.2.0-12
ii  sensible-utils                 0.0.12

Versions of packages aptitude suggests:
ii  apt-xapian-index                0.49
ii  aptitude-doc-en [aptitude-doc]  0.8.10-6
ii  debtags                         2.1.5
pn  tasksel                         <none>

-- no debconf information
_______________________________________________
Aptitude-devel mailing list
Aptitude-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/aptitude-devel

Reply via email to