Package: aptitude
Version: 0.8.10-6
Severity: normal
Tags: confirmed upstream
aptitude uses the hostname of APT repository (e.g. "security.debian.org"
to determine what is a security update and what isn't instead of using
the repository metadata provided by apt's libraries.
>From src/generic/apt/apt.cc:
bool is_security(const pkgCache::VerIterator )
{
static std::regex site_regex { "^security\\.(.+\\.)?debian.org$" };
std::smatch site_match;
for (pkgCache::VerFileIterator F = ver.FileList(); !F.end(); ++F)
{
pkgCache::PkgFileIterator fileit = F.File();
if (!fileit.end())
{
string site = fileit.Site() ? fileit.Site() : "";
string label = fileit.Label() ? fileit.Label() : "";
std::regex_search(site, site_match, site_regex);
if (!site_match.empty() && label == "Debian-Security")
return true;
}
}
return false;
}
This should rather look at metadata (especially the label) like this:
$ apt-cache policy | fgrep -i security
990 http://security.debian.org stretch/updates/non-free i386 Packages
release v=9,o=Debian,a=stable,n=stretch,l=Debian-Security,c=non-free,b=i386
origin security.debian.org
990 http://security.debian.org stretch/updates/contrib i386 Packages
release v=9,o=Debian,a=stable,n=stretch,l=Debian-Security,c=contrib,b=i386
origin security.debian.org
990 http://security.debian.org stretch/updates/main i386 Packages
release v=9,o=Debian,a=stable,n=stretch,l=Debian-Security,c=main,b=i386
origin security.debian.org
990 https://security.debian.ethz.ch stretch/updates/non-free i386 Packages
release v=9,o=Debian,a=stable,n=stretch,l=Debian-Security,c=non-free,b=i386
origin security.debian.ethz.ch
990 https://security.debian.ethz.ch stretch/updates/contrib i386 Packages
release v=9,o=Debian,a=stable,n=stretch,l=Debian-Security,c=contrib,b=i386
origin security.debian.ethz.ch
990 https://security.debian.ethz.ch stretch/updates/main i386 Packages
release v=9,o=Debian,a=stable,n=stretch,l=Debian-Security,c=main,b=i386
origin security.debian.ethz.ch
-- Package-specific info:
Terminal: eterm-color
$DISPLAY is set.
which aptitude: /usr/bin/aptitude
aptitude version information:
aptitude 0.8.10
Compiler: g++ 7.2.0
Compiled against:
apt version 5.0.2
NCurses version 6.0
libsigc++ version: 2.10.0
Gtk+ support disabled.
Qt support disabled.
Current library versions:
NCurses version: ncurses 6.1.20180127
cwidget version: 0.5.17
Apt version: 5.0.2
aptitude linkage:
linux-vdso.so.1 (0x7ffe162c2000)
libapt-pkg.so.5.0 => /usr/lib/x86_64-linux-gnu/libapt-pkg.so.5.0
(0x7f25c9b42000)
libncursesw.so.5 => /lib/x86_64-linux-gnu/libncursesw.so.5
(0x7f25c9912000)
libtinfo.so.5 => /lib/x86_64-linux-gnu/libtinfo.so.5
(0x7f25c96e8000)
libsigc-2.0.so.0 => /usr/lib/x86_64-linux-gnu/libsigc-2.0.so.0
(0x7f25c94e1000)
libcwidget.so.3 => /usr/lib/x86_64-linux-gnu/libcwidget.so.3
(0x7f25c91e9000)
libsqlite3.so.0 => /usr/lib/x86_64-linux-gnu/libsqlite3.so.0
(0x7f25c8edc000)
libboost_iostreams.so.1.62.0 =>
/usr/lib/x86_64-linux-gnu/libboost_iostreams.so.1.62.0 (0x7f25c8cc4000)
libboost_filesystem.so.1.62.0 =>
/usr/lib/x86_64-linux-gnu/libboost_filesystem.so.1.62.0 (0x7f25c8aab000)
libboost_system.so.1.62.0 =>
/usr/lib/x86_64-linux-gnu/libboost_system.so.1.62.0 (0x7f25c88a7000)
libxapian.so.30 => /usr/lib/x86_64-linux-gnu/libxapian.so.30
(0x7f25c849c000)
libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0
(0x7f25c827e000)
libstdc++.so.6 => /usr/lib/x86_64-linux-gnu/libstdc++.so.6
(0x7f25c7ef9000)
libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x7f25c7b66000)
libgcc_s.so.1 => /lib/x86_64-linux-gnu/libgcc_s.so.1
(0x7f25c794e000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x7f25c7594000)
libresolv.so.2 => /lib/x86_64-linux-gnu/libresolv.so.2
(0x7f25c737d000)
libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x7f25c7163000)
libbz2.so.1.0 => /lib/x86_64-linux-gnu/libbz2.so.1.0
(0x7f25c6f53000)
liblzma.so.5 => /lib/x86_64-linux-gnu/liblzma.so.5 (0x7f25c6d2d000)
liblz4.so.1 => /usr/lib/x86_64-linux-gnu/liblz4.so.1
(0x7f25c6b18000)
libudev.so.1 => /lib/x86_64-linux-gnu/libudev.so.1 (0x7f25c68fa000)
/lib64/ld-linux-x86-64.so.2 (0x7f25ca511000)
libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x7f25c66f6000)
librt.so.1 => /lib/x86_64-linux-gnu/librt.so.1 (0x7f25c64ee000)
libuuid.so.1 => /lib/x86_64-linux-gnu/libuuid.so.1 (0x7f25c62e7000)
-- System Information:
Debian Release: buster/sid
APT prefers unstable
APT policy: (990, 'unstable'), (600, 'testing'), (500, 'unstable-debug'),
(500, 'buildd-unstable'), (110, 'experimental'), (1,