This bug was fixed in the package unattended-upgrades - 1.9 --------------- unattended-upgrades (1.9) unstable; urgency=medium
[ Julian Andres Klode ] * test_dev_release: Fix and enable test. * Depend on python3-distro-info. This is needed to make sure DEVEL_UNTIL_RELEASE actually works. We need to fix up travis in addition to control, as it only knows about trusty build dependencies. * Import distro_info globally, and fix calculation of days. The check was off by one: If you were 21 days away from the release, it would not switch on, but tell you that it would not upgrade before today. * test_dev_release: Test Unattended-Upgrade::DevRelease=auto. [ David Lang and Balint Reczey] * Allow installing untrusted packages when APT::Get::AllowUnauthenticated is set (Closes: #775469) (LP: #1167053) [ Hans van Kranenburg and Balint Reczey] * Clarify highly misleading Package-Blacklist option documentation (Closes: #753892) [ Balint Reczey ] * test/test_dev_release.py: Fix missing mock attributes * Leave the cache clean when returning from calculate_upgradable_pkgs() When collecting upgradable packages the upgradable ones stayed in the cache and they were upgraded together even when unattended-upgrades was configured to perform upgrades in minimal steps. Thanks to Paul Wise * debian/tests/upgrade-all-security: Check if all security-updates are applied and if old-autoremovable packages are kept * Clear cache only when needed when checking black- and whitelists * Add --no-minimal-upgrade-steps option * Stop using untrusted package names as blacklists (LP: #1805447) * Update copyright info * Load modules lazily loaded by datetime.datetime.strptime() when u-u starts When Python is upgraded to a new major version the the version running unattended-upgrades can be removed as being newly unused causing a crash. * Start service after systemd-logind.service to be able to take inhibition lock and handle gracefully when logind is down (LP: #1806487) * List packages making reboot required in /var/run/reboot-required.pkgs -- Balint Reczey <rbal...@ubuntu.com> Wed, 12 Dec 2018 13:41:49 +0100 ** Changed in: unattended-upgrades (Ubuntu) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unattended-upgrades in Ubuntu. https://bugs.launchpad.net/bugs/1805447 Title: Untrusted package names are mishandled as blacklist regexps Status in unattended-upgrades package in Ubuntu: Fix Released Bug description: ... if not item.is_trusted: blacklisted_pkgs.append(pkgname_from_deb(item.destfile)) ... check_changes_for_sanity(..., blacklisted_pkgs, ...) ... is_pkg_change_allowed(pkg, blacklist, whitelist) ... if is_pkgname_in_blacklist(pkg.name, blacklist): ... for blacklist_regexp in blacklist: if re.match(blacklist_regexp, pkgname): .... To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/1805447/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp