This bug was fixed in the package unattended-upgrades - 1.9
---------------
unattended-upgrades (1.9) unstable; urgency=medium
[ Julian Andres Klode ]
* test_dev_release: Fix and enable test.
* Depend on python3-distro-info.
This is needed to make sure DEVEL_UNTIL_RELEASE actually works. We need
to fix up travis in addition to control, as it only knows about trusty
build dependencies.
* Import distro_info globally, and fix calculation of days.
The check was off by one: If you were 21 days away from the release,
it would not switch on, but tell you that it would not upgrade before
today.
* test_dev_release: Test Unattended-Upgrade::DevRelease=auto.
[ David Lang and Balint Reczey]
* Allow installing untrusted packages when APT::Get::AllowUnauthenticated
is set (Closes: #775469) (LP: #1167053)
[ Hans van Kranenburg and Balint Reczey]
* Clarify highly misleading Package-Blacklist option documentation
(Closes: #753892)
[ Balint Reczey ]
* test/test_dev_release.py: Fix missing mock attributes
* Leave the cache clean when returning from calculate_upgradable_pkgs()
When collecting upgradable packages the upgradable ones stayed in the
cache and they were upgraded together even when unattended-upgrades
was configured to perform upgrades in minimal steps.
Thanks to Paul Wise
* debian/tests/upgrade-all-security: Check if all security-updates are
applied and if old-autoremovable packages are kept
* Clear cache only when needed when checking black- and whitelists
* Add --no-minimal-upgrade-steps option
* Stop using untrusted package names as blacklists (LP: #1805447)
* Update copyright info
* Load modules lazily loaded by datetime.datetime.strptime() when u-u starts
When Python is upgraded to a new major version the the version running
unattended-upgrades can be removed as being newly unused causing a crash.
* Start service after systemd-logind.service to be able to take inhibition
lock
and handle gracefully when logind is down (LP: #1806487)
* List packages making reboot required in /var/run/reboot-required.pkgs
-- Balint Reczey <rbal...@ubuntu.com> Wed, 12 Dec 2018 13:41:49 +0100
** Changed in: unattended-upgrades (Ubuntu)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to unattended-upgrades in
Ubuntu.
https://bugs.launchpad.net/bugs/1805447
Title:
Untrusted package names are mishandled as blacklist regexps
Status in unattended-upgrades package in Ubuntu:
Fix Released
Bug description:
...
if not item.is_trusted:
blacklisted_pkgs.append(pkgname_from_deb(item.destfile))
...
check_changes_for_sanity(..., blacklisted_pkgs, ...)
...
is_pkg_change_allowed(pkg, blacklist, whitelist)
...
if is_pkgname_in_blacklist(pkg.name, blacklist):
...
for blacklist_regexp in blacklist:
if re.match(blacklist_regexp, pkgname):
....
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/1805447/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
