DescriptionJaroslav Mracek
2020-01-24 08:19:59 UTC
+++ This bug was initially created as a clone of Bug #1770125 +++
Description of problem:
$ dnf updateinfo --security
Last metadata expiration check: 0:00:22 ago on Fri 08 Nov 2019 18:27:27 AEST.
Updates Information Summary: available
1 Security notice(s)
1 Moderate Security notice(s)
$ sudo dnf upgrade --security
Last metadata expiration check: 0:09:42 ago on Fri 08 Nov 2019 18:18:27 AEST.
No security updates needed, but 225 updates available
Dependencies resolved.
Nothing to do.
Complete!
Version-Release number of selected component (if applicable):
$ rpm -q dnf
dnf-4.2.11-2.fc30.noarch
How reproducible:
always
Steps to Reproduce:
1. install F30
2. dnf upgrade --security
3. dnf updateinfo --security
4. dnf upgrade --security
Actual results:
some security updates are not applied
Expected results:
all security updates are applied
Additional info:
same story for bugfix updates
--- Additional comment from Marek Blaha on 2019-11-11 13:41:47 UTC ---
This could occur due to non installability of given security update.
You can check details about security updates found using command `dnf updateinfo list --security`
Then please add --best option to the upgrade command (`dnf upgrade --security --best`) to enforce using only the latest versions of packages. Then you could see that some updates cannot be installed and error message with more details why the package is not installable - usually some conflict is the cause.
There is also possibility, that security advisory is not installable because the package with update is not available in any of enabled repositories. This is usually the case for *-debuginfo or *-debugsource packages. In this case you need to enable *-debuginfo repositories (e.g. by adding --enablerepo=*-debuginfo switch: `dnf upgrade --security --best --enablerepo=*-debuginfo`).
--- Additional comment from on 2019-11-11 17:00:52 UTC ---
You are correct. The security package that does not install is kernel-5.3.6, which I understand has been problematic, though the kernel currently installed is kernel-5.0.9. Manual updating of the kernel works.
I still have some bugfix updates that are not picked up by dnf upgrade --bugfix. They can be manually installed, with the exception of tracker, the version of which listed on updateinfo list --bugfix being the version currently installed.
$ dnf updateinfo list -q --security
FEDORA-2019-ab7d22a466 Moderate/Sec. gd-2.2.5-9.fc30.x86_64
FEDORA-2019-057d691fd4 Moderate/Sec. kernel-5.3.6-200.fc30.x86_64
FEDORA-2019-057d691fd4 Moderate/Sec. kernel-core-5.3.6-200.fc30.x86_64
FEDORA-2019-057d691fd4 Moderate/Sec. kernel-modules-5.3.6-200.fc30.x86_64
FEDORA-2019-057d691fd4 Moderate/Sec. kernel-modules-extra-5.3.6-200.fc30.x86_64
FEDORA-2019-e99b716a92 Moderate/Sec. python3-unbound-1.9.4-1.fc30.x86_64
FEDORA-2019-e99b716a92 Moderate/Sec. unbound-libs-1.9.4-1.fc30.x86_64
$ sudo dnf upgrade --security --best
Last metadata expiration check: 0:30:37 ago on Tue 12 Nov 2019 01:47:52 AEST.
Dependencies resolved.
================================================================================
Package Architecture Version Repository Size
================================================================================
Upgrading:
gd x86_64 2.2.5-9.fc30 updates 131 k
python3-unbound x86_64 1.9.4-1.fc30 updates 104 k
unbound-libs x86_64 1.9.4-1.fc30 updates 498 k
Transaction Summary
================================================================================
Upgrade 3 Packages
Total download size: 734 k
Is this ok [y/N]:
Operation aborted.
$ dnf updateinfo list -q --bugfix
FEDORA-2019-f4eb34cf4c bugfix gjs-1.56.2-1.fc30.x86_64
FEDORA-2019-57b5902ed1 bugfix gjs-1.56.2-6.fc30.x86_64
FEDORA-2019-f4eb34cf4c bugfix glib-networking-2.60.2-1.fc30.x86_64
FEDORA-2019-00d46ae95b bugfix glib-networking-2.60.3-1.fc30.x86_64
FEDORA-2019-f4eb34cf4c bugfix gnome-calendar-3.32.1-1.fc30.x86_64
FEDORA-2019-ff0223e2ca bugfix gnome-calendar-3.32.2-5.fc30.x86_64
FEDORA-2019-f4eb34cf4c bugfix gnome-maps-3.32.2-1.fc30.x86_64
FEDORA-2019-f753065e96 bugfix gnome-maps-3.32.2.1-1.fc30.x86_64
FEDORA-2019-f4eb34cf4c bugfix gnome-software-3.32.2-1.fc30.x86_64
FEDORA-2019-48c225e982 bugfix gnome-software-3.32.4-3.fc30.x86_64
FEDORA-2019-f4eb34cf4c bugfix libdazzle-3.32.2-1.fc30.x86_64
FEDORA-2019-e5389b8e30 bugfix libdazzle-3.32.3-1.fc30.x86_64
FEDORA-2019-f7675395b8 bugfix libgee-0.20.1-5.fc30.x86_64
FEDORA-2019-3341c2ef96 bugfix libgee-0.20.2-1.fc30.x86_64
FEDORA-2019-f4eb34cf4c bugfix nautilus-3.32.1-1.fc30.x86_64
FEDORA-2019-2537cde88a bugfix nautilus-3.32.3-1.fc30.x86_64
FEDORA-2019-f4eb34cf4c bugfix nautilus-extensions-3.32.1-1.fc30.x86_64
FEDORA-2019-2537cde88a bugfix nautilus-extensions-3.32.3-1.fc30.x86_64
FEDORA-2019-b934acd8ae bugfix tracker-2.2.2-1.fc30.x86_64
$ sudo dnf upgrade --bugfix --best
Last metadata expiration check: 0:22:49 ago on Tue 12 Nov 2019 01:47:52 AEST.
No security updates needed, but 227 updates available
Dependencies resolved.
Nothing to do.
Complete!
$ sudo dnf upgrade --best $(dnf updateinfo list -q --bugfix | cut -d' ' -f3)
Last metadata expiration check: 0:28:19 ago on Tue 12 Nov 2019 01:47:52 AEST.
No match for argument: gjs-1.56.2-1.fc30.x86_64
No match for argument: glib-networking-2.60.2-1.fc30.x86_64
No match for argument: gnome-calendar-3.32.1-1.fc30.x86_64
No match for argument: gnome-maps-3.32.2-1.fc30.x86_64
No match for argument: gnome-software-3.32.2-1.fc30.x86_64
No match for argument: libdazzle-3.32.2-1.fc30.x86_64
No match for argument: libgee-0.20.1-5.fc30.x86_64
No match for argument: nautilus-3.32.1-1.fc30.x86_64
No match for argument: nautilus-extensions-3.32.1-1.fc30.x86_64
No match for argument: tracker-2.2.2-1.fc30.x86_64
Dependencies resolved.
================================================================================
Package Arch Version Repository Size
================================================================================
Upgrading:
gjs x86_64 1.56.2-6.fc30 updates 418 k
glib-networking x86_64 2.60.3-1.fc30 updates 141 k
gnome-calendar x86_64 3.32.2-5.fc30 updates 561 k
gnome-maps x86_64 3.32.2.1-1.fc30 updates 636 k
gnome-software x86_64 3.32.4-3.fc30 updates 15 M
libdazzle x86_64 3.32.3-1.fc30 updates 395 k
libgee x86_64 0.20.2-1.fc30 updates 254 k
nautilus x86_64 3.32.3-1.fc30 updates 2.6 M
nautilus-extensions x86_64 3.32.3-1.fc30 updates 33 k
Transaction Summary
================================================================================
Upgrade 9 Packages
Total download size: 20 M
Is this ok [y/N]:
Operation aborted.
$ rpm -q tracker
tracker-2.2.1-1.fc30.x86_64
--- Additional comment from Marek Blaha on 2019-11-12 06:40:00 UTC ---
Kernel is sort of specific - updateinfo used to print advisories for all installed kernels but this has changed recently and only advisories for the newest installed version of the kernel plus advisories for the running kernel are printed. So you will receive security advisories until you reboot with the latest kernel.
As far as bugfixes are concerned - partly that is the nature of fedora-updates repository. You have only the latest update available in the repo. But on the other hand installing of gjs-1.56.2-6.fc30.x86_64 will resolve also advisories for older version (FEDORA-2019-f4eb34cf4c bugfix gjs-1.56.2-1.fc30.x86_64).
What does need closer look is why `sudo dnf upgrade --bugfix --best` does not want to install any packages although there are upgrades available. Can you please provide the currently installed versions of those packages (rpm -q gjs glib-networking gnome-calendar...) so I could try to reproduce the issue and hopefully resolve it.
--- Additional comment from on 2019-11-12 06:57:52 UTC ---
The versions are just those that ship with F30. I'm running in Boxes and haven't updated these (and a bunch of other) packages yet.
$ rpm -q gjs glib-networking gnome-calendar gnome-maps gnome-software libdazzle libgee nautilus nautilus-extensions tracker
gjs-1.56.1-1.fc30.x86_64
glib-networking-2.60.1-2.fc30.x86_64
gnome-calendar-3.32.0-1.fc30.x86_64
gnome-maps-3.32.1-2.fc30.x86_64
gnome-software-3.32.1-2.fc30.x86_64
libdazzle-3.32.1-2.fc30.x86_64
libgee-0.20.1-4.fc30.x86_64
nautilus-3.32.0-1.fc30.x86_64
nautilus-extensions-3.32.0-1.fc30.x86_64
tracker-2.2.1-1.fc30.x86_64
--- Additional comment from Marek Blaha on 2019-11-12 07:11:21 UTC ---
Thanks! I'll look into it.
--- Additional comment from Marek Blaha on 2020-01-21 10:38:44 UTC ---
PR https://github.com/rpm-software-management/libdnf/pull/883 fixes upgrading packages using security advisories.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
https://access.redhat.com/errata/RHBA-2020:1823