update manager notification area icon may be wrong in certain cases
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
update-notifier (Ubuntu) |
Fix Released
|
High
|
Michael Vogt | ||
Hardy |
Fix Released
|
High
|
Michael Vogt |
Bug Description
Binary package hint: update-manager
When you have some important security updates (like the kernel updates, the openssl recent updates) the red icon with the arrow shows fine and notifies you that there are important security updates. But if you try to install only some (so not all) (in my case I've just installed the openssl-blacklist package and not the kernel) the icon will change to the normal "star like" icon telling you there are only normal or proposed (as I've also that repository enabled) updates. It will stay like this even after reboots till new important security updates gets released.
Obviously this behavior is wrong as it should notify that there are important security updates till they are all installed and not stopping notifying it when only a package gets installed.
TEST CASE:
1. use stock hardy (8.04) without anything applied in -updates or -security
2. start update-manager
3. click "check" and verify that the notification area icon has a red downward arrow (to show that security updates are available)
4. unselect all packages starting with "linux" in the security tab
5. click on "instlal updates"
6. look at the remaining packages that start with linux and confirm
a) that they are listed under security updates
b) that the icon in the notification area changed from the arrow to a round icon that looks different
8. install the new update-notifier from proposed on a stock hardy (8.04) without -updates or -security
9. repeat steps 2-5
10. verify that this time the notification area icon remains the same and verify that the number of updates in the tooltip is the same as reported in the first run
How to reproduce:
1- get a system missing more than one security update by downgrading, installing from scratch or wait for some to get released
2- you will notice the red arrow notification
3- click on it and install only one of the available security updates (there must be more than one)
4- notice the notification area icon gets back to the normal updates available version
What should happen:
The notification area icon should remain with the red arrow till all security updates get installed in the system
What happens:
The notification area icon switches back to the normal updates available version and doesn't tell there are still security updates till some new ones get released
I think this should be considered a security problem as security updates might be left uninstalled this way, but as I'm not 100% certain I'm not ticking the contact security team check box
This was tested on 8.04 with update-manager 1:0.87.27
Thanks for your bugreport.
I just tried this on my hardy install and can not reproduce this on a stock install. I had a bunch of secuirty updates, selected only "gnutls" and installed those. After that the icon remained a "security udpates" needed one.
Could you please run: update- notifier/ apt-check sources. list
$ /usr/lib/
and attach the output? Could you also please attach your /etc/apt/