Bug#1017508: unattended-upgrades: kernel/linux-image-amd64 wrongfully updated from backports

Wed, 17 Aug 2022 02:06:20 -0700 

Package: unattended-upgrades
Version: 2.9.1
Severity: normal
X-Debbugs-Cc: debian-...@nordhost.no

Dear Maintainer,

It seems in some circumstances, unattended-upgrades upgrades linux-image-amd64
from backports when it's not supposed to. I don't fully understand what's
happening, but it seems that the contents of Origins-Pattern is the cause of
some weird behaviour. For several days, unattended-upgrades would send me the
following mail output:

--8<-- Expected output, with no backports upgrades --8<--
Unattended upgrade result: No packages found that can be upgraded
 unattended and no pending auto-removals

Warning: A reboot is required to complete this upgrade, or a previous one.

Packages with upgradable origin but kept back:
 Debian Backports bullseye-backports:
  libcurl3-gnutls curl linux-image-amd64 libcurl4

Unattended-upgrades log:
Enabled logging to syslog via daemon facility 
Checking if system is running on battery is skipped. Please install 
powermgmt-base package to check power status and skip installing updates when 
the system is running on battery.
Starting unattended upgrades script
Allowed origins are: origin=Debian,codename=bullseye,label=Debian-Security, 
origin=Debian,codename=bullseye, origin=Debian,codename=bullseye-updates, 
origin=Debian Backports,codename=bullseye-backports,label=Debian Backports, 
origin=kernelcare.com,codename=stable, 
origin=Zabbix,codename=bullseye,label=zabbix
Initial blacklist: 
Initial whitelist (not strict): 
No packages found that can be upgraded unattended and no pending auto-removals
Package curl is kept back because a related package is kept back or due to 
local apt_preferences(5).
Package libcurl3-gnutls is kept back because a related package is kept back or 
due to local apt_preferences(5).
Package libcurl4 is kept back because a related package is kept back or due to 
local apt_preferences(5).
Package linux-image-amd64 is kept back because a related package is kept back 
or due to local apt_preferences(5).
--8<-- Expected output, with no backports upgrades --8<--

And then one day, I got this:

--8<-- Unexpected output, with backports upgrade of linux-image-amd64 --8<--
Unattended upgrade result: All upgrades installed

Warning: A reboot is required to complete this upgrade, or a previous one.

Packages that were upgraded:
 linux-image-amd64

Packages with upgradable origin but kept back:
 Debian Backports bullseye-backports:
  libcurl4 libcurl3-gnutls curl

Package installation log:
Log started: 2022-08-12  08:11:21
apt-listchanges: Reading changelogs...
apt-listchanges: Reading changelogs...
Selecting previously unselected package linux-image-5.18.0-0.bpo.1-amd64.
Preparing to unpack 
.../linux-image-5.18.0-0.bpo.1-amd64_5.18.2-1~bpo11+1_amd64.deb ...
Unpacking linux-image-5.18.0-0.bpo.1-amd64 (5.18.2-1~bpo11+1) ...
Preparing to unpack .../linux-image-amd64_5.18.2-1~bpo11+1_amd64.deb ...
Unpacking linux-image-amd64 (5.18.2-1~bpo11+1) over (5.10.127-2) ...
Setting up linux-image-5.18.0-0.bpo.1-amd64 (5.18.2-1~bpo11+1) ...
I: /vmlinuz.old is now a symlink to boot/vmlinuz-5.10.0-16-amd64
I: /initrd.img.old is now a symlink to boot/initrd.img-5.10.0-16-amd64
I: /vmlinuz is now a symlink to boot/vmlinuz-5.18.0-0.bpo.1-amd64
I: /initrd.img is now a symlink to boot/initrd.img-5.18.0-0.bpo.1-amd64
/etc/kernel/postinst.d/initramfs-tools:
update-initramfs: Generating /boot/initrd.img-5.18.0-0.bpo.1-amd64
/etc/kernel/postinst.d/zz-update-grub:
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-5.18.0-0.bpo.1-amd64
Found initrd image: /boot/initrd.img-5.18.0-0.bpo.1-amd64
Found linux image: /boot/vmlinuz-5.10.0-16-amd64
Found initrd image: /boot/initrd.img-5.10.0-16-amd64
Found linux image: /boot/vmlinuz-5.10.0-11-amd64
Found initrd image: /boot/initrd.img-5.10.0-11-amd64
done
Setting up linux-image-amd64 (5.18.2-1~bpo11+1) ...

Pending kernel upgrade!

Running kernel version:
  5.10.0-11-amd64

Diagnostics:
  The currently running kernel version is not the expected kernel version 
5.18.0-0.bpo.1-amd64.

Restarting the system to load the new kernel will not be handled automatically, 
so you should consider rebooting. [Return]

Services to be restarted:

Service restarts being deferred:
 /etc/needrestart/restart.d/dbus.service
 systemctl restart getty@tty1.service
 systemctl restart openvpn-server@amas-tcp.service
 systemctl restart systemd-logind.service
 systemctl restart unattended-upgrades.service

No containers need to be restarted.

No user sessions are running outdated binaries.
Log ended: 2022-08-12  08:12:05



Unattended-upgrades log:
Enabled logging to syslog via daemon facility 
Checking if system is running on battery is skipped. Please install 
powermgmt-base package to check power status and skip installing updates when 
the system is running on battery.
Starting unattended upgrades script
Allowed origins are: origin=Debian,codename=bullseye,label=Debian-Security, 
origin=Debian,codename=bullseye, origin=Debian,codename=bullseye-updates, 
origin=Debian Backports,codename=bullseye-backports,label=Debian Backports, 
origin=kernelcare.com,codename=stable, 
origin=Zabbix,codename=bullseye,label=zabbix
Initial blacklist: 
Initial whitelist (not strict): 
Packages that will be upgraded: linux-image-amd64
Writing dpkg log to /var/log/unattended-upgrades/unattended-upgrades-dpkg.log
All upgrades installed
Package curl is kept back because a related package is kept back or due to 
local apt_preferences(5).
Package libcurl3-gnutls is kept back because a related package is kept back or 
due to local apt_preferences(5).
Package libcurl4 is kept back because a related package is kept back or due to 
local apt_preferences(5).
--8<-- Unexpected output, with backports upgrade of linux-image-amd64 --8<--


At some point, unattended-upgrades decided that a kernel from backports was a
candidate for installation. No other changes were done to this server or its
package management config in this period, so I can't figure out what caused it.
I have however managed to reproduce a situation where linux-image-amd64 would
be, and would not be, installed by unattended-upgrades. See the two scenarios
below.


Scenario 1 - Will install linux-image-amd64 from backports, but not security 
updates, because of codename="" in security origin:

# cat /etc/apt/apt.conf.d/50unattended-upgrades
//
// This file is managed by Ansible - do not edit!
//

Unattended-Upgrade::Origins-Pattern {
    "origin=Debian,codename=${distro_codename},label=Debian-Security";
    "origin=Debian,codename=${distro_codename}";
    "origin=Debian,codename=${distro_codename}-updates";
    "origin=Debian Backports,codename=${distro_codename}-backports,label=Debian 
Backports";
    "origin=kernelcare.com,codename=stable";
    "origin=Zabbix,codename=${distro_codename},label=zabbix";
};

Unattended-Upgrade::Package-Blacklist {
};

Unattended-Upgrade::Mail "<redacted>";
Unattended-Upgrade::MailReport "on-change";
Unattended-Upgrade::Automatic-Reboot "false";
Unattended-Upgrade::SyslogEnable "true";
Unattended-Upgrade::SyslogFacility "daemon";


# apt list --upgradeable
Listing... Done
libgnutls-dane0/stable-security 3.7.1-5+deb11u2 amd64 [upgradable from: 
3.7.1-5+deb11u1]
libgnutls30/stable-security 3.7.1-5+deb11u2 amd64 [upgradable from: 
3.7.1-5+deb11u1]
libldb2/stable-security 2:2.2.3-2~deb11u2 amd64 [upgradable from: 
2:2.2.3-2~deb11u1]
libsmbclient/stable-security 2:4.13.13+dfsg-1~deb11u5 amd64 [upgradable from: 
2:4.13.13+dfsg-1~deb11u4]
libtirpc-common/stable-security 1.3.1-1+deb11u1 all [upgradable from: 1.3.1-1]
libtirpc3/stable-security 1.3.1-1+deb11u1 amd64 [upgradable from: 1.3.1-1]
libwbclient0/stable-security 2:4.13.13+dfsg-1~deb11u5 amd64 [upgradable from: 
2:4.13.13+dfsg-1~deb11u4]
python3-ldb/stable-security 2:2.2.3-2~deb11u2 amd64 [upgradable from: 
2:2.2.3-2~deb11u1]
samba-libs/stable-security 2:4.13.13+dfsg-1~deb11u5 amd64 [upgradable from: 
2:4.13.13+dfsg-1~deb11u4]
unzip/stable-security 6.0-26+deb11u1 amd64 [upgradable from: 6.0-26]


# unattended-upgrade -d --dry-run --verbose
Enabled logging to syslog via daemon facility 
Checking if system is running on battery is skipped. Please install 
powermgmt-base package to check power status and skip installing updates when 
the system is running on battery.
Starting unattended upgrades script
Allowed origins are: origin=Debian,codename=bullseye,label=Debian-Security, 
origin=Debian,codename=bullseye, origin=Debian,codename=bullseye-updates, 
origin=Debian Backports,codename=bullseye-backports,label=Debian Backports, 
origin=kernelcare.com,codename=stable, 
origin=Zabbix,codename=bullseye,label=zabbix
Initial blacklist: 
Initial whitelist (not strict): 
Marking not allowed <apt_pkg.PackageFile object: 
filename:'/var/lib/apt/lists/security.debian.org_debian-security_dists_bullseye-security_non-free_i18n_Translation-en'
  a=stable-security,c=non-free,v=11,o=Debian,l=Debian-Security arch='' 
site='security.debian.org' IndexType='Debian Translation Index' Size=439 ID:11> 
with -32768 pin
Marking not allowed <apt_pkg.PackageFile object: 
filename:'/var/lib/apt/lists/security.debian.org_debian-security_dists_bullseye-security_non-free_binary-amd64_Packages'
  a=stable-security,c=non-free,v=11,o=Debian,l=Debian-Security arch='amd64' 
site='security.debian.org' IndexType='Debian Package Index' Size=673 ID:10> 
with -32768 pin
Marking not allowed <apt_pkg.PackageFile object: 
filename:'/var/lib/apt/lists/security.debian.org_debian-security_dists_bullseye-security_main_i18n_Translation-en'
  a=stable-security,c=main,v=11,o=Debian,l=Debian-Security arch='' 
site='security.debian.org' IndexType='Debian Translation Index' Size=790119 
ID:9> with -32768 pin
Marking not allowed <apt_pkg.PackageFile object: 
filename:'/var/lib/apt/lists/security.debian.org_debian-security_dists_bullseye-security_main_binary-amd64_Packages'
  a=stable-security,c=main,v=11,o=Debian,l=Debian-Security arch='amd64' 
site='security.debian.org' IndexType='Debian Package Index' Size=1161429 ID:8> 
with -32768 pin
Applying pinning: PkgFilePin(id=11, priority=-32768)
Applying pin -32768 to package_file: <apt_pkg.PackageFile object: 
filename:'/var/lib/apt/lists/security.debian.org_debian-security_dists_bullseye-security_non-free_i18n_Translation-en'
  a=stable-security,c=non-free,v=11,o=Debian,l=Debian-Security arch='' 
site='security.debian.org' IndexType='Debian Translation Index' Size=439 ID:11>
Applying pinning: PkgFilePin(id=10, priority=-32768)
Applying pin -32768 to package_file: <apt_pkg.PackageFile object: 
filename:'/var/lib/apt/lists/security.debian.org_debian-security_dists_bullseye-security_non-free_binary-amd64_Packages'
  a=stable-security,c=non-free,v=11,o=Debian,l=Debian-Security arch='amd64' 
site='security.debian.org' IndexType='Debian Package Index' Size=673 ID:10>
Applying pinning: PkgFilePin(id=9, priority=-32768)
Applying pin -32768 to package_file: <apt_pkg.PackageFile object: 
filename:'/var/lib/apt/lists/security.debian.org_debian-security_dists_bullseye-security_main_i18n_Translation-en'
  a=stable-security,c=main,v=11,o=Debian,l=Debian-Security arch='' 
site='security.debian.org' IndexType='Debian Translation Index' Size=790119 
ID:9>
Applying pinning: PkgFilePin(id=8, priority=-32768)
Applying pin -32768 to package_file: <apt_pkg.PackageFile object: 
filename:'/var/lib/apt/lists/security.debian.org_debian-security_dists_bullseye-security_main_binary-amd64_Packages'
  a=stable-security,c=main,v=11,o=Debian,l=Debian-Security arch='amd64' 
site='security.debian.org' IndexType='Debian Package Index' Size=1161429 ID:8>
Using 
(^linux-.*-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^kfreebsd-.*-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^gnumach-.*-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^.*-modules-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^.*-kernel-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^linux-.*-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^kfreebsd-.*-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^gnumach-.*-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^.*-modules-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^.*-kernel-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$)
 regexp to find kernel packages
Using 
(^linux-.*-5\.10\.0\-11\-amd64$|^linux-.*-5\.10\.0\-11$|^kfreebsd-.*-5\.10\.0\-11\-amd64$|^kfreebsd-.*-5\.10\.0\-11$|^gnumach-.*-5\.10\.0\-11\-amd64$|^gnumach-.*-5\.10\.0\-11$|^.*-modules-5\.10\.0\-11\-amd64$|^.*-modules-5\.10\.0\-11$|^.*-kernel-5\.10\.0\-11\-amd64$|^.*-kernel-5\.10\.0\-11$|^linux-.*-5\.10\.0\-11\-amd64$|^linux-.*-5\.10\.0\-11$|^kfreebsd-.*-5\.10\.0\-11\-amd64$|^kfreebsd-.*-5\.10\.0\-11$|^gnumach-.*-5\.10\.0\-11\-amd64$|^gnumach-.*-5\.10\.0\-11$|^.*-modules-5\.10\.0\-11\-amd64$|^.*-modules-5\.10\.0\-11$|^.*-kernel-5\.10\.0\-11\-amd64$|^.*-kernel-5\.10\.0\-11$)
 regexp to find running kernel packages
Checking: libgnutls-dane0 ([<Origin component:'main' archive:'stable-security' 
origin:'Debian' label:'Debian-Security' site:'security.debian.org' 
isTrusted:True>])
adjusting candidate version: libgnutls-dane0=3.7.1-5+deb11u1
Checking: libgnutls30 ([<Origin component:'main' archive:'stable-security' 
origin:'Debian' label:'Debian-Security' site:'security.debian.org' 
isTrusted:True>])
adjusting candidate version: libgnutls30=3.7.1-5+deb11u1
Checking: libldb2 ([<Origin component:'main' archive:'stable-security' 
origin:'Debian' label:'Debian-Security' site:'security.debian.org' 
isTrusted:True>])
sanity check failed for: {'libldb2=2:2.2.3-2~deb11u2', 
'python3-ldb=2:2.2.3-2~deb11u2'} : pkg libldb2 is not in an allowed origin
falling back to adjusting libldb2's dependencies
MarkUpgrade() called on a non-upgradeable pkg: 'libldb2'
sanity check failed for: set() : no package is selected to be upgraded or 
installed
Checking: linux-image-amd64 ([<Origin component:'main' 
archive:'bullseye-backports' origin:'Debian Backports' label:'Debian Backports' 
site:'deb.debian.org' isTrusted:True>])
pkgs that look like they should be upgraded: linux-image-amd64
Fetched 0 B in 0s (0 B/s)                                                       
                                                                                
                                                                                
 
fetch.run() result: 0
<apt_pkg.AcquireItem object:Status: 2 Complete: 1 Local: 1 IsTrusted: 1 
FileSize: 69485956 
DestFile:'/var/cache/apt/archives/linux-image-5.18.0-0.bpo.1-amd64_5.18.2-1~bpo11+1_amd64.deb'
 DescURI: 
'http://deb.debian.org/debian/pool/main/l/linux-signed-amd64/linux-image-5.18.0-0.bpo.1-amd64_5.18.2-1%7ebpo11%2b1_amd64.deb'
 ID:0 ErrorText: ''>
check_conffile_prompt(/var/cache/apt/archives/linux-image-5.18.0-0.bpo.1-amd64_5.18.2-1~bpo11+1_amd64.deb)
No conffiles in deb 
/var/cache/apt/archives/linux-image-5.18.0-0.bpo.1-amd64_5.18.2-1~bpo11+1_amd64.deb
 (There is no member named 'conffiles')
<apt_pkg.AcquireItem object:Status: 2 Complete: 1 Local: 1 IsTrusted: 1 
FileSize: 1500 
DestFile:'/var/cache/apt/archives/linux-image-amd64_5.18.2-1~bpo11+1_amd64.deb' 
DescURI: 
'http://deb.debian.org/debian/pool/main/l/linux-signed-amd64/linux-image-amd64_5.18.2-1%7ebpo11%2b1_amd64.deb'
 ID:0 ErrorText: ''>
check_conffile_prompt(/var/cache/apt/archives/linux-image-amd64_5.18.2-1~bpo11+1_amd64.deb)
found pkg: linux-image-amd64
No conffiles in deb 
/var/cache/apt/archives/linux-image-amd64_5.18.2-1~bpo11+1_amd64.deb (There is 
no member named 'conffiles')
Packages blacklist due to conffile prompts: []
Option --dry-run given, *not* performing real actions
Packages that will be upgraded: linux-image-amd64
Writing dpkg log to /var/log/unattended-upgrades/unattended-upgrades-dpkg.log
applying set ['linux-image-amd64', 'linux-image-5.18.0-0.bpo.1-amd64']
apt-listchanges: Reading changelogs...
apt-listchanges: Reading changelogs...
/usr/bin/dpkg --status-fd 10 --no-triggers --unpack --auto-deconfigure 
--force-remove-protected 
/var/cache/apt/archives/linux-image-5.18.0-0.bpo.1-amd64_5.18.2-1~bpo11+1_amd64.deb
 /var/cache/apt/archives/linux-image-amd64_5.18.2-1~bpo11+1_amd64.deb 
/usr/bin/dpkg --status-fd 10 --configure --pending 
Marking not allowed <apt_pkg.PackageFile object: 
filename:'/var/lib/apt/lists/security.debian.org_debian-security_dists_bullseye-security_non-free_i18n_Translation-en'
  a=stable-security,c=non-free,v=11,o=Debian,l=Debian-Security arch='' 
site='security.debian.org' IndexType='Debian Translation Index' Size=439 ID:11> 
with -32768 pin
Marking not allowed <apt_pkg.PackageFile object: 
filename:'/var/lib/apt/lists/security.debian.org_debian-security_dists_bullseye-security_non-free_binary-amd64_Packages'
  a=stable-security,c=non-free,v=11,o=Debian,l=Debian-Security arch='amd64' 
site='security.debian.org' IndexType='Debian Package Index' Size=673 ID:10> 
with -32768 pin
Marking not allowed <apt_pkg.PackageFile object: 
filename:'/var/lib/apt/lists/security.debian.org_debian-security_dists_bullseye-security_main_i18n_Translation-en'
  a=stable-security,c=main,v=11,o=Debian,l=Debian-Security arch='' 
site='security.debian.org' IndexType='Debian Translation Index' Size=790119 
ID:9> with -32768 pin
Marking not allowed <apt_pkg.PackageFile object: 
filename:'/var/lib/apt/lists/security.debian.org_debian-security_dists_bullseye-security_main_binary-amd64_Packages'
  a=stable-security,c=main,v=11,o=Debian,l=Debian-Security arch='amd64' 
site='security.debian.org' IndexType='Debian Package Index' Size=1161429 ID:8> 
with -32768 pin
Applying pinning: PkgFilePin(id=11, priority=-32768)
Applying pin -32768 to package_file: <apt_pkg.PackageFile object: 
filename:'/var/lib/apt/lists/security.debian.org_debian-security_dists_bullseye-security_non-free_i18n_Translation-en'
  a=stable-security,c=non-free,v=11,o=Debian,l=Debian-Security arch='' 
site='security.debian.org' IndexType='Debian Translation Index' Size=439 ID:11>
Applying pinning: PkgFilePin(id=10, priority=-32768)
Applying pin -32768 to package_file: <apt_pkg.PackageFile object: 
filename:'/var/lib/apt/lists/security.debian.org_debian-security_dists_bullseye-security_non-free_binary-amd64_Packages'
  a=stable-security,c=non-free,v=11,o=Debian,l=Debian-Security arch='amd64' 
site='security.debian.org' IndexType='Debian Package Index' Size=673 ID:10>
Applying pinning: PkgFilePin(id=9, priority=-32768)
Applying pin -32768 to package_file: <apt_pkg.PackageFile object: 
filename:'/var/lib/apt/lists/security.debian.org_debian-security_dists_bullseye-security_main_i18n_Translation-en'
  a=stable-security,c=main,v=11,o=Debian,l=Debian-Security arch='' 
site='security.debian.org' IndexType='Debian Translation Index' Size=790119 
ID:9>
Applying pinning: PkgFilePin(id=8, priority=-32768)
Applying pin -32768 to package_file: <apt_pkg.PackageFile object: 
filename:'/var/lib/apt/lists/security.debian.org_debian-security_dists_bullseye-security_main_binary-amd64_Packages'
  a=stable-security,c=main,v=11,o=Debian,l=Debian-Security arch='amd64' 
site='security.debian.org' IndexType='Debian Package Index' Size=1161429 ID:8>
left to upgrade set()
All upgrades installed
InstCount=0 DelCount=0 BrokenCount=0
The list of kept packages can't be calculated in dry-run mode.


Scenario 2 - I've removed codename="" in the security origin, so now it wants 
to install security updates, but not the backports linux-image-amd64:

# cat /etc/apt/apt.conf.d/50unattended-upgrades
//
// This file is managed by Ansible - do not edit!
//

Unattended-Upgrade::Origins-Pattern {
    "origin=Debian,label=Debian-Security";
    "origin=Debian,codename=${distro_codename}";
    "origin=Debian,codename=${distro_codename}-updates";
    "origin=Debian Backports,codename=${distro_codename}-backports,label=Debian 
Backports";
    "origin=kernelcare.com,codename=stable";
    "origin=Zabbix,codename=${distro_codename},label=zabbix";
};

Unattended-Upgrade::Package-Blacklist {
};

Unattended-Upgrade::Mail "<redacted>";
Unattended-Upgrade::MailReport "on-change";
Unattended-Upgrade::Automatic-Reboot "false";
Unattended-Upgrade::SyslogEnable "true";
Unattended-Upgrade::SyslogFacility "daemon";


# apt list --upgradeable
Listing... Done
libgnutls-dane0/stable-security 3.7.1-5+deb11u2 amd64 [upgradable from: 
3.7.1-5+deb11u1]
libgnutls30/stable-security 3.7.1-5+deb11u2 amd64 [upgradable from: 
3.7.1-5+deb11u1]
libldb2/stable-security 2:2.2.3-2~deb11u2 amd64 [upgradable from: 
2:2.2.3-2~deb11u1]
libsmbclient/stable-security 2:4.13.13+dfsg-1~deb11u5 amd64 [upgradable from: 
2:4.13.13+dfsg-1~deb11u4]
libtirpc-common/stable-security 1.3.1-1+deb11u1 all [upgradable from: 1.3.1-1]
libtirpc3/stable-security 1.3.1-1+deb11u1 amd64 [upgradable from: 1.3.1-1]
libwbclient0/stable-security 2:4.13.13+dfsg-1~deb11u5 amd64 [upgradable from: 
2:4.13.13+dfsg-1~deb11u4]
python3-ldb/stable-security 2:2.2.3-2~deb11u2 amd64 [upgradable from: 
2:2.2.3-2~deb11u1]
samba-libs/stable-security 2:4.13.13+dfsg-1~deb11u5 amd64 [upgradable from: 
2:4.13.13+dfsg-1~deb11u4]
unzip/stable-security 6.0-26+deb11u1 amd64 [upgradable from: 6.0-26]


# unattended-upgrade -d --dry-run --verbose
Enabled logging to syslog via daemon facility 
Checking if system is running on battery is skipped. Please install 
powermgmt-base package to check power status and skip installing updates when 
the system is running on battery.
Starting unattended upgrades script
Allowed origins are: origin=Debian,label=Debian-Security, 
origin=Debian,codename=bullseye, origin=Debian,codename=bullseye-updates, 
origin=Debian Backports,codename=bullseye-backports,label=Debian Backports, 
origin=kernelcare.com,codename=stable, 
origin=Zabbix,codename=bullseye,label=zabbix
Initial blacklist: 
Initial whitelist (not strict): 
Using 
(^linux-.*-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^kfreebsd-.*-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^gnumach-.*-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^.*-modules-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^.*-kernel-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^linux-.*-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^kfreebsd-.*-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^gnumach-.*-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^.*-modules-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^.*-kernel-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$)
 regexp to find kernel packages
Using 
(^linux-.*-5\.10\.0\-11\-amd64$|^linux-.*-5\.10\.0\-11$|^kfreebsd-.*-5\.10\.0\-11\-amd64$|^kfreebsd-.*-5\.10\.0\-11$|^gnumach-.*-5\.10\.0\-11\-amd64$|^gnumach-.*-5\.10\.0\-11$|^.*-modules-5\.10\.0\-11\-amd64$|^.*-modules-5\.10\.0\-11$|^.*-kernel-5\.10\.0\-11\-amd64$|^.*-kernel-5\.10\.0\-11$|^linux-.*-5\.10\.0\-11\-amd64$|^linux-.*-5\.10\.0\-11$|^kfreebsd-.*-5\.10\.0\-11\-amd64$|^kfreebsd-.*-5\.10\.0\-11$|^gnumach-.*-5\.10\.0\-11\-amd64$|^gnumach-.*-5\.10\.0\-11$|^.*-modules-5\.10\.0\-11\-amd64$|^.*-modules-5\.10\.0\-11$|^.*-kernel-5\.10\.0\-11\-amd64$|^.*-kernel-5\.10\.0\-11$)
 regexp to find running kernel packages
Checking: libgnutls-dane0 ([<Origin component:'main' archive:'stable-security' 
origin:'Debian' label:'Debian-Security' site:'security.debian.org' 
isTrusted:True>])
Checking: libgnutls30 ([<Origin component:'main' archive:'stable-security' 
origin:'Debian' label:'Debian-Security' site:'security.debian.org' 
isTrusted:True>])
Checking: libldb2 ([<Origin component:'main' archive:'stable-security' 
origin:'Debian' label:'Debian-Security' site:'security.debian.org' 
isTrusted:True>])
Checking: libsmbclient ([<Origin component:'main' archive:'stable-security' 
origin:'Debian' label:'Debian-Security' site:'security.debian.org' 
isTrusted:True>])
Checking: libtirpc-common ([<Origin component:'main' archive:'stable-security' 
origin:'Debian' label:'Debian-Security' site:'security.debian.org' 
isTrusted:True>])
Checking: libtirpc3 ([<Origin component:'main' archive:'stable-security' 
origin:'Debian' label:'Debian-Security' site:'security.debian.org' 
isTrusted:True>])
Checking: libwbclient0 ([<Origin component:'main' archive:'stable-security' 
origin:'Debian' label:'Debian-Security' site:'security.debian.org' 
isTrusted:True>])
Checking: python3-ldb ([<Origin component:'main' archive:'stable-security' 
origin:'Debian' label:'Debian-Security' site:'security.debian.org' 
isTrusted:True>])
Checking: samba-libs ([<Origin component:'main' archive:'stable-security' 
origin:'Debian' label:'Debian-Security' site:'security.debian.org' 
isTrusted:True>])
Checking: unzip ([<Origin component:'main' archive:'stable-security' 
origin:'Debian' label:'Debian-Security' site:'security.debian.org' 
isTrusted:True>])
pkgs that look like they should be upgraded: libgnutls-dane0
libgnutls30
libldb2
libsmbclient
libtirpc-common
libtirpc3
libwbclient0
python3-ldb
samba-libs
unzip
Fetched 0 B in 0s (0 B/s)                                                       
                                                                                
                                                                                
 
fetch.run() result: 0
<apt_pkg.AcquireItem object:Status: 2 Complete: 1 Local: 1 IsTrusted: 1 
FileSize: 394684 
DestFile:'/var/cache/apt/archives/libgnutls-dane0_3.7.1-5+deb11u2_amd64.deb' 
DescURI: 
'http://security.debian.org/debian-security/pool/updates/main/g/gnutls28/libgnutls-dane0_3.7.1-5%2bdeb11u2_amd64.deb'
 ID:0 ErrorText: ''>
check_conffile_prompt(/var/cache/apt/archives/libgnutls-dane0_3.7.1-5+deb11u2_amd64.deb)
found pkg: libgnutls-dane0
No conffiles in deb 
/var/cache/apt/archives/libgnutls-dane0_3.7.1-5+deb11u2_amd64.deb (There is no 
member named 'conffiles')
<apt_pkg.AcquireItem object:Status: 2 Complete: 1 Local: 1 IsTrusted: 1 
FileSize: 1340576 
DestFile:'/var/cache/apt/archives/libgnutls30_3.7.1-5+deb11u2_amd64.deb' 
DescURI: 
'http://security.debian.org/debian-security/pool/updates/main/g/gnutls28/libgnutls30_3.7.1-5%2bdeb11u2_amd64.deb'
 ID:0 ErrorText: ''>
check_conffile_prompt(/var/cache/apt/archives/libgnutls30_3.7.1-5+deb11u2_amd64.deb)
found pkg: libgnutls30
No conffiles in deb 
/var/cache/apt/archives/libgnutls30_3.7.1-5+deb11u2_amd64.deb (There is no 
member named 'conffiles')
<apt_pkg.AcquireItem object:Status: 2 Complete: 1 Local: 1 IsTrusted: 1 
FileSize: 169832 
DestFile:'/var/cache/apt/archives/libsmbclient_2%3a4.13.13+dfsg-1~deb11u5_amd64.deb'
 DescURI: 
'http://security.debian.org/debian-security/pool/updates/main/s/samba/libsmbclient_4.13.13%2bdfsg-1%7edeb11u5_amd64.deb'
 ID:0 ErrorText: ''>
check_conffile_prompt(/var/cache/apt/archives/libsmbclient_2%3a4.13.13+dfsg-1~deb11u5_amd64.deb)
found pkg: libsmbclient
No conffiles in deb 
/var/cache/apt/archives/libsmbclient_2%3a4.13.13+dfsg-1~deb11u5_amd64.deb 
(There is no member named 'conffiles')
<apt_pkg.AcquireItem object:Status: 2 Complete: 1 Local: 1 IsTrusted: 1 
FileSize: 46400 
DestFile:'/var/cache/apt/archives/python3-ldb_2%3a2.2.3-2~deb11u2_amd64.deb' 
DescURI: 
'http://security.debian.org/debian-security/pool/updates/main/l/ldb/python3-ldb_2.2.3-2%7edeb11u2_amd64.deb'
 ID:0 ErrorText: ''>
check_conffile_prompt(/var/cache/apt/archives/python3-ldb_2%3a2.2.3-2~deb11u2_amd64.deb)
found pkg: python3-ldb
No conffiles in deb 
/var/cache/apt/archives/python3-ldb_2%3a2.2.3-2~deb11u2_amd64.deb (There is no 
member named 'conffiles')
<apt_pkg.AcquireItem object:Status: 2 Complete: 1 Local: 1 IsTrusted: 1 
FileSize: 147888 
DestFile:'/var/cache/apt/archives/libldb2_2%3a2.2.3-2~deb11u2_amd64.deb' 
DescURI: 
'http://security.debian.org/debian-security/pool/updates/main/l/ldb/libldb2_2.2.3-2%7edeb11u2_amd64.deb'
 ID:0 ErrorText: ''>
check_conffile_prompt(/var/cache/apt/archives/libldb2_2%3a2.2.3-2~deb11u2_amd64.deb)
found pkg: libldb2
No conffiles in deb 
/var/cache/apt/archives/libldb2_2%3a2.2.3-2~deb11u2_amd64.deb (There is no 
member named 'conffiles')
<apt_pkg.AcquireItem object:Status: 2 Complete: 1 Local: 1 IsTrusted: 1 
FileSize: 5774020 
DestFile:'/var/cache/apt/archives/samba-libs_2%3a4.13.13+dfsg-1~deb11u5_amd64.deb'
 DescURI: 
'http://security.debian.org/debian-security/pool/updates/main/s/samba/samba-libs_4.13.13%2bdfsg-1%7edeb11u5_amd64.deb'
 ID:0 ErrorText: ''>
check_conffile_prompt(/var/cache/apt/archives/samba-libs_2%3a4.13.13+dfsg-1~deb11u5_amd64.deb)
found pkg: samba-libs
No conffiles in deb 
/var/cache/apt/archives/samba-libs_2%3a4.13.13+dfsg-1~deb11u5_amd64.deb (There 
is no member named 'conffiles')
<apt_pkg.AcquireItem object:Status: 2 Complete: 1 Local: 1 IsTrusted: 1 
FileSize: 313124 
DestFile:'/var/cache/apt/archives/libwbclient0_2%3a4.13.13+dfsg-1~deb11u5_amd64.deb'
 DescURI: 
'http://security.debian.org/debian-security/pool/updates/main/s/samba/libwbclient0_4.13.13%2bdfsg-1%7edeb11u5_amd64.deb'
 ID:0 ErrorText: ''>
check_conffile_prompt(/var/cache/apt/archives/libwbclient0_2%3a4.13.13+dfsg-1~deb11u5_amd64.deb)
found pkg: libwbclient0
No conffiles in deb 
/var/cache/apt/archives/libwbclient0_2%3a4.13.13+dfsg-1~deb11u5_amd64.deb 
(There is no member named 'conffiles')
<apt_pkg.AcquireItem object:Status: 2 Complete: 1 Local: 1 IsTrusted: 1 
FileSize: 13464 
DestFile:'/var/cache/apt/archives/libtirpc-common_1.3.1-1+deb11u1_all.deb' 
DescURI: 
'http://security.debian.org/debian-security/pool/updates/main/libt/libtirpc/libtirpc-common_1.3.1-1%2bdeb11u1_all.deb'
 ID:0 ErrorText: ''>
check_conffile_prompt(/var/cache/apt/archives/libtirpc-common_1.3.1-1+deb11u1_all.deb)
found pkg: libtirpc-common
conffile line: /etc/netconfig ca8db53e3af4d735335c2607d21c7195
current md5: ca8db53e3af4d735335c2607d21c7195
<apt_pkg.AcquireItem object:Status: 2 Complete: 1 Local: 1 IsTrusted: 1 
FileSize: 84072 
DestFile:'/var/cache/apt/archives/libtirpc3_1.3.1-1+deb11u1_amd64.deb' DescURI: 
'http://security.debian.org/debian-security/pool/updates/main/libt/libtirpc/libtirpc3_1.3.1-1%2bdeb11u1_amd64.deb'
 ID:0 ErrorText: ''>
check_conffile_prompt(/var/cache/apt/archives/libtirpc3_1.3.1-1+deb11u1_amd64.deb)
found pkg: libtirpc3
No conffiles in deb /var/cache/apt/archives/libtirpc3_1.3.1-1+deb11u1_amd64.deb 
(There is no member named 'conffiles')
<apt_pkg.AcquireItem object:Status: 2 Complete: 1 Local: 1 IsTrusted: 1 
FileSize: 171660 
DestFile:'/var/cache/apt/archives/unzip_6.0-26+deb11u1_amd64.deb' DescURI: 
'http://security.debian.org/debian-security/pool/updates/main/u/unzip/unzip_6.0-26%2bdeb11u1_amd64.deb'
 ID:0 ErrorText: ''>
check_conffile_prompt(/var/cache/apt/archives/unzip_6.0-26+deb11u1_amd64.deb)
found pkg: unzip
No conffiles in deb /var/cache/apt/archives/unzip_6.0-26+deb11u1_amd64.deb 
(There is no member named 'conffiles')
Packages blacklist due to conffile prompts: []
Option --dry-run given, *not* performing real actions
Packages that will be upgraded: libgnutls-dane0 libgnutls30 libldb2 
libsmbclient libtirpc-common libtirpc3 libwbclient0 python3-ldb samba-libs unzip
Writing dpkg log to /var/log/unattended-upgrades/unattended-upgrades-dpkg.log
applying set ['libtirpc-common']
apt-listchanges: Reading changelogs...
apt-listchanges: Reading changelogs...
/usr/bin/dpkg --status-fd 10 --no-triggers --unpack --auto-deconfigure 
--force-remove-protected 
/var/cache/apt/archives/libtirpc-common_1.3.1-1+deb11u1_all.deb 
/usr/bin/dpkg --status-fd 10 --no-triggers --configure libtirpc-common:all 
/usr/bin/dpkg --status-fd 10 --configure --pending 
left to upgrade {'python3-ldb', 'libsmbclient', 'libgnutls30', 'libwbclient0', 
'samba-libs', 'unzip', 'libldb2', 'libgnutls-dane0', 'libtirpc3'}
applying set ['libldb2', 'python3-ldb']
apt-listchanges: Reading changelogs...
apt-listchanges: Reading changelogs...
/usr/bin/dpkg --status-fd 10 --no-triggers --unpack --auto-deconfigure 
--force-remove-protected 
/var/cache/apt/archives/python3-ldb_2%3a2.2.3-2~deb11u2_amd64.deb 
/var/cache/apt/archives/libldb2_2%3a2.2.3-2~deb11u2_amd64.deb 
/usr/bin/dpkg --status-fd 10 --configure --pending 
left to upgrade {'samba-libs', 'libgnutls30', 'libwbclient0', 'unzip', 
'libsmbclient', 'libgnutls-dane0', 'libtirpc3'}
applying set ['libldb2', 'libwbclient0', 'libsmbclient', 'python3-ldb', 
'samba-libs']
apt-listchanges: Reading changelogs...
apt-listchanges: Reading changelogs...
/usr/bin/dpkg --status-fd 10 --no-triggers --unpack --auto-deconfigure 
--force-remove-protected 
/var/cache/apt/archives/libsmbclient_2%3a4.13.13+dfsg-1~deb11u5_amd64.deb 
/var/cache/apt/archives/python3-ldb_2%3a2.2.3-2~deb11u2_amd64.deb 
/var/cache/apt/archives/libldb2_2%3a2.2.3-2~deb11u2_amd64.deb 
/var/cache/apt/archives/samba-libs_2%3a4.13.13+dfsg-1~deb11u5_amd64.deb 
/var/cache/apt/archives/libwbclient0_2%3a4.13.13+dfsg-1~deb11u5_amd64.deb 
/usr/bin/dpkg --status-fd 10 --configure --pending 
left to upgrade {'libgnutls-dane0', 'unzip', 'libtirpc3', 'libgnutls30'}
applying set ['libgnutls30', 'libgnutls-dane0']
apt-listchanges: Reading changelogs...
apt-listchanges: Reading changelogs...
/usr/bin/dpkg --status-fd 10 --no-triggers --unpack --auto-deconfigure 
--force-remove-protected 
/var/cache/apt/archives/libgnutls-dane0_3.7.1-5+deb11u2_amd64.deb 
/var/cache/apt/archives/libgnutls30_3.7.1-5+deb11u2_amd64.deb 
/usr/bin/dpkg --status-fd 10 --no-triggers --configure libgnutls30:amd64 
/usr/bin/dpkg --status-fd 10 --configure --pending 
left to upgrade {'unzip', 'libtirpc3'}
applying set ['unzip']
apt-listchanges: Reading changelogs...
apt-listchanges: Reading changelogs...
/usr/bin/dpkg --status-fd 10 --no-triggers --unpack --auto-deconfigure 
--force-remove-protected /var/cache/apt/archives/unzip_6.0-26+deb11u1_amd64.deb 
/usr/bin/dpkg --status-fd 10 --configure --pending 
left to upgrade {'libtirpc3'}
applying set ['libtirpc-common', 'libtirpc3']
apt-listchanges: Reading changelogs...
apt-listchanges: Reading changelogs...
/usr/bin/dpkg --status-fd 10 --no-triggers --unpack --auto-deconfigure 
--force-remove-protected 
/var/cache/apt/archives/libtirpc-common_1.3.1-1+deb11u1_all.deb 
/usr/bin/dpkg --status-fd 10 --no-triggers --configure libtirpc-common:all 
/usr/bin/dpkg --status-fd 10 --no-triggers --unpack --auto-deconfigure 
--force-remove-protected 
/var/cache/apt/archives/libtirpc3_1.3.1-1+deb11u1_amd64.deb 
/usr/bin/dpkg --status-fd 10 --no-triggers --configure libtirpc3:amd64 
/usr/bin/dpkg --status-fd 10 --configure --pending 
left to upgrade set()
All upgrades installed
InstCount=0 DelCount=0 BrokenCount=0
The list of kept packages can't be calculated in dry-run mode.


I can also add the general apt policy, and the policy for linux-image-amd64:

# apt policy
Package files:
 100 /var/lib/dpkg/status
     release a=now
 500 http://repo.zabbix.com/zabbix/6.0/debian bullseye/main amd64 Packages
     release o=Zabbix,n=bullseye,l=zabbix,c=main,b=amd64
     origin repo.zabbix.com
 500 https://repo.cloudlinux.com/kernelcare-debian/11 stable/main amd64 Packages
     release o=kernelcare.com,n=stable,l=kernelcare,c=main,b=amd64
     origin repo.cloudlinux.com
 100 http://deb.debian.org/debian bullseye-backports/main amd64 Packages
     release o=Debian 
Backports,a=bullseye-backports,n=bullseye-backports,l=Debian 
Backports,c=main,b=amd64
     origin deb.debian.org
 500 http://security.debian.org/debian-security bullseye-security/non-free 
amd64 Packages
     release 
v=11,o=Debian,a=stable-security,n=bullseye-security,l=Debian-Security,c=non-free,b=amd64
     origin security.debian.org
 500 http://security.debian.org/debian-security bullseye-security/main amd64 
Packages
     release 
v=11,o=Debian,a=stable-security,n=bullseye-security,l=Debian-Security,c=main,b=amd64
     origin security.debian.org
 500 http://deb.debian.org/debian bullseye-updates/main amd64 Packages
     release 
v=11-updates,o=Debian,a=stable-updates,n=bullseye-updates,l=Debian,c=main,b=amd64
     origin deb.debian.org
 500 http://deb.debian.org/debian bullseye/non-free amd64 Packages
     release v=11.4,o=Debian,a=stable,n=bullseye,l=Debian,c=non-free,b=amd64
     origin deb.debian.org
 500 http://deb.debian.org/debian bullseye/contrib amd64 Packages
     release v=11.4,o=Debian,a=stable,n=bullseye,l=Debian,c=contrib,b=amd64
     origin deb.debian.org
 500 http://deb.debian.org/debian bullseye/main amd64 Packages
     release v=11.4,o=Debian,a=stable,n=bullseye,l=Debian,c=main,b=amd64
     origin deb.debian.org
Pinned packages:
     zabbix-sender -> 1:6.0.7-1+debian11 with priority 1001
     zabbix-proxy-sqlite3 -> 1:6.0.7-1+debian11 with priority 1001
     zabbix-sql-scripts -> 1:6.0.7-1+debian11 with priority 1001
     zabbix-java-gateway -> 1:6.0.7-1+debian11 with priority 1001
     zabbix-server-pgsql -> 1:6.0.7-1+debian11 with priority 1001
     zabbix-release -> 1:6.0-3+debian11 with priority 1001
     zabbix-proxy-pgsql -> 1:6.0.7-1+debian11 with priority 1001
     zabbix-apache-conf -> 1:6.0.7-1+debian11 with priority 1001
     zabbix-server-mysql -> 1:6.0.7-1+debian11 with priority 1001
     zabbix-js -> 1:6.0.7-1+debian11 with priority 1001
     zabbix-agent -> 1:6.0.7-1+debian11 with priority 1001
     zabbix-proxy-mysql -> 1:6.0.7-1+debian11 with priority 1001
     zabbix-proxy-sqlite3-dbgsym -> 1:6.0.7-1+debian11 with priority 1001
     zabbix-agent-dbgsym -> 1:6.0.7-1+debian11 with priority 1001
     zabbix-sender-dbgsym -> 1:6.0.7-1+debian11 with priority 1001
     zabbix-server-mysql-dbgsym -> 1:6.0.7-1+debian11 with priority 1001
     zabbix-server-pgsql-dbgsym -> 1:6.0.7-1+debian11 with priority 1001
     zabbix-get -> 1:6.0.7-1+debian11 with priority 1001
     zabbix-agent2-dbgsym -> 1:6.0.7-1+debian11 with priority 1001
     zabbix-agent2 -> 1:6.0.7-1+debian11 with priority 1001
     zabbix-proxy-mysql-dbgsym -> 1:6.0.7-1+debian11 with priority 1001
     zabbix-proxy-pgsql-dbgsym -> 1:6.0.7-1+debian11 with priority 1001
     zabbix-web-service -> 1:6.0.7-1+debian11 with priority 1001
     zabbix-nginx-conf -> 1:6.0.7-1+debian11 with priority 1001
     zabbix-get-dbgsym -> 1:6.0.7-1+debian11 with priority 1001
     zabbix-js-dbgsym -> 1:6.0.7-1+debian11 with priority 1001
     zabbix-frontend-php -> 1:6.0.7-1+debian11 with priority 1001


# apt policy linux-image-amd64
linux-image-amd64:
  Installed: 5.10.136-1
  Candidate: 5.10.136-1
  Version table:
     5.18.2-1~bpo11+1 100
        100 http://deb.debian.org/debian bullseye-backports/main amd64 Packages
 *** 5.10.136-1 500
        500 http://security.debian.org/debian-security bullseye-security/main 
amd64 Packages
        100 /var/lib/dpkg/status
     5.10.127-1 500
        500 http://deb.debian.org/debian bullseye/main amd64 Packages


I'm happy to supply more information if needed, or any correction if this is in
fact not a bug, and some silly mistake I've made somewhere.


-- System Information:
Debian Release: 11.4
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-11-amd64 (SMP w/1 CPU thread)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages unattended-upgrades depends on:
ii  debconf [debconf-2.0]  1.5.77
ii  lsb-base               11.1.0
ii  lsb-release            11.1.0
ii  python3                3.9.2-3
ii  python3-apt            2.2.1
ii  python3-dbus           1.2.16-5
ii  python3-distro-info    1.0
ii  ucf                    3.0043
ii  xz-utils               5.2.5-2.1~deb11u1

Versions of packages unattended-upgrades recommends:
ii  cron [cron-daemon]  3.0pl1-137
ii  systemd-sysv        247.3-7

Versions of packages unattended-upgrades suggests:
ii  bsd-mailx                                  8.1.2-0.20180807cvs-2
ii  exim4-daemon-light [mail-transport-agent]  4.94.2-7
ii  needrestart                                3.5-4+deb11u2
pn  powermgmt-base                             <none>
ii  python3-gi                                 3.38.0-2

-- debconf information:
* unattended-upgrades/enable_auto_updates: true

Reply via email to