On 2020-10-19 at 20:01, Bob Bernstein wrote: > I am trying to meet the challenge of the security upgrade -- > [SECURITY] [DSA 4774-1] linux security update -- that > was issued today. > > This is an AMD Buster system: > > Linux debian.localdomain 4.19.0-8-amd64 #1 SMP Debian > 4.19.98-1+deb10u1 (2020-04-27) x86_64 GNU/Linux > > I have noticed for several weeks that when I run "apt-get > upgrade" my kernel gets held back: > > "The following packages have been kept back: > linux-image-amd64 thunderbird" > > So, again today, running apt-get update and then apt-get upgrade > does not install the new kernel. Here is the instruction from > the security bulletin: > > "For the stable distribution (buster), these problems have been > fixed in version 4.19.152-1. The vulnerabilities are fixed by > rebasing to the new stable upstream version 4.19.152 which > includes additional bugfixes." > > I am completely at a loss to know how to "rebase" to the new > version. The term "rebase" is a Debian term-of-art I have never > before encountered. Can someone please point me to a step by > step "Kernel Rebasing For Dummies" guide?
Actually, "rebase" isn't a Debian term at all; it's a git term. What this announcement means is that the Debian kernel-package maintainers have rebased the kernel they ship from being derived from an older kernel version to being derived from this newer one. If you run 'apt-cache show linux-image-amd64', I suspect that you will see that the previous (and currently-installed) version depends on a version-specific package which is currently installed, and the newer (and not-yet-installed) version depends on a version-specific package whose name specifies 4.19 (and possibly 4.19.152). To install that package and let the upgrade go forward, you have a few options. The simplest, and the one I go with myself, would be to run $ apt-get dist-upgrade instead of your existing "apt-get upgrade". This will let apt-get perform new-package installs and old-package removals as part of the upgrade process; in this case, because linux-image-amd64 now depends on a new package, a new-package install is necessary in order for the upgrade to be carried out. It's very likely that that will resolve your issue; it will probably also let Thunderbird get upgraded as well. If you don't want to allow the other package additions or removals that would be involved in that process, you could also see whether $ apt-get install linux-image-amd64 will perform the upgrade and install the new package for just that one case, without touching the others. You could also take the new package name from the 'apt-cache show linux-image-amd64' output and specify it explicitly on an 'apt-get install' command-line, but that has downsides later on (in that the package will probably remain around even after it's not useful anymore) and I wouldn't particularly recommend it. -- The Wanderer The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man. -- George Bernard Shaw
signature.asc
Description: OpenPGP digital signature
