apt update for chromium fails on up-to-date boron

MidGe · 2024-12-06 23:26:21

Today, on updating and upgrading my workstation, it failed to upgrade chromium.

❯ sudo apt upgrade -V
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Calculating upgrade... Done
The following packages have been kept back:
   chromium (131.0.6778.85-1~deb12u1 => 131.0.6778.108-1~deb12u1)
   chromium-common (131.0.6778.85-1~deb12u1 => 131.0.6778.108-1~deb12u1)
   chromium-sandbox (131.0.6778.85-1~deb12u1 => 131.0.6778.108-1~deb12u1)
0 upgraded, 0 newly installed, 0 to remove and 3 not upgraded.

Maybe related to:

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5824-1 security@debian.org
https://www.debian.org/security/ Andres Salomon
December 06, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : chromium
CVE ID : CVE-2024-12053

Security issues were discovered in Chromium which could result
in the execution of arbitrary code, denial of service, or information
disclosure.

For the stable distribution (bookworm), this problem has been fixed in
version 131.0.6778.108-1~deb12u1.

We recommend that you upgrade your chromium packages.

For the detailed security status of chromium please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/chromium

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Last edited by MidGe (2024-12-06 23:38:20)

johnraff · 2024-12-07 05:50:56

Something is wrong with the packages in this latest chromium update.
You can see it more clearly with:

john@boron:~$ apt policy chromium
chromium:
  Installed: 131.0.6778.85-1~deb12u1
  Candidate: 131.0.6778.108-1~deb12u1
  Version table:
     131.0.6778.108-1~deb12u1 500
        500 https://deb.debian.org/debian-security bookworm-security/main amd64 Packages
 *** 131.0.6778.85-1~deb12u1 100
        100 /var/lib/dpkg/status
     130.0.6723.91-1~deb12u1 500
        500 https://deb.debian.org/debian bookworm/main amd64 Packages

john@boron:~$ sudo apt install chromium
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
 chromium : Depends: libc++1-19 (>= 1:19.1.4) but it is not installable
            Depends: libc++abi1-19 (>= 1:19.1.4) but it is not installable
            Depends: libunwind-19 (>= 1:19.1.4) but it is not installable
            Depends: chromium-common (= 131.0.6778.108-1~deb12u1) but 131.0.6778.85-1~deb12u1 is to be installed
            Recommends: chromium-sandbox but it is not going to be installed
E: Unable to correct problems, you have held broken packages.

On the web page for chromium 131.0.6778.108-1~deb12u1 those three "not installable" packages are listed in the dependencies as "package not available". My guess is that if we wait a day or so the correct packages will have been uploaded.

johnraff · 2024-12-08 06:14:58

The Debian devs are onto this. The latest upgrade of chromium needed some packages from the stable-updates repository, which won't be pulled in without 'apt full-upgrade'.

So the easiest way forward for users is:
1) check that the bookworm-updates are enabled in your apt sources (in BL they are by default): https://forums.bunsenlabs.org/viewtopic.php?id=8898
2) run

sudo apt update; sudo apt full-upgrade

The 'full-upgrade' has implications though - it may do other unexpected package installs and removals, so check the apt message before clicking 'yes'.

Another way is after step 1) to remove chromium and install it again. The necessary stable-updates packages will be installed without questions.

Announcement: https://lists.debian.org/debian-stable- … 00000.html
(The llvm-toolchain-19 referred to there is the source package which builds the missing packages in bookworm-updates.)

Bug report: https://bugs.debian.org/cgi-bin/bugrepo … ug=1089181

eightysixed · 2024-12-08 21:50:56

johnraff wrote:

My guess is that if we wait a day or so the correct packages will have been uploaded.

Mine too. I wouldn't really do a full-upgrade right off the bat, because as mentioned, it might have negative impacts on things you weren't prepared for/thought about yet.

MidGe · 2024-12-11 03:54:33

OK got fixed in yesterday's update/upgrade.

Thanks

#1 2024-12-06 23:26:21

apt update for chromium fails on up-to-date boron

#2 2024-12-07 05:50:56

Re: apt update for chromium fails on up-to-date boron

#3 2024-12-08 06:14:58

Re: apt update for chromium fails on up-to-date boron

#4 2024-12-08 21:50:56

Re: apt update for chromium fails on up-to-date boron

#5 2024-12-11 03:54:33

Re: apt update for chromium fails on up-to-date boron

Board footer