This issue is similar to Debian Linux not updating package, but in my case the newer package is not from backports
:
§ apt list --upgradable
Listing... Done
firefox-esr-l10n-en-gb/stable 60.2.0esr-1~deb9u2 all [upgradable from: 52.9.0esr-1~deb9u1]
N: There is 1 additional version. Please use the '-a' switch to see it
§ sudo apt upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
§ apt policy firefox-esr-l10n-en-gb
firefox-esr-l10n-en-gb:
Installed: 52.9.0esr-1~deb9u1
Candidate: 60.2.0esr-1~deb9u2
Version table:
60.2.0esr-1~deb9u2 500
500 http://security.debian.org stretch/updates/main amd64 Packages
*** 52.9.0esr-1~deb9u1 500
500 http://ftp.fr.debian.org/debian stretch/main amd64 Packages
500 http://security.debian.org stretch/updates/main amd64 Packages
100 /var/lib/dpkg/status
§ apt policy firefox-esr
firefox-esr:
Installed: 52.9.0esr-1~deb9u1
Candidate: 52.9.0esr-1~deb9u1
Version table:
60.2.0esr-1~deb9u2 500
500 http://security.debian.org stretch/updates/main amd64 Packages
*** 52.9.0esr-1~deb9u1 30000
500 http://ftp.fr.debian.org/debian stretch/main amd64 Packages
100 /var/lib/dpkg/status
§ apt -s install firefox-esr=60.2.0esr-1~deb9u2
NOTE: This is only a simulation!
apt needs root privileges for real execution.
Keep also in mind that locking is deactivated,
so don't depend on the relevance to the real current situation!
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
firefox-esr-l10n-en-gb
Suggested packages:
fonts-stix | otf-stix
The following packages will be upgraded:
firefox-esr firefox-esr-l10n-en-gb
2 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Inst firefox-esr-l10n-en-gb [52.9.0esr-1~deb9u1] (60.2.0esr-1~deb9u2 Debian-Security:9/stable [all]) []
Inst firefox-esr [52.9.0esr-1~deb9u1] (60.2.0esr-1~deb9u2 Debian-Security:9/stable [amd64])
Conf firefox-esr-l10n-en-gb (60.2.0esr-1~deb9u2 Debian-Security:9/stable [all])
Conf firefox-esr (60.2.0esr-1~deb9u2 Debian-Security:9/stable [amd64])
What does it mean? Why firefox-esr
is not upgraded?
Update
After the answer by Stephen Kitt, I discovered a file /etc/apt/preferences.d/apt-listbugs
, created this morning when I ran upgrades, with the following content:
Explanation: Pinned by apt-listbugs at 2018-09-11 08:11:30 +0200
Explanation: #908396: firefox-esr: stopped working after upgrade from 59 to 60
Explanation: #908449: (no subject)
Package: firefox-esr
Pin: version 52.9.0esr-1~deb9u1
Pin-Priority: 30000
What does it mean?
Best Answer
You have
firefox-esr
pinned to the currently-installed version with a very high priority:That prevents any other version with a lower pin priority from being installed, including the security update which only has priority 500:
The pin comes from
apt-listbugs
: it decided (or was told — I think it always asks, but there may be some configurations where it doesn’t) that the upgrade to Firefox 60 should be put on hold until bugs 908396 and 908449 are fixed. Those bugs are related to the new requirement for SSE2 instructions oni386
; since you’re runningamd64
, they don’t concern you, and it should be safe for you to upgrade.You need to remove the pin priority for the upgrade to proceed. Delete
/etc/apt/preferences.d/apt-listbugs
, and ifapt-listbugs
asks you again, tell it that you do want to upgrade.