Proposed downgrade of packages

Community Support
1

Hello all.
I have an issue with one of my Hestia servers:

  • Ubuntu 18.04.5 LTS
  • Hestia v1.3.3
  • nginx (proxy), apache2 (web server), php-fpm (backend)

When running apt update && apt upgrade I get the following downgrade notice:

apt update && apt upgrade 
Hit:1 http://mirror.hetzner.de/ubuntu/packages bionic InRelease
Get:2 http://security.ubuntu.com/ubuntu bionic-security InRelease [88.7 kB]
Hit:3 http://ppa.launchpad.net/ondrej/apache2/ubuntu bionic InRelease
Hit:4 http://mirror.hetzner.de/ubuntu/packages bionic-updates InRelease
Hit:5 http://mirror.hetzner.de/ubuntu/packages bionic-backports InRelease
Hit:6 http://mirror.hetzner.de/ubuntu/packages bionic-security InRelease
Hit:7 http://ppa.launchpad.net/ondrej/php/ubuntu bionic InRelease
Hit:8 http://archive.ubuntu.com/ubuntu bionic InRelease
Hit:9 https://packages.microsoft.com/ubuntu/20.04/prod focal InRelease
Hit:10 https://nginx.org/packages/mainline/ubuntu bionic InRelease
Get:11 http://archive.ubuntu.com/ubuntu bionic-updates InRelease [88.7 kB]
Hit:12 https://mirror.mva-n.net/mariadb/repo/10.3/ubuntu bionic InRelease
Get:13 http://archive.ubuntu.com/ubuntu bionic-backports InRelease [74.6 kB]
Hit:14 https://apt.hestiacp.com bionic InRelease
Fetched 252 kB in 3s (93.4 kB/s)
Reading package lists... Done
Building dependency tree
Reading state information... Done
All packages are up to date.
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
The following packages will be DOWNGRADED:
  libssl-dev libssl1.1 openssl
0 upgraded, 0 newly installed, 3 downgraded, 0 to remove and 0 not upgraded.
Need to get 3,481 kB of archives.
After this operation, 410 kB disk space will be freed.

You can find below the output of some relevant commands:

apt list -a libssl-dev libssl1.1 openssl 
Listing... Done
libssl-dev/now 1.1.1i-1+ubuntu18.04.1+deb.sury.org+4 amd64 [installed,local]
libssl-dev/bionic-updates,bionic-security,bionic-updates,bionic-security 1.1.1-1ubuntu2.1~18.04.8 amd64
libssl-dev/bionic,bionic 1.1.0g-2ubuntu4 amd64

libssl1.1/now 1.1.1i-1+ubuntu18.04.1+deb.sury.org+4 amd64 [installed,local]
libssl1.1/bionic-updates,bionic-security,bionic-updates,bionic-security 1.1.1-1ubuntu2.1~18.04.8 amd64
libssl1.1/bionic,bionic 1.1.0g-2ubuntu4 amd64

openssl/now 1.1.1i-1+ubuntu18.04.1+deb.sury.org+4 amd64 [installed,local]
openssl/bionic-updates,bionic-security,bionic-updates,bionic-security 1.1.1-1ubuntu2.1~18.04.8 amd64
openssl/bionic,bionic 1.1.0g-2ubuntu4 amd64
apt policy libssl-dev libssl1.1 openssl 
libssl-dev:
  Installed: 1.1.1i-1+ubuntu18.04.1+deb.sury.org+4
  Candidate: 1.1.1-1ubuntu2.1~18.04.8
  Version table:
 *** 1.1.1i-1+ubuntu18.04.1+deb.sury.org+4 100
        100 /var/lib/dpkg/status
     1.1.1-1ubuntu2.1~18.04.8 1000
        500 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages
        500 http://security.ubuntu.com/ubuntu bionic-security/main amd64 Packages
        500 http://mirror.hetzner.de/ubuntu/packages bionic-updates/main amd64 Packages
        500 http://mirror.hetzner.de/ubuntu/packages bionic-security/main amd64 Packages
     1.1.0g-2ubuntu4 1000
        500 http://archive.ubuntu.com/ubuntu bionic/main amd64 Packages
        500 http://mirror.hetzner.de/ubuntu/packages bionic/main amd64 Packages
libssl1.1:
  Installed: 1.1.1i-1+ubuntu18.04.1+deb.sury.org+4
  Candidate: 1.1.1-1ubuntu2.1~18.04.8
  Version table:
 *** 1.1.1i-1+ubuntu18.04.1+deb.sury.org+4 100
        100 /var/lib/dpkg/status
     1.1.1-1ubuntu2.1~18.04.8 1000
        500 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages
        500 http://security.ubuntu.com/ubuntu bionic-security/main amd64 Packages
        500 http://mirror.hetzner.de/ubuntu/packages bionic-updates/main amd64 Packages
        500 http://mirror.hetzner.de/ubuntu/packages bionic-security/main amd64 Packages
     1.1.0g-2ubuntu4 1000
        500 http://archive.ubuntu.com/ubuntu bionic/main amd64 Packages
        500 http://mirror.hetzner.de/ubuntu/packages bionic/main amd64 Packages
openssl:
  Installed: 1.1.1i-1+ubuntu18.04.1+deb.sury.org+4
  Candidate: 1.1.1-1ubuntu2.1~18.04.8
  Version table:
 *** 1.1.1i-1+ubuntu18.04.1+deb.sury.org+4 100
        100 /var/lib/dpkg/status
     1.1.1-1ubuntu2.1~18.04.8 1000
        500 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages
        500 http://security.ubuntu.com/ubuntu bionic-security/main amd64 Packages
        500 http://mirror.hetzner.de/ubuntu/packages bionic-updates/main amd64 Packages
        500 http://mirror.hetzner.de/ubuntu/packages bionic-security/main amd64 Packages
     1.1.0g-2ubuntu4 1000
        500 http://archive.ubuntu.com/ubuntu bionic/main amd64 Packages
        500 http://mirror.hetzner.de/ubuntu/packages bionic/main amd64 Packages

I understand that those 3 packages exist in both repositories: Ubuntu and Ondrej (Sury). The version currently installed on the server is from ondrej but the proposed “downgrade” is from Ubuntu. But the proposed “downgrade” is the same version number as the one currently installed. Please correct me if I got something wrong.

I also found a GitHub issue that I believe is related, but I’m not sure what I should do.

As always, The problem is choice. What do you suggest me doing?

2

Hi @Felix ,

I’m not sure what to suggest, but I had the same “doubt” yesterday. I did the downgrade anyway and no issues. Just to let you know.

Same setup as you except for OS. I use Debian 10.

3

Please check:

https://www.patreon.com/posts/enforced-openssl-48703169

It is due the dropped support of Ubuntu 16.04 he will stop packing openssl

4

Thank you @Ubi and @eris for your replies. Now I have a better understanding of what is going on :+1:

2 Likes
5

On Ubuntu 20.04 and the last HestiaCP I had too this warning in cron-apt:

The following packages will be DOWNGRADED:
libssl1.1 openssl
6

With the “EOL” of Ubuntu 16.04 the packager of “deb.sury” decided it was not more needed any more as Debian 10, 9, Ubuntu 20.04, 18.04 are relative up to date

7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.