gistfile1.txt

diff --git a/apticron b/apticron
index d2eea06..e0bbbae 100755
--- a/apticron
+++ b/apticron
@@ -1,4 +1,5 @@
 #!/bin/bash -e
+set -eo pipefail
 
 # Character set handling differs between the different mailx
 # implementations in Debian. Make sure we send proper headers, and a
@@ -38,6 +39,7 @@ Mailx() {
 				"$@" < "$MAIL_BODY_FILE"
 		fi
 	fi
+
     rm "$MAIL_BODY_FILE"
 }
 
@@ -77,7 +79,9 @@ if [ "$ALL_FQDNS" = "1" ] ; then
 	SYSTEM=`/bin/hostname --all-fqdns`
 fi
 
+
 if [ -z "$IPADDRESSES" ] && [ -x /sbin/ip ]; then
+        set +o pipefail
 	# Set the IPv4 addresses
 	IPADDRESSES=`(echo $( /bin/hostname --all-ip-addresses ) ;
 		     /sbin/ip -f inet addr show scope global 2> /dev/null | \
@@ -92,6 +96,7 @@ if [ -z "$IPADDRESSES" ] && [ -x /sbin/ip ]; then
 				   /usr/bin/head -$IPADDRESSNUM |\
 				   /usr/bin/awk '{ print $2 }' |\
 				   /usr/bin/cut -d/ -f1`"
+        set -o pipefail
 fi
 
 # Turn our list of addresses into nicely formatted output
@@ -115,8 +120,8 @@ fi
 /usr/bin/apt-get -qq update || true
 
 # get the list of packages which are pending an upgrade
-PKGNAMES=`/usr/bin/apt-get -q -y --ignore-hold --allow-change-held-packages --allow-unauthenticated -s dist-upgrade | \
-          /bin/grep ^Inst | /usr/bin/cut -d\  -f2 | /usr/bin/sort`
+PKGNAMES=`/usr/bin/apt-get --allow-downgrades -q -y --ignore-hold --allow-change-held-packages --allow-unauthenticated -s dist-upgrade | \
+          /bin/grep ^Inst | grep Security | /usr/bin/cut -d\  -f2 | /usr/bin/sort`
 
 # creating the future last_run file
 TMPFILE="$(mktemp -t apticron.XXXXXXXXXX)"
@@ -125,8 +130,8 @@ for p in $PKGNAMES; do
 done
 
 # workaround to handle apt-get installing packages hold by aptitude. See #137771.
-APTITUDE_HOLDS=`grep "^State: 2" -B 3 /var/lib/aptitude/pkgstates 2>/dev/null |grep "^Package: .*$" |cut -d" " -f 2`
-DSELECT_HOLDS=`dpkg --get-selections |grep "hold$" |cut -f1`
+APTITUDE_HOLDS=`grep "^State: 2" -B 3 /var/lib/aptitude/pkgstates 2>/dev/null |grep "^Package: .*$" |cut -d" " -f 2 || true`
+DSELECT_HOLDS=`dpkg --get-selections |grep "hold$" |cut -f1 || true`
 
 if [ "$NOTIFY_HOLDS" = "0" ]; then
 	# packages hold by aptitude don't go to the upgrading candidates list
@@ -176,7 +181,7 @@ fi
 if [ -n "$PKGNAMES" ] ; then
 
 	# do the upgrade downloads
-    /usr/bin/apt-get --allow-change-held-packages --ignore-hold -qq -d dist-upgrade > /dev/null
+    /usr/bin/apt-get --allow-downgrades --allow-change-held-packages --ignore-hold -qq -d dist-upgrade > /dev/null
 
   (
 	/bin/cat <<EOF
@@ -206,7 +211,7 @@ EOF
 		echo -e "\n(there are $(grep -xf $LAST_RUN_FILE $TMPFILE |wc -l) other packages previously reported to you pending an upgrade!)"
 	fi
 
-	MISSING_DEBS=`apt-get -y --ignore-hold --allow-change-held-packages --allow-unauthenticated --print-uris dist-upgrade \
+	MISSING_DEBS=`apt-get --allow-downgrades -y --ignore-hold --allow-change-held-packages --allow-unauthenticated --print-uris dist-upgrade \
                           | grep "file:" \
                           | sed "s/'file:\(.*\)' .*/\1/g"`
 
@@ -273,15 +278,14 @@ EOF
 apticron
 EOF
 
-   ) 2>&1 | Mailx -s "$MAILX_SUBJECT" $EMAIL
-
+   ) 2>&1 | Mailx -s "$MAILX_SUBJECT" $EMAIL || true
 elif  [ "$NOTIFY_NO_UPDATES" = "1" ] ; then
   (
         /bin/cat <<EOF
 No new packages today.
 EOF
 
-   ) 2>&1 | Mailx -s "$MAILX_NO_UPDATE_SUBJECT" $EMAIL
+   ) 2>&1 | Mailx -s "$MAILX_NO_UPDATE_SUBJECT" $EMAIL || true
 fi
 
 # updating the last_run file