Ubuntu
sbuild-launchpad-chroot package

schroot security update incompatible with sbuild-launchpad-chroot

Bug #1986775 reported by Jeremy Bícha
276
This bug affects 5 people
Affects Status Importance Assigned to Milestone
sbuild-launchpad-chroot (Ubuntu)
Fix Released
High
Unassigned
Bionic
Fix Released
Critical
Leonidas S. Barbosa
Focal
Fix Released
Critical
Leonidas S. Barbosa
Jammy
Fix Released
Critical
Leonidas S. Barbosa
Kinetic
Fix Released
Critical
Leonidas S. Barbosa

Bug Description

I am unable to upgrade my schroot to 1.6.12-2 because I use sbuild-launchpad-chroot.

References
----------
https://lists.debian.org/debian-devel/2022/08/msg00078.html
https://lists.debian.org/debian-devel/2022/08/msg00079.html
https://security-tracker.debian.org/tracker/CVE-2022-2787

Test Case 1
-----------
From a clean Ubuntu install:
sudo apt install sbuild-launchpad-chroot
sudo sbuild-launchpad-chroot create -n focal -s focal -a amd64
sudo schroot -c focal
# This should enter the chroot. Run exit to exit

What Happens 1
--------------
$ sudo schroot -c focal
E: /etc/schroot/chroot.d/focal: line 13 [focal] aliases: focal-security+main: Invalid name
I: Naming restrictions are documented in schroot.conf(5)

Test Case 2
-----------
Start with the previous release of schroot
sudo apt install sbuild-launchpad-chroot
sudo sbuild-launchpad-chroot create -n focal -s focal -a amd64
sudo apt dist-upgrade

What Happens 2
--------------
I get this debconf prompt and the install gets stuck in the partially installed broken state:

Stricter rule on chroot names

│ Due to stricter rules on the name, the chroots listed below are no longer supported. Please rename or remove them before installing a newer version of schroot.

│ * chroot:focal-backports+main
│ * chroot:focal-backports+main-source
│ * chroot:focal-backports+multiverse
│ * chroot:focal-backports+multiverse-source
│ * chroot:focal-backports+restricted
│ * chroot:focal-backports+restricted-source
│ * chroot:focal-backports+universe
│ * chroot:focal-backports+universe-source
│ * chroot:focal-proposed+main
│ * chroot:focal-proposed+main-source
│ * chroot:focal-proposed+multiverse
│ * chroot:focal-proposed+multiverse-source
│ * chroot:focal-proposed+restricted
│ * chroot:focal-proposed+restricted-source
│ * chroot:focal-proposed+universe
│ * chroot:focal-proposed+universe-source
│ * chroot:focal-security+main
│ * chroot:focal-security+main-source
│ * chroot:focal-security+multiverse
│ * chroot:focal-security+multiverse-source
│ * chroot:focal-security+restricted
│ * chroot:focal-security+restricted-source
│ * chroot:focal-security+universe
│ * chroot:focal-security+universe-source
│ * chroot:focal-updates+main
│ * chroot:focal-updates+main-source
│ * chroot:focal-updates+multiverse
│ * chroot:focal-updates+multiverse-source
│ * chroot:focal-updates+restricted
│ * chroot:focal-updates+restricted-source
│ * chroot:focal-updates+universe
│ * chroot:focal-updates+universe-source

See original description

Related branches

~smoser/ubuntu/+source/sbuild-launchpad-chroot:fix/1986775-no-more-plus-in-names
Paride Legovini: Approve
Diff: 100 lines (+52/-5)
4 files modified
bin/sbuild-launchpad-chroot (+1/-1)
debian/changelog (+10/-0)
debian/sbuild-launchpad-chroot.postinst (+37/-0)
etc/schroot/setup.d/90apt-sources (+4/-4)

CVE References

Jeremy Bícha (jbicha)
description: updated
Changed in sbuild-launchpad-chroot (Ubuntu):
importance: Undecided → High
status: New → Triaged
information type: Public → Public Security
Jeremy Bícha (jbicha)
tags: added: rls-kk-incoming
Matthieu Clemenceau (mclemenceau)
tags: added: fr-2607
Brian Murray (brian-murray)
tags: removed: rls-kk-incoming
Revision history for this message
Scott Moser (smoser) wrote :

Please consider reviewing https://code.launchpad.net/~smoser/ubuntu/+source/sbuild-launchpad-chroot/+git/sbuild-launchpad-chroot/+merge/431224

Revision history for this message
Chad Smith (chad.smith) wrote :

Confirmed a second failure mode here on this bug, newly created schroots in Jammy++ will also prompt and fail when trying to sbuild a package locally.

sbuild --resolve-alternatives --dist=kinetic --arch=amd64 --arch-all ../out/cloud-init_22.3-13-g70ce6442-0ubuntu1~22.10.2.dsc
sbuild (Debian sbuild) 0.81.2ubuntu6 (16 February 2022) on downtown

+=======================================================================================+
| cloud-init 22.3-13-g70ce6442-0ubuntu1~22.10.2 (amd64) Fri, 07 Oct 2022 17:51:21 +0000 |
 +=======================================================================================+

Package: cloud-init
Version: 22.3-13-g70ce6442-0ubuntu1~22.10.2
Source Version: 22.3-13-g70ce6442-0ubuntu1~22.10.2
Distribution: kinetic
Machine Architecture: amd64
Host Architecture: amd64
Build Architecture: amd64
Build Type: binary

E: /etc/schroot/chroot.d/kinetic-amd64: line 13 [kinetic-amd64] aliases: kinetic-security+main-amd64: Invalid name
I: Naming restrictions are documented in schroot.conf(5)

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in sbuild-launchpad-chroot (Ubuntu Jammy):
status: New → Confirmed
Changed in schroot (Ubuntu Jammy):
status: New → Confirmed
Revision history for this message
Julian Andres Klode (juliank) wrote :

Removed the sbuild tasks, the issue seems to be in the other package.

no longer affects: schroot (Ubuntu Jammy)
no longer affects: schroot (Ubuntu)
no longer affects: schroot (Ubuntu Kinetic)
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package sbuild-launchpad-chroot - 0.20

---------------
sbuild-launchpad-chroot (0.20) lunar; urgency=medium

  * Change from '+' to '.' in alias names to work with schroot 1.6.12-2 and
    newer. (LP: #1986775)
  * debian/sbuild-launchpad-chroot.postinst:
    - Update aliases in existing /etc/schroot/chroot.d/ files '+' to '.'
      [Chad Smith]

 -- Scott Moser <email address hidden> Thu, 10 Nov 2022 10:50:51 -0500

Changed in sbuild-launchpad-chroot (Ubuntu):
status: Triaged → Fix Released
Paride Legovini (paride)
Changed in sbuild-launchpad-chroot (Ubuntu Jammy):
status: Confirmed → Triaged
Changed in sbuild-launchpad-chroot (Ubuntu Bionic):
status: New → Triaged
Changed in sbuild-launchpad-chroot (Ubuntu Focal):
status: New → Triaged
Jeremy Bícha (jbicha)
description: updated
tags: added: regression-update
tags: added: bionic focal jammy
Changed in sbuild-launchpad-chroot (Ubuntu Bionic):
importance: Undecided → Critical
Changed in sbuild-launchpad-chroot (Ubuntu Focal):
importance: Undecided → Critical
Changed in sbuild-launchpad-chroot (Ubuntu Jammy):
importance: Undecided → Critical
Changed in sbuild-launchpad-chroot (Ubuntu Kinetic):
importance: High → Critical
Changed in sbuild-launchpad-chroot (Ubuntu Bionic):
status: Triaged → New
Changed in sbuild-launchpad-chroot (Ubuntu Focal):
status: Triaged → New
Changed in sbuild-launchpad-chroot (Ubuntu Jammy):
status: Triaged → New
Changed in sbuild-launchpad-chroot (Ubuntu Kinetic):
status: Triaged → New
summary: - schroot 1.6.12-2 incompatible with sbuild-launchpad-chroot
+ schroot security update incompatible with sbuild-launchpad-chroot
Steve Langasek (vorlon)
tags: added: regression-security
Leonidas S. Barbosa (leosilvab)
Changed in sbuild-launchpad-chroot (Ubuntu Bionic):
assignee: nobody → Leonidas S. Barbosa (leosilvab)
status: New → In Progress
Changed in sbuild-launchpad-chroot (Ubuntu Focal):
status: New → In Progress
assignee: nobody → Leonidas S. Barbosa (leosilvab)
Changed in sbuild-launchpad-chroot (Ubuntu Jammy):
assignee: nobody → Leonidas S. Barbosa (leosilvab)
Changed in sbuild-launchpad-chroot (Ubuntu Kinetic):
assignee: nobody → Leonidas S. Barbosa (leosilvab)
Changed in sbuild-launchpad-chroot (Ubuntu Jammy):
status: New → In Progress
Changed in sbuild-launchpad-chroot (Ubuntu Kinetic):
status: New → In Progress
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package sbuild-launchpad-chroot - 0.19ubuntu0.1

---------------
sbuild-launchpad-chroot (0.19ubuntu0.1) kinetic-security; urgency=medium

  * Change from '+' to '.' in alias names to work with schroot 1.6.12-2 and
    newer. (LP: #1986775)
  * debian/sbuild-launchpad-chroot.postinst:
    - Update aliases in existing /etc/schroot/chroot.d/ files '+' to '.'
      [Chad Smith]

 -- Leonidas Da Silva Barbosa <email address hidden> Wed, 23 Nov 2022 18:39:51 -0300

Changed in sbuild-launchpad-chroot (Ubuntu Kinetic):
status: In Progress → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package sbuild-launchpad-chroot - 0.17ubuntu0.20.10.1~18.04.2

---------------
sbuild-launchpad-chroot (0.17ubuntu0.20.10.1~18.04.2) bionic-security; urgency=medium

  * Change from '+' to '.' in alias names to work with schroot 1.6.12-2 and
    newer. (LP: #1986775)
  * debian/sbuild-launchpad-chroot.postinst:
    - Update aliases in existing /etc/schroot/chroot.d/ files '+' to '.'
      [Chad Smith]

 -- Leonidas Da Silva Barbosa <email address hidden> Wed, 23 Nov 2022 13:54:44 -0300

Changed in sbuild-launchpad-chroot (Ubuntu Bionic):
status: In Progress → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package sbuild-launchpad-chroot - 0.19ubuntu0.0.1

---------------
sbuild-launchpad-chroot (0.19ubuntu0.0.1) jammy-security; urgency=medium

  * Change from '+' to '.' in alias names to work with schroot 1.6.12-2 and
    newer. (LP: #1986775)
  * debian/sbuild-launchpad-chroot.postinst:
    - Update aliases in existing /etc/schroot/chroot.d/ files '+' to '.'
      [Chad Smith]

 -- Scott Moser <email address hidden> Mon, 10 Oct 2022 10:23:22 -0400

Changed in sbuild-launchpad-chroot (Ubuntu Jammy):
status: In Progress → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package sbuild-launchpad-chroot - 0.17ubuntu0.20.10.1~20.04.1ubuntu0.1

---------------
sbuild-launchpad-chroot (0.17ubuntu0.20.10.1~20.04.1ubuntu0.1) focal-security; urgency=medium

  * Change from '+' to '.' in alias names to work with schroot 1.6.12-2 and
    newer. (LP: #1986775)
  * debian/sbuild-launchpad-chroot.postinst:
    - Update aliases in existing /etc/schroot/chroot.d/ files '+' to '.'
      [Chad Smith]

 -- Leonidas Da Silva Barbosa <email address hidden> Tue, 22 Nov 2022 16:07:54 -0300

Changed in sbuild-launchpad-chroot (Ubuntu Focal):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.