[Bug 1986775] [NEW] schroot 1.6.12-2 incompatible with sbuild-launchpad-chroot

Jeremy Bicha 1986775 at bugs.launchpad.net
Wed Aug 17 08:48:03 UTC 2022 

*** This bug is a security vulnerability ***

Public security bug reported:

I am unable to upgrade my schroot to 1.6.12-2 because I use sbuild-
launchpad-chroot.

References
----------
https://lists.debian.org/debian-devel/2022/08/msg00078.html
https://lists.debian.org/debian-devel/2022/08/msg00079.html
https://security-tracker.debian.org/tracker/CVE-2022-2787

Test Case
---------
Start with the previous release of schroot
sudo apt install sbuild-launchpad-chroot
sbuild-launchpad-chroot create -n focal -s focal -a amd64
sudo apt dist-upgrade

What Happens
------------
I get this debconf prompt and the install gets stuck in the partially installed broken state:

Stricter rule on chroot names

│ Due to stricter rules on the name, the chroots listed below are no longer supported. Please rename or remove them before installing a newer version of schroot.
│
│  * chroot:focal-backports+main
│  * chroot:focal-backports+main-source
│  * chroot:focal-backports+multiverse
│  * chroot:focal-backports+multiverse-source
│  * chroot:focal-backports+restricted
│  * chroot:focal-backports+restricted-source
│  * chroot:focal-backports+universe
│  * chroot:focal-backports+universe-source
│  * chroot:focal-proposed+main
│  * chroot:focal-proposed+main-source
│  * chroot:focal-proposed+multiverse
│  * chroot:focal-proposed+multiverse-source
│  * chroot:focal-proposed+restricted
│  * chroot:focal-proposed+restricted-source
│  * chroot:focal-proposed+universe
│  * chroot:focal-proposed+universe-source
│  * chroot:focal-security+main
│  * chroot:focal-security+main-source
│  * chroot:focal-security+multiverse
│  * chroot:focal-security+multiverse-source
│  * chroot:focal-security+restricted
│  * chroot:focal-security+restricted-source
│  * chroot:focal-security+universe
│  * chroot:focal-security+universe-source
│  * chroot:focal-updates+main
│  * chroot:focal-updates+main-source
│  * chroot:focal-updates+multiverse
│  * chroot:focal-updates+multiverse-source
│  * chroot:focal-updates+restricted
│  * chroot:focal-updates+restricted-source
│  * chroot:focal-updates+universe
│  * chroot:focal-updates+universe-source

** Affects: sbuild-launchpad-chroot (Ubuntu)
     Importance: High
         Status: Triaged

** Affects: schroot (Ubuntu)
     Importance: High
         Status: Triaged


** Tags: kinetic

** Also affects: sbuild-launchpad-chroot (Ubuntu)
   Importance: Undecided
       Status: New

** Description changed:

  I am unable to upgrade my schroot to 1.6.12-2 because I use sbuild-
  launchpad-chroot.
+ 
+ References
+ ----------
+ https://lists.debian.org/debian-devel/2022/08/msg00078.html
+ https://lists.debian.org/debian-devel/2022/08/msg00079.html
+ https://security-tracker.debian.org/tracker/CVE-2022-2787
  
  Test Case
  ---------
  Start with the previous release of schroot
  sudo apt install sbuild-launchpad-chroot
  sbuild-launchpad-chroot create -n focal -s focal -a amd64
  sudo apt dist-upgrade
  
  What Happens
  ------------
  I get this debconf prompt and the install gets stuck in the partially installed broken state:
  
- Stricter rule on chroot names                                                                                                                                      
-                                                             
- │ Due to stricter rules on the name, the chroots listed below are no longer supported. Please rename or remove them before installing a newer version of schroot.    
- │            
+ Stricter rule on chroot names
+ 
+ │ Due to stricter rules on the name, the chroots listed below are no longer supported. Please rename or remove them before installing a newer version of schroot.
+ │
  │  * chroot:focal-backports+main
- │  * chroot:focal-backports+main-source            
- │  * chroot:focal-backports+multiverse             
- │  * chroot:focal-backports+multiverse-source      
- │  * chroot:focal-backports+restricted             
- │  * chroot:focal-backports+restricted-source      
- │  * chroot:focal-backports+universe               
- │  * chroot:focal-backports+universe-source        
- │  * chroot:focal-proposed+main 
- │  * chroot:focal-proposed+main-source             
- │  * chroot:focal-proposed+multiverse              
- │  * chroot:focal-proposed+multiverse-source       
- │  * chroot:focal-proposed+restricted              
- │  * chroot:focal-proposed+restricted-source       
- │  * chroot:focal-proposed+universe                
- │  * chroot:focal-proposed+universe-source         
- │  * chroot:focal-security+main 
- │  * chroot:focal-security+main-source             
- │  * chroot:focal-security+multiverse              
- │  * chroot:focal-security+multiverse-source       
- │  * chroot:focal-security+restricted              
- │  * chroot:focal-security+restricted-source       
- │  * chroot:focal-security+universe                
- │  * chroot:focal-security+universe-source         
- │  * chroot:focal-updates+main  
- │  * chroot:focal-updates+main-source              
- │  * chroot:focal-updates+multiverse               
- │  * chroot:focal-updates+multiverse-source        
- │  * chroot:focal-updates+restricted               
- │  * chroot:focal-updates+restricted-source        
- │  * chroot:focal-updates+universe                 
+ │  * chroot:focal-backports+main-source
+ │  * chroot:focal-backports+multiverse
+ │  * chroot:focal-backports+multiverse-source
+ │  * chroot:focal-backports+restricted
+ │  * chroot:focal-backports+restricted-source
+ │  * chroot:focal-backports+universe
+ │  * chroot:focal-backports+universe-source
+ │  * chroot:focal-proposed+main
+ │  * chroot:focal-proposed+main-source
+ │  * chroot:focal-proposed+multiverse
+ │  * chroot:focal-proposed+multiverse-source
+ │  * chroot:focal-proposed+restricted
+ │  * chroot:focal-proposed+restricted-source
+ │  * chroot:focal-proposed+universe
+ │  * chroot:focal-proposed+universe-source
+ │  * chroot:focal-security+main
+ │  * chroot:focal-security+main-source
+ │  * chroot:focal-security+multiverse
+ │  * chroot:focal-security+multiverse-source
+ │  * chroot:focal-security+restricted
+ │  * chroot:focal-security+restricted-source
+ │  * chroot:focal-security+universe
+ │  * chroot:focal-security+universe-source
+ │  * chroot:focal-updates+main
+ │  * chroot:focal-updates+main-source
+ │  * chroot:focal-updates+multiverse
+ │  * chroot:focal-updates+multiverse-source
+ │  * chroot:focal-updates+restricted
+ │  * chroot:focal-updates+restricted-source
+ │  * chroot:focal-updates+universe
  │  * chroot:focal-updates+universe-source

** Changed in: sbuild-launchpad-chroot (Ubuntu)
   Importance: Undecided => High

** Changed in: sbuild-launchpad-chroot (Ubuntu)
       Status: New => Triaged

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-2787

** Information type changed from Public to Public Security

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to schroot in Ubuntu.
https://bugs.launchpad.net/bugs/1986775

Title:
  schroot 1.6.12-2 incompatible with sbuild-launchpad-chroot

Status in sbuild-launchpad-chroot package in Ubuntu:
  Triaged
Status in schroot package in Ubuntu:
  Triaged

Bug description:
  I am unable to upgrade my schroot to 1.6.12-2 because I use sbuild-
  launchpad-chroot.

  References
  ----------
  https://lists.debian.org/debian-devel/2022/08/msg00078.html
  https://lists.debian.org/debian-devel/2022/08/msg00079.html
  https://security-tracker.debian.org/tracker/CVE-2022-2787

  Test Case
  ---------
  Start with the previous release of schroot
  sudo apt install sbuild-launchpad-chroot
  sbuild-launchpad-chroot create -n focal -s focal -a amd64
  sudo apt dist-upgrade

  What Happens
  ------------
  I get this debconf prompt and the install gets stuck in the partially installed broken state:

  Stricter rule on chroot names

  │ Due to stricter rules on the name, the chroots listed below are no longer supported. Please rename or remove them before installing a newer version of schroot.
  │
  │  * chroot:focal-backports+main
  │  * chroot:focal-backports+main-source
  │  * chroot:focal-backports+multiverse
  │  * chroot:focal-backports+multiverse-source
  │  * chroot:focal-backports+restricted
  │  * chroot:focal-backports+restricted-source
  │  * chroot:focal-backports+universe
  │  * chroot:focal-backports+universe-source
  │  * chroot:focal-proposed+main
  │  * chroot:focal-proposed+main-source
  │  * chroot:focal-proposed+multiverse
  │  * chroot:focal-proposed+multiverse-source
  │  * chroot:focal-proposed+restricted
  │  * chroot:focal-proposed+restricted-source
  │  * chroot:focal-proposed+universe
  │  * chroot:focal-proposed+universe-source
  │  * chroot:focal-security+main
  │  * chroot:focal-security+main-source
  │  * chroot:focal-security+multiverse
  │  * chroot:focal-security+multiverse-source
  │  * chroot:focal-security+restricted
  │  * chroot:focal-security+restricted-source
  │  * chroot:focal-security+universe
  │  * chroot:focal-security+universe-source
  │  * chroot:focal-updates+main
  │  * chroot:focal-updates+main-source
  │  * chroot:focal-updates+multiverse
  │  * chroot:focal-updates+multiverse-source
  │  * chroot:focal-updates+restricted
  │  * chroot:focal-updates+restricted-source
  │  * chroot:focal-updates+universe
  │  * chroot:focal-updates+universe-source

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sbuild-launchpad-chroot/+bug/1986775/+subscriptions

More information about the foundations-bugs mailing list