Hardcoded path in /tmp written to by root

Is this a cause for concern?

tools/ua-dev-cloud-config.yaml

cloud-config
# Setup an ubuntu-advantage-tools development environment with cloud-init
packages:
 - git
 - make
runcmd:
 - git clone https://github.com/canonical/ubuntu-advantage-client.git /var/tmp/uac
 - cd /var/tmp/uac/
 - make deps
 - dpkg-buildpackage -us -uc
 - apt-get remove ubuntu-advantage-tools --assume-yes
 - dpkg -i /var/tmp/ubuntu-advantage-*deb

Can the cloud-init runtime guarantee that this will *never* run on anything except the first boot of a pristine system? This would be a super-easy route to root escalation.

I think there's multiple races here:

livepatch_support_cache = DataObjectFile(
    LivepatchSupportCacheData,
    UAFile(
        "livepatch-kernel-support-cache.json",
        directory=defaults.UAC_TMP_PATH,
        private=False,
    ),
    file_format=DataObjectFileFormat.JSON,
)

...

class UAFile:
...
    def write(self, content: str):
        file_mode = (
            defaults.ROOT_READABLE_MODE
            if self.is_private
            else defaults.WORLD_READABLE_MODE
        )
        if not os.path.exists(self._directory):
            os.makedirs(self._directory)
            if os.path.basename(self._directory) == defaults.PRIVATE_SUBDIR:
                os.chmod(self._directory, 0o700)
        system.write_file(self.path, content, file_mode)

Setting the permissions after it is created leaves open a small window for another process to race between the mkdir() and chmod() call. Setting the permissions correctly in the mkdir() call would mitigate this problem.

def write_file(filename: str, content: str, mode: int = 0o644) -> None:
    """Write content to the provided filename encoding it if necessary.

    @param filename: The full path of the file to write.
    @param content: The content to write to the file.
    @param mode: The filesystem mode to set on the file.
    """
    tmpf = None
    try:
        os.makedirs(os.path.dirname(filename), exist_ok=True)
        tmpf = tempfile.NamedTemporaryFile(
            mode="wb", delete=False, dir=os.path.dirname(filename)
        )
        logging.debug(
            "Writing file %s atomically via tempfile %s", filename, tmpf.name
        )
        tmpf.write(content.encode("utf-8"))
        tmpf.flush()
        tmpf.close()
        os.chmod(tmpf.name, mode)
        os.rename(tmpf.name, filename)
    except Exception as e:
        if tmpf is not None:
            os.unlink(tmpf.name)
        raise e

There's another race here between an open() hidden in the NamedTemporaryFile() function and the os.chmod() function here; this race is a lot longer than the previous one. If the permissions are being reduced, there's a window where another process could open the file and hold on to a file descriptor. This wouldn't be revoked when the permissions are changed. This could be mitigated by setting the permissions when creating the file.

If the directory is also group- or world- writable without being sticky, another process could also swap in a new file for the chmod() and rename() operations.

I can't immediately think of a path to use these for exploitation, but maybe I'm just not inventive enough.

Thanks

On Sat, Jun 17, 2023 at 12:51:59AM -0000, Seth Arnold wrote:
> Is this a cause for concern?
>
> tools/ua-dev-cloud-config.yaml

I got the impression that this is used in developer tooling and maybe CI
only, and doesn't end up in the built deb and thus doesn't end up in
production use of this package.

On Sat, Jun 17, 2023 at 01:10:56AM -0000, Seth Arnold wrote:
> I think there's multiple races here:
>
> livepatch_support_cache = DataObjectFile(
> LivepatchSupportCacheData,
> UAFile(
> "livepatch-kernel-support-cache.json",
> directory=defaults.UAC_TMP_PATH,
> private=False,
> ),
> file_format=DataObjectFileFormat.JSON,
> )
>
> ...
>
> class UAFile:
> ...
> def write(self, content: str):
> file_mode = (
> defaults.ROOT_READABLE_MODE
> if self.is_private
> else defaults.WORLD_READABLE_MODE
> )
> if not os.path.exists(self._directory):
> os.makedirs(self._directory)
> if os.path.basename(self._directory) == defaults.PRIVATE_SUBDIR:
> os.chmod(self._directory, 0o700)
> system.write_file(self.path, content, file_mode)
>
>
> Setting the permissions after it is created leaves open a small window for another process to race between the mkdir() and chmod() call. Setting the permissions correctly in the mkdir() call would mitigate this problem.

It is a race, but if we only put a sensitive file in there after the
chmod, then I think it's safe? The only thing an attacker would be able
to do is view an empty directory (which is useless). Am I missing
something?

> def write_file(filename: str, content: str, mode: int = 0o644) -> None:
> """Write content to the provided filename encoding it if necessary.
>
> @param filename: The full path of the file to write.
> @param content: The content to write to the file.
> @param mode: The filesystem mode to set on the file.
> """
> tmpf = None
> try:
> os.makedirs(os.path.dirname(filename), exist_ok=True)
> tmpf = tempfile.NamedTemporaryFile(
> mode="wb", delete=False, dir=os.path.dirname(filename)
> )
> logging.debug(
> "Writing file %s atomically via tempfile %s", filename, tmpf.name
> )
> tmpf.write(content.encode("utf-8"))
> tmpf.flush()
> tmpf.close()
> os.chmod(tmpf.name, mode)
> os.rename(tmpf.name, filename)
> except Exception as e:
> if tmpf is not None:
> os.unlink(tmpf.name)
> raise e
>
> There's another race here between an open() hidden in the
> NamedTemporaryFile() function and the os.chmod() function here; this
> race is a lot longer than the previous one. If the permissions are being
> reduced, there's a window where another process could open the file and
> hold on to a file descriptor. This wouldn't be revoked when the
> permissions are changed. This could be mitigated by setting the
> permissions when creating the file.

I don't think the permissions are being reduced. NamedTemporaryFile says
it does what mkstemp would do, and that says "The file is readable and
writable o...

Thanks Robie; I'm feeling unsure enough of my thoughts to not want to change the visibility on this bug right away. Perhaps Tuesday or Wednesday, open this bug?

Thanks

Just confirming that tools/ua-dev-cloud-config.yaml isn't delivered in the package or used in any way - not even in CI or in development. We noticed it recently and deleted it so it won't be present in the source from version 28 onward.

So the usage of tools/ua-dev-cloud-config.yaml was clarified and isn't a real threat.
Thanks @Grant

Furthermore the initial bug was filed to have a look at a behavior that has been removed in release 28.1.
Mostly as a "we should look at these things" which Seth (thanks) has done.

I'm unsure about the right state of this now :-/

@Seth
Is there any vector of attack from your analysis left open that we should fix or discuss about?
Or did we actually manage to get them all sorted out and can close this as "was worth the discussion, but there is nothing left to do"?

I downloaded

ubuntu-advantage-tools (29.1) mantic; urgency=medium

and several of these races are still present:

uaclient/files/files.py UAFile::write():

    def write(self, content: str):
        file_mode = (
            defaults.ROOT_READABLE_MODE
            if self.is_private
            else defaults.WORLD_READABLE_MODE
        )
        if not os.path.exists(self._directory):
            os.makedirs(self._directory)
            if os.path.basename(self._directory) == defaults.PRIVATE_SUBDIR:
                os.chmod(self._directory, 0o700)
        system.write_file(self.path, content, file_mode)

uaclient/system.py

def write_file(
    filename: str, content: str, mode: Optional[int] = None
) -> None:

    [...]

    try:
        os.makedirs(os.path.dirname(filename), exist_ok=True)
        tmpf = tempfile.NamedTemporaryFile(
            mode="wb", delete=False, dir=os.path.dirname(filename)
        )
        LOG.debug(
            "Writing file %s atomically via tempfile %s", filename, tmpf.name
        )
        tmpf.write(content.encode("utf-8"))
        tmpf.flush()
        tmpf.close()
        os.chmod(tmpf.name, mode)
        if is_file_present:
            os.chown(tmpf.name, file_stat.st_uid, file_stat.st_gid)
        os.rename(tmpf.name, filename)

I think Robie's discovery was fixed with https://github.com/canonical/ubuntu-pro-client/commit/605f80639a69bf789612b7a9a1e0c5e40a1b1ae4 but it's possible it was fixed earlier. I didn't see it in 29.1, anyway.

Thanks

Thanks Seth for your recheck about what is left and should be addressed in the next version.
We have:

1. in uaclient/files/files.py UAFile::write():
 Problem: race of makedirs -> chmod
 Solution: setting the permissions right away in the mkdirs() call

2. in uaclient/system.py::write_file
 Problem: race of NamedTemporaryFile -> chmod

You said "This could be mitigated by setting the permissions when creating the file."
But I wondered why there is no way to set an initial mode to NamedTemporaryFile to do so.

Later I found that this is intentional and considered a security feature.
To do that NamedTemporaryFile hardcodes this to the minimal permission of 0600 here
https://hg.python.org/cpython/file/63bde882e311/Lib/tempfile.py#l235

Sadly, I didn't find a more official source than https://stackoverflow.com/a/10541972/6361589

Due to that it is private until we open it up with chmod.
And we might open it up, but we are never lowering the barrier and hence no one could benefit from the race window between the hidden open and chmod in this case.

Therefore I think #2 is not an issue and can stay as-is.

---

So overall the remaining fix could be like this I guess?

diff --git a/uaclient/files/files.py b/uaclient/files/files.py
index 821493f5..475a2d7a 100644
--- a/uaclient/files/files.py
+++ b/uaclient/files/files.py
@@ -42,9 +42,10 @@ class UAFile:
             else defaults.WORLD_READABLE_MODE
         )
         if not os.path.exists(self._directory):
- os.makedirs(self._directory)
             if os.path.basename(self._directory) == defaults.PRIVATE_SUBDIR:
- os.chmod(self._directory, 0o700)
+ os.makedirs(self._directory)
+ else:
+ os.makedirs(self._directory, mode=0o700)
         system.write_file(self.path, content, file_mode)

     def read(self) -> Optional[str]:

Pro squad, WDYT?

Yes that is a clear improvement that we can make as a result of this discussion. Note that according to https://docs.python.org/3/library/os.html#os.makedirs

  To set the file permission bits of any newly created parent directories you can set the umask before invoking makedirs()

So we'll add that as well.

On Wed, Aug 16, 2023 at 07:30:52AM -0000, Christian Ehrhardt  wrote:
> Later I found that this is intentional and considered a security feature.
> To do that NamedTemporaryFile hardcodes this to the minimal permission of 0600 here
> https://hg.python.org/cpython/file/63bde882e311/Lib/tempfile.py#l235

Oh, excellent! Last time I looked at this, I didn't go beyond the official
documentation, which is indeed silent on the issue. I've seen way too many
interfaces that don't allow setting permissions and assumed it was more of
the same.

Thanks

Hello Robie, or anyone else affected,

Accepted ubuntu-advantage-tools into mantic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/ubuntu-advantage-tools/30~23.10 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-mantic to verification-done-mantic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-mantic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Hello Robie, or anyone else affected,

Accepted ubuntu-advantage-tools into lunar-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/ubuntu-advantage-tools/30~23.04 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-lunar to verification-done-lunar. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-lunar. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Hello Robie, or anyone else affected,

Accepted ubuntu-advantage-tools into jammy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/ubuntu-advantage-tools/30~22.04 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-jammy to verification-done-jammy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-jammy. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Hello Robie, or anyone else affected,

Accepted ubuntu-advantage-tools into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/ubuntu-advantage-tools/30~20.04 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Hello Robie, or anyone else affected,

Accepted ubuntu-advantage-tools into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/ubuntu-advantage-tools/30~18.04 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Hello Robie, or anyone else affected,

Accepted ubuntu-advantage-tools into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/ubuntu-advantage-tools/30~16.04 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

This bug was fixed in the package ubuntu-advantage-tools - 30

---------------
ubuntu-advantage-tools (30) noble; urgency=medium

  * d/control:
    - add python3-apt as a build dependency
    - add the new ubuntu-pro-client-l10n binary package
    - recommend installing ubuntu-pro-client-l10n

  * d/po/*:
    - Makefile to build localization files to debian/po/usr/share/locale/
    - update POTFILES.in to cover all translatable messages
    - remove old unused pot file
    - add new complete pot file for "ubuntu-pro" domain
    - add first Brazilian Portuguese translations

  * d/rules:
    - add step to build the translations

  * d/tests/control:
    - mark autopkgtests as superficial (GH: #2609)

  * d/ubuntu-advantage-tools.maintscript:
    - remove /etc/ubuntu-advantage/help_data.yaml

  * d/ubuntu-pro-client-l10n.install:
    - add install file for the new binary package

  * New upstream release 30 (LP: #2038461)
    - api:
      + add new backwards compatible plan steps to the v1 fix plan endpoints
      + improve information returned from the fix plan endpoints
      + new endpoint: u.pro.security.fix.cve.execute.v1
      + new endpoint: u.pro.security.fix.usn.execute.v1
    - apt: improve performance and consistency by refactoring the code to use
      the apt_pkg module
    - auto-attach: add newline to the MOTD message to separate it from other
      MOTD messages
    - contract: send information about variants to the contracts server
    - enable: update only service specific apt sources when enabling a service
      (GH: #1311) (GH: #1482)
    - esm: create static files to pin packages from esm-infra and esm-apps with
      higher priority (GH: #2580)
    - disable:
      + (experimental) add the --purge flag to the disable command, so users
        can remove all service related packages when disabling a service
      + show extra warnings when kernels are involved in the purge operation
    - files: Reduce race window when creating new files (LP: #2024204)
    - fips: add support to Jammy to prepare for when it is available
    - fips-preview:
      + add fips-preview as a new entitlement
    - github: add issue templates (GH: #2646)
    - internationalization:
      + add general internationalization support and templates
      + add initial sentence set for Brazilian Portuguese
    - logging:
      + add journald logging for the daemon and systemd timer
      + remove daemon and timer log files
      + standardize the logging calls through the codebase (GH: #2632)
    - systemd: change ubuntu-advantage.service type from 'notify' to 'simple',
      dropping the dependency on python3-systemd (LP: #2038417) (GH: #2692)
    - tests:
      + add scenarios where cloud-init is present but disabled (LP: #1938208)
      + change 'permission' to 'priority' when checking apt priority in tests
        (GH: #2719)

 -- Renan Rodrigo <email address hidden> Tue, 07 Nov 2023 08:35:37 -0300

As https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2038461 is validated, many acceptance tests included creating files, so the functionality is preserved.

I am not sure on which exact steps I should follow to verify this bug is fixed.

Being a race, it's harder to verify. We could check that the chmod() call doesn't happen anymore (now it's os.makedirs() directly with the permission set), but we can see that in the code itself. This, plus the test suite in #2038461, is enough to mark this as verification done.

This bug was fixed in the package ubuntu-advantage-tools - 30~23.10

---------------
ubuntu-advantage-tools (30~23.10) mantic; urgency=medium

  * Backport new upstream release to mantic (LP: #2038461)

ubuntu-advantage-tools (30) noble; urgency=medium

  * d/control:
    - add python3-apt as a build dependency
    - add the new ubuntu-pro-client-l10n binary package
    - recommend installing ubuntu-pro-client-l10n

  * d/po/*:
    - Makefile to build localization files to debian/po/usr/share/locale/
    - update POTFILES.in to cover all translatable messages
    - remove old unused pot file
    - add new complete pot file for "ubuntu-pro" domain
    - add first Brazilian Portuguese translations

  * d/rules:
    - add step to build the translations

  * d/tests/control:
    - mark autopkgtests as superficial (GH: #2609)

  * d/ubuntu-advantage-tools.maintscript:
    - remove /etc/ubuntu-advantage/help_data.yaml

  * d/ubuntu-pro-client-l10n.install:
    - add install file for the new binary package

  * New upstream release 30 (LP: #2038461)
    - api:
      + add new backwards compatible plan steps to the v1 fix plan endpoints
      + improve information returned from the fix plan endpoints
      + new endpoint: u.pro.security.fix.cve.execute.v1
      + new endpoint: u.pro.security.fix.usn.execute.v1
    - apt: improve performance and consistency by refactoring the code to use
      the apt_pkg module
    - auto-attach: add newline to the MOTD message to separate it from other
      MOTD messages
    - contract: send information about variants to the contracts server
    - enable: update only service specific apt sources when enabling a service
      (GH: #1311) (GH: #1482)
    - esm: create static files to pin packages from esm-infra and esm-apps with
      higher priority (GH: #2580)
    - disable:
      + (experimental) add the --purge flag to the disable command, so users
        can remove all service related packages when disabling a service
      + show extra warnings when kernels are involved in the purge operation
    - files: Reduce race window when creating new files (LP: #2024204)
    - fips: add support to Jammy to prepare for when it is available
    - fips-preview:
      + add fips-preview as a new entitlement
    - github: add issue templates (GH: #2646)
    - internationalization:
      + add general internationalization support and templates
      + add initial sentence set for Brazilian Portuguese
    - logging:
      + add journald logging for the daemon and systemd timer
      + remove daemon and timer log files
      + standardize the logging calls through the codebase (GH: #2632)
    - systemd: change ubuntu-advantage.service type from 'notify' to 'simple',
      dropping the dependency on python3-systemd (LP: #2038417) (GH: #2692)
    - tests:
      + add scenarios where cloud-init is present but disabled (LP: #1938208)
      + change 'permission' to 'priority' when checking apt priority in tests
        (GH: #2719)

 -- Renan Rodrigo <email address hidden> Tue, 07 Nov 2023 16:23:34 +0200

The verification of the Stable Release Update for ubuntu-advantage-tools has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

This bug was fixed in the package ubuntu-advantage-tools - 30~23.04

---------------
ubuntu-advantage-tools (30~23.04) lunar; urgency=medium

  * Backport new upstream release to lunar (LP: #2038461)

ubuntu-advantage-tools (30) noble; urgency=medium

  * d/control:
    - add python3-apt as a build dependency
    - add the new ubuntu-pro-client-l10n binary package
    - recommend installing ubuntu-pro-client-l10n

  * d/po/*:
    - Makefile to build localization files to debian/po/usr/share/locale/
    - update POTFILES.in to cover all translatable messages
    - remove old unused pot file
    - add new complete pot file for "ubuntu-pro" domain
    - add first Brazilian Portuguese translations

  * d/rules:
    - add step to build the translations

  * d/tests/control:
    - mark autopkgtests as superficial (GH: #2609)

  * d/ubuntu-advantage-tools.maintscript:
    - remove /etc/ubuntu-advantage/help_data.yaml

  * d/ubuntu-pro-client-l10n.install:
    - add install file for the new binary package

  * New upstream release 30 (LP: #2038461)
    - api:
      + add new backwards compatible plan steps to the v1 fix plan endpoints
      + improve information returned from the fix plan endpoints
      + new endpoint: u.pro.security.fix.cve.execute.v1
      + new endpoint: u.pro.security.fix.usn.execute.v1
    - apt: improve performance and consistency by refactoring the code to use
      the apt_pkg module
    - auto-attach: add newline to the MOTD message to separate it from other
      MOTD messages
    - contract: send information about variants to the contracts server
    - enable: update only service specific apt sources when enabling a service
      (GH: #1311) (GH: #1482)
    - esm: create static files to pin packages from esm-infra and esm-apps with
      higher priority (GH: #2580)
    - disable:
      + (experimental) add the --purge flag to the disable command, so users
        can remove all service related packages when disabling a service
      + show extra warnings when kernels are involved in the purge operation
    - files: Reduce race window when creating new files (LP: #2024204)
    - fips: add support to Jammy to prepare for when it is available
    - fips-preview:
      + add fips-preview as a new entitlement
    - github: add issue templates (GH: #2646)
    - internationalization:
      + add general internationalization support and templates
      + add initial sentence set for Brazilian Portuguese
    - logging:
      + add journald logging for the daemon and systemd timer
      + remove daemon and timer log files
      + standardize the logging calls through the codebase (GH: #2632)
    - systemd: change ubuntu-advantage.service type from 'notify' to 'simple',
      dropping the dependency on python3-systemd (LP: #2038417) (GH: #2692)
    - tests:
      + add scenarios where cloud-init is present but disabled (LP: #1938208)
      + change 'permission' to 'priority' when checking apt priority in tests
        (GH: #2719)

 -- Renan Rodrigo <email address hidden> Tue, 07 Nov 2023 16:23:44 +0200

This bug was fixed in the package ubuntu-advantage-tools - 30~22.04

---------------
ubuntu-advantage-tools (30~22.04) jammy; urgency=medium

  * Backport new upstream release to jammy (LP: #2038461)

ubuntu-advantage-tools (30) noble; urgency=medium

  * d/control:
    - add python3-apt as a build dependency
    - add the new ubuntu-pro-client-l10n binary package
    - recommend installing ubuntu-pro-client-l10n

  * d/po/*:
    - Makefile to build localization files to debian/po/usr/share/locale/
    - update POTFILES.in to cover all translatable messages
    - remove old unused pot file
    - add new complete pot file for "ubuntu-pro" domain
    - add first Brazilian Portuguese translations

  * d/rules:
    - add step to build the translations

  * d/tests/control:
    - mark autopkgtests as superficial (GH: #2609)

  * d/ubuntu-advantage-tools.maintscript:
    - remove /etc/ubuntu-advantage/help_data.yaml

  * d/ubuntu-pro-client-l10n.install:
    - add install file for the new binary package

  * New upstream release 30 (LP: #2038461)
    - api:
      + add new backwards compatible plan steps to the v1 fix plan endpoints
      + improve information returned from the fix plan endpoints
      + new endpoint: u.pro.security.fix.cve.execute.v1
      + new endpoint: u.pro.security.fix.usn.execute.v1
    - apt: improve performance and consistency by refactoring the code to use
      the apt_pkg module
    - auto-attach: add newline to the MOTD message to separate it from other
      MOTD messages
    - contract: send information about variants to the contracts server
    - enable: update only service specific apt sources when enabling a service
      (GH: #1311) (GH: #1482)
    - esm: create static files to pin packages from esm-infra and esm-apps with
      higher priority (GH: #2580)
    - disable:
      + (experimental) add the --purge flag to the disable command, so users
        can remove all service related packages when disabling a service
      + show extra warnings when kernels are involved in the purge operation
    - files: Reduce race window when creating new files (LP: #2024204)
    - fips: add support to Jammy to prepare for when it is available
    - fips-preview:
      + add fips-preview as a new entitlement
    - github: add issue templates (GH: #2646)
    - internationalization:
      + add general internationalization support and templates
      + add initial sentence set for Brazilian Portuguese
    - logging:
      + add journald logging for the daemon and systemd timer
      + remove daemon and timer log files
      + standardize the logging calls through the codebase (GH: #2632)
    - systemd: change ubuntu-advantage.service type from 'notify' to 'simple',
      dropping the dependency on python3-systemd (LP: #2038417) (GH: #2692)
    - tests:
      + add scenarios where cloud-init is present but disabled (LP: #1938208)
      + change 'permission' to 'priority' when checking apt priority in tests
        (GH: #2719)

 -- Renan Rodrigo <email address hidden> Tue, 07 Nov 2023 16:23:42 +0200

This bug was fixed in the package ubuntu-advantage-tools - 30~20.04

---------------
ubuntu-advantage-tools (30~20.04) focal; urgency=medium

  * Backport new upstream release to focal (LP: #2038461)

ubuntu-advantage-tools (30) noble; urgency=medium

  * d/control:
    - add python3-apt as a build dependency
    - add the new ubuntu-pro-client-l10n binary package
    - recommend installing ubuntu-pro-client-l10n

  * d/po/*:
    - Makefile to build localization files to debian/po/usr/share/locale/
    - update POTFILES.in to cover all translatable messages
    - remove old unused pot file
    - add new complete pot file for "ubuntu-pro" domain
    - add first Brazilian Portuguese translations

  * d/rules:
    - add step to build the translations

  * d/tests/control:
    - mark autopkgtests as superficial (GH: #2609)

  * d/ubuntu-advantage-tools.maintscript:
    - remove /etc/ubuntu-advantage/help_data.yaml

  * d/ubuntu-pro-client-l10n.install:
    - add install file for the new binary package

  * New upstream release 30 (LP: #2038461)
    - api:
      + add new backwards compatible plan steps to the v1 fix plan endpoints
      + improve information returned from the fix plan endpoints
      + new endpoint: u.pro.security.fix.cve.execute.v1
      + new endpoint: u.pro.security.fix.usn.execute.v1
    - apt: improve performance and consistency by refactoring the code to use
      the apt_pkg module
    - auto-attach: add newline to the MOTD message to separate it from other
      MOTD messages
    - contract: send information about variants to the contracts server
    - enable: update only service specific apt sources when enabling a service
      (GH: #1311) (GH: #1482)
    - esm: create static files to pin packages from esm-infra and esm-apps with
      higher priority (GH: #2580)
    - disable:
      + (experimental) add the --purge flag to the disable command, so users
        can remove all service related packages when disabling a service
      + show extra warnings when kernels are involved in the purge operation
    - files: Reduce race window when creating new files (LP: #2024204)
    - fips: add support to Jammy to prepare for when it is available
    - fips-preview:
      + add fips-preview as a new entitlement
    - github: add issue templates (GH: #2646)
    - internationalization:
      + add general internationalization support and templates
      + add initial sentence set for Brazilian Portuguese
    - logging:
      + add journald logging for the daemon and systemd timer
      + remove daemon and timer log files
      + standardize the logging calls through the codebase (GH: #2632)
    - systemd: change ubuntu-advantage.service type from 'notify' to 'simple',
      dropping the dependency on python3-systemd (LP: #2038417) (GH: #2692)
    - tests:
      + add scenarios where cloud-init is present but disabled (LP: #1938208)
      + change 'permission' to 'priority' when checking apt priority in tests
        (GH: #2719)

 -- Renan Rodrigo <email address hidden> Tue, 07 Nov 2023 16:23:40 +0200

This bug was fixed in the package ubuntu-advantage-tools - 30~18.04

---------------
ubuntu-advantage-tools (30~18.04) bionic; urgency=medium

  * Backport new upstream release to bionic (LP: #2038461)

ubuntu-advantage-tools (30) noble; urgency=medium

  * d/control:
    - add python3-apt as a build dependency
    - add the new ubuntu-pro-client-l10n binary package
    - recommend installing ubuntu-pro-client-l10n

  * d/po/*:
    - Makefile to build localization files to debian/po/usr/share/locale/
    - update POTFILES.in to cover all translatable messages
    - remove old unused pot file
    - add new complete pot file for "ubuntu-pro" domain
    - add first Brazilian Portuguese translations

  * d/rules:
    - add step to build the translations

  * d/tests/control:
    - mark autopkgtests as superficial (GH: #2609)

  * d/ubuntu-advantage-tools.maintscript:
    - remove /etc/ubuntu-advantage/help_data.yaml

  * d/ubuntu-pro-client-l10n.install:
    - add install file for the new binary package

  * New upstream release 30 (LP: #2038461)
    - api:
      + add new backwards compatible plan steps to the v1 fix plan endpoints
      + improve information returned from the fix plan endpoints
      + new endpoint: u.pro.security.fix.cve.execute.v1
      + new endpoint: u.pro.security.fix.usn.execute.v1
    - apt: improve performance and consistency by refactoring the code to use
      the apt_pkg module
    - auto-attach: add newline to the MOTD message to separate it from other
      MOTD messages
    - contract: send information about variants to the contracts server
    - enable: update only service specific apt sources when enabling a service
      (GH: #1311) (GH: #1482)
    - esm: create static files to pin packages from esm-infra and esm-apps with
      higher priority (GH: #2580)
    - disable:
      + (experimental) add the --purge flag to the disable command, so users
        can remove all service related packages when disabling a service
      + show extra warnings when kernels are involved in the purge operation
    - files: Reduce race window when creating new files (LP: #2024204)
    - fips: add support to Jammy to prepare for when it is available
    - fips-preview:
      + add fips-preview as a new entitlement
    - github: add issue templates (GH: #2646)
    - internationalization:
      + add general internationalization support and templates
      + add initial sentence set for Brazilian Portuguese
    - logging:
      + add journald logging for the daemon and systemd timer
      + remove daemon and timer log files
      + standardize the logging calls through the codebase (GH: #2632)
    - systemd: change ubuntu-advantage.service type from 'notify' to 'simple',
      dropping the dependency on python3-systemd (LP: #2038417) (GH: #2692)
    - tests:
      + add scenarios where cloud-init is present but disabled (LP: #1938208)
      + change 'permission' to 'priority' when checking apt priority in tests
        (GH: #2719)

 -- Renan Rodrigo <email address hidden> Tue, 07 Nov 2023 16:23:37 +0200

All autopkgtests for the newly accepted ubuntu-advantage-tools (30~16.04) for xenial have finished running.
The following regressions have been reported in tests triggered by the package:

ubuntu-advantage-tools/blacklisted (s390x)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/xenial/update_excuses.html#ubuntu-advantage-tools

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

The DEP8 tests are green now.

This bug was fixed in the package ubuntu-advantage-tools - 30~16.04

---------------
ubuntu-advantage-tools (30~16.04) xenial; urgency=medium

  * Backport new upstream release to xenial (LP: #2038461)

ubuntu-advantage-tools (30) noble; urgency=medium

  * d/control:
    - add python3-apt as a build dependency
    - add the new ubuntu-pro-client-l10n binary package
    - recommend installing ubuntu-pro-client-l10n

  * d/po/*:
    - Makefile to build localization files to debian/po/usr/share/locale/
    - update POTFILES.in to cover all translatable messages
    - remove old unused pot file
    - add new complete pot file for "ubuntu-pro" domain
    - add first Brazilian Portuguese translations

  * d/rules:
    - add step to build the translations

  * d/tests/control:
    - mark autopkgtests as superficial (GH: #2609)

  * d/ubuntu-advantage-tools.maintscript:
    - remove /etc/ubuntu-advantage/help_data.yaml

  * d/ubuntu-pro-client-l10n.install:
    - add install file for the new binary package

  * New upstream release 30 (LP: #2038461)
    - api:
      + add new backwards compatible plan steps to the v1 fix plan endpoints
      + improve information returned from the fix plan endpoints
      + new endpoint: u.pro.security.fix.cve.execute.v1
      + new endpoint: u.pro.security.fix.usn.execute.v1
    - apt: improve performance and consistency by refactoring the code to use
      the apt_pkg module
    - auto-attach: add newline to the MOTD message to separate it from other
      MOTD messages
    - contract: send information about variants to the contracts server
    - enable: update only service specific apt sources when enabling a service
      (GH: #1311) (GH: #1482)
    - esm: create static files to pin packages from esm-infra and esm-apps with
      higher priority (GH: #2580)
    - disable:
      + (experimental) add the --purge flag to the disable command, so users
        can remove all service related packages when disabling a service
      + show extra warnings when kernels are involved in the purge operation
    - files: Reduce race window when creating new files (LP: #2024204)
    - fips: add support to Jammy to prepare for when it is available
    - fips-preview:
      + add fips-preview as a new entitlement
    - github: add issue templates (GH: #2646)
    - internationalization:
      + add general internationalization support and templates
      + add initial sentence set for Brazilian Portuguese
    - logging:
      + add journald logging for the daemon and systemd timer
      + remove daemon and timer log files
      + standardize the logging calls through the codebase (GH: #2632)
    - systemd: change ubuntu-advantage.service type from 'notify' to 'simple',
      dropping the dependency on python3-systemd (LP: #2038417) (GH: #2692)
    - tests:
      + add scenarios where cloud-init is present but disabled (LP: #1938208)
      + change 'permission' to 'priority' when checking apt priority in tests
        (GH: #2719)

 -- Renan Rodrigo <email address hidden> Tue, 07 Nov 2023 16:23:34 +0200