APT doc and manpage uses wrong ubuntu-codename

Bug #1812696 reported by Eric Desrochers on 2019-01-21
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apt (Ubuntu)
Status tracked in Disco
Trusty
Wishlist
Unassigned
Xenial
Wishlist
Julian Andres Klode
Bionic
Wishlist
Julian Andres Klode
Cosmic
Wishlist
Julian Andres Klode
Disco
Wishlist
Julian Andres Klode

Bug Description

[Impact]

APT documentation/example/manpages isn't referencing the current release
which could be misleading for certain users.

---
APT src code:
---
[GOOD ubuntu-codename]

* trusty:
apt-1.0.1ubuntu2.18/doc/apt-verbatim.ent:<!ENTITY ubuntu-codename "trusty">

[WRONG ubuntu-codename]

* xenial:
apt-1.2.29/doc/apt-verbatim.ent:<!ENTITY ubuntu-codename "trusty">

* bionic:
apt-1.6.7/doc/apt-verbatim.ent:<!ENTITY ubuntu-codename "xenial">

* disco:
apt-1.8.0~alpha3/doc/apt-verbatim.ent:<!ENTITY ubuntu-codename "xenial">
---

* vendor/ubuntu/sources.list.in
---
# See sources.list(5) manpage for more information
# Remember that CD-ROMs, DVDs and such are managed through the apt-cdrom tool.
deb http://us.archive.ubuntu.com/ubuntu &ubuntu-codename; main restricted
deb-src http://us.archive.ubuntu.com/ubuntu &ubuntu-codename; main restricted

deb http://security.ubuntu.com/ubuntu &ubuntu-codename;-security main restricted
deb-src http://security.ubuntu.com/ubuntu &ubuntu-codename;-security main restricted

deb http://us.archive.ubuntu.com/ubuntu &ubuntu-codename;-updates main restricted
deb-src http://us.archive.ubuntu.com/ubuntu &ubuntu-codename;-updates main restricted
---

The ubuntu-codename variable for Xenial and late in APT points to 'trusty or 'xenial' which generate the doc example & manpage with the wrong release instead of the actual ubuntu-codename.

APT in Xenial point to 'trusty'.
APT in Bionic and late to 'xenial'

It also affect the man page:

Example took from Bionic:
http://manpages.ubuntu.com/manpages/bionic/man5/sources.list.5.html
http://manpages.ubuntu.com/manpages/bionic/man5/apt_preferences.5.html

[Test Case]

With Xenial and late:

 * Look sources.list(5) manpage
Ex:
http://manpages.ubuntu.com/manpages/bionic/man5/sources.list.5.html

 * Look apt_preferences(5) manpage
Ex: http://manpages.ubuntu.com/manpages/bionic/man5/apt_preferences.5.html

 * Look /usr/share/doc/apt/examples/sources.list

$ lsb_release -cs
bionic

$ cat /usr/share/doc/apt/examples/sources.list
----------------
# See sources.list(5) manpage for more information
# Remember that CD-ROMs, DVDs and such are managed through the apt-cdrom tool.
deb http://us.archive.ubuntu.com/ubuntu xenial main restricted
deb-src http://us.archive.ubuntu.com/ubuntu xenial main restricted

deb http://security.ubuntu.com/ubuntu xenial-security main restricted
deb-src http://security.ubuntu.com/ubuntu xenial-security main restricted

deb http://us.archive.ubuntu.com/ubuntu xenial-updates main restricted
deb-src http://us.archive.ubuntu.com/ubuntu xenial-updates main restricted
----------------------

You'll notice they all point to the wrong release.

While we understand it's not a "bug' and only a reference/example...
I think it's for the best interest of all if the examples/manpage reference the current release.

[Regression Potential]

 * None, it only affect documentation/examples and manpages. No behavior change in the APT code.

[Other Info]

[Original Description]
From APT src code :

---
[GOOD ubuntu-codename]
* trusty:
apt-1.0.1ubuntu2.18/doc/apt-verbatim.ent:<!ENTITY ubuntu-codename "trusty">

[WRONG ubuntu-codename]
* xenial:
apt-1.2.29/doc/apt-verbatim.ent:<!ENTITY ubuntu-codename "trusty">

* bionic:
apt-1.6.7/doc/apt-verbatim.ent:<!ENTITY ubuntu-codename "xenial">

* disco:
apt-1.8.0~alpha3/doc/apt-verbatim.ent:<!ENTITY ubuntu-codename "xenial">
---

* vendor/ubuntu/sources.list.in
---
# See sources.list(5) manpage for more information
# Remember that CD-ROMs, DVDs and such are managed through the apt-cdrom tool.
deb http://us.archive.ubuntu.com/ubuntu &ubuntu-codename; main restricted
deb-src http://us.archive.ubuntu.com/ubuntu &ubuntu-codename; main restricted

deb http://security.ubuntu.com/ubuntu &ubuntu-codename;-security main restricted
deb-src http://security.ubuntu.com/ubuntu &ubuntu-codename;-security main restricted

deb http://us.archive.ubuntu.com/ubuntu &ubuntu-codename;-updates main restricted
deb-src http://us.archive.ubuntu.com/ubuntu &ubuntu-codename;-updates main restricted
---

The ubuntu-codename variable for Bionic and late in APT points to Xenial which generate the doc example with Xenial instead of the actual codename.

* ./doc/sources.list.5.xml
---
<!ENTITY % aptverbatiment SYSTEM "apt-verbatim.ent"> %aptverbatiment;
---

It also seems to affect the man page by mentionning 'xenial'.
Example took from Bionic:
http://manpages.ubuntu.com/manpages/bionic/man5/sources.list.5.html
http://manpages.ubuntu.com/manpages/bionic/man5/apt_preferences.5.html

Tags: sts Edit Tag help

CVE References

Eric Desrochers (slashd) on 2019-01-21
Changed in apt (Ubuntu Trusty):
importance: Undecided → Wishlist
Changed in apt (Ubuntu Xenial):
importance: Undecided → Wishlist
Changed in apt (Ubuntu Bionic):
importance: Undecided → Wishlist
Changed in apt (Ubuntu Cosmic):
importance: Undecided → Wishlist
Changed in apt (Ubuntu Disco):
importance: Undecided → Wishlist
Eric Desrochers (slashd) wrote :

juliank will include the ubuntu-codename variable change in his next SRU later this week.

Thanks Juliank !

tags: added: sts
Changed in apt (Ubuntu Trusty):
status: New → Invalid
description: updated
Eric Desrochers (slashd) on 2019-01-21
description: updated
description: updated
Eric Desrochers (slashd) on 2019-01-21
description: updated
description: updated
description: updated
description: updated
Eric Desrochers (slashd) on 2019-01-21
Changed in apt (Ubuntu Disco):
assignee: nobody → Julian Andres Klode (juliank)
Eric Desrochers (slashd) on 2019-01-21
description: updated
Eric Desrochers (slashd) on 2019-01-21
Changed in apt (Ubuntu Disco):
status: New → In Progress
Eric Desrochers (slashd) on 2019-01-21
Changed in apt (Ubuntu Cosmic):
assignee: nobody → Julian Andres Klode (juliank)
Changed in apt (Ubuntu Bionic):
assignee: nobody → Julian Andres Klode (juliank)
Changed in apt (Ubuntu Xenial):
assignee: nobody → Julian Andres Klode (juliank)
Changed in apt (Ubuntu Bionic):
status: New → In Progress
Changed in apt (Ubuntu Cosmic):
status: New → In Progress
Changed in apt (Ubuntu Xenial):
status: New → In Progress
Eric Desrochers (slashd) on 2019-01-21
description: updated
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apt - 1.8.0~beta1

---------------
apt (1.8.0~beta1) unstable; urgency=medium

  [ anatoly techtonik ]
  * README.md: Document that apt is also included
  * apt.cc: Add "apt info" alias for muscle memory

  [ Jean-Pierre Giraud ]
  * French manpages translation update (Closes: #915952)

  [ Frans Spiesschaert ]
  * Dutch manpages translation update (Closes: #916358)

  [ Julian Andres Klode ]
  * cache hash: Use sse4.2 CRC32c on x86-64 where available
  * configuration: Compare size first during lookup
  * debListParser: Avoid native arch lookup in ParseDepends
  * hash32: Tighten to multiversion to x86-64 ELF and use uint32_t
  * apt-mark: Introduce minimize-manual
  * doc/apt-verbatim.ent: Point ubuntu-codename to disco (LP: #1812696)
  * CI: Use debian:buster as test base image
  * doc/apt-verbatim.ent: Debian buster is stable
  * SECURITY UPDATE: content injection in http method (CVE-2019-3462)
    (LP: #1812353)
  * debian/control: Drop libcurl4-gnutls-dev build dependency

  [ Mo Zhou ]
  * zh_CN.po: Update Simplified Chinese programs translation.

  [ Khem Raj ]
  * Remove `register` keyword

  [ Vasya Novikov ]
  * bash completion: add keys

  [ David Kalnischkies ]
  * Communicate back which key(s) were used for signing

 -- Julian Andres Klode <email address hidden> Wed, 23 Jan 2019 16:49:34 +0100

Changed in apt (Ubuntu Disco):
status: In Progress → Fix Released
Julian Andres Klode (juliank) wrote :

Fixes for other releases are queued up in git for the next SRUs (which include some more substantial changes)

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers