| 2021-12-08 11:44:43 |
Julian Andres Klode |
bug |
|
|
added bug |
| 2021-12-08 11:44:58 |
Julian Andres Klode |
command-not-found (Ubuntu): status |
New |
Fix Committed |
|
| 2021-12-08 11:45:26 |
Julian Andres Klode |
nominated for series |
|
Ubuntu Xenial |
|
| 2021-12-08 11:45:26 |
Julian Andres Klode |
bug task added |
|
command-not-found (Ubuntu Xenial) |
|
| 2021-12-08 11:45:26 |
Julian Andres Klode |
nominated for series |
|
Ubuntu Jammy |
|
| 2021-12-08 11:45:26 |
Julian Andres Klode |
bug task added |
|
command-not-found (Ubuntu Jammy) |
|
| 2021-12-08 11:45:26 |
Julian Andres Klode |
nominated for series |
|
Ubuntu Focal |
|
| 2021-12-08 11:45:26 |
Julian Andres Klode |
bug task added |
|
command-not-found (Ubuntu Focal) |
|
| 2021-12-08 11:45:26 |
Julian Andres Klode |
nominated for series |
|
Ubuntu Impish |
|
| 2021-12-08 11:45:26 |
Julian Andres Klode |
bug task added |
|
command-not-found (Ubuntu Impish) |
|
| 2021-12-08 11:45:26 |
Julian Andres Klode |
nominated for series |
|
Ubuntu Bionic |
|
| 2021-12-08 11:45:26 |
Julian Andres Klode |
bug task added |
|
command-not-found (Ubuntu Bionic) |
|
| 2021-12-08 11:45:32 |
Julian Andres Klode |
bug task deleted |
command-not-found (Ubuntu Xenial) |
|
|
| 2021-12-08 11:49:03 |
Julian Andres Klode |
description |
[Impact]
If a non-default umask is set for the root user, then the database created by cnf-update-db is not readable by users.
[Test plan]
The umask changes have little regression potential, are tested in a smoke test, and there is a larger test suite that ensures it does not regress other bits (which again, it really shouldn't)
[Where problems could occur]
We could have the wrong umask? Admins actually liked c-n-f to crash on them? |
[Impact]
If a non-default umask is set for the root user, then the database created by cnf-update-db is not readable by users.
This fix ensures databases are created with the correct permissions, but it does not automatically reset permissions for broken databases.
[Test plan]
The umask changes have little regression potential, are tested in a smoke test, and there is a larger test suite that ensures it does not regress other bits (which again, it really shouldn't)
[Where problems could occur]
We could have the wrong umask? Admins actually liked c-n-f to crash on them? |
|
| 2022-01-05 15:19:47 |
Julian Andres Klode |
command-not-found (Ubuntu Jammy): status |
Fix Committed |
Fix Released |
|
| 2022-01-10 10:08:44 |
Julian Andres Klode |
tags |
|
fr-1949 |
|
| 2022-01-28 17:32:40 |
Launchpad Janitor |
command-not-found (Ubuntu Bionic): status |
New |
Confirmed |
|
| 2022-01-28 17:32:40 |
Launchpad Janitor |
command-not-found (Ubuntu Focal): status |
New |
Confirmed |
|
| 2022-01-28 17:32:40 |
Launchpad Janitor |
command-not-found (Ubuntu Impish): status |
New |
Confirmed |
|
| 2022-02-02 18:02:34 |
Launchpad Janitor |
merge proposal linked |
|
https://code.launchpad.net/~krenshaw/ubuntu/+source/command-not-found/+git/command-not-found/+merge/414978 |
|
| 2022-02-02 18:03:52 |
Launchpad Janitor |
merge proposal linked |
|
https://code.launchpad.net/~krenshaw/ubuntu/+source/command-not-found/+git/command-not-found/+merge/414979 |
|
| 2022-02-02 18:19:40 |
Kellen Renshaw |
attachment added |
|
focal_verify.txt https://bugs.launchpad.net/ubuntu/+source/command-not-found/+bug/1953610/+attachment/5558769/+files/focal_verify.txt |
|
| 2022-02-02 18:20:27 |
Kellen Renshaw |
attachment added |
|
impish_verify.txt https://bugs.launchpad.net/ubuntu/+source/command-not-found/+bug/1953610/+attachment/5558770/+files/impish_verify.txt |
|
| 2022-02-08 18:10:36 |
Kellen Renshaw |
tags |
fr-1949 |
fr-1949 sts-sponsor |
|
| 2022-02-08 18:11:11 |
Heitor Alves de Siqueira |
tags |
fr-1949 sts-sponsor |
fr-1949 sts-sponsor-halves |
|
| 2022-02-08 18:12:37 |
Heitor Alves de Siqueira |
bug |
|
|
added subscriber Heitor Alves de Siqueira |
| 2022-02-15 16:15:57 |
Launchpad Janitor |
merge proposal linked |
|
https://code.launchpad.net/~krenshaw/ubuntu/+source/command-not-found/+git/command-not-found/+merge/415622 |
|
| 2022-02-15 16:17:41 |
Kellen Renshaw |
attachment added |
|
bionic_verify.txt https://bugs.launchpad.net/ubuntu/+source/command-not-found/+bug/1953610/+attachment/5561036/+files/bionic_verify.txt |
|
| 2022-02-15 16:29:16 |
Kellen Renshaw |
description |
[Impact]
If a non-default umask is set for the root user, then the database created by cnf-update-db is not readable by users.
This fix ensures databases are created with the correct permissions, but it does not automatically reset permissions for broken databases.
[Test plan]
The umask changes have little regression potential, are tested in a smoke test, and there is a larger test suite that ensures it does not regress other bits (which again, it really shouldn't)
[Where problems could occur]
We could have the wrong umask? Admins actually liked c-n-f to crash on them? |
[Impact]
If a non-default umask is set for the root user, then the database created by cnf-update-db is not readable by users. This causes exceptions when cnf is invoked.
This fix ensures databases are created with the correct permissions, but it does not automatically reset permissions for broken databases.
[Test Plan]
To reproduce the issue, use the annotated steps below. Confirmed working as a reproducer for Bionic, Focal and Impish. Bionic appears to use a -data package instead of building the db on "apt update", however, adding a non-default repo with CNF metadata will also reproduce the issue. Bionic was tested by adding focal-updates to the APT configuration.
Notes:
1) The "ubuntu" user below is unprivileged, the result of the "adduser ubuntu" command being run and accepting defaults.
2) The "lck" and "ack" commands were randomly selected as commands that were unavailable on the default Ubuntu images used by LXD.
3) Bionic requires the addition of a non-default repo with CNF metadata. The focal-updates repo was used in my testing, any repo meeting the conditions should do.
### Reproduction
# Add repo with CNF metadata if testing Bionic
# Confirm UMASK
grep "^UMASK" /etc/login.defs
# Set /etc/login.defs to umask 027
sed -i -e 's/^UMASK\t\t022/UMASK\t\t027/' /etc/login.defs
# Confirm
grep "^UMASK" /etc/login.defs
# Log out and back in
exit
# Log back in
# Force rebuild of DB
rm -rf /var/lib/command-not-found/*
apt update
ls -lah /var/lib/command-not-found/
# Verify failure
su - ubuntu
lck
ack
exit
## END Reproduction
### Verification
# Install updated command-not-found from -proposed
# https://wiki.ubuntu.com/Testing/EnableProposed
# Update command-not-found.
apt upgrade command-not-found
# Verify version
dpkg -l | grep command-not-found
# Force rebuild of DB
rm -rf /var/lib/command-not-found/*
apt update
ls -lah /var/lib/command-not-found/
# Verify success
su - ubuntu
lck
ack
exit
## END Verification
The failures expected to be seen when running the "lck" and "ack" commands are similar to:
ubuntu@lp1953610-focal:~$ ack
Sorry, command-not-found has crashed! Please file a bug report at:
https://bugs.launchpad.net/command-not-found/+filebug
Please include the following information with the report:
command-not-found version: 0.3
Python version: 3.8.10 final 0
Distributor ID: Ubuntu
Description: Ubuntu 20.04.3 LTS
Release: 20.04
Codename: focal
Exception information:
unable to open database file
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/CommandNotFound/util.py", line 23, in crash_guard
callback()
File "/usr/lib/command-not-found", line 90, in main
cnf = CommandNotFound.CommandNotFound(options.data_dir)
File "/usr/lib/python3/dist-packages/CommandNotFound/CommandNotFound.py", line 79, in __init__
self.db = SqliteDatabase(dbpath)
File "/usr/lib/python3/dist-packages/CommandNotFound/db/db.py", line 12, in __init__
self.con = sqlite3.connect(filename)
sqlite3.OperationalError: unable to open database file
A successful run should look like:
ubuntu@lp1953610-focal:~$ lck
Command 'lck' not found, did you mean:
command 'ack' from deb ack (3.3.1-1)
command 'ick' from deb intercal (30:0.30-3)
command 'lcp' from deb lsh-client (2.1-12build3)
command 'lc' from deb mono-devel (6.8.0.105+dfsg-2)
command 'lcf' from deb ucf (3.0038+nmu1)
command 'ck' from deb python3-ck (1.9.4-1.1)
Try: apt install <deb name>
The umask changes have little regression potential, are tested in a smoke test, and there is a larger test suite that ensures it does not regress other bits (which again, it really shouldn't)
[Where problems could occur]
Admins could rely on the incorrect behavior for some reason (security?).
Admins could have existing automation in place to correct the issue that
behaves incorrectly or unexpectedly once the behavior is corrected. |
|
| 2022-03-07 12:06:07 |
Heitor Alves de Siqueira |
tags |
fr-1949 sts-sponsor-halves |
fr-1949 sts sts-sponsor-halves |
|
| 2022-03-07 12:06:14 |
Heitor Alves de Siqueira |
command-not-found (Ubuntu Bionic): importance |
Undecided |
Medium |
|
| 2022-03-07 12:06:16 |
Heitor Alves de Siqueira |
command-not-found (Ubuntu Impish): importance |
Undecided |
Medium |
|
| 2022-03-07 12:06:19 |
Heitor Alves de Siqueira |
command-not-found (Ubuntu Focal): importance |
Undecided |
Medium |
|
| 2022-03-07 12:34:33 |
Heitor Alves de Siqueira |
description |
[Impact]
If a non-default umask is set for the root user, then the database created by cnf-update-db is not readable by users. This causes exceptions when cnf is invoked.
This fix ensures databases are created with the correct permissions, but it does not automatically reset permissions for broken databases.
[Test Plan]
To reproduce the issue, use the annotated steps below. Confirmed working as a reproducer for Bionic, Focal and Impish. Bionic appears to use a -data package instead of building the db on "apt update", however, adding a non-default repo with CNF metadata will also reproduce the issue. Bionic was tested by adding focal-updates to the APT configuration.
Notes:
1) The "ubuntu" user below is unprivileged, the result of the "adduser ubuntu" command being run and accepting defaults.
2) The "lck" and "ack" commands were randomly selected as commands that were unavailable on the default Ubuntu images used by LXD.
3) Bionic requires the addition of a non-default repo with CNF metadata. The focal-updates repo was used in my testing, any repo meeting the conditions should do.
### Reproduction
# Add repo with CNF metadata if testing Bionic
# Confirm UMASK
grep "^UMASK" /etc/login.defs
# Set /etc/login.defs to umask 027
sed -i -e 's/^UMASK\t\t022/UMASK\t\t027/' /etc/login.defs
# Confirm
grep "^UMASK" /etc/login.defs
# Log out and back in
exit
# Log back in
# Force rebuild of DB
rm -rf /var/lib/command-not-found/*
apt update
ls -lah /var/lib/command-not-found/
# Verify failure
su - ubuntu
lck
ack
exit
## END Reproduction
### Verification
# Install updated command-not-found from -proposed
# https://wiki.ubuntu.com/Testing/EnableProposed
# Update command-not-found.
apt upgrade command-not-found
# Verify version
dpkg -l | grep command-not-found
# Force rebuild of DB
rm -rf /var/lib/command-not-found/*
apt update
ls -lah /var/lib/command-not-found/
# Verify success
su - ubuntu
lck
ack
exit
## END Verification
The failures expected to be seen when running the "lck" and "ack" commands are similar to:
ubuntu@lp1953610-focal:~$ ack
Sorry, command-not-found has crashed! Please file a bug report at:
https://bugs.launchpad.net/command-not-found/+filebug
Please include the following information with the report:
command-not-found version: 0.3
Python version: 3.8.10 final 0
Distributor ID: Ubuntu
Description: Ubuntu 20.04.3 LTS
Release: 20.04
Codename: focal
Exception information:
unable to open database file
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/CommandNotFound/util.py", line 23, in crash_guard
callback()
File "/usr/lib/command-not-found", line 90, in main
cnf = CommandNotFound.CommandNotFound(options.data_dir)
File "/usr/lib/python3/dist-packages/CommandNotFound/CommandNotFound.py", line 79, in __init__
self.db = SqliteDatabase(dbpath)
File "/usr/lib/python3/dist-packages/CommandNotFound/db/db.py", line 12, in __init__
self.con = sqlite3.connect(filename)
sqlite3.OperationalError: unable to open database file
A successful run should look like:
ubuntu@lp1953610-focal:~$ lck
Command 'lck' not found, did you mean:
command 'ack' from deb ack (3.3.1-1)
command 'ick' from deb intercal (30:0.30-3)
command 'lcp' from deb lsh-client (2.1-12build3)
command 'lc' from deb mono-devel (6.8.0.105+dfsg-2)
command 'lcf' from deb ucf (3.0038+nmu1)
command 'ck' from deb python3-ck (1.9.4-1.1)
Try: apt install <deb name>
The umask changes have little regression potential, are tested in a smoke test, and there is a larger test suite that ensures it does not regress other bits (which again, it really shouldn't)
[Where problems could occur]
Admins could rely on the incorrect behavior for some reason (security?).
Admins could have existing automation in place to correct the issue that
behaves incorrectly or unexpectedly once the behavior is corrected. |
[Impact]
If a non-default umask is set for the root user, then the database created by cnf-update-db is not readable by users. This causes exceptions when cnf is invoked.
This fix ensures databases are created with the correct permissions, but it does not automatically reset permissions for broken databases.
[Test Plan]
To reproduce the issue, use the annotated steps below. Confirmed working as a reproducer for Bionic, Focal and Impish. Bionic appears to use a -data package instead of building the db on "apt update", however, adding a non-default repo with CNF metadata will also reproduce the issue. Bionic was tested by adding focal-updates to the APT configuration.
Notes:
1) The "ubuntu" user below is unprivileged, the result of the "adduser ubuntu" command being run and accepting defaults.
2) The "lck" and "ack" commands were randomly selected as commands that were unavailable on the default Ubuntu images used by LXD.
3) Bionic requires the addition of a non-default repo with CNF metadata. The focal-updates repo was used in my testing, any repo meeting the conditions should do.
### Reproduction
# Add repo with CNF metadata if testing Bionic
# Confirm UMASK
grep "^UMASK" /etc/login.defs
# Set /etc/login.defs to umask 027
sed -i -e 's/^UMASK\t\t022/UMASK\t\t027/' /etc/login.defs
# Confirm
grep "^UMASK" /etc/login.defs
# Log out and back in
exit
# Log back in
# Force rebuild of DB
rm -rf /var/lib/command-not-found/*
apt update
ls -lah /var/lib/command-not-found/
# Verify failure
su - ubuntu
lck
ack
exit
## END Reproduction
### Verification
# Install updated command-not-found from -proposed
# https://wiki.ubuntu.com/Testing/EnableProposed
# Update command-not-found.
apt upgrade command-not-found
# Verify version
dpkg -l | grep command-not-found
# Force rebuild of DB
rm -rf /var/lib/command-not-found/*
apt update
ls -lah /var/lib/command-not-found/
# Verify success
su - ubuntu
lck
ack
exit
## END Verification
The failures expected to be seen when running the "lck" and "ack" commands are similar to:
ubuntu@lp1953610-focal:~$ ack
Sorry, command-not-found has crashed! Please file a bug report at:
https://bugs.launchpad.net/command-not-found/+filebug
Please include the following information with the report:
command-not-found version: 0.3
Python version: 3.8.10 final 0
Distributor ID: Ubuntu
Description: Ubuntu 20.04.3 LTS
Release: 20.04
Codename: focal
Exception information:
unable to open database file
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/CommandNotFound/util.py", line 23, in crash_guard
callback()
File "/usr/lib/command-not-found", line 90, in main
cnf = CommandNotFound.CommandNotFound(options.data_dir)
File "/usr/lib/python3/dist-packages/CommandNotFound/CommandNotFound.py", line 79, in __init__
self.db = SqliteDatabase(dbpath)
File "/usr/lib/python3/dist-packages/CommandNotFound/db/db.py", line 12, in __init__
self.con = sqlite3.connect(filename)
sqlite3.OperationalError: unable to open database file
A successful run should look like:
ubuntu@lp1953610-focal:~$ lck
Command 'lck' not found, did you mean:
command 'ack' from deb ack (3.3.1-1)
command 'ick' from deb intercal (30:0.30-3)
command 'lcp' from deb lsh-client (2.1-12build3)
command 'lc' from deb mono-devel (6.8.0.105+dfsg-2)
command 'lcf' from deb ucf (3.0038+nmu1)
command 'ck' from deb python3-ck (1.9.4-1.1)
Try: apt install <deb name>
The umask changes have little regression potential, are tested in a smoke test, and there is a larger test suite that ensures it does not regress other bits (which again, it really shouldn't)
[Where problems could occur]
In general, regressions due to this bug would continue showing up as file access errors, either in automated tooling that currently works around the faulty database permissions, or in other packages relying on CNF.
Admins could be relying on the incorrect behavior for some reason (e.g. security), and some users could have existing automation in place to correct the issue manually. We'd expect the fix to have little impact on such scenarios, and the patches have been tested for these cases. |
|
| 2022-03-07 12:34:39 |
Heitor Alves de Siqueira |
command-not-found (Ubuntu Bionic): status |
Confirmed |
In Progress |
|
| 2022-03-07 12:34:41 |
Heitor Alves de Siqueira |
command-not-found (Ubuntu Impish): status |
Confirmed |
In Progress |
|
| 2022-03-07 12:34:43 |
Heitor Alves de Siqueira |
command-not-found (Ubuntu Bionic): assignee |
|
Heitor Alves de Siqueira (halves) |
|
| 2022-03-07 12:34:45 |
Heitor Alves de Siqueira |
command-not-found (Ubuntu Focal): status |
Confirmed |
In Progress |
|
| 2022-03-07 12:34:47 |
Heitor Alves de Siqueira |
command-not-found (Ubuntu Focal): assignee |
|
Heitor Alves de Siqueira (halves) |
|
| 2022-03-07 12:34:48 |
Heitor Alves de Siqueira |
command-not-found (Ubuntu Impish): assignee |
|
Heitor Alves de Siqueira (halves) |
|
| 2022-03-10 13:55:13 |
Łukasz Zemczak |
command-not-found (Ubuntu Impish): status |
In Progress |
Fix Committed |
|
| 2022-03-10 13:55:14 |
Łukasz Zemczak |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
| 2022-03-10 13:55:16 |
Łukasz Zemczak |
bug |
|
|
added subscriber SRU Verification |
| 2022-03-10 13:55:18 |
Łukasz Zemczak |
tags |
fr-1949 sts sts-sponsor-halves |
fr-1949 sts sts-sponsor-halves verification-needed verification-needed-impish |
|
| 2022-03-10 13:58:12 |
Łukasz Zemczak |
command-not-found (Ubuntu Focal): status |
In Progress |
Fix Committed |
|
| 2022-03-10 13:58:18 |
Łukasz Zemczak |
tags |
fr-1949 sts sts-sponsor-halves verification-needed verification-needed-impish |
fr-1949 sts sts-sponsor-halves verification-needed verification-needed-focal verification-needed-impish |
|
| 2022-03-10 14:01:22 |
Łukasz Zemczak |
command-not-found (Ubuntu Bionic): status |
In Progress |
Fix Committed |
|
| 2022-03-10 14:01:27 |
Łukasz Zemczak |
tags |
fr-1949 sts sts-sponsor-halves verification-needed verification-needed-focal verification-needed-impish |
fr-1949 sts sts-sponsor-halves verification-needed verification-needed-bionic verification-needed-focal verification-needed-impish |
|
| 2022-03-10 19:32:27 |
Kellen Renshaw |
tags |
fr-1949 sts sts-sponsor-halves verification-needed verification-needed-bionic verification-needed-focal verification-needed-impish |
fr-1949 sts sts-sponsor-halves verification-done-focal verification-done-impish verification-needed verification-needed-bionic |
|
| 2022-03-10 19:39:17 |
Kellen Renshaw |
tags |
fr-1949 sts sts-sponsor-halves verification-done-focal verification-done-impish verification-needed verification-needed-bionic |
fr-1949 sts sts-sponsor-halves verification-done verification-done-bionic verification-done-focal verification-done-impish |
|
| 2022-03-15 19:18:20 |
Samuel Wallung |
bug |
|
|
added subscriber Samuel Wallung |
| 2022-03-17 08:48:52 |
Łukasz Zemczak |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
| 2022-03-17 08:49:43 |
Launchpad Janitor |
command-not-found (Ubuntu Focal): status |
Fix Committed |
Fix Released |
|
| 2022-03-17 08:59:03 |
Launchpad Janitor |
command-not-found (Ubuntu Bionic): status |
Fix Committed |
Fix Released |
|
| 2022-03-17 08:59:15 |
Launchpad Janitor |
command-not-found (Ubuntu Impish): status |
Fix Committed |
Fix Released |
|
