software-properties-gtk hangs indefinitely if a single source server is down

Bug #1904775 reported by rud on 2020-11-18
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
software-properties (Ubuntu)
Undecided
Unassigned

Bug Description

Since this prevents non-technical users from installing critical security updates and does not give them any useful information, I consider it a security issue.

A single repository server is down and a bug in software-properties-gtk will prevent non-technical users to continue installing security updates.

Example:
The Darktable repository is currently offline:
https://software.opensuse.org/download.html?project=graphics:darktable:stable&package=darktable
Running sudo apt update clearly shows that one repository is offline.

When I open Software Sources app (software-properties-gtk) and it starts to “Refresh Software Cache”, I expect the following:

- software sources are being refreshed.
- this might take a little longer than normal.
- it throws an error and returns to the main screen.
- the user can continue normally.
In short: it should cope with a server being down.

The actual behaviour:
- refreshing takes forever.
- Ubuntu throws an error saying it hit an error, asking to send the report about software-properties.
- I have to manually force close the loading screen.
- I can close the main window of software-properties.
- when I launch "Software Sources" again, I get an empty square window.

This should not happen when a server happens to be down.

Running sudo apt update clearly shows that one repository is offline.

ProblemType: Bug
DistroRelease: Ubuntu 20.04
Package: software-properties-gtk 0.98.9.3
ProcVersionSignature: Ubuntu 5.4.0-54.60-generic 5.4.65
Uname: Linux 5.4.0-54-generic x86_64
ApportVersion: 2.20.11-0ubuntu27.12
Architecture: amd64
CasperMD5CheckResult: skip
CurrentDesktop: Budgie:GNOME
Date: Wed Nov 18 19:59:49 2020
InstallationDate: Installed on 2020-11-18 (0 days ago)
InstallationMedia: Ubuntu-Budgie 20.04.1 LTS "Focal Fossa" - Release amd64 (20200731)
PackageArchitecture: all
SourcePackage: software-properties
UpgradeStatus: No upgrade log present (probably fresh install)

rud (jazco) wrote :

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find.

information type: Private Security → Public
Sebastien Bacher (seb128) wrote :

How does it prevent users to install security updates? Those are automatically downloaded and applied in background by unattendeed-upgrade. Also software-properties is used to configure sources, not to apply updates, is your issue also impacting update manager?

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers