Public bug reported:
landscape.lib.format.expandvars expands variables by executing bash in a
subprocess. This has the potential for executing arbitrary shell
commands, e.g., if the variable is $(rm -rf /home/*).
This function is currently only executed using values defined in Ubuntu
Core
The fix has been included in upstream. It was included in the following PRs:
https://github.com/canonical/landscape-client/pull/201
https://github.com/canonical/landscape-client/pull/219
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Changed in: landscape-client (Ubuntu)
Status: New => In Progress
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2055348
Title:
Potential arbitrary execution in expandvars
To manage
Upstream replacement with python here:
https://github.com/canonical/landscape-client/pull/222
Will produce patch.
** Changed in: landscape-client (Ubuntu)
Assignee: (unassigned) => Mitch Burton (mitchburton)
--
You received this bug notification because you are a member of Ubuntu
B
Updated description to include SRU bug template.
** Description changed:
landscape-common in mantic has regressed the autopkgtests for update-
motd. The landscape-common package is installed in the cloud images,
and as a result its update-motd hook is called as part of the
autopkgtest.
Updated description to add the "good case" to the test plan and a
mention of fixed autopkgtest. Added a brief description of the fix to
[impact] section.
** Description changed:
landscape-common in mantic has regressed the autopkgtests for update-
motd. The landscape-common package is
** Description changed:
This bug was discovered during verification of the fix for LP: #2027613
[ Impact ]
The new ExecCondition in landscape-client.service provided in the patch
for LP: #2027613 prevents the final steps of the landscape-config Client
configuration wizard from
** Changed in: landscape-client (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2057976
Title:
Ubuntu pro info is not sent on registration
To manage
I've performed validation on jammy using version 23.02-0ubuntu1~22.04.2,
following the tests and test procedures laid out in
https://wiki.canonical.com/Landscape/ClientSRUTests/23.02 and
https://wiki.ubuntu.com/LandscapeUpdates.
** Tags removed: verification-needed verification-needed-jammy
**
I've performed validation on focal using version 23.02-0ubuntu1~20.04.2,
following the tests and test procedures laid out in
https://wiki.canonical.com/Landscape/ClientSRUTests/23.02 and
https://wiki.ubuntu.com/LandscapeUpdates.
Still working on the same for jammy.
** Tags removed:
>the mantic fix is still needed?
Yes. I will have a merge request out for mantic shortly.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2027613
Title:
Avoid stopping services on upgrade
To manage
Test on mantic using version 23.08-0ubuntu1.1
a) installed and ran `sudo landscape-config`. Progressed through the
wizard until
Request a new registration for this computer now? [y/N]: y
Registration request sent successfully.
ubuntu@expert-bug:~$ systemctl is-active landscape-client
active
Tested in mantic using landscape-client and landscape-common versions
23.08-0ubuntu1.1, as ubuntu user in a fresh container: - lxc launch
ubuntu:mantic
$ sudo rm -f /var/lib/landscape-sysinfo.cache # just to be sure
$ run-parts /etc/update-motd.d/
Welcome to Ubuntu 23.10 (GNU/Linux
Ran show-motd autopkgtest with the following diff (as mentioned by
Andreas previously to reproduce the bug)
--- a/debian/tests/show-motd
+++ b/debian/tests/show-motd
@@ -2,6 +2,9 @@
unset MOTD_SHOWN
+echo "Sleeping 60s"
+sleep 60
+echo "Continuing"
RET=0
bash -i -c '.
Tested on focal using version 23.02-0ubuntu1~20.04.2, according to the
test plan
a) installed and ran `sudo landscape-config`. Progressed through the
wizard until
Request a new registration for this computer now? [y/N]: y
System successfully registered.
ubuntu@musical-liger:~$ systemctl
Tested on jammy using version 23.02-0ubuntu1~22.04.2
a) installed and ran `sudo landscape-config`. Progressed through the
wizard until
Request a new registration for this computer now? [y/N]: y
System successfully registered.
ubuntu@driven-mudfish:~$ systemctl is-active landscape-client
active
Verification on focal with version 23.02-0ubuntu1~20.04.2
test 1:
- installed version 19.12-0ubuntu4.3
- registered with Landscape Server
- service is running:
ubuntu@alive-squid:~$ systemctl is-active landscape-client
active
ubuntu@alive-squid:~$ pgrep landscape
4315
4317
4318
4319
-
Verification on jammy with version 23.02-0ubuntu1~22.04.2
test 1:
- installed version 19.12-0ubuntu13
- registered with Landscape Server
- service is running:
ubuntu@allowed-beetle:~$ systemctl is-active landscape-client
active
ubuntu@allowed-beetle:~$ pgrep landscape
2276
2277
2278
2279
-
Upstream PR: https://github.com/canonical/landscape-client/pull/239
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2062561
Title:
There are no APT sources configured in /etc/apt/sources.list or
I'm not seeing the "Package reporting issues" error against the
Production SaaS Landscape. This is on noble
ubuntu@new-hippo:~$ cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=24.04
DISTRIB_CODENAME=noble
DISTRIB_DESCRIPTION="Ubuntu Noble Numbat (development branch)"
Using version
** Changed in: landscape-client
Assignee: (unassigned) => Mitch Burton (mitchburton)
** Changed in: landscape-client (Ubuntu)
Assignee: (unassigned) => Mitch Burton (mitchburton)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subs
Despite not seeing the error right away, I am able to, from additional
info provided by Chris, track it to its source, which is a lack of
deb822 source-handling in landscape-client.
This is pretty easy to fix, the dependency landscape-client uses to
collect source/channel info has a flag for
** Changed in: landscape-client
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2062561
Title:
There are no APT sources configured in /etc/apt/sources.list
** Description changed:
+ [ Impact ]
+
+ * 24.04 changed apt sources to deb822 format. This causes landscape-client's
+package-reporter to report errors to landscape-server, specifically "There
+are no APT sources configured in /etc/apt/sources.list or
+/etc/apt/sources.list.d".
Test on mantic using version 23.08-0ubuntu1.2
a) installed and ran `sudo landscape-config`. Progressed through the
wizard until
Request a new registration for this computer now? [y/N]: y
Registration request sent successfully.
ubuntu@free-gorilla:~$ systemctl is-active landscape-client
active
Tested in mantic using landscape-client and landscape-common versions
23.08-0ubuntu1.2, as ubuntu user in a fresh container: - lxc launch
ubuntu:mantic
ubuntu@powerful-lion:~$ sudo rm -f /var/lib/landscape-sysinfo.cache # just to
be sure
ubuntu@powerful-lion:~$ run-parts /etc/update-motd.d/
Verification on mantic with version 23.08-0ubuntu1.2
test 1:
- installed version 23.08-0ubuntu1
- registered with Landscape Server
- service is running:
ubuntu@useful-tuna:~$ systemctl is-active landscape-client
active
ubuntu@useful-tuna:~$ pgrep landscape
3945
3946
3947
3948
- upgraded to
27 matches
Mail list logo
