Bug#1038747: gnome-software may overwrite debian-security with invalid entry

Tue Jun 20 20:21:42 BST 2023

Package: gnome-software
Version: 43.4-1
Severity: critical
X-Debbugs-Cc: jesse at sney.ca

Dear Maintainer,

I was alerted to this issue by an IRC user and was able to reproduce
it in a clean bookworm vm.

Steps to reproduce:
1 - install bookworm from 12.0.0 media, selecting the gnome desktop task
2 - log in and run Software from the Activites menu
3 - select Software Repositories from the upper right menu
4 - select any option in the "Download from:" menu, press close, and
press refresh

This results in an error dialog from gnome-software, with the relevant line
"E: The repository 'https://deb.debian.org/debian bookworm-security
Release' does not have a Release file."

The correct entry would be deb.debian.org/debian-security bookworm-security.

Marked as critical severity because it disables all updates from
debian-security.

sney

-- System Information:
Debian Release: 12.0
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.1.0-9-amd64 (SMP w/16 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE,
TAINT_UNSIGNED_MODULE
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages gnome-software depends on:
ii  appstream                                    0.16.1-2
ii  apt-config-icons                             0.16.1-2
ii  dconf-gsettings-backend [gsettings-backend]  0.40.0-4
pn  gnome-software-common                        <none>
ii  gsettings-desktop-schemas                    43.0-1
pn  libadwaita-1-0                               <none>
ii  libappstream4                                0.16.1-2
ii  libc6                                        2.36-9
ii  libcairo2                                    1.16.0-7
ii  libfwupd2                                    1.8.12-2
ii  libgdk-pixbuf-2.0-0                          2.42.10+dfsg-1+b1
ii  libglib2.0-0                                 2.74.6-2
ii  libgtk-4-1                                   4.8.3+ds-2
pn  libgtk3-perl                                 <none>
ii  libgudev-1.0-0                               237-2
ii  libjson-glib-1.0-0                           1.6.6-1
pn  libmalcontent-0-0                            <none>
ii  libpackagekit-glib2-18                       1.2.6-5
ii  libpango-1.0-0                               1.50.12+ds-1
ii  libpolkit-gobject-1-0                        122-3
ii  libsoup-3.0-0                                3.2.2-2
ii  libxmlb2                                     0.3.10-2
ii  packagekit                                   1.2.6-5
pn  software-properties-gtk                      <none>

Versions of packages gnome-software recommends:
ii  fwupd  1.8.12-2

Versions of packages gnome-software suggests:
pn  apt-config-icons-hidpi         <none>
pn  gnome-software-plugin-flatpak  <none>
pn  gnome-software-plugin-snap     <none>