[Desktop-packages] [Bug 1795668] Re: Enable bubblewrap in gnome-desktop3 for Ubuntu 18.04 LTS

Wed, 28 Nov 2018 11:21:42 -0800 

This bug was fixed in the package bubblewrap - 0.2.1-1ubuntu0.1

---------------
bubblewrap (0.2.1-1ubuntu0.1) bionic-security; urgency=medium

  [ Iain Lane ]
  * Don't install setuid on Ubuntu & derivatives since Ubuntu's
    kernel enables unprivileged user namespaces (LP: #1795668, LP: #1709164)
  * debian/tests/basic: We're not setuid - in this case we have to use a new
    user namespace. Not all the GIDs from the parent namespace are mapped
    through, and so testing that `id` is identical inside and out of the
    bubblewrap is not going to work. Let's make sure that the euid and egid
    are the same.

 -- Jeremy Bicha <[email protected]>  Tue, 02 Oct 2018 11:03:48 -0400

** Changed in: bubblewrap (Ubuntu)
       Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gnome-desktop3 in Ubuntu.
https://bugs.launchpad.net/bugs/1795668

Title:
  Enable bubblewrap in gnome-desktop3 for Ubuntu 18.04 LTS

Status in bubblewrap package in Ubuntu:
  Fix Released
Status in gnome-desktop3 package in Ubuntu:
  Confirmed

Bug description:
  Impact
  ======
  gnome-desktop 3.26 hardened the thumbnailers with bubblewrap to mitigate 
several vulnerabilities. Ubuntu had to disable that feature until bubblewrap 
could be promoted to main.

  bubblewrap is now in main for 18.10 and the feature is now enabled
  there. The intention has been for that change to be backported to
  18.04 LTS as a security fix.

  The bubblewrap MIR is https://launchpad.net/bugs/1709164

  We'll need to promote bubblewrap to main before this update should be
  pushed to bionic.

  Can you sponsor directly from the git repo instead of with a debdiff?

  gbp clone https://git.launchpad.net/~ubuntu-desktop/ubuntu/+source
  /gnome-desktop3

  git checkout ubuntu/bionic

  gbp clone https://git.launchpad.net/~ubuntu-
  desktop/ubuntu/+source/bubblewrap

  Testing Done
  ============
  I test built bubblewrap and its autopkgtest passes:
  
https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-bionic-jbicha-arch/bionic/amd64/b/bubblewrap/20181002_153548_f5821@/log.gz

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bubblewrap/+bug/1795668/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to