from:"marc"

Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug.  I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privilege boundaries nor directly cause loss of data/privacy.
Please feel free to report any other bugs you may find.

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gnome-control-center in Ubuntu.
https://bugs.launchpad.net/bugs/2001503

Title:
  gnome-control-center crashed with SIGSEGV -- pipewire

Status in gnome-control-center package in Ubuntu:
  New

Bug description:
  Just upgraded from 22.04 to 22.10 and am trying to get pipewire +
  pulseaudio working. It seems like some of the apps (gsd-sound?) aren't
  quite ready for pipewire ... restarting the services (systemctl --user
  restart pipewire pipewire-pulse) causes the sound settings dialog to
  collect a lot of stale entries for output devices. When I select them
  and try to test, the app crashes.

  ProblemType: Crash
  DistroRelease: Ubuntu 22.10
  Package: gnome-control-center 1:43.0-1ubuntu2
  ProcVersionSignature: Ubuntu 5.19.0-26.27-generic 5.19.7
  Uname: Linux 5.19.0-26-generic x86_64
  NonfreeKernelModules: nvidia_modeset nvidia
  ApportVersion: 2.23.1-0ubuntu3
  Architecture: amd64
  CasperMD5CheckResult: unknown
  CrashCounter: 1
  CurrentDesktop: ubuntu:GNOME
  Date: Tue Jan  3 10:03:34 2023
  ExecutablePath: /usr/bin/gnome-control-center
  InstallationDate: Installed on 2022-01-05 (363 days ago)
  InstallationMedia: Ubuntu 20.04.3 LTS "Focal Fossa" - Release amd64 (20210819)
  ProcCmdline: gnome-control-center
  ProcEnviron:
   LANG=en_US.UTF-8
   PATH=(custom, user)
   SHELL=/bin/bash
   XDG_RUNTIME_DIR=
  SegvAnalysis:
   Segfault happened at: 0x7f3523070a2f:mov%esi,(%rdx)
   PC (0x7f3523070a2f) ok
   source "%esi" ok
   destination "(%rdx)" (0x0021) not located in a known VMA region (needed 
writable region)!
  SegvReason: writing NULL VMA
  Signal: 11
  SourcePackage: gnome-control-center
  StacktraceTop:
   () at /lib/x86_64-linux-gnu/libpulse.so.0
   pa_context_set_card_profile_by_index () at 
/lib/x86_64-linux-gnu/libpulse.so.0
   gvc_mixer_card_change_profile ()
   gvc_mixer_control_change_profile_on_selected_device ()
   g_closure_invoke () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0
  Title: gnome-control-center crashed with SIGSEGV
  UpgradeStatus: Upgraded to kinetic on 2022-12-28 (5 days ago)
  UserGroups: adm cdrom dialout dip disk docker libvirt lpadmin lxd plugdev 
sambashare sudo wireshark
  mtime.conffile..etc.apport.crashdb.conf: 2022-08-24T09:03:25.873541
  separator:

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnome-control-center/+bug/2001503/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 2008662] Re: How do I fix error : "Appear a prohibit icon

Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug.  I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privilege boundaries nor directly cause loss of data/privacy.
Please feel free to report any other bugs you may find.

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gnome-shell-extension-appindicator in
Ubuntu.
https://bugs.launchpad.net/bugs/2008662

Title:
  How do I fix error : "Appear a prohibit icon

Status in gnome-shell-extension-appindicator package in Ubuntu:
  New

Bug description:
  How do I fix error : "Appear a prohibit icon

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: gnome-shell-extension-appindicator 42-2~fakesync1
  ProcVersionSignature: Ubuntu 5.19.0-32.33~22.04.1-generic 5.19.17
  Uname: Linux 5.19.0-32-generic x86_64
  ApportVersion: 2.20.11-0ubuntu82.3
  Architecture: amd64
  CasperMD5CheckResult: pass
  CurrentDesktop: ubuntu:GNOME
  Date: Mon Feb 27 11:23:28 2023
  InstallationDate: Installed on 2022-09-14 (165 days ago)
  InstallationMedia: Ubuntu 22.04.1 LTS "Jammy Jellyfish" - Release amd64 
(20220809.1)
  PackageArchitecture: all
  SourcePackage: gnome-shell-extension-appindicator
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnome-shell-extension-appindicator/+bug/2008662/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 2009948] Re: Problem with xorg

Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug.  I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privilege boundaries nor directly cause loss of data/privacy.
Please feel free to report any other bugs you may find.

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to xorg in Ubuntu.
https://bugs.launchpad.net/bugs/2009948

Title:
  Problem with xorg

Status in xorg package in Ubuntu:
  New

Bug description:
  Is not working.

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: xorg 1:7.7+23ubuntu2
  ProcVersionSignature: Ubuntu 5.19.0-35.36~22.04.1-generic 5.19.17
  Uname: Linux 5.19.0-35-generic x86_64
  NonfreeKernelModules: nvidia_modeset nvidia
  .proc.driver.nvidia.capabilities.gpu0: Error: path was not a regular file.
  .proc.driver.nvidia.capabilities.mig: Error: path was not a regular file.
  .proc.driver.nvidia.gpus..01.00.0: Error: path was not a regular file.
  .proc.driver.nvidia.registry: Binary: ""
  .proc.driver.nvidia.suspend: suspend hibernate resume
  .proc.driver.nvidia.suspend_depth: default modeset uvm
  .proc.driver.nvidia.version:
   NVRM version: NVIDIA UNIX x86_64 Kernel Module  525.85.05  Sat Jan 14 
00:49:50 UTC 2023
   GCC version:
  ApportVersion: 2.20.11-0ubuntu82.3
  Architecture: amd64
  CasperMD5CheckResult: fail
  CompositorRunning: None
  CurrentDesktop: ubuntu:GNOME
  Date: Fri Mar 10 09:08:31 2023
  DistUpgraded: Fresh install
  DistroCodename: jammy
  DistroVariant: ubuntu
  DkmsStatus: virtualbox/6.1.38, 5.19.0-35-generic, x86_64: installed
  ExtraDebuggingInterest: Yes, if not too technical
  GraphicsCard:
   Intel Corporation CometLake-U GT2 [UHD Graphics] [8086:9b41] (rev 02) 
(prog-if 00 [VGA controller])
 Subsystem: Dell CometLake-U GT2 [UHD Graphics] [1028:0959]
 Subsystem: Dell GP108M [GeForce MX230] [1028:0959]
  InstallationDate: Installed on 2023-03-10 (0 days ago)
  InstallationMedia: Ubuntu 22.04.2 LTS "Jammy Jellyfish" - Release amd64 
(20230223)
  MachineType: Dell Inc. Vostro 5490
  ProcEnviron:
   LANGUAGE=pt_BR:pt:en
   TERM=xterm-256color
   PATH=(custom, no user)
   LANG=pt_BR.UTF-8
   SHELL=/bin/bash
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.19.0-35-generic 
root=UUID=b6242c65-c3ec-45af-912f-e70f66a54868 ro quiet splash vt.handoff=7
  SourcePackage: xorg
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 07/08/2022
  dmi.bios.release: 1.20
  dmi.bios.vendor: Dell Inc.
  dmi.bios.version: 1.20.0
  dmi.board.name: 0M9F58
  dmi.board.vendor: Dell Inc.
  dmi.board.version: A04
  dmi.chassis.type: 10
  dmi.chassis.vendor: Dell Inc.
  dmi.modalias: 
dmi:bvnDellInc.:bvr1.20.0:bd07/08/2022:br1.20:svnDellInc.:pnVostro5490:pvr:rvnDellInc.:rn0M9F58:rvrA04:cvnDellInc.:ct10:cvr:sku0959:
  dmi.product.family: Vostro
  dmi.product.name: Vostro 5490
  dmi.product.sku: 0959
  dmi.sys.vendor: Dell Inc.
  version.compiz: compiz N/A
  version.libdrm2: libdrm2 2.4.113-2~ubuntu0.22.04.1
  version.libgl1-mesa-dri: libgl1-mesa-dri 22.2.5-0ubuntu0.1~22.04.1
  version.libgl1-mesa-glx: libgl1-mesa-glx N/A
  version.nvidia-graphics-drivers: nvidia-graphics-drivers-* N/A
  version.xserver-xorg-core: xserver-xorg-core 2:21.1.3-2ubuntu2.7
  version.xserver-xorg-input-evdev: xserver-xorg-input-evdev N/A
  version.xserver-xorg-video-ati: xserver-xorg-video-ati 1:19.1.0-2ubuntu1
  version.xserver-xorg-video-intel: xserver-xorg-video-intel 
2:2.99.917+git20210115-1
  version.xserver-xorg-video-nouveau: xserver-xorg-video-nouveau 
1:1.0.17-2build1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xorg/+bug/2009948/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 2011284] Re: A flickering and glitching problem

Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug.  I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privilege boundaries nor directly cause loss of data/privacy.
Please feel free to report any other bugs you may find.

** Information type changed from Private Security to Public

** Package changed: ubuntu => xorg-server (Ubuntu)

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to xorg-server in Ubuntu.
https://bugs.launchpad.net/bugs/2011284

Title:
  A flickering and glitching problem

Status in xorg-server package in Ubuntu:
  New

Bug description:
  Dear Ubuntu Dev,

  
  I've been using my linux UBUNTU 18.04 LTS for the past 6 months and the day 
since I got this computer,It started glitching.Can you please fix that?I have a 
screenshot of the problem and I am unable to play some games due to this 
completely glitching and flickering

  Sincerely,

  Nihar Raju

  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: xorg 1:7.7+19ubuntu7.1
  ProcVersionSignature: Ubuntu 5.4.0-42.46~18.04.1-generic 5.4.44
  Uname: Linux 5.4.0-42-generic x86_64
  NonfreeKernelModules: wl
  ApportVersion: 2.20.9-0ubuntu7.17
  Architecture: amd64
  BootLog: Error: [Errno 13] Permission denied: '/var/log/boot.log'
  CompizPlugins: No value set for 
`/apps/compiz-1/general/screen0/options/active_plugins'
  CompositorRunning: None
  CurrentDesktop: ubuntu:GNOME
  Date: Sat Mar 11 10:44:09 2023
  DistUpgraded: Fresh install
  DistroCodename: bionic
  DistroVariant: ubuntu
  DkmsStatus: bcmwl, 6.30.223.271+bdcom, 5.4.0-42-generic, x86_64: installed
  ExtraDebuggingInterest: Yes, if not too technical
  GraphicsCard:
   Advanced Micro Devices, Inc. [AMD/ATI] Picasso [1002:15d8] (rev df) (prog-if 
00 [VGA controller])
 Subsystem: Hewlett-Packard Company Device [103c:879e]
  InstallationDate: Installed on 2021-02-22 (746 days ago)
  InstallationMedia: Ubuntu 18.04.5 LTS "Bionic Beaver" - Release amd64 
(20200806.1)
  Lsusb:
   Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
   Bus 001 Device 003: ID 0bda:b00c Realtek Semiconductor Corp. 
   Bus 001 Device 002: ID 0408:5365 Quanta Computer, Inc. 
   Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
  MachineType: Hewlett-Packard HP 245 G8 Notebook PC
  ProcEnviron:
   LANGUAGE=en_IN:en
   PATH=(custom, no username)
   XDG_RUNTIME_DIR=
   LANG=en_IN
   SHELL=/bin/bash
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.4.0-42-generic 
root=UUID=0c18d80a-c684-48f5-881d-dbe1c2478f74 ro quiet splash vt.handoff=1
  SourcePackage: xorg
  Symptom: display
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 04/23/2021
  dmi.bios.vendor: AMI
  dmi.bios.version: F.62
  dmi.board.asset.tag: Base Board Asset Tag
  dmi.board.name: 879E
  dmi.board.vendor: Hewlett-Packard
  dmi.board.version: 84.49
  dmi.chassis.asset.tag: 5CG13423RK
  dmi.chassis.type: 10
  dmi.chassis.vendor: Hewlett-Packard
  dmi.chassis.version: Chassis Version
  dmi.modalias: 
dmi:bvnAMI:bvrF.62:bd04/23/2021:svnHewlett-Packard:pnHP245G8NotebookPC:pvr:rvnHewlett-Packard:rn879E:rvr84.49:cvnHewlett-Packard:ct10:cvrChassisVersion:
  dmi.product.family: 103C_5336AN HP 200
  dmi.product.name: HP 245 G8 Notebook PC
  dmi.product.sku: 404V1PC#ACJ
  dmi.sys.vendor: Hewlett-Packard
  version.compiz: compiz N/A
  version.libdrm2: libdrm2 2.4.101-2~18.04.1
  version.libgl1-mesa-dri: libgl1-mesa-dri 20.0.8-0ubuntu1~18.04.1
  version.libgl1-mesa-glx: libgl1-mesa-glx 20.0.8-0ubuntu1~18.04.1
  version.xserver-xorg-core: xserver-xorg-core N/A
  version.xserver-xorg-input-evdev: xserver-xorg-input-evdev N/A
  version.xserver-xorg-video-ati: xserver-xorg-video-ati N/A
  version.xserver-xorg-video-intel: xserver-xorg-video-intel N/A
  version.xserver-xorg-video-nouveau: xserver-xorg-video-nouveau N/A

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xorg-server/+bug/2011284/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 2000644] Re: switching workspaces with shortcut sometimes freezes screen

2023-03-13 Thread marc

I also experience this.. 
But mostly i cant exit overview.  so its not frozen, just stuck. i can still 
click things

i think i also crash when i use a workspace sorting extension.  
and i think i crashed when using pixel safer and with xprop installed

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gnome-shell in Ubuntu.
https://bugs.launchpad.net/bugs/2000644

Title:
  switching workspaces with shortcut sometimes freezes screen

Status in GNOME Shell:
  New
Status in gnome-shell package in Ubuntu:
  Confirmed

Bug description:
  The bottom panel with dots to show which workspace you are on when
  switching with ctrl+alt+arrow sometimes doesn't disappear and gets
  stuck in a half faded or not faded state.  In that state the mouse
  appear stuck and the screen freezes until the super key is pressed to
  show overview or the workspace is switched again.

  Ubuntu 22.10, gnome-shell 43.1-0ubuntu1, Wayland, Nvidia on-demand,
  Nvidia driver 525.60.11

To manage notifications about this bug go to:
https://bugs.launchpad.net/gnome-shell/+bug/2000644/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 2007743] Re: intramfs Failed: ZSTD-compressed data

2023-03-13 Thread Marc Püschel

@Julian Andres Klode (~juliank)

what is the current status of progress here? it would be really nice, if
a bugfix will be released soon.

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/2007743

Title:
  intramfs Failed: ZSTD-compressed data

Status in grub2-unsigned package in Ubuntu:
  Triaged

Bug description:
  The current updates of Ubuntu 22.04.2 LTS results on boot (black
  screen) the message "not enough memory, press any key" and after comes
  any others "error messages" too and then Ubuntu starts!

  Maybe this Bug results from the current AMD Kernel Updates on "modern"
  Prozessors or Update for the Grub or something - i'don't know - there
  are many System-Updates yesterday and all comes over Ubuntu Store as
  package

  # lsb_release -rd
  Description:  Ubuntu 22.04.2 LTS
  Release:  22.04

  # dpkg -l | grep init
  ii  busybox-initramfs  1:1.30.1-7ubuntu3  
  amd64Standalone shell setup for initramfs
  ii  gnome-initial-setup42.0.1-1ubuntu2.3  
  amd64Initial GNOME system setup helper
  ii  init   1.62   
  amd64metapackage ensuring an init system is installed
  ii  init-system-helpers1.62   
  all  helper tools for all init systems
  ii  initramfs-tools0.140ubuntu13.1
  all  generic modular initramfs generator (automation)
  ii  initramfs-tools-bin0.140ubuntu13.1
  amd64binaries used by initramfs-tools
  ii  initramfs-tools-core   0.140ubuntu13.1
  all  generic modular initramfs generator (core tools)
  ii  libatopology2:amd641.2.6.1-1ubuntu1   
  amd64shared library for handling ALSA topology definitions
  ii  libklibc:amd64 2.0.10-4   
  amd64minimal libc subset for use with initramfs
  ii  lsb-base   11.1.0ubuntu4  
  all  Linux Standard Base init script functionality
  ii  ncurses-base   6.3-2  
  all  basic terminal type definitions
  ii  sysvinit-utils 3.01-1ubuntu1  
  amd64System-V-like utilities
  ii  xinit  1.4.1-0ubuntu4 
  amd64X server initialisation tool

  # dpkg -l | grep zfs
  -> brings no information here

  # zfs list
  -> zfs is not installed here

  if you need more system-infos to solve this Bug, please let me know!
  The first error means "Not Enough Memory, Please press any key" - you can 
press any key (but you don't need) and it comes the "intramfs Failed: 
ZSTD-compressed data ..." and then the Ubuntu Login screen comes up.

  Please be patient with me, I'm new to Ubuntu and Launchpad and don't
  know much about it yet

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2-unsigned/+bug/2007743/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 2007743] Re: intramfs Failed: ZSTD-compressed data

2023-03-02 Thread Marc Püschel

@Julian Andres Klode (juliank)

thanks for getting back. Okay, please keep me up-to-date and do not
forget the bug

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/2007743

Title:
  intramfs Failed: ZSTD-compressed data

Status in grub2-unsigned package in Ubuntu:
  Triaged

Bug description:
  The current updates of Ubuntu 22.04.2 LTS results on boot (black
  screen) the message "not enough memory, press any key" and after comes
  any others "error messages" too and then Ubuntu starts!

  Maybe this Bug results from the current AMD Kernel Updates on "modern"
  Prozessors or Update for the Grub or something - i'don't know - there
  are many System-Updates yesterday and all comes over Ubuntu Store as
  package

  # lsb_release -rd
  Description:  Ubuntu 22.04.2 LTS
  Release:  22.04

  # dpkg -l | grep init
  ii  busybox-initramfs  1:1.30.1-7ubuntu3  
  amd64Standalone shell setup for initramfs
  ii  gnome-initial-setup42.0.1-1ubuntu2.3  
  amd64Initial GNOME system setup helper
  ii  init   1.62   
  amd64metapackage ensuring an init system is installed
  ii  init-system-helpers1.62   
  all  helper tools for all init systems
  ii  initramfs-tools0.140ubuntu13.1
  all  generic modular initramfs generator (automation)
  ii  initramfs-tools-bin0.140ubuntu13.1
  amd64binaries used by initramfs-tools
  ii  initramfs-tools-core   0.140ubuntu13.1
  all  generic modular initramfs generator (core tools)
  ii  libatopology2:amd641.2.6.1-1ubuntu1   
  amd64shared library for handling ALSA topology definitions
  ii  libklibc:amd64 2.0.10-4   
  amd64minimal libc subset for use with initramfs
  ii  lsb-base   11.1.0ubuntu4  
  all  Linux Standard Base init script functionality
  ii  ncurses-base   6.3-2  
  all  basic terminal type definitions
  ii  sysvinit-utils 3.01-1ubuntu1  
  amd64System-V-like utilities
  ii  xinit  1.4.1-0ubuntu4 
  amd64X server initialisation tool

  # dpkg -l | grep zfs
  -> brings no information here

  # zfs list
  -> zfs is not installed here

  if you need more system-infos to solve this Bug, please let me know!
  The first error means "Not Enough Memory, Please press any key" - you can 
press any key (but you don't need) and it comes the "intramfs Failed: 
ZSTD-compressed data ..." and then the Ubuntu Login screen comes up.

  Please be patient with me, I'm new to Ubuntu and Launchpad and don't
  know much about it yet

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2-unsigned/+bug/2007743/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 2008907] Re: Ubuntu 22.04.2 Update GNOME-Software fails

the problem solved itself by unknown reason. Unfortunately i can't close
or delete this bug.

** Changed in: gnome-software (Ubuntu)
   Status: New => Invalid

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/2008907

Title:
  Ubuntu 22.04.2 Update GNOME-Software fails

Status in gnome-software package in Ubuntu:
  Invalid

Bug description:
  I have currently some updates on the Ubuntu Store, but i can't install
  them, the Ubuntu Store results

  Prepared update not found: /var/lib/PackageKit/prepared-update

  If i run

  # sudo apt-get update && sudo apt-get dist-upgrade

  I get this (sorry german only):

  Die folgenden Pakete sind zurückgehalten worden:
    chromium-codecs-ffmpeg-extra evince evince-common fonts-opensymbol
    gir1.2-pango-1.0 isc-dhcp-client isc-dhcp-common libevdocument3-4
    libevview3-3 libmbim-glib4 libmbim-proxy libmm-glib0 libpango-1.0-0
    libpangocairo-1.0-0 libpangoft2-1.0-0 libpangoxft-1.0-0 libqmi-glib5
    libqmi-proxy libreoffice-base-core libreoffice-calc libreoffice-common
    libreoffice-core libreoffice-draw libreoffice-gnome libreoffice-gtk3
    libreoffice-help-common libreoffice-help-de libreoffice-help-en-us
    libreoffice-impress libreoffice-l10n-de libreoffice-math
    libreoffice-ogltrans libreoffice-pdfimport libreoffice-style-breeze
    libreoffice-style-colibre libreoffice-style-elementary
    libreoffice-style-yaru libreoffice-writer libsasl2-2 libsasl2-modules
    libsasl2-modules-db libsasl2-modules-gssapi-mit libsnmp-base libsnmp40
    libuno-cppu3 libuno-cppuhelpergcc3-3 libuno-purpenvhelpergcc3-3 libuno-sal3
    libuno-salhelpergcc3-3 modemmanager python3-macaroonbakery
    python3-software-properties python3-uno software-properties-common
    software-properties-gtk uno-libs-private ure

  and yes, indeed, this file /var/lib/PackageKit/prepared-update really
  don't exists but why?

  I have also tried to stop the gnome-software and restart, in this case
  the Ubuntu Store fetch the data new, but this also do not help - the
  same updates come up but i can't install them.

  https://abload.de/img/bildschirmfotovom20237pdzo.png

  Or is this a result of this:
  https://bugs.launchpad.net/ubuntu/+source/grub2-unsigned/+bug/2007743

  And i have little investigated this error, and i found out, that Red Hat had 
in 2021 a similar issue
  https://bugzilla.redhat.com/show_bug.cgi?id=1995817

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnome-software/+bug/2008907/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 2008907] Re: Ubuntu 22.04.2 Update GNOME-Software fails

sorry, please ignore this BUG here, i don't know why but now i was able
to download the updates and install it successfully.

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/2008907

Title:
  Ubuntu 22.04.2 Update GNOME-Software fails

Status in gnome-software package in Ubuntu:
  Invalid

Bug description:
  I have currently some updates on the Ubuntu Store, but i can't install
  them, the Ubuntu Store results

  Prepared update not found: /var/lib/PackageKit/prepared-update

  If i run

  # sudo apt-get update && sudo apt-get dist-upgrade

  I get this (sorry german only):

  Die folgenden Pakete sind zurückgehalten worden:
    chromium-codecs-ffmpeg-extra evince evince-common fonts-opensymbol
    gir1.2-pango-1.0 isc-dhcp-client isc-dhcp-common libevdocument3-4
    libevview3-3 libmbim-glib4 libmbim-proxy libmm-glib0 libpango-1.0-0
    libpangocairo-1.0-0 libpangoft2-1.0-0 libpangoxft-1.0-0 libqmi-glib5
    libqmi-proxy libreoffice-base-core libreoffice-calc libreoffice-common
    libreoffice-core libreoffice-draw libreoffice-gnome libreoffice-gtk3
    libreoffice-help-common libreoffice-help-de libreoffice-help-en-us
    libreoffice-impress libreoffice-l10n-de libreoffice-math
    libreoffice-ogltrans libreoffice-pdfimport libreoffice-style-breeze
    libreoffice-style-colibre libreoffice-style-elementary
    libreoffice-style-yaru libreoffice-writer libsasl2-2 libsasl2-modules
    libsasl2-modules-db libsasl2-modules-gssapi-mit libsnmp-base libsnmp40
    libuno-cppu3 libuno-cppuhelpergcc3-3 libuno-purpenvhelpergcc3-3 libuno-sal3
    libuno-salhelpergcc3-3 modemmanager python3-macaroonbakery
    python3-software-properties python3-uno software-properties-common
    software-properties-gtk uno-libs-private ure

  and yes, indeed, this file /var/lib/PackageKit/prepared-update really
  don't exists but why?

  I have also tried to stop the gnome-software and restart, in this case
  the Ubuntu Store fetch the data new, but this also do not help - the
  same updates come up but i can't install them.

  https://abload.de/img/bildschirmfotovom20237pdzo.png

  Or is this a result of this:
  https://bugs.launchpad.net/ubuntu/+source/grub2-unsigned/+bug/2007743

  And i have little investigated this error, and i found out, that Red Hat had 
in 2021 a similar issue
  https://bugzilla.redhat.com/show_bug.cgi?id=1995817

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnome-software/+bug/2008907/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 2007743] Re: intramfs Failed: ZSTD-compressed data

what is the current status of progress here? it would be really nice, if
a bugfix will be released soon.

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/2007743

Title:
  intramfs Failed: ZSTD-compressed data

Status in grub2-unsigned package in Ubuntu:
  Triaged

Bug description:
  The current updates of Ubuntu 22.04.2 LTS results on boot (black
  screen) the message "not enough memory, press any key" and after comes
  any others "error messages" too and then Ubuntu starts!

  Maybe this Bug results from the current AMD Kernel Updates on "modern"
  Prozessors or Update for the Grub or something - i'don't know - there
  are many System-Updates yesterday and all comes over Ubuntu Store as
  package

  # lsb_release -rd
  Description:  Ubuntu 22.04.2 LTS
  Release:  22.04

  # dpkg -l | grep init
  ii  busybox-initramfs  1:1.30.1-7ubuntu3  
  amd64Standalone shell setup for initramfs
  ii  gnome-initial-setup42.0.1-1ubuntu2.3  
  amd64Initial GNOME system setup helper
  ii  init   1.62   
  amd64metapackage ensuring an init system is installed
  ii  init-system-helpers1.62   
  all  helper tools for all init systems
  ii  initramfs-tools0.140ubuntu13.1
  all  generic modular initramfs generator (automation)
  ii  initramfs-tools-bin0.140ubuntu13.1
  amd64binaries used by initramfs-tools
  ii  initramfs-tools-core   0.140ubuntu13.1
  all  generic modular initramfs generator (core tools)
  ii  libatopology2:amd641.2.6.1-1ubuntu1   
  amd64shared library for handling ALSA topology definitions
  ii  libklibc:amd64 2.0.10-4   
  amd64minimal libc subset for use with initramfs
  ii  lsb-base   11.1.0ubuntu4  
  all  Linux Standard Base init script functionality
  ii  ncurses-base   6.3-2  
  all  basic terminal type definitions
  ii  sysvinit-utils 3.01-1ubuntu1  
  amd64System-V-like utilities
  ii  xinit  1.4.1-0ubuntu4 
  amd64X server initialisation tool

  # dpkg -l | grep zfs
  -> brings no information here

  # zfs list
  -> zfs is not installed here

  if you need more system-infos to solve this Bug, please let me know!
  The first error means "Not Enough Memory, Please press any key" - you can 
press any key (but you don't need) and it comes the "intramfs Failed: 
ZSTD-compressed data ..." and then the Ubuntu Login screen comes up.

  Please be patient with me, I'm new to Ubuntu and Launchpad and don't
  know much about it yet

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2-unsigned/+bug/2007743/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 2008907] Re: Ubuntu 22.04.2 Update GNOME-Software fails

** Description changed:

  I have currently some updates on the Ubuntu Store, but i can't install
  them, the Ubuntu Store results
  
  Prepared update not found: /var/lib/PackageKit/prepared-update
  
  If i run
  
  # sudo apt-get update && sudo apt-get dist-upgrade
  
  I get this (sorry german only):
  
  Die folgenden Pakete sind zurückgehalten worden:
    chromium-codecs-ffmpeg-extra evince evince-common fonts-opensymbol
    gir1.2-pango-1.0 isc-dhcp-client isc-dhcp-common libevdocument3-4
    libevview3-3 libmbim-glib4 libmbim-proxy libmm-glib0 libpango-1.0-0
    libpangocairo-1.0-0 libpangoft2-1.0-0 libpangoxft-1.0-0 libqmi-glib5
    libqmi-proxy libreoffice-base-core libreoffice-calc libreoffice-common
    libreoffice-core libreoffice-draw libreoffice-gnome libreoffice-gtk3
    libreoffice-help-common libreoffice-help-de libreoffice-help-en-us
    libreoffice-impress libreoffice-l10n-de libreoffice-math
    libreoffice-ogltrans libreoffice-pdfimport libreoffice-style-breeze
    libreoffice-style-colibre libreoffice-style-elementary
    libreoffice-style-yaru libreoffice-writer libsasl2-2 libsasl2-modules
    libsasl2-modules-db libsasl2-modules-gssapi-mit libsnmp-base libsnmp40
    libuno-cppu3 libuno-cppuhelpergcc3-3 libuno-purpenvhelpergcc3-3 libuno-sal3
    libuno-salhelpergcc3-3 modemmanager python3-macaroonbakery
    python3-software-properties python3-uno software-properties-common
    software-properties-gtk uno-libs-private ure
  
  and yes, indeed, this file /var/lib/PackageKit/prepared-update really
  don't exists but why?
  
  I have also tried to stop the gnome-software and restart, in this case
  the Ubuntu Store fetch the data new, but this also do not help - the
  same updates come up but i can't install them.
  
  https://abload.de/img/bildschirmfotovom20237pdzo.png
+ 
+ Or is this a result of this:
+ https://bugs.launchpad.net/ubuntu/+source/grub2-unsigned/+bug/2007743

** Description changed:

  I have currently some updates on the Ubuntu Store, but i can't install
  them, the Ubuntu Store results
  
  Prepared update not found: /var/lib/PackageKit/prepared-update
  
  If i run
  
  # sudo apt-get update && sudo apt-get dist-upgrade
  
  I get this (sorry german only):
  
  Die folgenden Pakete sind zurückgehalten worden:
    chromium-codecs-ffmpeg-extra evince evince-common fonts-opensymbol
    gir1.2-pango-1.0 isc-dhcp-client isc-dhcp-common libevdocument3-4
    libevview3-3 libmbim-glib4 libmbim-proxy libmm-glib0 libpango-1.0-0
    libpangocairo-1.0-0 libpangoft2-1.0-0 libpangoxft-1.0-0 libqmi-glib5
    libqmi-proxy libreoffice-base-core libreoffice-calc libreoffice-common
    libreoffice-core libreoffice-draw libreoffice-gnome libreoffice-gtk3
    libreoffice-help-common libreoffice-help-de libreoffice-help-en-us
    libreoffice-impress libreoffice-l10n-de libreoffice-math
    libreoffice-ogltrans libreoffice-pdfimport libreoffice-style-breeze
    libreoffice-style-colibre libreoffice-style-elementary
    libreoffice-style-yaru libreoffice-writer libsasl2-2 libsasl2-modules
    libsasl2-modules-db libsasl2-modules-gssapi-mit libsnmp-base libsnmp40
    libuno-cppu3 libuno-cppuhelpergcc3-3 libuno-purpenvhelpergcc3-3 libuno-sal3
    libuno-salhelpergcc3-3 modemmanager python3-macaroonbakery
    python3-software-properties python3-uno software-properties-common
    software-properties-gtk uno-libs-private ure
  
  and yes, indeed, this file /var/lib/PackageKit/prepared-update really
  don't exists but why?
  
  I have also tried to stop the gnome-software and restart, in this case
  the Ubuntu Store fetch the data new, but this also do not help - the
  same updates come up but i can't install them.
  
  https://abload.de/img/bildschirmfotovom20237pdzo.png
  
  Or is this a result of this:
  https://bugs.launchpad.net/ubuntu/+source/grub2-unsigned/+bug/2007743
+ 
+ And i have little investigated this error, and i found out, that Red Hat had 
in 2021 a similar issue
+ https://bugzilla.redhat.com/show_bug.cgi?id=1995817

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/2008907

Title:
  Ubuntu 22.04.2 Update GNOME-Software fails

Status in gnome-software package in Ubuntu:
  New

Bug description:
  I have currently some updates on the Ubuntu Store, but i can't install
  them, the Ubuntu Store results

  Prepared update not found: /var/lib/PackageKit/prepared-update

  If i run

  # sudo apt-get update && sudo apt-get dist-upgrade

  I get this (sorry german only):

  Die folgenden Pakete sind zurückgehalten worden:
    chromium-codecs-ffmpeg-extra evince evince-common fonts-opensymbol
    gir1.2-pango-1.0 isc-dhcp-client isc-dhcp-common libevdocument3-4
    libevview3-3 libmbim-glib4 libmbim-proxy libmm-glib0 libpango-1.0-0
    libpangocairo-1.0-0 libpangoft2-1.0-0 libpangoxft-1.0-0 libqmi-glib5
    libqmi-proxy libreoffice-base-core libreoffice-calc libreoffice-common

[Desktop-packages] [Bug 2008907] Re: Ubuntu 22.04.2 Update fails

** Description changed:

  I have currently some updates on the Ubuntu Store, but i can't install
  them, the Ubuntu Store results
  
  Prepared update not found: /var/lib/PackageKit/prepared-update
  
  If i run
  
  # sudo apt-get update && sudo apt-get dist-upgrade
  
  I get this (sorry german only):
  
  Die folgenden Pakete sind zurückgehalten worden:
    chromium-codecs-ffmpeg-extra evince evince-common fonts-opensymbol
    gir1.2-pango-1.0 isc-dhcp-client isc-dhcp-common libevdocument3-4
    libevview3-3 libmbim-glib4 libmbim-proxy libmm-glib0 libpango-1.0-0
    libpangocairo-1.0-0 libpangoft2-1.0-0 libpangoxft-1.0-0 libqmi-glib5
    libqmi-proxy libreoffice-base-core libreoffice-calc libreoffice-common
    libreoffice-core libreoffice-draw libreoffice-gnome libreoffice-gtk3
    libreoffice-help-common libreoffice-help-de libreoffice-help-en-us
    libreoffice-impress libreoffice-l10n-de libreoffice-math
    libreoffice-ogltrans libreoffice-pdfimport libreoffice-style-breeze
    libreoffice-style-colibre libreoffice-style-elementary
    libreoffice-style-yaru libreoffice-writer libsasl2-2 libsasl2-modules
    libsasl2-modules-db libsasl2-modules-gssapi-mit libsnmp-base libsnmp40
    libuno-cppu3 libuno-cppuhelpergcc3-3 libuno-purpenvhelpergcc3-3 libuno-sal3
    libuno-salhelpergcc3-3 modemmanager python3-macaroonbakery
    python3-software-properties python3-uno software-properties-common
    software-properties-gtk uno-libs-private ure
  
  and yes, indeed, this file /var/lib/PackageKit/prepared-update really
  don't exists but why?
  
  I have also tried to stop the gnome-software and restart, in this case
  the Ubuntu Store fetch the data new, but this also do not help - the
  same updates come up but i can't install them.
  
  https://abload.de/img/bildschirmfotovom20237pdzo.png
- 
- @Julian Andres Klode (juliank):
- 
- ich habe absichtlich dich hier hinzugefügt, weil ich weiß, dass du
- deutsch sprichst ;-)

** Summary changed:

- Ubuntu 22.04.2 Update fails
+ Ubuntu 22.04.2 Update GNOME-Software fails

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/2008907

Title:
  Ubuntu 22.04.2 Update GNOME-Software fails

Status in gnome-software package in Ubuntu:
  New

Bug description:
  I have currently some updates on the Ubuntu Store, but i can't install
  them, the Ubuntu Store results

  Prepared update not found: /var/lib/PackageKit/prepared-update

  If i run

  # sudo apt-get update && sudo apt-get dist-upgrade

  I get this (sorry german only):

  Die folgenden Pakete sind zurückgehalten worden:
    chromium-codecs-ffmpeg-extra evince evince-common fonts-opensymbol
    gir1.2-pango-1.0 isc-dhcp-client isc-dhcp-common libevdocument3-4
    libevview3-3 libmbim-glib4 libmbim-proxy libmm-glib0 libpango-1.0-0
    libpangocairo-1.0-0 libpangoft2-1.0-0 libpangoxft-1.0-0 libqmi-glib5
    libqmi-proxy libreoffice-base-core libreoffice-calc libreoffice-common
    libreoffice-core libreoffice-draw libreoffice-gnome libreoffice-gtk3
    libreoffice-help-common libreoffice-help-de libreoffice-help-en-us
    libreoffice-impress libreoffice-l10n-de libreoffice-math
    libreoffice-ogltrans libreoffice-pdfimport libreoffice-style-breeze
    libreoffice-style-colibre libreoffice-style-elementary
    libreoffice-style-yaru libreoffice-writer libsasl2-2 libsasl2-modules
    libsasl2-modules-db libsasl2-modules-gssapi-mit libsnmp-base libsnmp40
    libuno-cppu3 libuno-cppuhelpergcc3-3 libuno-purpenvhelpergcc3-3 libuno-sal3
    libuno-salhelpergcc3-3 modemmanager python3-macaroonbakery
    python3-software-properties python3-uno software-properties-common
    software-properties-gtk uno-libs-private ure

  and yes, indeed, this file /var/lib/PackageKit/prepared-update really
  don't exists but why?

  I have also tried to stop the gnome-software and restart, in this case
  the Ubuntu Store fetch the data new, but this also do not help - the
  same updates come up but i can't install them.

  https://abload.de/img/bildschirmfotovom20237pdzo.png

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnome-software/+bug/2008907/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 2008907] Re: Ubuntu 22.04.2 Update fails

** Description changed:

  I have currently some updates on the Ubuntu Store, but i can't install
  them, the Ubuntu Store results
  
  Prepared update not found: /var/lib/PackageKit/prepared-update
  
  If i run
  
  # sudo apt-get update && sudo apt-get dist-upgrade
  
  I get this (sorry german only):
  
  Die folgenden Pakete sind zurückgehalten worden:
    chromium-codecs-ffmpeg-extra evince evince-common fonts-opensymbol
    gir1.2-pango-1.0 isc-dhcp-client isc-dhcp-common libevdocument3-4
    libevview3-3 libmbim-glib4 libmbim-proxy libmm-glib0 libpango-1.0-0
    libpangocairo-1.0-0 libpangoft2-1.0-0 libpangoxft-1.0-0 libqmi-glib5
    libqmi-proxy libreoffice-base-core libreoffice-calc libreoffice-common
    libreoffice-core libreoffice-draw libreoffice-gnome libreoffice-gtk3
    libreoffice-help-common libreoffice-help-de libreoffice-help-en-us
    libreoffice-impress libreoffice-l10n-de libreoffice-math
    libreoffice-ogltrans libreoffice-pdfimport libreoffice-style-breeze
    libreoffice-style-colibre libreoffice-style-elementary
    libreoffice-style-yaru libreoffice-writer libsasl2-2 libsasl2-modules
    libsasl2-modules-db libsasl2-modules-gssapi-mit libsnmp-base libsnmp40
    libuno-cppu3 libuno-cppuhelpergcc3-3 libuno-purpenvhelpergcc3-3 libuno-sal3
    libuno-salhelpergcc3-3 modemmanager python3-macaroonbakery
    python3-software-properties python3-uno software-properties-common
    software-properties-gtk uno-libs-private ure
  
  and yes, indeed, this file /var/lib/PackageKit/prepared-update really
  don't exists but why?
  
  I have also tried to stop the gnome-software and restart, in this case
  the Ubuntu Store fetch the data new, but this also do not help - the
  same updates come up but i can't install them.
  
+ https://abload.de/img/bildschirmfotovom20237pdzo.png
+ 
  @Julian Andres Klode (juliank):
  
  ich habe absichtlich dich hier hinzugefügt, weil ich weiß, dass du
  deutsch sprichst ;-)

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gnome-software in Ubuntu.
https://bugs.launchpad.net/bugs/2008907

Title:
  Ubuntu 22.04.2 Update fails

Status in gnome-software package in Ubuntu:
  New

Bug description:
  I have currently some updates on the Ubuntu Store, but i can't install
  them, the Ubuntu Store results

  Prepared update not found: /var/lib/PackageKit/prepared-update

  If i run

  # sudo apt-get update && sudo apt-get dist-upgrade

  I get this (sorry german only):

  Die folgenden Pakete sind zurückgehalten worden:
    chromium-codecs-ffmpeg-extra evince evince-common fonts-opensymbol
    gir1.2-pango-1.0 isc-dhcp-client isc-dhcp-common libevdocument3-4
    libevview3-3 libmbim-glib4 libmbim-proxy libmm-glib0 libpango-1.0-0
    libpangocairo-1.0-0 libpangoft2-1.0-0 libpangoxft-1.0-0 libqmi-glib5
    libqmi-proxy libreoffice-base-core libreoffice-calc libreoffice-common
    libreoffice-core libreoffice-draw libreoffice-gnome libreoffice-gtk3
    libreoffice-help-common libreoffice-help-de libreoffice-help-en-us
    libreoffice-impress libreoffice-l10n-de libreoffice-math
    libreoffice-ogltrans libreoffice-pdfimport libreoffice-style-breeze
    libreoffice-style-colibre libreoffice-style-elementary
    libreoffice-style-yaru libreoffice-writer libsasl2-2 libsasl2-modules
    libsasl2-modules-db libsasl2-modules-gssapi-mit libsnmp-base libsnmp40
    libuno-cppu3 libuno-cppuhelpergcc3-3 libuno-purpenvhelpergcc3-3 libuno-sal3
    libuno-salhelpergcc3-3 modemmanager python3-macaroonbakery
    python3-software-properties python3-uno software-properties-common
    software-properties-gtk uno-libs-private ure

  and yes, indeed, this file /var/lib/PackageKit/prepared-update really
  don't exists but why?

  I have also tried to stop the gnome-software and restart, in this case
  the Ubuntu Store fetch the data new, but this also do not help - the
  same updates come up but i can't install them.

  https://abload.de/img/bildschirmfotovom20237pdzo.png

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnome-software/+bug/2008907/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 2008907] Re: Ubuntu 22.04.2 Update fails

** Package changed: ubuntu => gnome-software (Ubuntu)

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gnome-software in Ubuntu.
https://bugs.launchpad.net/bugs/2008907

Title:
  Ubuntu 22.04.2 Update fails

Status in gnome-software package in Ubuntu:
  New

Bug description:
  I have currently some updates on the Ubuntu Store, but i can't install
  them, the Ubuntu Store results

  Prepared update not found: /var/lib/PackageKit/prepared-update

  If i run

  # sudo apt-get update && sudo apt-get dist-upgrade

  I get this (sorry german only):

  Die folgenden Pakete sind zurückgehalten worden:
    chromium-codecs-ffmpeg-extra evince evince-common fonts-opensymbol
    gir1.2-pango-1.0 isc-dhcp-client isc-dhcp-common libevdocument3-4
    libevview3-3 libmbim-glib4 libmbim-proxy libmm-glib0 libpango-1.0-0
    libpangocairo-1.0-0 libpangoft2-1.0-0 libpangoxft-1.0-0 libqmi-glib5
    libqmi-proxy libreoffice-base-core libreoffice-calc libreoffice-common
    libreoffice-core libreoffice-draw libreoffice-gnome libreoffice-gtk3
    libreoffice-help-common libreoffice-help-de libreoffice-help-en-us
    libreoffice-impress libreoffice-l10n-de libreoffice-math
    libreoffice-ogltrans libreoffice-pdfimport libreoffice-style-breeze
    libreoffice-style-colibre libreoffice-style-elementary
    libreoffice-style-yaru libreoffice-writer libsasl2-2 libsasl2-modules
    libsasl2-modules-db libsasl2-modules-gssapi-mit libsnmp-base libsnmp40
    libuno-cppu3 libuno-cppuhelpergcc3-3 libuno-purpenvhelpergcc3-3 libuno-sal3
    libuno-salhelpergcc3-3 modemmanager python3-macaroonbakery
    python3-software-properties python3-uno software-properties-common
    software-properties-gtk uno-libs-private ure

  and yes, indeed, this file /var/lib/PackageKit/prepared-update really
  don't exists but why?

  I have also tried to stop the gnome-software and restart, in this case
  the Ubuntu Store fetch the data new, but this also do not help - the
  same updates come up but i can't install them.

  https://abload.de/img/bildschirmfotovom20237pdzo.png

  @Julian Andres Klode (juliank):

  ich habe absichtlich dich hier hinzugefügt, weil ich weiß, dass du
  deutsch sprichst ;-)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnome-software/+bug/2008907/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1998060] Re: CVE-2022-37290: Pasted zip archive/invalid file causes NPD

2023-02-17 Thread Marc Deslauriers

The update is for kinetic, did you test it on kinetic?

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to nautilus in Ubuntu.
https://bugs.launchpad.net/bugs/1998060

Title:
  CVE-2022-37290: Pasted zip archive/invalid file causes NPD

Status in caja package in Ubuntu:
  New
Status in nautilus package in Ubuntu:
  Fix Released
Status in nemo package in Ubuntu:
  Fix Committed
Status in caja source package in Focal:
  New
Status in nautilus source package in Focal:
  Fix Released
Status in nemo source package in Focal:
  New
Status in caja source package in Jammy:
  New
Status in nautilus source package in Jammy:
  Fix Released
Status in nemo source package in Jammy:
  New
Status in caja source package in Kinetic:
  New
Status in nautilus source package in Kinetic:
  Fix Released
Status in nemo source package in Kinetic:
  In Progress
Status in caja source package in Lunar:
  New
Status in nautilus source package in Lunar:
  Fix Released
Status in nemo source package in Lunar:
  Fix Committed

Bug description:
  A bug for the triage/patching of CVE-2022-37290.

  In get_basename() and g_file_get_basename(), when the file name cannot
  be parsed, NULL is returned; Nautilus does not check this and this
  results in a NPD and a crash.

  The issue on GNOME GitLab explains this pretty well:
  https://gitlab.gnome.org/GNOME/nautilus/-/issues/2376

  And the code in question is also in Nemo and Caja.

  History of the code: The faulty code was introduced in Nautilus 2.20,
  before Nemo and Caja were forked; these file managers have the same
  issue and same code in the function.

  The simplest POC I found was running this via DBus, which I'm not 100%
  sure if I've altered correctly for Nemo and Caja, but regardless for
  Nautilus this results in a crash.

  ```
  Nov 27 20:38:32 Joshua-2210Test nautilus[5433]: g_object_ref: assertion 
'G_IS_OBJECT (object)' failed
  Nov 27 20:38:32 Joshua-2210Test kernel: [  825.449866] pool-org.gnome.[5439]: 
segfault at 0 ip 7f3058c6c570 sp 7f3051dfa968 error 4 in 
libglib-2.0.so.0.7400.0[7f3058c03000+8f000]
  Nov 27 20:38:32 Joshua-2210Test kernel: [  825.449878] Code: 0f 85 bc fe ff 
ff e9 42 ff ff ff 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 f3 0f 1e fa 48 
89 d1 48 85 f6 0f 89 b0 00 00 00 <0f> b6 07 84 c0 75 15 eb 27 0f 1f 80 00 00 00 
00 0f b6 42 01 48 8d
  ```

  Attached is the poc.py, made by Wu Chunming.

  ** Nemo **
  Upstream, version 5.6.0:
  (more advanced/verbose) upstream patch: 
https://github.com/linuxmint/nemo/commit/b9953e61f61724f46740ac77317720549cdf6005
  possible further problems: 
https://github.com/linuxmint/nemo/commit/33c37a82e88a8e6b289b3b0d2010ce0caece4bdb

  ProblemType: Bug
  DistroRelease: Ubuntu 22.10
  Package: nautilus 1:43.0-1ubuntu1
  ProcVersionSignature: Ubuntu 5.19.0-23.24-generic 5.19.7
  Uname: Linux 5.19.0-23-generic x86_64
  ApportVersion: 2.23.1-0ubuntu3
  Architecture: amd64
  CasperMD5CheckResult: pass
  CurrentDesktop: ubuntu:GNOME
  Date: Sun Nov 27 20:41:20 2022
  GsettingsChanges:

  InstallationDate: Installed on 2022-09-18 (70 days ago)
  InstallationMedia: Ubuntu 22.10 "Kinetic Kudu" - Alpha amd64 (20220918)
  ProcEnviron:
   SHELL=/bin/bash
   LANG=en_US.UTF-8
   TERM=xterm-256color
   XDG_RUNTIME_DIR=
   PATH=(custom, no user)
  SourcePackage: nautilus
  UpgradeStatus: No upgrade log present (probably fresh install)
  usr_lib_nautilus:
   file-roller   43.0-1
   nautilus-extension-gnome-terminal 3.46.2-1ubuntu1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/caja/+bug/1998060/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1998060] Re: CVE-2022-37290: Pasted zip archive/invalid file causes NPD

2023-02-09 Thread Marc Deslauriers

ACK on the debdiff in comment #8. I have slightly adjusted it to add the
bug number to the changelog and to fix the urls in the patch. I have
uploaded it to the security team PPA here:

https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa

Please test it to make sure it works properly, and comment back in this
bug, at which point I will release it as a security update. Thanks!

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to nautilus in Ubuntu.
https://bugs.launchpad.net/bugs/1998060

Title:
  CVE-2022-37290: Pasted zip archive/invalid file causes NPD

Status in caja package in Ubuntu:
  New
Status in nautilus package in Ubuntu:
  Fix Released
Status in nemo package in Ubuntu:
  Fix Committed
Status in caja source package in Focal:
  New
Status in nautilus source package in Focal:
  Fix Released
Status in nemo source package in Focal:
  New
Status in caja source package in Jammy:
  New
Status in nautilus source package in Jammy:
  Fix Released
Status in nemo source package in Jammy:
  New
Status in caja source package in Kinetic:
  New
Status in nautilus source package in Kinetic:
  Fix Released
Status in nemo source package in Kinetic:
  In Progress
Status in caja source package in Lunar:
  New
Status in nautilus source package in Lunar:
  Fix Released
Status in nemo source package in Lunar:
  Fix Committed

Bug description:
  A bug for the triage/patching of CVE-2022-37290.

  In get_basename() and g_file_get_basename(), when the file name cannot
  be parsed, NULL is returned; Nautilus does not check this and this
  results in a NPD and a crash.

  The issue on GNOME GitLab explains this pretty well:
  https://gitlab.gnome.org/GNOME/nautilus/-/issues/2376

  And the code in question is also in Nemo and Caja.

  History of the code: The faulty code was introduced in Nautilus 2.20,
  before Nemo and Caja were forked; these file managers have the same
  issue and same code in the function.

  The simplest POC I found was running this via DBus, which I'm not 100%
  sure if I've altered correctly for Nemo and Caja, but regardless for
  Nautilus this results in a crash.

  ```
  Nov 27 20:38:32 Joshua-2210Test nautilus[5433]: g_object_ref: assertion 
'G_IS_OBJECT (object)' failed
  Nov 27 20:38:32 Joshua-2210Test kernel: [  825.449866] pool-org.gnome.[5439]: 
segfault at 0 ip 7f3058c6c570 sp 7f3051dfa968 error 4 in 
libglib-2.0.so.0.7400.0[7f3058c03000+8f000]
  Nov 27 20:38:32 Joshua-2210Test kernel: [  825.449878] Code: 0f 85 bc fe ff 
ff e9 42 ff ff ff 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 f3 0f 1e fa 48 
89 d1 48 85 f6 0f 89 b0 00 00 00 <0f> b6 07 84 c0 75 15 eb 27 0f 1f 80 00 00 00 
00 0f b6 42 01 48 8d
  ```

  Attached is the poc.py, made by Wu Chunming.

  ** Nemo **
  Upstream, version 5.6.0:
  (more advanced/verbose) upstream patch: 
https://github.com/linuxmint/nemo/commit/b9953e61f61724f46740ac77317720549cdf6005
  possible further problems: 
https://github.com/linuxmint/nemo/commit/33c37a82e88a8e6b289b3b0d2010ce0caece4bdb

  ProblemType: Bug
  DistroRelease: Ubuntu 22.10
  Package: nautilus 1:43.0-1ubuntu1
  ProcVersionSignature: Ubuntu 5.19.0-23.24-generic 5.19.7
  Uname: Linux 5.19.0-23-generic x86_64
  ApportVersion: 2.23.1-0ubuntu3
  Architecture: amd64
  CasperMD5CheckResult: pass
  CurrentDesktop: ubuntu:GNOME
  Date: Sun Nov 27 20:41:20 2022
  GsettingsChanges:

  InstallationDate: Installed on 2022-09-18 (70 days ago)
  InstallationMedia: Ubuntu 22.10 "Kinetic Kudu" - Alpha amd64 (20220918)
  ProcEnviron:
   SHELL=/bin/bash
   LANG=en_US.UTF-8
   TERM=xterm-256color
   XDG_RUNTIME_DIR=
   PATH=(custom, no user)
  SourcePackage: nautilus
  UpgradeStatus: No upgrade log present (probably fresh install)
  usr_lib_nautilus:
   file-roller   43.0-1
   nautilus-extension-gnome-terminal 3.46.2-1ubuntu1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/caja/+bug/1998060/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1993214] Re: [jammy] Update gjs to 1.74 using mozjs102 102.3

2023-02-07 Thread Marc Deslauriers

We are not going to release these yet, we are blocked on comment #8.

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gjs in Ubuntu.
https://bugs.launchpad.net/bugs/1993214

Title:
  [jammy] Update gjs to 1.74 using mozjs102 102.3

Status in gjs package in Ubuntu:
  Fix Released
Status in mozjs102 package in Ubuntu:
  Fix Released
Status in gjs source package in Jammy:
  Fix Committed
Status in mozjs102 source package in Jammy:
  Fix Committed
Status in mozjs102 source package in Kinetic:
  Fix Committed

Bug description:
  Impact
  --
  GNOME Shell uses the SpiderMonkey JavaScript engine from Firefox ESR (mozjs). 
Firefox 92 ESR has reached end of life; therefore, we should switch to the 102 
ESR series for security updates for the next year.

  This requires updating gjs from 1.72 to 1.74 from GNOME 43, as
  packaged in Ubuntu 22.10.

  This will be done as a Security Update.

  Updating mozjs in stable Ubuntu releases was recommended when Ubuntu
  first switched back to GNOME, but this is the first time it's been
  done.

  Security Impact
  ---
  I looked through
  https://github.com/mozilla/gecko-dev/commits/esr102/js
  and searched for referenced bug numbers in
  https://www.mozilla.org/en-US/security/advisories/
  for Firefox ESR releases since Ubuntu's 91.10

  and found one CVE. Also, there's the vague Mozilla Bug 1771084 (no CVE
  issued) mentioned at

  https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/

  Uploaded Packages
  -
  We will introduce mozjs102, a new source package for Ubuntu 22.04 LTS, being 
careful to publish it in main, not universe.
  And we'll update gjs.
  No other packages need to be updated for this change.
  mozjs91 will remain in Ubuntu 22.04 LTS (source package removals are 
generally not possible), but nothing else in Ubuntu uses it.

  Test Case
  -
  https://wiki.ubuntu.com/DesktopTeam/TestPlans/gjs

  Security Sponsoring
  ---
  sudo apt install git-buildpackage
  gbp clone https://salsa.debian.org/gnome-team/gjs
  cd gjs
  git checkout ubuntu/jammy
  gbp buildpackage --git-builder="debuild -S -nc"

  mkdir ../tarballs; cd ../tarballs
  pull-lp-source mozjs102 kinetic
  cd ..
  gbp clone https://salsa.debian.org/gnome-team/mozjs
  cd mozjs
  git checkout ubuntu/102/jammy
  gbp buildpackage --git-builder="debuild --no-lintian -S -nc" 
--git-tarball-dir=../tarballs
  # That avoids needing to recreate the original tarball from pristine-tar 
which takes a while. Also, running lintian takes a while.

  Initial Testing Done
  
  I built the packages in my PPA.
  I installed the packages on Ubuntu 22.04 LTS and successfully completed the 
Test Case.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gjs/+bug/1993214/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1993214] Re: [jammy] Update gjs to 1.74 using mozjs102 102.3

2023-02-06 Thread Marc Deslauriers

The image builds are pulling in -proposed?

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gjs in Ubuntu.
https://bugs.launchpad.net/bugs/1993214

Title:
  [jammy] Update gjs to 1.74 using mozjs102 102.3

Status in gjs package in Ubuntu:
  Fix Released
Status in mozjs102 package in Ubuntu:
  Fix Released
Status in gjs source package in Jammy:
  Fix Committed
Status in mozjs102 source package in Jammy:
  Fix Committed
Status in mozjs102 source package in Kinetic:
  Fix Committed

Bug description:
  Impact
  --
  GNOME Shell uses the SpiderMonkey JavaScript engine from Firefox ESR (mozjs). 
Firefox 92 ESR has reached end of life; therefore, we should switch to the 102 
ESR series for security updates for the next year.

  This requires updating gjs from 1.72 to 1.74 from GNOME 43, as
  packaged in Ubuntu 22.10.

  This will be done as a Security Update.

  Updating mozjs in stable Ubuntu releases was recommended when Ubuntu
  first switched back to GNOME, but this is the first time it's been
  done.

  Security Impact
  ---
  I looked through
  https://github.com/mozilla/gecko-dev/commits/esr102/js
  and searched for referenced bug numbers in
  https://www.mozilla.org/en-US/security/advisories/
  for Firefox ESR releases since Ubuntu's 91.10

  and found one CVE. Also, there's the vague Mozilla Bug 1771084 (no CVE
  issued) mentioned at

  https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/

  Uploaded Packages
  -
  We will introduce mozjs102, a new source package for Ubuntu 22.04 LTS, being 
careful to publish it in main, not universe.
  And we'll update gjs.
  No other packages need to be updated for this change.
  mozjs91 will remain in Ubuntu 22.04 LTS (source package removals are 
generally not possible), but nothing else in Ubuntu uses it.

  Test Case
  -
  https://wiki.ubuntu.com/DesktopTeam/TestPlans/gjs

  Security Sponsoring
  ---
  sudo apt install git-buildpackage
  gbp clone https://salsa.debian.org/gnome-team/gjs
  cd gjs
  git checkout ubuntu/jammy
  gbp buildpackage --git-builder="debuild -S -nc"

  mkdir ../tarballs; cd ../tarballs
  pull-lp-source mozjs102 kinetic
  cd ..
  gbp clone https://salsa.debian.org/gnome-team/mozjs
  cd mozjs
  git checkout ubuntu/102/jammy
  gbp buildpackage --git-builder="debuild --no-lintian -S -nc" 
--git-tarball-dir=../tarballs
  # That avoids needing to recreate the original tarball from pristine-tar 
which takes a while. Also, running lintian takes a while.

  Initial Testing Done
  
  I built the packages in my PPA.
  I installed the packages on Ubuntu 22.04 LTS and successfully completed the 
Test Case.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gjs/+bug/1993214/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1816497] Re: [snap] vaapi chromium no video hardware decoding

2023-01-07 Thread Marc Peña

Hi again @nteodosio and happy new year!

Any progress to report in the last 2 months?

Thanks!

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to chromium-browser in Ubuntu.
https://bugs.launchpad.net/bugs/1816497

Title:
  [snap] vaapi chromium no video hardware decoding

Status in chromium-browser package in Ubuntu:
  In Progress

Bug description:
  To test the snap with VA-API changes,

  1. Install the Chromium snap,

     sudo snap install --channel stable/hwacc chromium

  2. Start Chromium,

     snap run chromium

  3. Open a video, e.g. one from https://github.com/chthomos/video-
  media-samples.

  4. Enter about:media-internals in the address bar, click the
  corresponding box (if the video is playing, it will have the "(kPlay)"
  identifier) and note what the page says for kVideoDecoderName.

  Please report

  - The value for kVideoDecoderName from step 4. Success is typically 
{Vaapi,VDA,Mojo}VideoDecoder while failure is {FFMpeg,Vpx,Dav1d}VideoDecoder;
  - Xorg or Wayland (`echo $WAYLAND_DISPLAY`);
  - Distro version (`grep VERSION= /etc/os_release`);
  - GPU (`lscpu`);
  - CPU generation (`lscpu`).

  Currently it seems to work for all reporters on Xorg.

  The version in stable/hwacc is fixed.

  Versions in other channels (edge/hwacc, beta/hwacc, candidate/hwacc)
  follow the Chromium release cycle (dev, beta and stable channels as in
  https://omahaproxy.appspot.com/all.json?os=linux).

  --Original Bug report -

  Libva is no longer working for snap installed chromium 72.0.3626.109
  (Official Build) snap (64-bit)

  I followed this instruction
  sudo snap install --channel=candidate/vaapi chromium

  My amdgpu can use libva

  `vainfo: Driver version: Mesa Gallium driver 18.3.3 for AMD STONEY (DRM 
3.27.0, 4.20.0-10.1-liquorix-amd64, LLVM 7.0.1)
  vainfo: Supported profile and entrypoints
    VAProfileMPEG2Simple:   VAEntrypointVLD
    VAProfileMPEG2Main  :   VAEntrypointVLD
    VAProfileVC1Simple  :   VAEntrypointVLD
    VAProfileVC1Main:   VAEntrypointVLD
    VAProfileVC1Advanced:   VAEntrypointVLD
    VAProfileH264ConstrainedBaseline:   VAEntrypointVLD
    VAProfileH264ConstrainedBaseline:   VAEntrypointEncSlice
    VAProfileH264Main   :   VAEntrypointVLD
    VAProfileH264Main   :   VAEntrypointEncSlice
    VAProfileH264High   :   VAEntrypointVLD
    VAProfileH264High   :   VAEntrypointEncSlice
    VAProfileHEVCMain   :   VAEntrypointVLD
    VAProfileHEVCMain10 :   VAEntrypointVLD
    VAProfileJPEGBaseline   :   VAEntrypointVLD
    VAProfileNone   :   VAEntrypointVideoProc`

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1816497/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1993214] Re: [jammy] Update gjs to 1.74 using mozjs102 102.3

2022-12-15 Thread Marc Deslauriers

mozjs102 and gjs packages have been uploaded for jammy, and mozjs102 for
kinetic, into the security team PPA here:

https://launchpad.net/~ubuntu-security-
proposed/+archive/ubuntu/ppa/+packages

Once they are finished building, they can be pocket-copied by an archive
admin into the -proposed pocket for more testing.

Thanks!

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gjs in Ubuntu.
https://bugs.launchpad.net/bugs/1993214

Title:
  [jammy] Update gjs to 1.74 using mozjs102 102.3

Status in gjs package in Ubuntu:
  Confirmed
Status in mozjs102 package in Ubuntu:
  Confirmed

Bug description:
  Impact
  --
  GNOME Shell uses the SpiderMonkey JavaScript engine from Firefox ESR (mozjs). 
Firefox 92 ESR has reached end of life; therefore, we should switch to the 102 
ESR series for security updates for the next year.

  This requires updating gjs from 1.72 to 1.74 from GNOME 43, as
  packaged in Ubuntu 22.10.

  This will be done as a Security Update.

  Updating mozjs in stable Ubuntu releases was recommended when Ubuntu
  first switched back to GNOME, but this is the first time it's been
  done.

  Security Impact
  ---
  I looked through
  https://github.com/mozilla/gecko-dev/commits/esr102/js
  and searched for referenced bug numbers in
  https://www.mozilla.org/en-US/security/advisories/
  for Firefox ESR releases since Ubuntu's 91.10

  and found one CVE. Also, there's the vague Mozilla Bug 1771084 (no CVE
  issued) mentioned at

  https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/

  Uploaded Packages
  -
  We will introduce mozjs102, a new source package for Ubuntu 22.04 LTS, being 
careful to publish it in main, not universe.
  And we'll update gjs.
  No other packages need to be updated for this change.
  mozjs91 will remain in Ubuntu 22.04 LTS (source package removals are 
generally not possible), but nothing else in Ubuntu uses it.

  Test Case
  -
  https://wiki.ubuntu.com/DesktopTeam/TestPlans/gjs

  Security Sponsoring
  ---
  sudo apt install git-buildpackage
  gbp clone https://salsa.debian.org/gnome-team/gjs
  cd gjs
  git checkout ubuntu/jammy
  gbp buildpackage --git-builder="debuild -S -nc"

  mkdir ../tarballs; cd ../tarballs
  pull-lp-source mozjs102 kinetic
  cd ..
  gbp clone https://salsa.debian.org/gnome-team/mozjs
  cd mozjs
  git checkout ubuntu/102/jammy
  gbp buildpackage --git-builder="debuild --no-lintian -S -nc" 
--git-tarball-dir=../tarballs
  # That avoids needing to recreate the original tarball from pristine-tar 
which takes a while. Also, running lintian takes a while.

  Initial Testing Done
  
  I built the packages in my PPA.
  I installed the packages on Ubuntu 22.04 LTS and successfully completed the 
Test Case.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gjs/+bug/1993214/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1993214] Re: [jammy] Update gjs to 1.74 using mozjs102 102.3

2022-12-12 Thread Marc Deslauriers

Looks like a few more CVEs have been published between 102.3 in karmic
and 102.5 in lunar:

102.4 CVE-2022-42928 bug 1791520
102.5 CVE-2022-45406 bug 1791975
102.5 CVE-2022-45409 bug 1796901

Perhaps we should move to 102.5?

I have to admit, bumping to a new major release of mozjs sounds risky.
What are the plans to test all the arbitrary gnome-shell plugins that
could be installed in user environments? How well does gnome-shell
handle a plugin that could crash on startup if there is an
incompatibility with a newer mozjs version?

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-42928

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-45406

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-45409

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gjs in Ubuntu.
https://bugs.launchpad.net/bugs/1993214

Title:
  [jammy] Update gjs to 1.74 using mozjs102 102.3

Status in gjs package in Ubuntu:
  Confirmed
Status in mozjs102 package in Ubuntu:
  Confirmed

Bug description:
  Impact
  --
  GNOME Shell uses the SpiderMonkey JavaScript engine from Firefox ESR (mozjs). 
Firefox 92 ESR has reached end of life; therefore, we should switch to the 102 
ESR series for security updates for the next year.

  This requires updating gjs from 1.72 to 1.74 from GNOME 43, as
  packaged in Ubuntu 22.10.

  This will be done as a Security Update.

  Updating mozjs in stable Ubuntu releases was recommended when Ubuntu
  first switched back to GNOME, but this is the first time it's been
  done.

  Security Impact
  ---
  I looked through
  https://github.com/mozilla/gecko-dev/commits/esr102/js
  and searched for referenced bug numbers in
  https://www.mozilla.org/en-US/security/advisories/
  for Firefox ESR releases since Ubuntu's 91.10

  and found one CVE. Also, there's the vague Mozilla Bug 1771084 (no CVE
  issued) mentioned at

  https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/

  Uploaded Packages
  -
  We will introduce mozjs102, a new source package for Ubuntu 22.04 LTS, being 
careful to publish it in main, not universe.
  And we'll update gjs.
  No other packages need to be updated for this change.
  mozjs91 will remain in Ubuntu 22.04 LTS (source package removals are 
generally not possible), but nothing else in Ubuntu uses it.

  Test Case
  -
  https://wiki.ubuntu.com/DesktopTeam/TestPlans/gjs

  Security Sponsoring
  ---
  sudo apt install git-buildpackage
  gbp clone https://salsa.debian.org/gnome-team/gjs
  cd gjs
  git checkout ubuntu/jammy
  gbp buildpackage --git-builder="debuild -S -nc"

  mkdir ../tarballs; cd ../tarballs
  pull-lp-source mozjs102 kinetic
  cd ..
  gbp clone https://salsa.debian.org/gnome-team/mozjs
  cd mozjs
  git checkout ubuntu/102/jammy
  gbp buildpackage --git-builder="debuild --no-lintian -S -nc" 
--git-tarball-dir=../tarballs
  # That avoids needing to recreate the original tarball from pristine-tar 
which takes a while. Also, running lintian takes a while.

  Initial Testing Done
  
  I built the packages in my PPA.
  I installed the packages on Ubuntu 22.04 LTS and successfully completed the 
Test Case.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gjs/+bug/1993214/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1816497] Re: [snap] vaapi chromium no video hardware decoding

2022-11-10 Thread Marc Peña

Hi! From: https://code.launchpad.net/~nteodosio/chromium-
browser/+git/chromium-browser/+merge/428038/comments/1137194

Is there any ETA for finishing the legal review of the inclusion of the
non-free driver?

Thanks!

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to chromium-browser in Ubuntu.
https://bugs.launchpad.net/bugs/1816497

Title:
  [snap] vaapi chromium no video hardware decoding

Status in chromium-browser package in Ubuntu:
  In Progress

Bug description:
  To test the snap with VA-API changes,

  1. Install the Chromium snap,

     sudo snap install --channel beta/hwacc chromium

  2. Start Chromium,

     snap run chromium

  3. Open a video, e.g. one from https://github.com/chthomos/video-
  media-samples.

  4. Enter about:media-internals in the address bar, click the
  corresponding box (if the video is playing, it will have the "(kPlay)"
  identifier) and note what the page says for kVideoDecoderName.

  Please report

  - The value for kVideoDecoderName from step 4. Success is typically 
{Vaapi,VDA,Mojo}VideoDecoder while failure is {FFMpeg,Vpx,Dav1d}VideoDecoder;
  - Xorg or Wayland (`echo $WAYLAND_DISPLAY`);
  - Distro version (`grep VERSION= /etc/os_release`);
  - GPU (`lscpu`);
  - CPU generation (`lscpu`).

  Currently it seems to work for all reporters on Xorg, but not for all
  reporters on Wayland.

  Just to situate ourselves, beta/hwacc is [1] and I plan to merge it in
  the main snap via [2]. Comments before #176 refer to [3] and _should_
  be roughly equivalent to [1], but I wouldn't be surprised if it turned
  out not to be.

  [1]: 
https://launchpad.net/~nteodosio/+snap/chromium-browser-dev/+build/1875127
  [2]: 
https://code.launchpad.net/~nteodosio/chromium-browser/+git/chromium-browser/+merge/428038
  [3]: 
https://launchpad.net/~nteodosio/+snap/chromium-browser-hwacc/+build/1838168

  --Original Bug report -

  Libva is no longer working for snap installed chromium 72.0.3626.109
  (Official Build) snap (64-bit)

  I followed this instruction
  sudo snap install --channel=candidate/vaapi chromium

  My amdgpu can use libva

  `vainfo: Driver version: Mesa Gallium driver 18.3.3 for AMD STONEY (DRM 
3.27.0, 4.20.0-10.1-liquorix-amd64, LLVM 7.0.1)
  vainfo: Supported profile and entrypoints
    VAProfileMPEG2Simple:   VAEntrypointVLD
    VAProfileMPEG2Main  :   VAEntrypointVLD
    VAProfileVC1Simple  :   VAEntrypointVLD
    VAProfileVC1Main:   VAEntrypointVLD
    VAProfileVC1Advanced:   VAEntrypointVLD
    VAProfileH264ConstrainedBaseline:   VAEntrypointVLD
    VAProfileH264ConstrainedBaseline:   VAEntrypointEncSlice
    VAProfileH264Main   :   VAEntrypointVLD
    VAProfileH264Main   :   VAEntrypointEncSlice
    VAProfileH264High   :   VAEntrypointVLD
    VAProfileH264High   :   VAEntrypointEncSlice
    VAProfileHEVCMain   :   VAEntrypointVLD
    VAProfileHEVCMain10 :   VAEntrypointVLD
    VAProfileJPEGBaseline   :   VAEntrypointVLD
    VAProfileNone   :   VAEntrypointVideoProc`

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1816497/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1995300] Re: package libice-dev:amd64 2:1.0.10-1build2 failed to install/upgrade: package is in a very bad inconsistent state; you should reinstall it before attempting config

2022-11-04 Thread Marc Deslauriers

Thank you for using Ubuntu and taking the time to report a bug. Your
report should contain, at a minimum, the following information so we can
better find the source of the bug and work to resolve it.

Submitting the bug about the proper source package is essential. For
help see https://wiki.ubuntu.com/Bugs/FindRightPackage . Additionally,
in the report please include:

1) The release of Ubuntu you are using, via 'cat /etc/lsb-release' or System -> 
About Ubuntu.
2) The version of the package you are using, via 'dpkg -l PKGNAME | cat' or by 
checking in Synaptic.
3) What happened and what you expected to happen.

The Ubuntu community has also created debugging procedures for a wide
variety of packages at https://wiki.ubuntu.com/DebuggingProcedures .
Following the debugging instructions for the affected package will make
your bug report much more complete. Thanks!


** Information type changed from Private Security to Public

** Changed in: libice (Ubuntu)
   Status: New => Invalid

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to libice in Ubuntu.
https://bugs.launchpad.net/bugs/1995300

Title:
  package libice-dev:amd64 2:1.0.10-1build2 failed to install/upgrade:
  package is in a very bad inconsistent state; you should  reinstall it
  before attempting configuration

Status in libice package in Ubuntu:
  Invalid

Bug description:
  sorry for my bad english.. i hope you will get what im saying..  i
  tried check my java version and i checked in terminal.. and i get try
  sudo apt install javac some files are missing... after then i
  downloaded 400++ files in terminal.. it automatically downloaded
  archive files then.. in this process... my system get stuck.. lag..
  and then automatically closed my firefox and then... that installing
  terminal .. then i reopened the terminal and.. then.. i tried that
  command again. then the system tell me to try debug package and then i
  tried.. after that.. i get this bug..Once again sorry for my. bad
  english Im from a poor family and im living in India thats the reason
  for it.. I hope you will understand what im trying to say...  and i
  think im using in low pc.. produced by indian government for 2020 12th
  higher secondary school... so that will be the reason for this
  computer.. problem...

  ProblemType: Package
  DistroRelease: Ubuntu 22.04
  Package: libice-dev:amd64 2:1.0.10-1build2
  ProcVersionSignature: Ubuntu 5.15.0-43.46-generic 5.15.39
  Uname: Linux 5.15.0-43-generic x86_64
  ApportVersion: 2.20.11-0ubuntu82.1
  AptOrdering: NULL: ConfigurePending
  Architecture: amd64
  BootLog:
   
  CasperMD5CheckResult: pass
  CompositorRunning: None
  Date: Mon Oct 31 22:18:38 2022
  DistUpgraded: Fresh install
  DistroCodename: jammy
  DistroVariant: ubuntu
  DpkgTerminalLog:
   [1mdpkg:[0m error processing package libice-dev:amd64 (--configure):
package is in a very bad inconsistent state; you should
reinstall it before attempting configuration
  ErrorMessage: package is in a very bad inconsistent state; you should  
reinstall it before attempting configuration
  GraphicsCard:
   Advanced Micro Devices, Inc. [AMD/ATI] Stoney [Radeon R2/R3/R4/R5 Graphics] 
[1002:98e4] (rev ea) (prog-if 00 [VGA controller])
 Subsystem: Lenovo Stoney [Radeon R2/R3/R4/R5 Graphics] [17aa:39f6]
  InstallationDate: Installed on 2022-09-22 (39 days ago)
  InstallationMedia: Ubuntu 22.04.1 LTS "Jammy Jellyfish" - Release amd64 
(20220809.1)
  MachineType: LENOVO 81FS
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.15.0-43-generic 
root=UUID=9353f229-cae8-42c4-a405-1dbfcbe64318 ro quiet splash vt.handoff=7
  Python3Details: /usr/bin/python3.10, Python 3.10.4, python3-minimal, 
3.10.4-0ubuntu2
  PythonDetails: N/A
  RelatedPackageVersions:
   dpkg 1.21.1ubuntu2.1
   apt  2.4.6
  SourcePackage: libice
  Title: package libice-dev:amd64 2:1.0.10-1build2 failed to install/upgrade: 
package is in a very bad inconsistent state; you should  reinstall it before 
attempting configuration
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 01/23/2019
  dmi.bios.release: 1.21
  dmi.bios.vendor: LENOVO
  dmi.bios.version: 7UCN21WW(V1.10.ELCOT.1)
  dmi.board.asset.tag: NO Asset Tag
  dmi.board.name: LNVNB161216
  dmi.board.vendor: LENOVO
  dmi.board.version: SDK0K88286 WIN
  dmi.chassis.asset.tag: NO Asset Tag
  dmi.chassis.type: 10
  dmi.chassis.vendor: LENOVO
  dmi.chassis.version: Lenovo E41-25
  dmi.ec.firmware.release: 1.21
  dmi.modalias: 
dmi:bvnLENOVO:bvr7UCN21WW(V1.10.ELCOT.1):bd01/23/2019:br1.21:efr1.21:svnLENOVO:pn81FS:pvrLenovoE41-25:rvnLENOVO:rnLNVNB161216:rvrSDK0K88286WIN:cvnLENOVO:ct10:cvrLenovoE41-25:skuLENOVO_MT_81FS_BU_idea_FM_E41-25:
  dmi.product.family: E41-25
  dmi.product.name: 81FS
  dmi.product.sku: LENOVO_MT_81FS_BU_idea_FM_E41-25
  dmi.product.version: Lenovo E41-25
  dmi.sys.vendor: LENOVO
  version.compiz: compiz N/A
  version.libdrm2: libdrm2

[Desktop-packages] [Bug 1992279] Re: package libreoffice-ogltrans 1:7.3.6-0ubuntu0.22.04.1 failed to install/upgrade: bağımlılık sorunları - yapılandırılmadan bırakılıyor

2022-10-27 Thread Marc Deslauriers

Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug.  I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privilege boundaries nor directly cause loss of data/privacy.
Please feel free to report any other bugs you may find.

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to libreoffice in Ubuntu.
https://bugs.launchpad.net/bugs/1992279

Title:
  package libreoffice-ogltrans 1:7.3.6-0ubuntu0.22.04.1 failed to
  install/upgrade: bağımlılık sorunları - yapılandırılmadan bırakılıyor

Status in libreoffice package in Ubuntu:
  New

Bug description:
  ?

  ProblemType: Package
  DistroRelease: Ubuntu 22.04
  Package: libreoffice-ogltrans 1:7.3.6-0ubuntu0.22.04.1
  ProcVersionSignature: Ubuntu 5.15.0-48.54-generic 5.15.53
  Uname: Linux 5.15.0-48-generic x86_64
  NonfreeKernelModules: nvidia_modeset nvidia
  ApportVersion: 2.20.11-0ubuntu82.1
  Architecture: amd64
  CasperMD5CheckResult: pass
  Date: Sat Oct  8 19:19:11 2022
  ErrorMessage: bağımlılık sorunları - yapılandırılmadan bırakılıyor
  InstallationDate: Installed on 2022-10-08 (0 days ago)
  InstallationMedia: Ubuntu 22.04.1 LTS "Jammy Jellyfish" - Release amd64 
(20220809.1)
  PackageArchitecture: all
  Python3Details: /usr/bin/python3.10, Python 3.10.6, python3-minimal, 
3.10.6-1~22.04
  PythonDetails: N/A
  RelatedPackageVersions:
   dpkg 1.21.1ubuntu2.1
   apt  2.4.8
  SourcePackage: libreoffice
  Title: package libreoffice-ogltrans 1:7.3.6-0ubuntu0.22.04.1 failed to 
install/upgrade: bağımlılık sorunları - yapılandırılmadan bırakılıyor
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1992279/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1994067] Re: "Windows 11 Pro" and "Ubuntu 22.04.1 LTS" are installed and up to date on the laptop. There is no hardware problem with the laptop. No sound from operating system

2022-10-27 Thread Marc Deslauriers

Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug.  I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privilege boundaries nor directly cause loss of data/privacy.
Please feel free to report any other bugs you may find.

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to pulseaudio in Ubuntu.
https://bugs.launchpad.net/bugs/1994067

Title:
  "Windows 11 Pro" and "Ubuntu 22.04.1 LTS" are installed and up to date
  on the laptop. There is no hardware problem with the laptop. No sound
  from operating system "Ubuntu 22.04.1 LTS". But the sound comes from
  the operating system "Windows 11 Pro" without any problems.

Status in pulseaudio package in Ubuntu:
  New

Bug description:
  "Windows 11 Pro" and "Ubuntu 22.04.1 LTS" are installed and up to date
  on the laptop. There is no hardware problem with the laptop. No sound
  from operating system "Ubuntu 22.04.1 LTS". But the sound comes from
  the operating system "Windows 11 Pro" without any problems.

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: pulseaudio 1:15.99.1+dfsg1-1ubuntu2
  ProcVersionSignature: Ubuntu 5.15.0-52.58-generic 5.15.60
  Uname: Linux 5.15.0-52-generic x86_64
  ApportVersion: 2.20.11-0ubuntu82.1
  Architecture: amd64
  AudioDevicesInUse:
   USERPID ACCESS COMMAND
   /dev/snd/controlC0:  muhammed   1749 F pulseaudio
   /dev/snd/controlC1:  muhammed   1749 F pulseaudio
  CasperMD5CheckResult: pass
  CurrentDesktop: ubuntu:GNOME
  Date: Mon Oct 24 22:46:37 2022
  InstallationDate: Installed on 2022-10-19 (5 days ago)
  InstallationMedia: Ubuntu 22.04.1 LTS "Jammy Jellyfish" - Release amd64 
(20220809.1)
  PulseList: Error: command ['pacmd', 'list'] failed with exit code 1: No 
PulseAudio daemon running, or not running as session daemon.
  SourcePackage: pulseaudio
  Symptom: audio
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 12/28/2021
  dmi.bios.release: 87.176
  dmi.bios.vendor: INSYDE Corp.
  dmi.bios.version: TN1V7.10_Monster
  dmi.board.asset.tag: Board Asset Tag
  dmi.board.name: Huma H5 V3.2
  dmi.board.vendor: Monster
  dmi.board.version: V20
  dmi.chassis.asset.tag: Chassis Asset Tag
  dmi.chassis.type: 10
  dmi.chassis.vendor: Monster
  dmi.chassis.version: Chassis Version
  dmi.ec.firmware.release: 6.6
  dmi.modalias: 
dmi:bvnINSYDECorp.:bvrTN1V7.10_Monster:bd12/28/2021:br87.176:efr6.6:svnMONSTER:pnHumaH5V3.2:pvrV10:rvnMonster:rnHumaH5V3.2:rvrV20:cvnMonster:ct10:cvrChassisVersion:skuH5V32TN1156MSCD:
  dmi.product.family: HUMA
  dmi.product.name: Huma H5 V3.2
  dmi.product.sku: H5V32TN1156MSCD
  dmi.product.version: V10
  dmi.sys.vendor: MONSTER
  modified.conffile..etc.pulse.default.pa: [modified]
  mtime.conffile..etc.pulse.default.pa: 2022-10-24T22:36:17.567999

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/1994067/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1972654] Re: [security review] Sync policykit-1 121+compat0.1-5 (main) from Debian unstable

2022-10-13 Thread Marc Deslauriers

ACK from the security team to sync from unstable.

Please make sure the policy overrides in policykit-desktop-privileges
still work or are converted to their equivalent JS before doing so.

--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to policykit-1 in Ubuntu.
https://bugs.launchpad.net/bugs/1972654

Title:
[security review] Sync policykit-1 121+compat0.1-5 (main) from Debian
unstable

Status in policykit-1 package in Ubuntu:
Confirmed

Bug description:
Please sync policykit-1 121+compat0.1-5 (main) from Debian unstable
for Ubuntu 23.04

Changelog entries since current kinetic version 0.105-33:

https://metadata.ftp-master.debian.org/changelogs/main/p/policykit-1/policykit-1_121%2Bcompat0.1-4_changelog

In particular, see the 0.120-4 changelog entry.

I am filing a bug for Security Team review.
Previously, Debian and Ubuntu developers agreed to keep using
the last version of policykit before it switched to using JavaScript rules.

But that was years ago. I believe Debian & Ubuntu are the only distros
to have opted out of the new policykit. It is harder to maintain
the old style rules when upstream rules use the new format. And it is
a challenge to backport security and other bugfixes from the new
series, without making mistakes or missing important details.

There was a proposal to use duktape instead of mozjs for the JavaScript
interpreter but I don't think that's been merged yet.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/policykit-1/+bug/1972654/+subscriptions

--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1983778] Re: Major security issue in Ubuntu Desktop default config - Removable Media

2022-09-23 Thread Marc Deslauriers

I personally don't think the reasons you've listed above are good enough
to change the default setting, but please file a bug with the upstream
project and you can convince them to change them:

https://gitlab.gnome.org/GNOME/gnome-control-center/-/issues

Once you've filed a bug with the GNOME project, please paste the bug
number here.

Thanks!

** Changed in: gnome-control-center (Ubuntu)
   Status: Incomplete => Confirmed

** Changed in: gnome-control-center (Ubuntu)
   Importance: Undecided => Wishlist

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gnome-control-center in Ubuntu.
https://bugs.launchpad.net/bugs/1983778

Title:
  Major security issue in Ubuntu Desktop default config - Removable
  Media

Status in gnome-control-center package in Ubuntu:
  Confirmed

Bug description:
  There is a MAJOR SECURITY VULNERABILITY in Ubuntu Desktop since
  release 18.04 !

  Recently I used Ubuntu 22.04 LTS and noticed that the issue still
  exist!

  
  I don’t know the reason for it, but default values for “Removable Media” are 
VERY Risky!
  It will automatically run the software which is attached to the removable 
media.
  Why? Why has Ubuntu still didn’t disable that option?

  
  The following is the default configuration (the “bad” configuration):
  https://imgur.com/XXXQlV2

  The following is the configuration which Ubuntu should be having (it is the 
fix to the problem):
  https://imgur.com/a/0JeM6ve

  Please change the default configurations for Ubuntu!

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnome-control-center/+bug/1983778/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1988378] Re: Firefox allows a user to alter/delete a third party website cookie

2022-09-16 Thread Marc Deslauriers

Thanks for your comments. This does not appear to be a bug report and we
are closing it. We appreciate the difficulties you are facing, but it
would make more sense to raise your question in the support tracker.
Please visit https://answers.launchpad.net/ubuntu/+addquestion

** Information type changed from Private Security to Public

** Changed in: firefox (Ubuntu)
   Status: New => Invalid

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1988378

Title:
  Firefox allows a user to alter/delete a third party website cookie

Status in firefox package in Ubuntu:
  Invalid

Bug description:
  I was in conflict with a certain technological company. I usually
  browsed their website, downloaded a few PDF files, and contacted with
  them via a Yahoo mail account using the Firefox browser. Some of the
  emails from the company had graphic signatures. At a certain date
  where my contract with the company ended, and I choosed not to renew
  the contract, I wasn't able to access my Yahoo mail account using the
  bookmark, and I had to enter my Yahoo mail password. If the user
  doesn't remember a website's password, this can be unpleasant. I have
  a Yahoo mail account for years, and this never happened to me. It
  looks like the vulnerability is that a developer from company X can
  write code on a website, a PDF file, or linked to an email, that will
  alter/delete a cookie that belongs to website Y.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1988378/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1989729] Re: Problem with graphics card

2022-09-16 Thread Marc Deslauriers

Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug.  I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privilege boundaries nor directly cause loss of data/privacy.
Please feel free to report any other bugs you may find.

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to xorg in Ubuntu.
https://bugs.launchpad.net/bugs/1989729

Title:
  Problem with graphics card

Status in xorg package in Ubuntu:
  New

Bug description:
  Hi,Names Hamdaan. I have installed Ubuntu on my PC about 4-5 days ago.
  At first I didn't seem to notice, But as I used my PC I've been
  noticing that it seems that my PC's graphics card is not working as
  efficient as before. But when I read the driver name I got to know
  that it has not downloaded the correct Driver software , and I don't
  know how to fix that?. Thanks in advance for answering.

  IN CASE YOU NEED IT:
   PC MODEL: Acer Aspire E1-572
   MEMORY  : 4.0 GiB
  PROCESSER: Intel® Core™ i5-4200U CPU @ 1.60GHz × 4
   OS TYPE : 64x

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: xorg 1:7.7+23ubuntu2
  ProcVersionSignature: Ubuntu 5.15.0-47.51-generic 5.15.46
  Uname: Linux 5.15.0-47-generic x86_64
  ApportVersion: 2.20.11-0ubuntu82.1
  Architecture: amd64
  BootLog: Error: [Errno 13] Permission denied: '/var/log/boot.log'
  CasperMD5CheckResult: pass
  CompositorRunning: None
  CurrentDesktop: ubuntu:GNOME
  Date: Thu Sep 15 17:46:25 2022
  DistUpgraded: Fresh install
  DistroCodename: jammy
  DistroVariant: ubuntu
  ExtraDebuggingInterest: Yes
  GraphicsCard:
   Intel Corporation Haswell-ULT Integrated Graphics Controller [8086:0a16] 
(rev 09) (prog-if 00 [VGA controller])
 Subsystem: Acer Incorporated [ALI] Haswell-ULT Integrated Graphics 
Controller [1025:0775]
  InstallationDate: Installed on 2022-09-13 (1 days ago)
  InstallationMedia: Ubuntu 22.04.1 LTS "Jammy Jellyfish" - Release amd64 
(20220809.1)
  MachineType: Acer Aspire E1-572
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.15.0-47-generic 
root=UUID=fcb232d7-2139-4cee-b321-7332acc47658 ro quiet splash
  SourcePackage: xorg
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 09/02/2014
  dmi.bios.release: 2.17
  dmi.bios.vendor: Insyde Corp.
  dmi.bios.version: V2.17
  dmi.board.asset.tag: Type2 - Board Asset Tag
  dmi.board.name: EA50_HW
  dmi.board.vendor: Acer
  dmi.board.version: V2.17
  dmi.chassis.asset.tag: Chassis Asset Tag
  dmi.chassis.type: 10
  dmi.chassis.vendor: Acer
  dmi.chassis.version: Chassis Version
  dmi.ec.firmware.release: 2.17
  dmi.modalias: 
dmi:bvnInsydeCorp.:bvrV2.17:bd09/02/2014:br2.17:efr2.17:svnAcer:pnAspireE1-572:pvrV2.17:rvnAcer:rnEA50_HW:rvrV2.17:cvnAcer:ct10:cvrChassisVersion:skuAspireE1-572_0775_V2.17:
  dmi.product.family: SharkBay System
  dmi.product.name: Aspire E1-572
  dmi.product.sku: Aspire E1-572_0775_V2.17
  dmi.product.version: V2.17
  dmi.sys.vendor: Acer
  version.compiz: compiz N/A
  version.libdrm2: libdrm2 2.4.110-1ubuntu1
  version.libgl1-mesa-dri: libgl1-mesa-dri 22.0.5-0ubuntu0.1
  version.libgl1-mesa-glx: libgl1-mesa-glx 22.0.5-0ubuntu0.1
  version.xserver-xorg-core: xserver-xorg-core 2:21.1.3-2ubuntu2.1
  version.xserver-xorg-input-evdev: xserver-xorg-input-evdev N/A
  version.xserver-xorg-video-ati: xserver-xorg-video-ati 1:19.1.0-2ubuntu1
  version.xserver-xorg-video-intel: xserver-xorg-video-intel 
2:2.99.917+git20210115-1
  version.xserver-xorg-video-nouveau: xserver-xorg-video-nouveau 
1:1.0.17-2build1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xorg/+bug/1989729/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1989953] Re: to update media key session

2022-09-16 Thread Marc Deslauriers

Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug.  I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privilege boundaries nor directly cause loss of data/privacy.
Please feel free to report any other bugs you may find.

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to chromium-browser in Ubuntu.
https://bugs.launchpad.net/bugs/1989953

Title:
  to update media key session

Status in chromium-browser package in Ubuntu:
  New

Bug description:
  the chromium needs to update the media key session cause it rejected
  the Binge website by playing the movie

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1989953/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1972654] Re: [security review] Sync policykit-1 0.120-6 (main) from Debian experimental

2022-09-12 Thread Marc Deslauriers

I also don't think this is a blocker anymore, as long as polkitd-pkla is
a strong dependency in Ubuntu, so we don't inadvertently stop shipping
it. It would be nice to get a similar list of packages in Ubuntu, as I
suspect we have many more than Debian. We may also need to update the
policykit-desktop-privileges package to ensure it still applies
appropriate policy.

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to policykit-1 in Ubuntu.
https://bugs.launchpad.net/bugs/1972654

Title:
  [security review] Sync policykit-1 0.120-6 (main) from Debian
  experimental

Status in policykit-1 package in Ubuntu:
  Confirmed

Bug description:
  Please sync policykit-1 0.120-6 (main) from Debian experimental

  Changelog entries since current kinetic version 0.105-33:
  https://tracker.debian.org/media/packages/p/policykit-1/changelog-0.120-6

  In particular, see the 0.120-4 changelog entry.

  I am filing a bug for Security Team review.
  Previously, Debian and Ubuntu developers agreed to keep using
  the last version of policykit before it switched to using JavaScript rules.

  But that was years ago. I believe Debian & Ubuntu are the only distros
  to have opted out of the new policykit. It is harder to maintain
  the old style rules when upstream rules use the new format. And it is
  a challenge to backport security and other bugfixes from the new
  series, without making mistakes or missing important details.

  There was a proposal to use duktape instead of mozjs for the JavaScript
  interpreter but I don't think that's been merged yet.

  It appears the Debian maintainer is considering switching Debian to the
  updated version in time for the next Debian Stable release (so uploading
  to unstable later this year).

  My requested deadline is August 25, Ubuntu 22.10 Feature Freeze.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/policykit-1/+bug/1972654/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1930140] Re: GUI "Extract Here" bug - loop until disk is full

2022-08-24 Thread Marc Deslauriers

Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug.  I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privilege boundaries nor directly cause loss of data/privacy.
Please feel free to report any other bugs you may find.

** Information type changed from Public Security to Public

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to file-roller in Ubuntu.
https://bugs.launchpad.net/bugs/1930140

Title:
  GUI "Extract Here"  bug - loop until disk is full

Status in file-roller package in Ubuntu:
  New

Bug description:
  What happened
  -
  When .rar file is extracted using GUI by right clicking the file and 
selecting "Extract Here", the process continued until the disk is full.

  What I expected
  ---
  Extracting the .rar file without consuming my whole disk. Actual file size 
after extraction is 22-23MB. 

  
  How it got resolved
  ---
  So I installed unrar package using "sudo apt-get install unrar" and the 
problem got resolved. Seems like a bug since the unrar package was not there by 
default and without unrar the process consumes the whole disk.

  OS details are as follows
  
  Description:  Ubuntu 20.04.2 LTS
  Release:  20.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/file-roller/+bug/1930140/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1914279] Re: linux from security may force reboots without complete dkms modules

2022-08-24 Thread Marc Deslauriers

** Changed in: openafs (Ubuntu)
   Status: New => Confirmed

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to nvidia-graphics-drivers-340 in Ubuntu.
https://bugs.launchpad.net/bugs/1914279

Title:
  linux from security may force reboots without complete dkms modules

Status in acpi-call package in Ubuntu:
  Fix Released
Status in apt package in Ubuntu:
  Invalid
Status in backport-iwlwifi-dkms package in Ubuntu:
  Fix Released
Status in bcmwl package in Ubuntu:
  Fix Released
Status in dahdi-linux package in Ubuntu:
  Fix Released
Status in dkms package in Ubuntu:
  Fix Released
Status in dm-writeboost package in Ubuntu:
  Fix Released
Status in evdi package in Ubuntu:
  Fix Released
Status in gost-crypto package in Ubuntu:
  Fix Released
Status in iptables-netflow package in Ubuntu:
  Fix Released
Status in liblzf package in Ubuntu:
  Fix Released
Status in lime-forensics package in Ubuntu:
  Fix Released
Status in linux package in Ubuntu:
  Fix Released
Status in linux-meta package in Ubuntu:
  Fix Released
Status in lttng-modules package in Ubuntu:
  Fix Released
Status in nvidia-graphics-drivers-340 package in Ubuntu:
  Fix Released
Status in openafs package in Ubuntu:
  Confirmed
Status in oss4 package in Ubuntu:
  Fix Released
Status in r8168 package in Ubuntu:
  Fix Released
Status in rtl8812au package in Ubuntu:
  Fix Released
Status in sysdig package in Ubuntu:
  Fix Released
Status in unattended-upgrades package in Ubuntu:
  Invalid
Status in update-manager package in Ubuntu:
  Invalid
Status in v4l2loopback package in Ubuntu:
  Fix Released
Status in virtualbox package in Ubuntu:
  Fix Released
Status in virtualbox-hwe package in Ubuntu:
  Fix Released
Status in zfs-linux package in Ubuntu:
  Fix Released
Status in acpi-call source package in Focal:
  Fix Released
Status in backport-iwlwifi-dkms source package in Focal:
  Fix Released
Status in bcmwl source package in Focal:
  Fix Released
Status in dahdi-linux source package in Focal:
  Fix Released
Status in dm-writeboost source package in Focal:
  Fix Released
Status in evdi source package in Focal:
  Fix Released
Status in gost-crypto source package in Focal:
  Fix Released
Status in iptables-netflow source package in Focal:
  Fix Released
Status in liblzf source package in Focal:
  Fix Released
Status in lime-forensics source package in Focal:
  Fix Released
Status in lttng-modules source package in Focal:
  Fix Released
Status in nvidia-graphics-drivers-340 source package in Focal:
  Fix Released
Status in oss4 source package in Focal:
  Fix Released
Status in r8168 source package in Focal:
  Fix Released
Status in rtl8812au source package in Focal:
  Fix Released
Status in sysdig source package in Focal:
  Fix Released
Status in v4l2loopback source package in Focal:
  Fix Released
Status in virtualbox source package in Focal:
  Fix Released
Status in virtualbox-hwe source package in Focal:
  Fix Released
Status in zfs-linux source package in Focal:
  Fix Released

Bug description:
  Whilst discussing

  https://discourse.ubuntu.com/t/improvements-for-hardware-support-in-
  ubuntu-desktop-installation-media/20606

  We have noticed a reference to somebody not having working backport-
  iwlwifi-dkms, whilst SRU of that happened before the v5.4 -> v5.8
  switch.

  However, kernel meta switch was pushed to security pocket, but the
  dkms modules are all in -updates only.

  This may result in people automatically installing the new kernel with
  unatanded upgrades; dkms modules failing to build; and a reboot
  required flag left on disk.

  At this point launching update manager will not offer to install dkms
  modules from updates, and will guide the users to reboot. which
  will then cause them to boot the new kernel without the dkms modules
  that might be providing networking for them.

  Should dkms modules SRUs always getting published into -security
  pocket, as well as the -updates pocket?

  Should linux maintainer scripts prevent touching reboot required flag
  if any dkms modules fail to build?

  Should apt / unattanded-upgrades / update-manager always update dkms
  modules with kernels?

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/acpi-call/+bug/1914279/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1987162] Re: 43: New Device Security feature is confusing and unhelpful currently

2022-08-22 Thread Marc Deslauriers

Another issue to consider here is that there is no secure way to display
the information in the first place. If some of those settings are
disabled, malware can simply modify the app to display a green checkbox
next to Level 3, leading to a false sense of security.

--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gnome-control-center in Ubuntu.
https://bugs.launchpad.net/bugs/1987162

Title:
43: New Device Security feature is confusing and unhelpful currently

Status in gnome-control-center package in Ubuntu:
Triaged

Bug description:
GNOME 43 added a new Device Security feature in the Settings app.

You can access it in gnome-control-center 1:43~beta-1ubuntu1
1. Open the Settings app
2. Click Privacy then Device Security

The Security Events aren't clickable.

A default Ubuntu install only gets us "Security Level 1". The highest
level is "Security Level 3".

There isn't anything an Ubuntu user can do to get to a higher security
level from the Device Security screen.

If a user attempts to get their system to a higher security level, I
think they could break their system since this isn't something we
currently support.

Therefore, I think we ought to hide/disable the screen for Ubuntu
22.10. We can work towards better integrating this screen for Ubuntu
in future releases.

I'm attaching several screenshots although it's worth trying out the
feature for yourself too.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnome-control-center/+bug/1987162/+subscriptions

[Desktop-packages] [Bug 1987162] Re: 43: New Device Security feature is confusing and unhelpful currently

2022-08-20 Thread Marc Deslauriers

I don't understand not only why those advanced features would be exposed
in a GUI, but why ordinary users would care at all about most of those
settings.

If we're going to expose "security information" to users, we should
probably start by showing basic stuff, like if they are properly getting
security updates, if remote login via ssh is turned on with passwords
instead of certificates, whether they are using disk encryption or not,
etc.

If regular users can't easily fix the issues listed in there, from the
GUI itself, I don't think it's appropriate to display that in the
settings app.

--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gnome-control-center in Ubuntu.
https://bugs.launchpad.net/bugs/1987162

Title:
43: New Device Security feature is confusing and unhelpful currently

Status in gnome-control-center package in Ubuntu:
Triaged

Bug description:
GNOME 43 added a new Device Security feature in the Settings app.

You can access it in gnome-control-center 43~beta-1ubuntu1 by
1. Open the Settings app
2. Click Privacy then Device Security

The Security Events aren't clickable.

A default Ubuntu install only gets us "Security Level 1". The highest
level is "Security Level 3".

There isn't anything an Ubuntu user can do to get to a higher security
level from the Device Security screen.

If a user attempts to get their system to a higher security level, I
think they could break their system since this isn't something we
currently support.

Therefore, I think we ought to hide/disable the screen for Ubuntu
22.10. We can work towards better integrating this screen for Ubuntu
in future releases.

I'm attaching several screenshots although it's worth trying out the
feature for yourself too.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnome-control-center/+bug/1987162/+subscriptions

[Desktop-packages] [Bug 1982898] Re: CVE-2021-46829: Buffer overwrite in io-gif-animation.c composite_frame() in gdk-pixbuf

2022-08-09 Thread Marc Deslauriers

** Changed in: gdk-pixbuf (Ubuntu)
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gdk-pixbuf in Ubuntu.
https://bugs.launchpad.net/bugs/1982898

Title:
  CVE-2021-46829: Buffer overwrite in  io-gif-animation.c
  composite_frame() in gdk-pixbuf

Status in gdk-pixbuf package in Ubuntu:
  Fix Released
Status in gdk-pixbuf source package in Focal:
  Fix Released

Bug description:
  [Impact]

   * A buffer overwrite exists in gdk-pixbuf's thumbnailer.

   * The GIF loader runs out of memory with specifically crafted files
  with bad frame data (and images with its sizes) over the integer
  limit.

   * After gdk-pixbuf-thum runs out of memory, other apps can and on low
  RAM systems like my old iMac, the system can completely run out of
  memory.

   * Or, in other ways, bad gif files in other applications can open the
  door for exploits.

   * Any app using gdk-pixbuf is affected, mainly file managers and
  image viewers.

  [Test Plan]

   * Take the POC's - they can be found in the issue in the GNOME repo

   * Open them in an application that uses gdk-pixbuf. I have managed to 
produce reactions with:
   - Nautilus, GNOME's file manager
   - Nemo, Cinnamon's file manager
   - Thunar, XFCE's file manager, which has its own thumbnailere (tumbler) that 
also inevitably fails and crashes
   - PCManFM, LXDE's file manager which straight up crashes
   - Caja, MATE's file manager causes libpixbufloader-gif to segfault (app 
still usable, no memory issues)
   - Eye of GNOME (eog) triggers the segfault in syslog
   - Eye of MATE (eom) segfaults

   * If you or the system couldn't tell something is wrong, cat
  /var/log/syslog and enjoy the segfaults or out of memory warnings or
  even kernel spam.

  [Where problems could occur]

   * The patch itself is simple, but since gdk-pixbuf is often used with
  GTK apps a mistake here could be problematic.

   * It is possible, and has happened in the past (which has been
  patched) that other bad GIFs can cause other crashes.

   * That patch is essentially overflow checks -  changes with GLib
  (GNOME's, not to be confused with glibc) and the functions used in not
  only the patch but all of gdk-pixbuf can cause problems

   * Other failures to properly handle GIFs and broken or intentionally
  tampered GIFs can continue and always will open the door for security
  holes for other bugs

  * Again, overall a simple patch but as long as the GIFs remain handled
  properly, and no changes to the GLib functions are made and to other
  apps that use gdk-pixbuf (and assuming are not affected by the change
  and still work), the patch does not have much regression potential.

  [Other Info]

   * Besides Buffer overwrite/overflow issues, as aforementioned out of memory 
errors can happen.
   * Files attached are examples or crashes
   * Again, all apps using gdk-pixbuf are affected
   * https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/121/
   * https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/190
   * 
https://github.com/pedrib/PoC/blob/master/fuzzing/CVE-2021-46829/CVE-2021-46829.md

  ProblemType: Bug
  DistroRelease: Ubuntu 20.04
  Package: libgdk-pixbuf2.0-0 2.40.0+dfsg-3ubuntu0.2
  ProcVersionSignature: Ubuntu 5.15.0-43.46~20.04.1-generic 5.15.39
  Uname: Linux 5.15.0-43-generic x86_64
  ApportVersion: 2.20.11-0ubuntu27.24
  Architecture: amd64
  CasperMD5CheckResult: skip
  CurrentDesktop: X-Cinnamon
  Date: Tue Jul 26 19:33:41 2022
  InstallationDate: Installed on 2021-11-24 (244 days ago)
  InstallationMedia: ubuntucinnamonremix "@BASECODENAME" (20210826)
  SourcePackage: gdk-pixbuf
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gdk-pixbuf/+bug/1982898/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1982898] Re: CVE-2021-46829: Buffer overwrite in io-gif-animation.c composite_frame() in gdk-pixbuf

2022-08-05 Thread Marc Deslauriers

ACK on the debdiff in comment #5, I am currently building it (with a
slight change to add the bug number to the changelog) and will release
it as a security update next week. Thanks!

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gdk-pixbuf in Ubuntu.
https://bugs.launchpad.net/bugs/1982898

Title:
  CVE-2021-46829: Buffer overwrite in  io-gif-animation.c
  composite_frame() in gdk-pixbuf

Status in gdk-pixbuf package in Ubuntu:
  In Progress
Status in gdk-pixbuf source package in Focal:
  New

Bug description:
  [Impact]

   * A buffer overwrite exists in gdk-pixbuf's thumbnailer.

   * The GIF loader runs out of memory with specifically crafted files
  with bad frame data (and images with its sizes) over the integer
  limit.

   * After gdk-pixbuf-thum runs out of memory, other apps can and on low
  RAM systems like my old iMac, the system can completely run out of
  memory.

   * Or, in other ways, bad gif files in other applications can open the
  door for exploits.

   * Any app using gdk-pixbuf is affected, mainly file managers and
  image viewers.

  [Test Plan]

   * Take the POC's - they can be found in the issue in the GNOME repo

   * Open them in an application that uses gdk-pixbuf. I have managed to 
produce reactions with:
   - Nautilus, GNOME's file manager
   - Nemo, Cinnamon's file manager
   - Thunar, XFCE's file manager, which has its own thumbnailere (tumbler) that 
also inevitably fails and crashes
   - PCManFM, LXDE's file manager which straight up crashes
   - Caja, MATE's file manager causes libpixbufloader-gif to segfault (app 
still usable, no memory issues)
   - Eye of GNOME (eog) triggers the segfault in syslog
   - Eye of MATE (eom) segfaults

   * If you or the system couldn't tell something is wrong, cat
  /var/log/syslog and enjoy the segfaults or out of memory warnings or
  even kernel spam.

  [Where problems could occur]

   * The patch itself is simple, but since gdk-pixbuf is often used with
  GTK apps a mistake here could be problematic.

   * It is possible, and has happened in the past (which has been
  patched) that other bad GIFs can cause other crashes.

   * That patch is essentially overflow checks -  changes with GLib
  (GNOME's, not to be confused with glibc) and the functions used in not
  only the patch but all of gdk-pixbuf can cause problems

   * Other failures to properly handle GIFs and broken or intentionally
  tampered GIFs can continue and always will open the door for security
  holes for other bugs

  * Again, overall a simple patch but as long as the GIFs remain handled
  properly, and no changes to the GLib functions are made and to other
  apps that use gdk-pixbuf (and assuming are not affected by the change
  and still work), the patch does not have much regression potential.

  [Other Info]

   * Besides Buffer overwrite/overflow issues, as aforementioned out of memory 
errors can happen.
   * Files attached are examples or crashes
   * Again, all apps using gdk-pixbuf are affected
   * https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/121/
   * https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/190
   * 
https://github.com/pedrib/PoC/blob/master/fuzzing/CVE-2021-46829/CVE-2021-46829.md

  ProblemType: Bug
  DistroRelease: Ubuntu 20.04
  Package: libgdk-pixbuf2.0-0 2.40.0+dfsg-3ubuntu0.2
  ProcVersionSignature: Ubuntu 5.15.0-43.46~20.04.1-generic 5.15.39
  Uname: Linux 5.15.0-43-generic x86_64
  ApportVersion: 2.20.11-0ubuntu27.24
  Architecture: amd64
  CasperMD5CheckResult: skip
  CurrentDesktop: X-Cinnamon
  Date: Tue Jul 26 19:33:41 2022
  InstallationDate: Installed on 2021-11-24 (244 days ago)
  InstallationMedia: ubuntucinnamonremix "@BASECODENAME" (20210826)
  SourcePackage: gdk-pixbuf
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gdk-pixbuf/+bug/1982898/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1816497] Re: [snap] vaapi chromium no video hardware decoding

2022-07-29 Thread Marc Peña

@seb128 & @nteodosio: is there any more tests to do?
Is there any ETA for this to be released to the latest/* channels?

Thanks!

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to chromium-browser in Ubuntu.
https://bugs.launchpad.net/bugs/1816497

Title:
  [snap] vaapi chromium no video hardware decoding

Status in chromium-browser package in Ubuntu:
  In Progress

Bug description:
  To test the snap with VA-API changes,

  1. Install the snap with

     sudo snap install --channel candidate/hwacc chromium

  2. snap run chromium --disable-features=UseChromeOSDirectVideoDecoder
  --enable-features=VaapiVideoDecoder

  3. Open a video, e.g. one from https://github.com/chthomos/video-
  media-samples

  4. Enter about:media-internals in the address bar and note what the
  page says for kVideoDecoderName.

  Please report

  - The value for kVideoDecoderName from step 4. Success is typically 
{Vaapi,VDA,Mojo}VideoDecoder while failure is {FFMpeg,Vpx}VideoDecoder;
- If failed, the video used for testing, including codec and resolution if 
possible;
  - Distro version (if in doubt, `grep VERSION= /etc/os_release`);
  - GPU (if in doubt, attach the output of `lscpu`);
  - CPU generation (if in doubt, attach the output of `lscpu`).

  About the last point, it may be that unfortunately only those with
  newer generations of Intel CPUs will have luck with this, but it's
  still an uncertainty. So reports are highly welcome.

  --Original Bug report -

  Libva is no longer working for snap installed chromium 72.0.3626.109
  (Official Build) snap (64-bit)

  I followed this instruction
  sudo snap install --channel=candidate/vaapi chromium

  My amdgpu can use libva

  `vainfo: Driver version: Mesa Gallium driver 18.3.3 for AMD STONEY (DRM 
3.27.0, 4.20.0-10.1-liquorix-amd64, LLVM 7.0.1)
  vainfo: Supported profile and entrypoints
    VAProfileMPEG2Simple:   VAEntrypointVLD
    VAProfileMPEG2Main  :   VAEntrypointVLD
    VAProfileVC1Simple  :   VAEntrypointVLD
    VAProfileVC1Main:   VAEntrypointVLD
    VAProfileVC1Advanced:   VAEntrypointVLD
    VAProfileH264ConstrainedBaseline:   VAEntrypointVLD
    VAProfileH264ConstrainedBaseline:   VAEntrypointEncSlice
    VAProfileH264Main   :   VAEntrypointVLD
    VAProfileH264Main   :   VAEntrypointEncSlice
    VAProfileH264High   :   VAEntrypointVLD
    VAProfileH264High   :   VAEntrypointEncSlice
    VAProfileHEVCMain   :   VAEntrypointVLD
    VAProfileHEVCMain10 :   VAEntrypointVLD
    VAProfileJPEGBaseline   :   VAEntrypointVLD
    VAProfileNone   :   VAEntrypointVideoProc`

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1816497/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1816497] Re: [snap] vaapi chromium no video hardware decoding

2022-07-09 Thread Marc Peña

I've tested this again with the updated instructions:
$ sudo snap refresh --channel candidate/hwacc chromium
$ snap run chromium --disable-features=UseChromeOSDirectVideoDecoder 
--enable-features=VaapiVideoDecoder

And it also worked OK.

The only thing is that I'm seeing the following warnings and error in
the console:

Warning: /usr/lib/x86_64-linux-gnu/libvulkan_intel.so: cannot open shared 
object file: No such file or directory
Warning: loader_icd_scan: Failed loading library associated with ICD JSON 
/usr/lib/x86_64-linux-gnu/libvulkan_intel.so.Ignoring this JSON
Warning: /usr/lib/x86_64-linux-gnu/libvulkan_lvp.so: cannot open shared object 
file: No such file or directory
Warning: loader_icd_scan: Failed loading library associated with ICD JSON 
/usr/lib/x86_64-linux-gnu/libvulkan_lvp.so.Ignoring this JSON
Warning: /usr/lib/x86_64-linux-gnu/libvulkan_radeon.so: cannot open shared 
object file: No such file or directory
Warning: loader_icd_scan: Failed loading library associated with ICD JSON 
/usr/lib/x86_64-linux-gnu/libvulkan_radeon.so.Ignoring this JSON
Warning: vkCreateInstance: Found no drivers!
Error: vkCreateInstance failed with VK_ERROR_INCOMPATIBLE_DRIVER
at CheckVkSuccessImpl 
(../../third_party/dawn/src/dawn/native/vulkan/VulkanError.cpp:88)
at CreateVkInstance 
(../../third_party/dawn/src/dawn/native/vulkan/BackendVk.cpp:387)
at Initialize 
(../../third_party/dawn/src/dawn/native/vulkan/BackendVk.cpp:263)
at Create (../../third_party/dawn/src/dawn/native/vulkan/BackendVk.cpp:193)
at operator() 
(../../third_party/dawn/src/dawn/native/vulkan/BackendVk.cpp:462)

Here is the required info:
- Video used: big-buck-bunny-1080p-30sec.mp4
- kVideoDecoderName: "VDAVideoDecoder"
- Distro: Ubuntu 20.04
- GPU: HD Graphics 620
- CPU: Intel Core i7-7500U

Thanks!

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to chromium-browser in Ubuntu.
https://bugs.launchpad.net/bugs/1816497

Title:
  [snap] vaapi chromium no video hardware decoding

Status in chromium-browser package in Ubuntu:
  In Progress

Bug description:
  To test the snap with VA-API changes,

  1. Install the snap with

     sudo snap install --channel candidate/hwacc chromium

  2. snap run chromium --disable-features=UseChromeOSDirectVideoDecoder
  --enable-features=VaapiVideoDecoder

  3. Open a video, e.g. one from https://github.com/chthomos/video-
  media-samples

  4. Enter about:media-internals in the address bar and note what the
  page says for kVideoDecoderName.

  Please report

  - The value for kVideoDecoderName from step 4. Success is typically 
{Vaapi,VDA,Mojo}VideoDecoder while failure is {FFMpeg,Vpx}VideoDecoder;
- If failed, the video used for testing, including codec and resolution if 
possible;
  - Distro version (if in doubt, `grep VERSION= /etc/os_release`);
  - GPU (if in doubt, attach the output of `lscpu`);
  - CPU generation (if in doubt, attach the output of `lscpu`).

  About the last point, it may be that unfortunately only those with
  newer generations of Intel CPUs will have luck with this, but it's
  still an uncertainty. So reports are highly welcome.

  --Original Bug report -

  Libva is no longer working for snap installed chromium 72.0.3626.109
  (Official Build) snap (64-bit)

  I followed this instruction
  sudo snap install --channel=candidate/vaapi chromium

  My amdgpu can use libva

  `vainfo: Driver version: Mesa Gallium driver 18.3.3 for AMD STONEY (DRM 
3.27.0, 4.20.0-10.1-liquorix-amd64, LLVM 7.0.1)
  vainfo: Supported profile and entrypoints
    VAProfileMPEG2Simple:   VAEntrypointVLD
    VAProfileMPEG2Main  :   VAEntrypointVLD
    VAProfileVC1Simple  :   VAEntrypointVLD
    VAProfileVC1Main:   VAEntrypointVLD
    VAProfileVC1Advanced:   VAEntrypointVLD
    VAProfileH264ConstrainedBaseline:   VAEntrypointVLD
    VAProfileH264ConstrainedBaseline:   VAEntrypointEncSlice
    VAProfileH264Main   :   VAEntrypointVLD
    VAProfileH264Main   :   VAEntrypointEncSlice
    VAProfileH264High   :   VAEntrypointVLD
    VAProfileH264High   :   VAEntrypointEncSlice
    VAProfileHEVCMain   :   VAEntrypointVLD
    VAProfileHEVCMain10 :   VAEntrypointVLD
    VAProfileJPEGBaseline   :   VAEntrypointVLD
    VAProfileNone   :   VAEntrypointVideoProc`

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1816497/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1977968] [NEW] Security update tracking bug

2022-06-08 Thread Marc Deslauriers

*** This bug is a security vulnerability ***

Public security bug reported:

This bug is to track the security update that will contain these
possibly security-relevant commits:

https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=e2b0f0d8d63e1223bb714a9efb37e2257818268b

https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=7a80d2096f1b7125085e21448112aa02f49f5e9a

** Affects: bluez (Ubuntu)
 Importance: Undecided
 Status: New

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to bluez in Ubuntu.
https://bugs.launchpad.net/bugs/1977968

Title:
  Security update tracking bug

Status in bluez package in Ubuntu:
  New

Bug description:
  This bug is to track the security update that will contain these
  possibly security-relevant commits:

  
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=e2b0f0d8d63e1223bb714a9efb37e2257818268b

  
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=7a80d2096f1b7125085e21448112aa02f49f5e9a

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1977968/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1972654] Re: [security review] Sync policykit-1 0.120-6 (main) from Debian experimental

2022-06-06 Thread Marc Deslauriers

My understanding is the Debian experimental version doesn't support both
at the same time, it's one or the other depending on which binary
package you install. We definitely don't want that.

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to policykit-1 in Ubuntu.
https://bugs.launchpad.net/bugs/1972654

Title:
  [security review] Sync policykit-1 0.120-6 (main) from Debian
  experimental

Status in policykit-1 package in Ubuntu:
  Confirmed

Bug description:
  Please sync policykit-1 0.120-6 (main) from Debian experimental

  Changelog entries since current kinetic version 0.105-33:
  https://tracker.debian.org/media/packages/p/policykit-1/changelog-0.120-6

  In particular, see the 0.120-4 changelog entry.

  I am filing a bug for Security Team review.
  Previously, Debian and Ubuntu developers agreed to keep using
  the last version of policykit before it switched to using JavaScript rules.

  But that was years ago. I believe Debian & Ubuntu are the only distros
  to have opted out of the new policykit. It is harder to maintain
  the old style rules when upstream rules use the new format. And it is
  a challenge to backport security and other bugfixes from the new
  series, without making mistakes or missing important details.

  There was a proposal to use duktape instead of mozjs for the JavaScript
  interpreter but I don't think that's been merged yet.

  It appears the Debian maintainer is considering switching Debian to the
  updated version in time for the next Debian Stable release (so uploading
  to unstable later this year).

  My requested deadline is August 25, Ubuntu 22.10 Feature Freeze.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/policykit-1/+bug/1972654/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1975602] Re: 2.36.2 security update tracking bug

2022-05-24 Thread Marc Deslauriers

** Changed in: webkit2gtk (Ubuntu)
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to webkit2gtk in Ubuntu.
https://bugs.launchpad.net/bugs/1975602

Title:
  2.36.2 security update tracking bug

Status in webkit2gtk package in Ubuntu:
  Fix Released

Bug description:
  Bug to track the 2.36.2 security update.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/webkit2gtk/+bug/1975602/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1975602] [NEW] 2.36.2 security update tracking bug

2022-05-24 Thread Marc Deslauriers

*** This bug is a security vulnerability ***

Public security bug reported:

Bug to track the 2.36.2 security update.

** Affects: webkit2gtk (Ubuntu)
 Importance: Undecided
 Status: New

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to webkit2gtk in Ubuntu.
https://bugs.launchpad.net/bugs/1975602

Title:
  2.36.2 security update tracking bug

Status in webkit2gtk package in Ubuntu:
  New

Bug description:
  Bug to track the 2.36.2 security update.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/webkit2gtk/+bug/1975602/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1974250] Re: ~/.pam_environment gets created as owned by root

2022-05-24 Thread Marc Deslauriers

** Information type changed from Private Security to Public Security

** Also affects: accountsservice (Ubuntu Jammy)
   Importance: Undecided
   Status: New

** Also affects: accountsservice (Ubuntu Kinetic)
   Importance: High
   Status: Fix Released

** Changed in: accountsservice (Ubuntu Jammy)
   Status: New => Fix Released

** Changed in: accountsservice (Ubuntu Kinetic)
   Status: Fix Released => Confirmed

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to accountsservice in Ubuntu.
https://bugs.launchpad.net/bugs/1974250

Title:
  ~/.pam_environment gets created as owned by root

Status in accountsservice package in Ubuntu:
  Confirmed
Status in accountsservice source package in Jammy:
  Fix Released
Status in accountsservice source package in Kinetic:
  Confirmed

Bug description:
  Something has happened lately with accountsservice, which makes it act
  as root instead of the current user when creating ~/.pam_environment.
  The very old bug #904395 comes to mind, and this smells a security
  issue.

  The function which is supposed to prevent this behavior is here:

  https://salsa.debian.org/freedesktop-
  team/accountsservice/-/blob/ubuntu/debian/patches/0010-set-
  language.patch#L75

  Haven't investigated further yet.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/1974250/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1971415] Re: Remote desktop is automatically enabled after login

2022-05-18 Thread Marc Deslauriers

This patch is still broken. The same thing happens with VNC:

1- Turn on remote desktop, turn on VNC.
2- Only turn off remote desktop while leaving VNC checked
3- Reboot
4- The VNC port is listening to connections even though remote desktop says off
in the control center.

--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gnome-control-center in Ubuntu.
https://bugs.launchpad.net/bugs/1971415

Title:
Remote desktop is automatically enabled after login

Status in gnome-control-center package in Ubuntu:
Fix Released
Status in gnome-control-center source package in Jammy:
Confirmed

Bug description:
Details:
Turning off RDP Remote Desktop Sharing with gnome-control-center would only
turn off RDP sharing for the current session. Upon logging back in, RDP Sharing
would be enabled again without any additional user interaction or notification.

Other Info:
As mentioned in the comments at
https://gitlab.gnome.org/GNOME/gnome-control-center/-/issues/1825
this issue could have been avoided if Ubuntu's gnome-remote-desktop didn't
keep the systemd user service always running. I do intend to fix that issue
also but it is a more complicated fix. I think it will require a maintainer
script to remove the automatic conffiles added by dh. I will do the
gnome-remote-desktop bugfix as a normal non-security SRU.

Original Bug Report:
If I disable sharing/remote desktop in GNOME Control Center, then log out and
back in, it is automatically enabled again. I report this as a security
vulnerability because remote desktop is enabled without the user's knowledge.

Software versions:
- Ubuntu 22.04
- gnome-remote-desktop 42.0-4ubuntu1
- gnome-control-center 1:41.4-1ubuntu13

Steps to reproduce:
1. Start with Remote Desktop enabled. "systemctl --user status
gnome-remote-desktop.service" reports "active (running)".
2. Disable Remote Desktop in Control Center. systemctl reports "inactive
(dead)".
3. Log out and back in.
4. Open Control Center. Remote Desktop is enabled again. systemctl reports
"active (running)".

Expected behavior:
Remote Desktop should stay disabled upon the new login.

Actual behavior:
Remote Desktop was automatically enabled again.

Previous discussion: https://gitlab.gnome.org/GNOME/gnome-control-
center/-/issues/1775#note_1443319

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnome-control-center/+bug/1971415/+subscriptions

[Desktop-packages] [Bug 1967626] Re: 22.04 beta Network Manager still sets wrong IPv6 routing

2022-05-11 Thread Marc Deslauriers

** Bug watch added: 
gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues #840
   https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/840

** Also affects: network-manager via
   https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/840
   Importance: Unknown
   Status: Unknown

** Changed in: network-manager (Ubuntu)
   Status: New => Confirmed

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1967626

Title:
  22.04 beta Network Manager still sets wrong IPv6 routing

Status in NetworkManager:
  Unknown
Status in network-manager package in Ubuntu:
  Confirmed

Bug description:
  Hi,

  that's a bug I've already reported earlier both to ubuntu and network-
  manager upstream, and nobody seems to care about.

  I'm using an AVM FritzBox, a router family very common in Germany and
  Europe for DSL and DOCSIS, but saw reports of people confirming the
  problem with other routers.

  The router sends ICMPv6 router advertisements, which contain for both
  the configured site-local address and the provider-assigned world-
  routable address range both a

  * prefix information 
  * router advertisement on itself

  All other OS and machines I have, including

  * Debian
  * Ubuntu Server
  * Ubuntu Core
  * Raspberry Pi OS
  * Other Linuxes
  * MacOS
  *...

  correctly set a link route on the network device for both the official
  and the site local address.

  Only Ubuntu Desktop machines with that damned Network Manager set a
  route to the router instead of a link route.

  The consequence is, that IPv6 still works, but significantly to slow,
  since packages are not switched on the network switch, but routed on
  the router, which dramatically decreases speed.

  
  I've reported this upstream to Network Manager, see the discussion on 

  https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/840

  but they do not even seem to understand the issue (Network Manager
  written by people not really understanding routing...)

  Their point of view is that the router will fix things by sending
  redirects. However, ICMPv6 redirects are considered a security problem
  and usually recommended to be turned off.

  The answer from NetworkManager developers is to fix the router, not
  the Network Manager to stop sending router advertisings, but can't
  explain why all other OS and other Linux distributions, including
  Ubuntu server and Ubuntu core do it correctly, and just NM doing it
  wrong.

  So Ubuntu/NetworkManagers unability to fix or even notice this
  essential problem forces people to either accept terribly slow IPv6
  traffic in local networks, or to leave the machine open for ICMPv6
  redirects, which, in general, is a security flaw and vulnerable.

To manage notifications about this bug go to:
https://bugs.launchpad.net/network-manager/+bug/1967626/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1969593] Re: rules to prevent non-root users from rebooting not taken into account

2022-05-11 Thread Marc Deslauriers

Great, thanks!

** Changed in: policykit-1 (Ubuntu)
   Status: Incomplete => Invalid

** Changed in: systemd (Ubuntu)
   Status: Incomplete => Invalid

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to policykit-1 in Ubuntu.
https://bugs.launchpad.net/bugs/1969593

Title:
  rules to prevent non-root users from rebooting not taken into account

Status in policykit-1 package in Ubuntu:
  Invalid
Status in systemd package in Ubuntu:
  Invalid

Bug description:
  On fresh Ubuntu Jammy installation, I add a 
"/etc/polkit-1/localauthority/90-mandatory.d/restriction.pkla" file with the 
following contents :
  [Disable power-off]
  Identity=unix-user:*
  Action=org.freedesktop.login1.power-off
  ResultActive=no
  ResultInactive=no
  ResultAny=no

  [Disable power-off when others are logged in]
  Identity=unix-user:*
  Action=org.freedesktop.login1.power-off-multiple-sessions
  ResultActive=no
  ResultInactive=no
  ResultAny=no

  [Disable_reboot]
  Identity=unix-user:*
  Action=org.freedesktop.login1.reboot
  ResultActive=no
  ResultInactive=no
  ResultAny=no

  [Disable_reboot_when_others_are_logged_in]
  Identity=unix-user:*
  Action=org.freedesktop.login1.reboot-multiple-sessions
  ResultActive=no
  ResultInactive=no
  ResultAny=no


  
  It must prevent non-root users from shutdowning and rebooting the system. But 
it only prevent shutdowning. Rebooting is still possible for a non-root user.

  We can see it using pkcheck command (as a non-root user) :
  $ pkcheck --action-id org.freedesktop.login1.power-off --process $PPID ; echo 
$?
  Not authorized.
  1
  $ pkcheck --action-id org.freedesktop.login1.reboot --process $PPID ; echo $?
  0

  
  As this problem can lead to unexpected reboot on multi-users systems (a 
disponibilty concern), I checked the "This bug is a security vulnerability" box.

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: policykit-1 0.105-33
  ProcVersionSignature: Ubuntu 5.15.0-25.25-generic 5.15.30
  Uname: Linux 5.15.0-25-generic x86_64
  ApportVersion: 2.20.11-0ubuntu82
  Architecture: amd64
  CasperMD5CheckResult: pass
  CurrentDesktop: ubuntu:GNOME
  Date: Wed Apr 20 10:53:27 2022
  InstallationDate: Installed on 2022-04-20 (0 days ago)
  InstallationMedia: Ubuntu 22.04 LTS "Jammy Jellyfish" - Release amd64 
(20220419)
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no username)
   XDG_RUNTIME_DIR=
   LANG=fr_FR.UTF-8
   SHELL=/bin/bash
  SourcePackage: policykit-1
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/policykit-1/+bug/1969593/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1969593] Re: rules to prevent non-root users from rebooting not taken into account

2022-05-10 Thread Marc Deslauriers

I'm setting the status of this bug as "incomplete". Please let us know
if that solved the problem for you or not. Thanks!

** Changed in: policykit-1 (Ubuntu)
   Status: New => Incomplete

** Changed in: systemd (Ubuntu)
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to policykit-1 in Ubuntu.
https://bugs.launchpad.net/bugs/1969593

Title:
  rules to prevent non-root users from rebooting not taken into account

Status in policykit-1 package in Ubuntu:
  Incomplete
Status in systemd package in Ubuntu:
  Incomplete

Bug description:
  On fresh Ubuntu Jammy installation, I add a 
"/etc/polkit-1/localauthority/90-mandatory.d/restriction.pkla" file with the 
following contents :
  [Disable power-off]
  Identity=unix-user:*
  Action=org.freedesktop.login1.power-off
  ResultActive=no
  ResultInactive=no
  ResultAny=no

  [Disable power-off when others are logged in]
  Identity=unix-user:*
  Action=org.freedesktop.login1.power-off-multiple-sessions
  ResultActive=no
  ResultInactive=no
  ResultAny=no

  [Disable_reboot]
  Identity=unix-user:*
  Action=org.freedesktop.login1.reboot
  ResultActive=no
  ResultInactive=no
  ResultAny=no

  [Disable_reboot_when_others_are_logged_in]
  Identity=unix-user:*
  Action=org.freedesktop.login1.reboot-multiple-sessions
  ResultActive=no
  ResultInactive=no
  ResultAny=no


  
  It must prevent non-root users from shutdowning and rebooting the system. But 
it only prevent shutdowning. Rebooting is still possible for a non-root user.

  We can see it using pkcheck command (as a non-root user) :
  $ pkcheck --action-id org.freedesktop.login1.power-off --process $PPID ; echo 
$?
  Not authorized.
  1
  $ pkcheck --action-id org.freedesktop.login1.reboot --process $PPID ; echo $?
  0

  
  As this problem can lead to unexpected reboot on multi-users systems (a 
disponibilty concern), I checked the "This bug is a security vulnerability" box.

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: policykit-1 0.105-33
  ProcVersionSignature: Ubuntu 5.15.0-25.25-generic 5.15.30
  Uname: Linux 5.15.0-25-generic x86_64
  ApportVersion: 2.20.11-0ubuntu82
  Architecture: amd64
  CasperMD5CheckResult: pass
  CurrentDesktop: ubuntu:GNOME
  Date: Wed Apr 20 10:53:27 2022
  InstallationDate: Installed on 2022-04-20 (0 days ago)
  InstallationMedia: Ubuntu 22.04 LTS "Jammy Jellyfish" - Release amd64 
(20220419)
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no username)
   XDG_RUNTIME_DIR=
   LANG=fr_FR.UTF-8
   SHELL=/bin/bash
  SourcePackage: policykit-1
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/policykit-1/+bug/1969593/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1969593] Re: rules to prevent non-root users from rebooting not taken into account

2022-05-10 Thread Marc Deslauriers

Systemd has a bunch of "imply" rules on other actionstry adding the
following:

[Disable more reboot actions]
Identity=unix-user:*
Action=org.freedesktop.login1.reboot-ignore-inhibit;org.freedesktop.login1.set-reboot-*
ResultActive=no
ResultInactive=no
ResultAny=no

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to policykit-1 in Ubuntu.
https://bugs.launchpad.net/bugs/1969593

Title:
  rules to prevent non-root users from rebooting not taken into account

Status in policykit-1 package in Ubuntu:
  New
Status in systemd package in Ubuntu:
  New

Bug description:
  On fresh Ubuntu Jammy installation, I add a 
"/etc/polkit-1/localauthority/90-mandatory.d/restriction.pkla" file with the 
following contents :
  [Disable power-off]
  Identity=unix-user:*
  Action=org.freedesktop.login1.power-off
  ResultActive=no
  ResultInactive=no
  ResultAny=no

  [Disable power-off when others are logged in]
  Identity=unix-user:*
  Action=org.freedesktop.login1.power-off-multiple-sessions
  ResultActive=no
  ResultInactive=no
  ResultAny=no

  [Disable_reboot]
  Identity=unix-user:*
  Action=org.freedesktop.login1.reboot
  ResultActive=no
  ResultInactive=no
  ResultAny=no

  [Disable_reboot_when_others_are_logged_in]
  Identity=unix-user:*
  Action=org.freedesktop.login1.reboot-multiple-sessions
  ResultActive=no
  ResultInactive=no
  ResultAny=no


  
  It must prevent non-root users from shutdowning and rebooting the system. But 
it only prevent shutdowning. Rebooting is still possible for a non-root user.

  We can see it using pkcheck command (as a non-root user) :
  $ pkcheck --action-id org.freedesktop.login1.power-off --process $PPID ; echo 
$?
  Not authorized.
  1
  $ pkcheck --action-id org.freedesktop.login1.reboot --process $PPID ; echo $?
  0

  
  As this problem can lead to unexpected reboot on multi-users systems (a 
disponibilty concern), I checked the "This bug is a security vulnerability" box.

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: policykit-1 0.105-33
  ProcVersionSignature: Ubuntu 5.15.0-25.25-generic 5.15.30
  Uname: Linux 5.15.0-25-generic x86_64
  ApportVersion: 2.20.11-0ubuntu82
  Architecture: amd64
  CasperMD5CheckResult: pass
  CurrentDesktop: ubuntu:GNOME
  Date: Wed Apr 20 10:53:27 2022
  InstallationDate: Installed on 2022-04-20 (0 days ago)
  InstallationMedia: Ubuntu 22.04 LTS "Jammy Jellyfish" - Release amd64 
(20220419)
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no username)
   XDG_RUNTIME_DIR=
   LANG=fr_FR.UTF-8
   SHELL=/bin/bash
  SourcePackage: policykit-1
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/policykit-1/+bug/1969593/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1972654] Re: [security review] Sync policykit-1 0.120-6 (main) from Debian experimental

2022-05-09 Thread Marc Deslauriers

We do not want policykit to use the unmaintainable mozjs backend. That
would be a hard NACK from the Security Team.

The duktape backend has been merged upstream. So in order to sync this
to Ubuntu, the following must be done:

1- Get Debian to switch to the duktape backend
2- Get Debian to transition all packages in the archive from PKLA policy files 
to JS policy files
3- Transition Ubuntu packages not in Debian from PKLA policy files to JS policy 
files
4- Investigate Snap policykit support, and if required, transition Snaps from 
PKLA policy files to JS policy files.

Once the transition has been done for all software, policykit can be
switched to the duktape policykit backend by syncing the package from
Debian. Hopefully at that point it will be in Unstable, and not in
experimental.

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to policykit-1 in Ubuntu.
https://bugs.launchpad.net/bugs/1972654

Title:
  [security review] Sync policykit-1 0.120-6 (main) from Debian
  experimental

Status in policykit-1 package in Ubuntu:
  Confirmed

Bug description:
  Please sync policykit-1 0.120-6 (main) from Debian experimental

  Changelog entries since current kinetic version 0.105-33:
  https://tracker.debian.org/media/packages/p/policykit-1/changelog-0.120-6

  In particular, see the 0.120-4 changelog entry.

  I am filing a bug for Security Team review.
  Previously, Debian and Ubuntu developers agreed to keep using
  the last version of policykit before it switched to using JavaScript rules.

  But that was years ago. I believe Debian & Ubuntu are the only distros
  to have opted out of the new policykit. It is harder to maintain
  the old style rules when upstream rules use the new format. And it is
  a challenge to backport security and other bugfixes from the new
  series, without making mistakes or missing important details.

  There was a proposal to use duktape instead of mozjs for the JavaScript
  interpreter but I don't think that's been merged yet.

  It appears the Debian maintainer is considering switching Debian to the
  updated version in time for the next Debian Stable release (so uploading
  to unstable later this year).

  My requested deadline is August 25, Ubuntu 22.10 Feature Freeze.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/policykit-1/+bug/1972654/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1970148] Re: Brave & Chrome browsers freezes on download and print to pdf

2022-05-01 Thread Marc H.

I have the same issue on Windows 11, Chrome/Edge freezing for about 3-4
seconds when you save any file to disk. This started a few days ago.

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to chromium-browser in Ubuntu.
https://bugs.launchpad.net/bugs/1970148

Title:
  Brave & Chrome browsers freezes on download and print to pdf

Status in chromium-browser package in Ubuntu:
  Invalid

Bug description:
  Whenever any file is downloaded, the browser will freeze.

  Similarly, the browser will freeze when a page is printed to pdf.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1970148/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1971058] [NEW] package yaru-theme-gnome-shell 21.10.2 failed to install/upgrade: new yaru-theme-gnome-shell package pre-installation script subprocess returned error exit statu

2022-04-30 Thread Marc Cabana

Public bug reported:

Can't install do-release-upgrade

ProblemType: Package
DistroRelease: Ubuntu 21.10
Package: yaru-theme-gnome-shell 21.10.2
ProcVersionSignature: Ubuntu 5.13.0-40.45-generic 5.13.19
Uname: Linux 5.13.0-40-generic x86_64
ApportVersion: 2.20.11-0ubuntu71.1
Architecture: amd64
CasperMD5CheckResult: unknown
Date: Sat Apr 30 18:40:19 2022
Dependencies:
 
ErrorMessage: new yaru-theme-gnome-shell package pre-installation script 
subprocess returned error exit status 1
InstallationDate: Installed on 2021-03-27 (399 days ago)
InstallationMedia: Ubuntu 21.04 "Hirsute Hippo" - Alpha amd64 (20210123)
PackageArchitecture: all
Python3Details: /usr/bin/python3.9, Python 3.9.7, python3-minimal, 3.9.4-1build1
PythonDetails: /usr/bin/python2.7, Python 2.7.18, python-is-python2, 2.7.18-9
RebootRequiredPkgs: Error: path contained symlinks.
RelatedPackageVersions:
 dpkg 1.20.9ubuntu2
 apt  2.3.9
SourcePackage: yaru-theme
Title: package yaru-theme-gnome-shell 21.10.2 failed to install/upgrade: new 
yaru-theme-gnome-shell package pre-installation script subprocess returned 
error exit status 1
UpgradeStatus: Upgraded to impish on 2022-04-30 (0 days ago)

** Affects: yaru-theme (Ubuntu)
 Importance: Undecided
 Status: New


** Tags: amd64 apport-package impish need-duplicate-check

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to yaru-theme in Ubuntu.
https://bugs.launchpad.net/bugs/1971058

Title:
  package yaru-theme-gnome-shell 21.10.2 failed to install/upgrade: new
  yaru-theme-gnome-shell package pre-installation script subprocess
  returned error exit status 1

Status in yaru-theme package in Ubuntu:
  New

Bug description:
  Can't install do-release-upgrade

  ProblemType: Package
  DistroRelease: Ubuntu 21.10
  Package: yaru-theme-gnome-shell 21.10.2
  ProcVersionSignature: Ubuntu 5.13.0-40.45-generic 5.13.19
  Uname: Linux 5.13.0-40-generic x86_64
  ApportVersion: 2.20.11-0ubuntu71.1
  Architecture: amd64
  CasperMD5CheckResult: unknown
  Date: Sat Apr 30 18:40:19 2022
  Dependencies:
   
  ErrorMessage: new yaru-theme-gnome-shell package pre-installation script 
subprocess returned error exit status 1
  InstallationDate: Installed on 2021-03-27 (399 days ago)
  InstallationMedia: Ubuntu 21.04 "Hirsute Hippo" - Alpha amd64 (20210123)
  PackageArchitecture: all
  Python3Details: /usr/bin/python3.9, Python 3.9.7, python3-minimal, 
3.9.4-1build1
  PythonDetails: /usr/bin/python2.7, Python 2.7.18, python-is-python2, 2.7.18-9
  RebootRequiredPkgs: Error: path contained symlinks.
  RelatedPackageVersions:
   dpkg 1.20.9ubuntu2
   apt  2.3.9
  SourcePackage: yaru-theme
  Title: package yaru-theme-gnome-shell 21.10.2 failed to install/upgrade: new 
yaru-theme-gnome-shell package pre-installation script subprocess returned 
error exit status 1
  UpgradeStatus: Upgraded to impish on 2022-04-30 (0 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/yaru-theme/+bug/1971058/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1971001] Re: Multiple vulnerabilities in Trusty, Xenial, Bionic, Focal, Impish and Jammy

2022-04-30 Thread Marc Deslauriers

** Changed in: tiff (Ubuntu)
   Status: New => Confirmed

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to tiff in Ubuntu.
https://bugs.launchpad.net/bugs/1971001

Title:
  Multiple vulnerabilities in Trusty, Xenial, Bionic, Focal, Impish and
  Jammy

Status in tiff package in Ubuntu:
  Confirmed

Bug description:
  The versions in Trusty, Xenial, Bionic, Focal and Impish may be
  vulnerable to all CVEs below.

  The version in Jammy is vulnerable to CVE-2022-0865.

  Debian released an advisory on March 24.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/1971001/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1970783] Re: Multiple vulnerabilities in Bionic

2022-04-29 Thread Marc Deslauriers

We are no longer able to update webkit2gtk in bionic as it has new
toolchain requirements that can't be met. See:

https://wiki.ubuntu.com/SecurityTeam/FAQ#WebKitGTK

** Changed in: webkit2gtk (Ubuntu)
   Importance: Undecided => Wishlist

** Changed in: webkit2gtk (Ubuntu)
   Status: New => Confirmed

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to webkit2gtk in Ubuntu.
https://bugs.launchpad.net/bugs/1970783

Title:
  Multiple vulnerabilities in Bionic

Status in webkit2gtk package in Ubuntu:
  Confirmed

Bug description:
  The version in Bionic has multiple vulnerabilities.

  Please backport version 2.36.0 or at least the security fixes in that
  version.

  Upstream and Debian have released advisories on April 8.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/webkit2gtk/+bug/1970783/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1969932] Re: Security issue in Ghostscript 9.26 due to missing patch

2022-04-25 Thread Marc Deslauriers

Thanks for filing the upstream bug, I am making this bug public since
the commits are public and the issue is fixed in later releases. Thanks!

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to ghostscript in Ubuntu.
https://bugs.launchpad.net/bugs/1969932

Title:
  Security issue in Ghostscript 9.26 due to missing patch

Status in ghostscript package in Ubuntu:
  New

Bug description:
  I'm a German security researcher and submitted a report via HackerOne
  to Yahoo, they encouraged me to notify you directly regarding this
  issue. As it turned out, older Ubuntu LTS versions are affected:

  - ghostscript_9.26~dfsg+0-0ubuntu0.18.04.15 (Bionic Beaver)
  - ghostscript_9.26~dfsg+0-0ubuntu0.16.04.14 (Xenial Xerus)
  - ghostscript_9.26~dfsg+0-0ubuntu0.14.04.8 (Trusty Tahr)

  The issue is caused by a missing patch from 2019 [1], a variant of
  CVE-2019-6116, which can lead to a -dSAFER bypass (i.e., a malicious
  PostScript/EPS file can potentially execute arbitrary shell commands).
  Jammy Jellyfish, Impish Indri, and Focal Fossa are *not* affected.

  *Countermeasures:* Make sure to apply this patch [1] to the older LTS
  versions (14/16/18).

  [1] https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=430e2

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ghostscript/+bug/1969932/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1970121] Re: sharing enabled by default on 22.04

2022-04-24 Thread Marc Deslauriers

*** This bug is a duplicate of bug 1969619 ***
https://bugs.launchpad.net/bugs/1969619

** This bug has been marked a duplicate of bug 1969619
   RDP Sharing appears on by default in jammy

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gnome-remote-desktop in Ubuntu.
https://bugs.launchpad.net/bugs/1970121

Title:
  sharing enabled by default on 22.04

Status in gnome-remote-desktop package in Ubuntu:
  New

Bug description:
  After install and first boot, sharing is enabled by default in Ubuntu
  22.04. It should be disabled initially. I used the minimal install
  function and it seems to be related to gnome-remote-desktop.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnome-remote-desktop/+bug/1970121/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1964724] Re: the laptop is slowing down I suspect the graphics

Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug.  I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privilege boundaries nor directly cause loss of data/privacy.
Please feel free to report any other bugs you may find.

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to xorg in Ubuntu.
https://bugs.launchpad.net/bugs/1964724

Title:
  the laptop is slowing down I suspect the graphics

Status in xorg package in Ubuntu:
  New

Bug description:
  I am sure that the video driver does not work because it is very
  stupid

  ProblemType: Bug
  DistroRelease: Ubuntu 20.04
  Package: xorg 1:7.7+19ubuntu14
  ProcVersionSignature: Ubuntu 5.13.0-36.41~20.04.1-generic 5.13.19
  Uname: Linux 5.13.0-36-generic x86_64
  ApportVersion: 2.20.11-0ubuntu27.21
  Architecture: amd64
  BootLog: Error: [Errno 13] Отказано в доступе: '/var/log/boot.log'
  CasperMD5CheckResult: skip
  CompositorRunning: None
  CurrentDesktop: ubuntu:GNOME
  Date: Mon Mar 14 01:26:27 2022
  DistUpgraded: Fresh install
  DistroCodename: focal
  DistroVariant: ubuntu
  ExtraDebuggingInterest: Yes, if not too technical
  GraphicsCard:
   Intel Corporation 3rd Gen Core processor Graphics Controller [8086:0156] 
(rev 09) (prog-if 00 [VGA controller])
 Subsystem: Acer Incorporated [ALI] 3rd Gen Core processor Graphics 
Controller [1025:081b]
  InstallationDate: Installed on 2022-03-11 (2 days ago)
  InstallationMedia: Ubuntu 20.04.4 LTS "Focal Fossa" - Release amd64 (20220223)
  MachineType: Acer Aspire V5-132P
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.13.0-36-generic 
root=UUID=3ed9b8cd-2125-43f4-af3a-b14a5314ae6e ro quiet splash vt.handoff=7
  SourcePackage: xorg
  UpgradeStatus: No upgrade log present (probably fresh install)
  XorgConf:
   
  dmi.bios.date: 07/19/2013
  dmi.bios.release: 2.4
  dmi.bios.vendor: Phoenix Technologies Ltd.
  dmi.bios.version: V2.04
  dmi.board.name: Angel_CY
  dmi.board.vendor: Acer
  dmi.board.version: V2.04
  dmi.chassis.type: 9
  dmi.chassis.vendor: Acer
  dmi.chassis.version: V2.04
  dmi.ec.firmware.release: 1.5
  dmi.modalias: 
dmi:bvnPhoenixTechnologiesLtd.:bvrV2.04:bd07/19/2013:br2.4:efr1.5:svnAcer:pnAspireV5-132P:pvrV2.04:rvnAcer:rnAngel_CY:rvrV2.04:cvnAcer:ct9:cvrV2.04:skuAspireV5-132P_081B_2.04:
  dmi.product.family: Aspire V5-132P
  dmi.product.name: Aspire V5-132P
  dmi.product.sku: Aspire V5-132P_081B_2.04
  dmi.product.version: V2.04
  dmi.sys.vendor: Acer
  version.compiz: compiz N/A
  version.libdrm2: libdrm2 2.4.110+git2203100500.7c28f5~oibaf~f
  version.libgl1-mesa-dri: libgl1-mesa-dri 22.1~git2203130600.177805~oibaf~f
  version.libgl1-mesa-glx: libgl1-mesa-glx N/A
  version.xserver-xorg-core: xserver-xorg-core 2:1.20.13-1ubuntu1~20.04.2
  version.xserver-xorg-input-evdev: xserver-xorg-input-evdev N/A
  version.xserver-xorg-video-ati: xserver-xorg-video-ati 1:19.1.0-1
  version.xserver-xorg-video-intel: xserver-xorg-video-intel 
2:2.99.917+git20200226-1
  version.xserver-xorg-video-nouveau: xserver-xorg-video-nouveau 1:1.0.16-1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xorg/+bug/1964724/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1964795] Re: gnome-keyring-daemon crashed with signal 7

Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug.  I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privilege boundaries nor directly cause loss of data/privacy.
Please feel free to report any other bugs you may find.

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gnome-keyring in Ubuntu.
https://bugs.launchpad.net/bugs/1964795

Title:
  gnome-keyring-daemon crashed with signal 7

Status in gnome-keyring package in Ubuntu:
  New

Bug description:
  Description:  Ubuntu Jammy Jellyfish (development branch)
  Release:  22.04

  gnome-keyring:
Installed: 40.0-3ubuntu1
Candidate: 40.0-3ubuntu1
Version table:
   *** 40.0-3ubuntu1 500
  500 http://ports.ubuntu.com/ubuntu-ports jammy/main arm64 Packages
  100 /var/lib/dpkg/status

  Background process crashes unexpectedly a few moments after login.

  I'm running the dev release of Jammy on a Raspberry Pi 400 with all
  updates applied.

  ProblemType: Crash
  DistroRelease: Ubuntu 22.04
  Package: gnome-keyring 40.0-3ubuntu1
  ProcVersionSignature: Ubuntu 5.15.0-1003.3-raspi 5.15.19
  Uname: Linux 5.15.0-1003-raspi aarch64
  ApportVersion: 2.20.11-0ubuntu79
  Architecture: arm64
  CasperMD5CheckResult: unknown
  Date: Mon Mar 14 15:26:41 2022
  Disassembly: => 0x:   Cannot access memory at address 0x
  ExecutablePath: /usr/bin/gnome-keyring-daemon
  ImageMediaBuild: 20201022
  ProcCmdline: /usr/bin/gnome-keyring-daemon --daemonize --login
  ProcEnviron:
   SHELL=/bin/bash
   PATH=(custom, no user)
   LANG=en_GB.UTF-8
   LANGUAGE=en_GB:en
   XDG_RUNTIME_DIR=
  Signal: 7
  SourcePackage: gnome-keyring
  StacktraceTop:
   ()
   ()
   () at /lib/aarch64-linux-gnu/libgio-2.0.so.0
   g_signal_emit_valist () at /lib/aarch64-linux-gnu/libgobject-2.0.so.0
   g_signal_emit () at /lib/aarch64-linux-gnu/libgobject-2.0.so.0
  Title: gnome-keyring-daemon crashed with signal 7
  UpgradeStatus: Upgraded to jammy on 2022-03-07 (6 days ago)
  UserGroups: adm cdrom dip libvirt lpadmin lxd plugdev sambashare sudo
  separator:

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnome-keyring/+bug/1964795/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1965114] Re: computer errs

Thank you for using Ubuntu and taking the time to report a bug. Your
report should contain, at a minimum, the following information so we can
better find the source of the bug and work to resolve it.

Submitting the bug about the proper source package is essential. For
help see https://wiki.ubuntu.com/Bugs/FindRightPackage . Additionally,
in the report please include:

1) The release of Ubuntu you are using, via 'cat /etc/lsb-release' or System -> 
About Ubuntu.
2) The version of the package you are using, via 'dpkg -l PKGNAME | cat' or by 
checking in Synaptic.
3) What happened and what you expected to happen.

The Ubuntu community has also created debugging procedures for a wide
variety of packages at https://wiki.ubuntu.com/DebuggingProcedures .
Following the debugging instructions for the affected package will make
your bug report much more complete. Thanks!


** Information type changed from Private Security to Public

** Changed in: xorg (Ubuntu)
   Status: New => Invalid

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to xorg in Ubuntu.
https://bugs.launchpad.net/bugs/1965114

Title:
  computer errs

Status in xorg package in Ubuntu:
  Invalid

Bug description:
  OS  performs  errors

  ProblemType: Bug
  DistroRelease: Ubuntu 20.04
  Package: xorg 1:7.7+19ubuntu14
  ProcVersionSignature: Ubuntu 5.4.0-105.119-generic 5.4.174
  Uname: Linux 5.4.0-105-generic x86_64
  .tmp.unity_support_test.0:
   
  ApportVersion: 2.20.11-0ubuntu27.21
  Architecture: amd64
  CasperMD5CheckResult: skip
  CompizPlugins: No value set for 
`/apps/compiz-1/general/screen0/options/active_plugins'
  CompositorRunning: None
  Date: Wed Mar 16 15:41:52 2022
  DistUpgraded: 2022-02-14 15:26:03,689 DEBUG icon theme changed, re-reading
  DistroCodename: focal
  DistroVariant: ubuntu
  GraphicsCard:
   Intel Corporation Haswell-ULT Integrated Graphics Controller [8086:0a16] 
(rev 0b) (prog-if 00 [VGA controller])
 Subsystem: Lenovo ThinkPad X240 [17aa:2214]
  InstallationDate: Installed on 2021-01-14 (425 days ago)
  InstallationMedia: Ubuntu 16.04.3 LTS "Xenial Xerus" - Release amd64 
(20170801)
  MachineType: LENOVO 20AMCTO1WW
  ProcEnviron:
   LANGUAGE=en_IN:en
   PATH=(custom, no user)
   LANG=en_IN
   SHELL=/bin/bash
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.4.0-105-generic 
root=UUID=fb3eedbf-03ca-48cd-b4f6-ab7e0a3a9af6 ro quiet splash vt.handoff=7
  SourcePackage: xorg
  UpgradeStatus: Upgraded to focal on 2022-02-14 (30 days ago)
  dmi.bios.date: 08/27/2014
  dmi.bios.vendor: LENOVO
  dmi.bios.version: GIET76WW (2.26 )
  dmi.board.asset.tag: Not Available
  dmi.board.name: 20AMCTO1WW
  dmi.board.vendor: LENOVO
  dmi.board.version: Not Defined
  dmi.chassis.asset.tag: No Asset Information
  dmi.chassis.type: 10
  dmi.chassis.vendor: LENOVO
  dmi.chassis.version: Not Available
  dmi.modalias: 
dmi:bvnLENOVO:bvrGIET76WW(2.26):bd08/27/2014:svnLENOVO:pn20AMCTO1WW:pvrThinkPadX240:rvnLENOVO:rn20AMCTO1WW:rvrNotDefined:cvnLENOVO:ct10:cvrNotAvailable:
  dmi.product.family: ThinkPad X240
  dmi.product.name: 20AMCTO1WW
  dmi.product.sku: LENOVO_MT_20AM_BU_Think_FM_ThinkPad X240
  dmi.product.version: ThinkPad X240
  dmi.sys.vendor: LENOVO
  version.compiz: compiz 1:0.9.14.1+20.04.20200211-0ubuntu1
  version.libdrm2: libdrm2 2.4.107-8ubuntu1~20.04.2
  version.libgl1-mesa-dri: libgl1-mesa-dri 21.2.6-0ubuntu0.1~20.04.2
  version.libgl1-mesa-glx: libgl1-mesa-glx 21.2.6-0ubuntu0.1~20.04.2
  version.xserver-xorg-core: xserver-xorg-core 2:1.20.13-1ubuntu1~20.04.2
  version.xserver-xorg-input-evdev: xserver-xorg-input-evdev 1:2.10.6-1
  version.xserver-xorg-video-ati: xserver-xorg-video-ati 1:19.1.0-1
  version.xserver-xorg-video-intel: xserver-xorg-video-intel 
2:2.99.917+git20200226-1
  version.xserver-xorg-video-nouveau: xserver-xorg-video-nouveau 1:1.0.16-1
  xserver.bootTime: Thu Sep 30 14:17:53 2021
  xserver.configfile: default
  xserver.errors:
   
  xserver.logfile: /var/log/Xorg.0.log
  xserver.version: 2:1.19.6-1ubuntu4.1~16.04.6
  xserver.video_driver: modeset

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xorg/+bug/1965114/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1965686] Re: After the laptop comes out of sleep mode, the desktop environment for some reason breaks and appears crashes window

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gnome-shell in Ubuntu.
https://bugs.launchpad.net/bugs/1965686

Title:
  After the laptop comes out of sleep mode, the desktop environment for
  some reason breaks and appears crashes window

Status in gnome-shell package in Ubuntu:
  New

Bug description:

  I've been running Ubuntu 20.04 for about a month now. Lock screen is
  crashing the UI in 20.04.

  I don't know how to stop crashing my screen so I forcefully press
  power off button and turn on again my computer every time I use it.

  ProblemType: Bug
  DistroRelease: Ubuntu 20.04
  Package: gnome-shell 3.36.9-0ubuntu0.20.04.2
  ProcVersionSignature: Ubuntu 5.13.0-28.31~20.04.1-generic 5.13.19
  Uname: Linux 5.13.0-28-generic x86_64
  ApportVersion: 2.20.11-0ubuntu27.21
  Architecture: amd64
  CasperMD5CheckResult: skip
  CurrentDesktop: ubuntu:GNOME
  Date: Sun Mar 20 22:26:56 2022
  DisplayManager: gdm3
  InstallationDate: Installed on 2022-01-18 (61 days ago)
  InstallationMedia: Ubuntu 20.04.3 LTS "Focal Fossa" - Release amd64 (20210819)
  RelatedPackageVersions: mutter-common 3.36.9-0ubuntu0.20.04.2
  SourcePackage: gnome-shell
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnome-shell/+bug/1965686/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1965869] Re: Screen only partially locked. Password promt was visible, but switching to window and typing eg in terminal was possible

** Package changed: ubuntu => gnome-shell (Ubuntu)

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gnome-shell in Ubuntu.
https://bugs.launchpad.net/bugs/1965869

Title:
  Screen only partially locked. Password promt was visible, but
  switching to window and typing eg in terminal was possible

Status in gnome-shell package in Ubuntu:
  New

Bug description:
  Today I returned to my PC, which was on over night.

  The screen was only partially locked. The password prompt was full
  screen except the start menu on the left was visible. I was able to
  click on the Icons of running applications and was able to type in an
  open terminal which responded correctly and executed the commands (I
  tried "reset").

  I have no Idea what can cause this issue and would appreciate help on
  how to gather information that can help the Ubuntu team find the cause
  of the issue.

  I saved copies of dmesg, syslog and kern.log.
  I have not tried reproducing the bug.
  I do not know if I actively locked the screen or if I just walked off 
yesterday.

  Best Regards,
  Chris

  ProblemType: Bug
  DistroRelease: Ubuntu 21.10
  Package: gnome-screensaver (not installed)
  ProcVersionSignature: Ubuntu 5.13.0-35.40-generic 5.13.19
  Uname: Linux 5.13.0-35-generic x86_64
  ApportVersion: 2.20.11-0ubuntu71
  Architecture: amd64
  CasperMD5CheckResult: pass
  CurrentDesktop: ubuntu:GNOME
  Date: Tue Mar 22 08:16:18 2022
  InstallationDate: Installed on 2021-12-13 (98 days ago)
  InstallationMedia: Ubuntu 21.10 "Impish Indri" - Release amd64 (20211012)
  SourcePackage: gnome-screensaver
  Symptom: security
  Title: Screen locking issue
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnome-shell/+bug/1965869/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1966572] Re: Chromium Zero Day