[Touch-packages] [Bug 2017786] Re: update script in ubuntu-meta not handling germinate or specified versions
** Changed in: ubuntucinnamon-meta (Ubuntu) Assignee: (unassigned) => Joshua Peisach (itzswirlz) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ubuntu-meta in Ubuntu. https://bugs.launchpad.net/bugs/2017786 Title: update script in ubuntu-meta not handling germinate or specified versions Status in edubuntu-meta package in Ubuntu: New Status in kubuntu-meta package in Ubuntu: New Status in lubuntu-meta package in Ubuntu: New Status in ubuntu-budgie-meta package in Ubuntu: New Status in ubuntu-mate-meta package in Ubuntu: New Status in ubuntu-meta package in Ubuntu: In Progress Status in ubuntu-unity-meta package in Ubuntu: New Status in ubuntucinnamon-meta package in Ubuntu: New Status in ubuntukylin-meta package in Ubuntu: New Status in ubuntustudio-meta package in Ubuntu: New Status in xubuntu-meta package in Ubuntu: New Bug description: update script handled debootstrap and devscripts, does not handle germinate. also doesn't handle potential specified versions in the package directory. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/edubuntu-meta/+bug/2017786/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1987560] Re: don't switch Ubuntu libtimezonemap to libsoup3
Should I get in touch with an archive admin? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libtimezonemap in Ubuntu. https://bugs.launchpad.net/bugs/1987560 Title: don't switch Ubuntu libtimezonemap to libsoup3 Status in libtimezonemap package in Ubuntu: Triaged Bug description: libtimezonemap is used by ubiquity and ubiquity still uses libsoup2. See https://launchpad.net/bugs/1987454 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libtimezonemap/+bug/1987560/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1982898] Re: CVE-2021-46829: Buffer overwrite in io-gif-animation.c composite_frame() in gdk-pixbuf
I can confirm for myself now aswell that I am experiencing issues. Some applications, most of them listed above in one way or another can be found to properly be unable to handle these images. Gdk-pixbuf still crashes but no longer is a buffer overwrite. Technically a win - but the key issue is apps do not know how to respond to what to do when gdk-pixbuf dies. Take eye of gnome - if you open a file directly from terminal using one of the POCs, it is fine and reads the gdk-pixbuf error correctly. But cycle to the next POC and it crashes. Probably a lot of this is apps being tied into gdk-pixbuf, and if I am correct it is a part of Gtk so apps are sort of forced to be connected to it. When one breaks down, it's like a cable wire. In the future, for stability purposes patches need to be made to apps so whenever a component like gdk-pixbuf fails, the rest of the app doesn't (or has some fallback state) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gdk-pixbuf in Ubuntu. https://bugs.launchpad.net/bugs/1982898 Title: CVE-2021-46829: Buffer overwrite in io-gif-animation.c composite_frame() in gdk-pixbuf Status in gdk-pixbuf package in Ubuntu: In Progress Bug description: [Impact] * A buffer overwrite exists in gdk-pixbuf's thumbnailer. * The GIF loader runs out of memory with specifically crafted files with bad frame data (and images with its sizes) over the integer limit. * After gdk-pixbuf-thum runs out of memory, other apps can and on low RAM systems like my old iMac, the system can completely run out of memory. * Or, in other ways, bad gif files in other applications can open the door for exploits. * Any app using gdk-pixbuf is affected, mainly file managers and image viewers. [Test Plan] * Take the POC's - they can be found in the issue in the GNOME repo * Open them in an application that uses gdk-pixbuf. I have managed to produce reactions with: - Nautilus, GNOME's file manager - Nemo, Cinnamon's file manager - Thunar, XFCE's file manager, which has its own thumbnailere (tumbler) that also inevitably fails and crashes - PCManFM, LXDE's file manager which straight up crashes - Caja, MATE's file manager causes libpixbufloader-gif to segfault (app still usable, no memory issues) - Eye of GNOME (eog) triggers the segfault in syslog - Eye of MATE (eom) segfaults * If you or the system couldn't tell something is wrong, cat /var/log/syslog and enjoy the segfaults or out of memory warnings or even kernel spam. [Where problems could occur] * The patch itself is simple, but since gdk-pixbuf is often used with GTK apps a mistake here could be problematic. * It is possible, and has happened in the past (which has been patched) that other bad GIFs can cause other crashes. * That patch is essentially overflow checks - changes with GLib (GNOME's, not to be confused with glibc) and the functions used in not only the patch but all of gdk-pixbuf can cause problems * Other failures to properly handle GIFs and broken or intentionally tampered GIFs can continue and always will open the door for security holes for other bugs * Again, overall a simple patch but as long as the GIFs remain handled properly, and no changes to the GLib functions are made and to other apps that use gdk-pixbuf (and assuming are not affected by the change and still work), the patch does not have much regression potential. [Other Info] * Besides Buffer overwrite/overflow issues, as aforementioned out of memory errors can happen. * Files attached are examples or crashes * Again, all apps using gdk-pixbuf are affected * https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/121/ * https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/190 * https://github.com/pedrib/PoC/blob/master/fuzzing/CVE-2021-46829/CVE-2021-46829.md ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: libgdk-pixbuf2.0-0 2.40.0+dfsg-3ubuntu0.2 ProcVersionSignature: Ubuntu 5.15.0-43.46~20.04.1-generic 5.15.39 Uname: Linux 5.15.0-43-generic x86_64 ApportVersion: 2.20.11-0ubuntu27.24 Architecture: amd64 CasperMD5CheckResult: skip CurrentDesktop: X-Cinnamon Date: Tue Jul 26 19:33:41 2022 InstallationDate: Installed on 2021-11-24 (244 days ago) InstallationMedia: ubuntucinnamonremix "@BASECODENAME" (20210826) SourcePackage: gdk-pixbuf UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gdk-pixbuf/+bug/1982898/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1982898] Re: CVE-2021-46829: Buffer overwrite in io-gif-animation.c composite_frame() in gdk-pixbuf
** Attachment added: "Eye of MATE Crash" https://bugs.launchpad.net/ubuntu/+source/gdk-pixbuf/+bug/1982898/+attachment/5605633/+files/EOMCrash.tar.gz ** Description changed: [Impact] * A buffer overwrite exists in gdk-pixbuf's thumbnailer. * The GIF loader runs out of memory with specifically crafted files with bad frame data (and images with its sizes) over the integer limit. * After gdk-pixbuf-thum runs out of memory, other apps can and on low RAM systems like my old iMac, the system can completely run out of memory. * Or, in other ways, bad gif files in other applications can open the door for exploits. * Any app using gdk-pixbuf is affected, mainly file managers and image viewers. [Test Plan] * Take the POC's - they can be found in the issue in the GNOME repo * Open them in an application that uses gdk-pixbuf. I have managed to produce reactions with: - Nautilus, GNOME's file manager - Nemo, Cinnamon's file manager - Thunar, XFCE's file manager, which has its own thumbnailere (tumbler) that also inevitably fails and crashes - PCManFM, LXDE's file manager which straight up crashes - Caja, MATE's file manager causes libpixbufloader-gif to segfault (app still usable, no memory issues) - Eye of GNOME (eog) triggers the segfault in syslog + - Eye of MATE (eom) segfaults * If you or the system couldn't tell something is wrong, cat /var/log/syslog and enjoy the segfaults or out of memory warnings or even kernel spam. [Where problems could occur] * The patch itself is simple, but since gdk-pixbuf is often used with GTK apps a mistake here could be problematic. * It is possible, and has happened in the past (which has been patched) that other bad GIFs can cause other crashes. * That patch is essentially overflow checks - changes with GLib (GNOME's, not to be confused with glibc) and the functions used in not only the patch but all of gdk-pixbuf can cause problems * Other failures to properly handle GIFs and broken or intentionally tampered GIFs can continue and always will open the door for security holes for other bugs * Again, overall a simple patch but as long as the GIFs remain handled properly, and no changes to the GLib functions are made and to other apps that use gdk-pixbuf (and assuming are not affected by the change and still work), the patch does not have much regression potential. [Other Info] * Besides Buffer overwrite/overflow issues, as aforementioned out of memory errors can happen. * Files attached are examples or crashes * Again, all apps using gdk-pixbuf are affected * https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/121/ * https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/190 - * https://github.com/pedrib/PoC/blob/master/fuzzing/CVE-2021-46829/CVE-2021-46829.md + * https://github.com/pedrib/PoC/blob/master/fuzzing/CVE-2021-46829/CVE-2021-46829.md ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: libgdk-pixbuf2.0-0 2.40.0+dfsg-3ubuntu0.2 ProcVersionSignature: Ubuntu 5.15.0-43.46~20.04.1-generic 5.15.39 Uname: Linux 5.15.0-43-generic x86_64 ApportVersion: 2.20.11-0ubuntu27.24 Architecture: amd64 CasperMD5CheckResult: skip CurrentDesktop: X-Cinnamon Date: Tue Jul 26 19:33:41 2022 InstallationDate: Installed on 2021-11-24 (244 days ago) InstallationMedia: ubuntucinnamonremix "@BASECODENAME" (20210826) SourcePackage: gdk-pixbuf UpgradeStatus: No upgrade log present (probably fresh install) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gdk-pixbuf in Ubuntu. https://bugs.launchpad.net/bugs/1982898 Title: CVE-2021-46829: Buffer overwrite in io-gif-animation.c composite_frame() in gdk-pixbuf Status in gdk-pixbuf package in Ubuntu: In Progress Bug description: [Impact] * A buffer overwrite exists in gdk-pixbuf's thumbnailer. * The GIF loader runs out of memory with specifically crafted files with bad frame data (and images with its sizes) over the integer limit. * After gdk-pixbuf-thum runs out of memory, other apps can and on low RAM systems like my old iMac, the system can completely run out of memory. * Or, in other ways, bad gif files in other applications can open the door for exploits. * Any app using gdk-pixbuf is affected, mainly file managers and image viewers. [Test Plan] * Take the POC's - they can be found in the issue in the GNOME repo * Open them in an application that uses gdk-pixbuf. I have managed to produce reactions with: - Nautilus, GNOME's file manager - Nemo, Cinnamon's file manager - Thunar, XFCE's file manager, which has its own thumbnailere (tumbler) that also inevitably fails and crashes - PCManFM, LXDE's file manager which straight up crashes - Caja, MATE's file manager causes libpixbufloader-gif to segfault (a
[Touch-packages] [Bug 1982898] Re: CVE-2021-46829: Buffer overwrite in io-gif-animation.c composite_frame() in gdk-pixbuf
** Attachment added: "Nautilus crash" https://bugs.launchpad.net/ubuntu/+source/gdk-pixbuf/+bug/1982898/+attachment/5605632/+files/NautilusCrash.tar.gz -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gdk-pixbuf in Ubuntu. https://bugs.launchpad.net/bugs/1982898 Title: CVE-2021-46829: Buffer overwrite in io-gif-animation.c composite_frame() in gdk-pixbuf Status in gdk-pixbuf package in Ubuntu: In Progress Bug description: [Impact] * A buffer overwrite exists in gdk-pixbuf's thumbnailer. * The GIF loader runs out of memory with specifically crafted files with bad frame data (and images with its sizes) over the integer limit. * After gdk-pixbuf-thum runs out of memory, other apps can and on low RAM systems like my old iMac, the system can completely run out of memory. * Or, in other ways, bad gif files in other applications can open the door for exploits. * Any app using gdk-pixbuf is affected, mainly file managers and image viewers. [Test Plan] * Take the POC's - they can be found in the issue in the GNOME repo * Open them in an application that uses gdk-pixbuf. I have managed to produce reactions with: - Nautilus, GNOME's file manager - Nemo, Cinnamon's file manager - Thunar, XFCE's file manager, which has its own thumbnailere (tumbler) that also inevitably fails and crashes - PCManFM, LXDE's file manager which straight up crashes - Caja, MATE's file manager causes libpixbufloader-gif to segfault (app still usable, no memory issues) - Eye of GNOME (eog) triggers the segfault in syslog - Eye of MATE (eom) segfaults * If you or the system couldn't tell something is wrong, cat /var/log/syslog and enjoy the segfaults or out of memory warnings or even kernel spam. [Where problems could occur] * The patch itself is simple, but since gdk-pixbuf is often used with GTK apps a mistake here could be problematic. * It is possible, and has happened in the past (which has been patched) that other bad GIFs can cause other crashes. * That patch is essentially overflow checks - changes with GLib (GNOME's, not to be confused with glibc) and the functions used in not only the patch but all of gdk-pixbuf can cause problems * Other failures to properly handle GIFs and broken or intentionally tampered GIFs can continue and always will open the door for security holes for other bugs * Again, overall a simple patch but as long as the GIFs remain handled properly, and no changes to the GLib functions are made and to other apps that use gdk-pixbuf (and assuming are not affected by the change and still work), the patch does not have much regression potential. [Other Info] * Besides Buffer overwrite/overflow issues, as aforementioned out of memory errors can happen. * Files attached are examples or crashes * Again, all apps using gdk-pixbuf are affected * https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/121/ * https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/190 * https://github.com/pedrib/PoC/blob/master/fuzzing/CVE-2021-46829/CVE-2021-46829.md ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: libgdk-pixbuf2.0-0 2.40.0+dfsg-3ubuntu0.2 ProcVersionSignature: Ubuntu 5.15.0-43.46~20.04.1-generic 5.15.39 Uname: Linux 5.15.0-43-generic x86_64 ApportVersion: 2.20.11-0ubuntu27.24 Architecture: amd64 CasperMD5CheckResult: skip CurrentDesktop: X-Cinnamon Date: Tue Jul 26 19:33:41 2022 InstallationDate: Installed on 2021-11-24 (244 days ago) InstallationMedia: ubuntucinnamonremix "@BASECODENAME" (20210826) SourcePackage: gdk-pixbuf UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gdk-pixbuf/+bug/1982898/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1982898] Re: CVE-2021-46829: Buffer overwrite in io-gif-animation.c composite_frame() in gdk-pixbuf
Hmm… check Jammy/Kinetic. Can you send me the crash file/syslog? Some apps I think have proper handling of bad files while others don’t. For example, EOG can detect its a bad file. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gdk-pixbuf in Ubuntu. https://bugs.launchpad.net/bugs/1982898 Title: CVE-2021-46829: Buffer overwrite in io-gif-animation.c composite_frame() in gdk-pixbuf Status in gdk-pixbuf package in Ubuntu: In Progress Bug description: [Impact] * A buffer overwrite exists in gdk-pixbuf's thumbnailer. * The GIF loader runs out of memory with specifically crafted files with bad frame data (and images with its sizes) over the integer limit. * After gdk-pixbuf-thum runs out of memory, other apps can and on low RAM systems like my old iMac, the system can completely run out of memory. * Or, in other ways, bad gif files in other applications can open the door for exploits. * Any app using gdk-pixbuf is affected, mainly file managers and image viewers. [Test Plan] * Take the POC's - they can be found in the issue in the GNOME repo * Open them in an application that uses gdk-pixbuf. I have managed to produce reactions with: - Nautilus, GNOME's file manager - Nemo, Cinnamon's file manager - Thunar, XFCE's file manager, which has its own thumbnailere (tumbler) that also inevitably fails and crashes - PCManFM, LXDE's file manager which straight up crashes - Caja, MATE's file manager causes libpixbufloader-gif to segfault (app still usable, no memory issues) - Eye of GNOME (eog) triggers the segfault in syslog * If you or the system couldn't tell something is wrong, cat /var/log/syslog and enjoy the segfaults or out of memory warnings or even kernel spam. [Where problems could occur] * The patch itself is simple, but since gdk-pixbuf is often used with GTK apps a mistake here could be problematic. * It is possible, and has happened in the past (which has been patched) that other bad GIFs can cause other crashes. * That patch is essentially overflow checks - changes with GLib (GNOME's, not to be confused with glibc) and the functions used in not only the patch but all of gdk-pixbuf can cause problems * Other failures to properly handle GIFs and broken or intentionally tampered GIFs can continue and always will open the door for security holes for other bugs * Again, overall a simple patch but as long as the GIFs remain handled properly, and no changes to the GLib functions are made and to other apps that use gdk-pixbuf (and assuming are not affected by the change and still work), the patch does not have much regression potential. [Other Info] * Besides Buffer overwrite/overflow issues, as aforementioned out of memory errors can happen. * Files attached are examples or crashes * Again, all apps using gdk-pixbuf are affected * https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/121/ * https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/190https://github.com/pedrib/PoC/blob/master/fuzzing/CVE-2021-46829/CVE-2021-46829.md ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: libgdk-pixbuf2.0-0 2.40.0+dfsg-3ubuntu0.2 ProcVersionSignature: Ubuntu 5.15.0-43.46~20.04.1-generic 5.15.39 Uname: Linux 5.15.0-43-generic x86_64 ApportVersion: 2.20.11-0ubuntu27.24 Architecture: amd64 CasperMD5CheckResult: skip CurrentDesktop: X-Cinnamon Date: Tue Jul 26 19:33:41 2022 InstallationDate: Installed on 2021-11-24 (244 days ago) InstallationMedia: ubuntucinnamonremix "@BASECODENAME" (20210826) SourcePackage: gdk-pixbuf UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gdk-pixbuf/+bug/1982898/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1982898] Re: CVE-2021-46829: Buffer overwrite in io-gif-animation.c composite_frame() in gdk-pixbuf
** Description changed: [Impact] - * A buffer overwrite exists in gdk-pixbuf's thumbnailer. + * A buffer overwrite exists in gdk-pixbuf's thumbnailer. - * The GIF loader runs out of memory with specifically crafted files + * The GIF loader runs out of memory with specifically crafted files with bad frame data (and images with its sizes) over the integer limit. - * After gdk-pixbuf-thum runs out of memory, other apps can and on low + * After gdk-pixbuf-thum runs out of memory, other apps can and on low RAM systems like my old iMac, the system can completely run out of memory. - * Or, in other ways, bad gif files in other applications can open the + * Or, in other ways, bad gif files in other applications can open the door for exploits. - * Any app using gdk-pixbuf is affected, mainly file managers and image + * Any app using gdk-pixbuf is affected, mainly file managers and image viewers. [Test Plan] - * Take the POC's - they can be found in the issue in the GNOME repo + * Take the POC's - they can be found in the issue in the GNOME repo - * Open them in an application that uses gdk-pixbuf. I have managed to produce reactions with: - - Nautilus, GNOME's file manager - - Nemo, Cinnamon's file manager - - Thunar, XFCE's file manager, which has its own thumbnailere (tumbler) that also inevitably fails and crashes - - PCManFM, LXDE's file manager which straight up crashes - I have not been able to produce any results with Caja (MATE's file manager) but have personally experienced issues with Nautilus. POC logs and crashes are attached. + * Open them in an application that uses gdk-pixbuf. I have managed to produce reactions with: + - Nautilus, GNOME's file manager + - Nemo, Cinnamon's file manager + - Thunar, XFCE's file manager, which has its own thumbnailere (tumbler) that also inevitably fails and crashes + - PCManFM, LXDE's file manager which straight up crashes + - Caja, MATE's file manager causes libpixbufloader-gif to segfault (app still usable, no memory issues) + - Eye of GNOME (eog) triggers the segfault in syslog - * If you or the system couldn't tell something is wrong, cat + * If you or the system couldn't tell something is wrong, cat /var/log/syslog and enjoy the segfaults or out of memory warnings or even kernel spam. [Where problems could occur] - * The patch itself is simple, but since gdk-pixbuf is often used with + * The patch itself is simple, but since gdk-pixbuf is often used with GTK apps a mistake here could be problematic. - * It is possible, and has happened in the past (which has been patched) + * It is possible, and has happened in the past (which has been patched) that other bad GIFs can cause other crashes. - * That patch is essentially overflow checks - changes with GLib + * That patch is essentially overflow checks - changes with GLib (GNOME's, not to be confused with glibc) and the functions used in not only the patch but all of gdk-pixbuf can cause problems - * Other failures to properly handle GIFs and broken or intentionally + * Other failures to properly handle GIFs and broken or intentionally tampered GIFs can continue and always will open the door for security holes for other bugs * Again, overall a simple patch but as long as the GIFs remain handled properly, and no changes to the GLib functions are made and to other apps that use gdk-pixbuf (and assuming are not affected by the change and still work), the patch does not have much regression potential. [Other Info] - - * Besides Buffer overwrite/overflow issues, as aforementioned out of memory errors can happen. - * Files attached are examples or crashes - * Again, all apps using gdk-pixbuf are affected - * https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/121/ - * https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/190https://github.com/pedrib/PoC/blob/master/fuzzing/CVE-2021-46829/CVE-2021-46829.md + + * Besides Buffer overwrite/overflow issues, as aforementioned out of memory errors can happen. + * Files attached are examples or crashes + * Again, all apps using gdk-pixbuf are affected + * https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/121/ + * https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/190https://github.com/pedrib/PoC/blob/master/fuzzing/CVE-2021-46829/CVE-2021-46829.md ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: libgdk-pixbuf2.0-0 2.40.0+dfsg-3ubuntu0.2 ProcVersionSignature: Ubuntu 5.15.0-43.46~20.04.1-generic 5.15.39 Uname: Linux 5.15.0-43-generic x86_64 ApportVersion: 2.20.11-0ubuntu27.24 Architecture: amd64 CasperMD5CheckResult: skip CurrentDesktop: X-Cinnamon Date: Tue Jul 26 19:33:41 2022 InstallationDate: Installed on 2021-11-24 (244 days ago) InstallationMedia: ubuntucinnamonremix "@BASECODENAME" (20210826) SourcePackage: gdk-pixbuf UpgradeStatus: No upgrade log present (probably fresh install)
[Touch-packages] [Bug 1982898] Re: CVE-2021-46829: Buffer overwrite in io-gif-animation.c composite_frame() in gdk-pixbuf
** Description changed: - There is a buffer overwrite in gdk-pixbuf. I will eventually create a - whole SRU document with how to reproduce and all, but I'll just say it - is a nasty one. Opening it on my old iMac from about 2007/2009 in Nemo - causes the entire system to run out of memory. (With firefox, 1612/3922 - MB - which says something.) + [Impact] - It may be possible all apps using gdk-pixbuf can have a problem handling - files like the PoC. + * A buffer overwrite exists in gdk-pixbuf's thumbnailer. - https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/190 + * The GIF loader runs out of memory with specifically crafted files + with bad frame data (and images with its sizes) over the integer limit. + + * After gdk-pixbuf-thum runs out of memory, other apps can and on low + RAM systems like my old iMac, the system can completely run out of + memory. + + * Or, in other ways, bad gif files in other applications can open the + door for exploits. + + * Any app using gdk-pixbuf is affected, mainly file managers and image + viewers. + + [Test Plan] + + * Take the POC's - they can be found in the issue in the GNOME repo + + * Open them in an application that uses gdk-pixbuf. I have managed to produce reactions with: + - Nautilus, GNOME's file manager + - Nemo, Cinnamon's file manager + - Thunar, XFCE's file manager, which has its own thumbnailere (tumbler) that also inevitably fails and crashes + - PCManFM, LXDE's file manager which straight up crashes + I have not been able to produce any results with Caja (MATE's file manager) but have personally experienced issues with Nautilus. POC logs and crashes are attached. + + * If you or the system couldn't tell something is wrong, cat + /var/log/syslog and enjoy the segfaults or out of memory warnings or + even kernel spam. + + [Where problems could occur] + + * The patch itself is simple, but since gdk-pixbuf is often used with + GTK apps a mistake here could be problematic. + + * It is possible, and has happened in the past (which has been patched) + that other bad GIFs can cause other crashes. + + * That patch is essentially overflow checks - changes with GLib + (GNOME's, not to be confused with glibc) and the functions used in not + only the patch but all of gdk-pixbuf can cause problems + + * Other failures to properly handle GIFs and broken or intentionally + tampered GIFs can continue and always will open the door for security + holes for other bugs + + * Again, overall a simple patch but as long as the GIFs remain handled + properly, and no changes to the GLib functions are made and to other + apps that use gdk-pixbuf (and assuming are not affected by the change + and still work), the patch does not have much regression potential. + + [Other Info] + + * Besides Buffer overwrite/overflow issues, as aforementioned out of memory errors can happen. + * Files attached are examples or crashes + * Again, all apps using gdk-pixbuf are affected + * https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/121/ + * https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/190https://github.com/pedrib/PoC/blob/master/fuzzing/CVE-2021-46829/CVE-2021-46829.md ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: libgdk-pixbuf2.0-0 2.40.0+dfsg-3ubuntu0.2 ProcVersionSignature: Ubuntu 5.15.0-43.46~20.04.1-generic 5.15.39 Uname: Linux 5.15.0-43-generic x86_64 ApportVersion: 2.20.11-0ubuntu27.24 Architecture: amd64 CasperMD5CheckResult: skip CurrentDesktop: X-Cinnamon Date: Tue Jul 26 19:33:41 2022 InstallationDate: Installed on 2021-11-24 (244 days ago) InstallationMedia: ubuntucinnamonremix "@BASECODENAME" (20210826) SourcePackage: gdk-pixbuf UpgradeStatus: No upgrade log present (probably fresh install) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gdk-pixbuf in Ubuntu. https://bugs.launchpad.net/bugs/1982898 Title: CVE-2021-46829: Buffer overwrite in io-gif-animation.c composite_frame() in gdk-pixbuf Status in gdk-pixbuf package in Ubuntu: In Progress Bug description: [Impact] * A buffer overwrite exists in gdk-pixbuf's thumbnailer. * The GIF loader runs out of memory with specifically crafted files with bad frame data (and images with its sizes) over the integer limit. * After gdk-pixbuf-thum runs out of memory, other apps can and on low RAM systems like my old iMac, the system can completely run out of memory. * Or, in other ways, bad gif files in other applications can open the door for exploits. * Any app using gdk-pixbuf is affected, mainly file managers and image viewers. [Test Plan] * Take the POC's - they can be found in the issue in the GNOME repo * Open them in an application that uses gdk-pixbuf. I have managed to produce reactions with: - Nautilus, GNOME's file manager - Nemo, Cinnamon's file manager - Thunar, XFCE's file manager, which has its
[Touch-packages] [Bug 1982898] Re: CVE-2021-46829: Buffer overwrite in io-gif-animation.c composite_frame() in gdk-pixbuf
Here's proposal focal patch - I noticed some whitespaces but those are in the code and not introduced by me. ** Patch added: "Proposed focal patch" https://bugs.launchpad.net/ubuntu/+source/gdk-pixbuf/+bug/1982898/+attachment/5605438/+files/gdk-pixbuf_2.40.0+dfsg-3ubuntu0.3.debdiff ** Changed in: gdk-pixbuf (Ubuntu) Status: New => In Progress -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gdk-pixbuf in Ubuntu. https://bugs.launchpad.net/bugs/1982898 Title: CVE-2021-46829: Buffer overwrite in io-gif-animation.c composite_frame() in gdk-pixbuf Status in gdk-pixbuf package in Ubuntu: In Progress Bug description: There is a buffer overwrite in gdk-pixbuf. I will eventually create a whole SRU document with how to reproduce and all, but I'll just say it is a nasty one. Opening it on my old iMac from about 2007/2009 in Nemo causes the entire system to run out of memory. (With firefox, 1612/3922 MB - which says something.) It may be possible all apps using gdk-pixbuf can have a problem handling files like the PoC. https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/190 ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: libgdk-pixbuf2.0-0 2.40.0+dfsg-3ubuntu0.2 ProcVersionSignature: Ubuntu 5.15.0-43.46~20.04.1-generic 5.15.39 Uname: Linux 5.15.0-43-generic x86_64 ApportVersion: 2.20.11-0ubuntu27.24 Architecture: amd64 CasperMD5CheckResult: skip CurrentDesktop: X-Cinnamon Date: Tue Jul 26 19:33:41 2022 InstallationDate: Installed on 2021-11-24 (244 days ago) InstallationMedia: ubuntucinnamonremix "@BASECODENAME" (20210826) SourcePackage: gdk-pixbuf UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gdk-pixbuf/+bug/1982898/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1982898] Re: CVE-2021-46829: Buffer overwrite in io-gif-animation.c composite_frame() in gdk-pixbuf
PCManFM crashed to this. that's my last POC - I'm going to create the patch ** Attachment added: "pcmanfmcrash.tar.gz" https://bugs.launchpad.net/ubuntu/+source/gdk-pixbuf/+bug/1982898/+attachment/5605437/+files/pcmanfmcrash.tar.gz -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gdk-pixbuf in Ubuntu. https://bugs.launchpad.net/bugs/1982898 Title: CVE-2021-46829: Buffer overwrite in io-gif-animation.c composite_frame() in gdk-pixbuf Status in gdk-pixbuf package in Ubuntu: New Bug description: There is a buffer overwrite in gdk-pixbuf. I will eventually create a whole SRU document with how to reproduce and all, but I'll just say it is a nasty one. Opening it on my old iMac from about 2007/2009 in Nemo causes the entire system to run out of memory. (With firefox, 1612/3922 MB - which says something.) It may be possible all apps using gdk-pixbuf can have a problem handling files like the PoC. https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/190 ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: libgdk-pixbuf2.0-0 2.40.0+dfsg-3ubuntu0.2 ProcVersionSignature: Ubuntu 5.15.0-43.46~20.04.1-generic 5.15.39 Uname: Linux 5.15.0-43-generic x86_64 ApportVersion: 2.20.11-0ubuntu27.24 Architecture: amd64 CasperMD5CheckResult: skip CurrentDesktop: X-Cinnamon Date: Tue Jul 26 19:33:41 2022 InstallationDate: Installed on 2021-11-24 (244 days ago) InstallationMedia: ubuntucinnamonremix "@BASECODENAME" (20210826) SourcePackage: gdk-pixbuf UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gdk-pixbuf/+bug/1982898/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1982898] Re: CVE-2021-46829: Buffer overwrite in io-gif-animation.c composite_frame() in gdk-pixbuf
Thunar, which uses tumbler for thumbnailing, produced a crash. ** Attachment added: "Tumbler (xfce thumbnailer crash)" https://bugs.launchpad.net/ubuntu/+source/gdk-pixbuf/+bug/1982898/+attachment/5605436/+files/libgdkpixbufloader-gif-crash.tar.gz -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gdk-pixbuf in Ubuntu. https://bugs.launchpad.net/bugs/1982898 Title: CVE-2021-46829: Buffer overwrite in io-gif-animation.c composite_frame() in gdk-pixbuf Status in gdk-pixbuf package in Ubuntu: New Bug description: There is a buffer overwrite in gdk-pixbuf. I will eventually create a whole SRU document with how to reproduce and all, but I'll just say it is a nasty one. Opening it on my old iMac from about 2007/2009 in Nemo causes the entire system to run out of memory. (With firefox, 1612/3922 MB - which says something.) It may be possible all apps using gdk-pixbuf can have a problem handling files like the PoC. https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/190 ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: libgdk-pixbuf2.0-0 2.40.0+dfsg-3ubuntu0.2 ProcVersionSignature: Ubuntu 5.15.0-43.46~20.04.1-generic 5.15.39 Uname: Linux 5.15.0-43-generic x86_64 ApportVersion: 2.20.11-0ubuntu27.24 Architecture: amd64 CasperMD5CheckResult: skip CurrentDesktop: X-Cinnamon Date: Tue Jul 26 19:33:41 2022 InstallationDate: Installed on 2021-11-24 (244 days ago) InstallationMedia: ubuntucinnamonremix "@BASECODENAME" (20210826) SourcePackage: gdk-pixbuf UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gdk-pixbuf/+bug/1982898/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1982898] Re: CVE-2021-46829: Buffer overwrite in io-gif-animation.c composite_frame() in gdk-pixbuf
Here is what it did to my iMac. ** Attachment added: "OldiMacSyslog" https://bugs.launchpad.net/ubuntu/+source/gdk-pixbuf/+bug/1982898/+attachment/5605435/+files/OldiMacSyslog ** Changed in: gdk-pixbuf (Ubuntu) Assignee: (unassigned) => Joshua Peisach (itzswirlz) ** Tags removed: jammy ** Tags added: bionic xenial -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gdk-pixbuf in Ubuntu. https://bugs.launchpad.net/bugs/1982898 Title: CVE-2021-46829: Buffer overwrite in io-gif-animation.c composite_frame() in gdk-pixbuf Status in gdk-pixbuf package in Ubuntu: New Bug description: There is a buffer overwrite in gdk-pixbuf. I will eventually create a whole SRU document with how to reproduce and all, but I'll just say it is a nasty one. Opening it on my old iMac from about 2007/2009 in Nemo causes the entire system to run out of memory. (With firefox, 1612/3922 MB - which says something.) It may be possible all apps using gdk-pixbuf can have a problem handling files like the PoC. https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/190 ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: libgdk-pixbuf2.0-0 2.40.0+dfsg-3ubuntu0.2 ProcVersionSignature: Ubuntu 5.15.0-43.46~20.04.1-generic 5.15.39 Uname: Linux 5.15.0-43-generic x86_64 ApportVersion: 2.20.11-0ubuntu27.24 Architecture: amd64 CasperMD5CheckResult: skip CurrentDesktop: X-Cinnamon Date: Tue Jul 26 19:33:41 2022 InstallationDate: Installed on 2021-11-24 (244 days ago) InstallationMedia: ubuntucinnamonremix "@BASECODENAME" (20210826) SourcePackage: gdk-pixbuf UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gdk-pixbuf/+bug/1982898/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1982898] [NEW] CVE-2021-46829: Buffer overwrite in io-gif-animation.c composite_frame() in gdk-pixbuf
*** This bug is a security vulnerability *** Public security bug reported: There is a buffer overwrite in gdk-pixbuf. I will eventually create a whole SRU document with how to reproduce and all, but I'll just say it is a nasty one. Opening it on my old iMac from about 2007/2009 in Nemo causes the entire system to run out of memory. (With firefox, 1612/3922 MB - which says something.) It may be possible all apps using gdk-pixbuf can have a problem handling files like the PoC. https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/190 ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: libgdk-pixbuf2.0-0 2.40.0+dfsg-3ubuntu0.2 ProcVersionSignature: Ubuntu 5.15.0-43.46~20.04.1-generic 5.15.39 Uname: Linux 5.15.0-43-generic x86_64 ApportVersion: 2.20.11-0ubuntu27.24 Architecture: amd64 CasperMD5CheckResult: skip CurrentDesktop: X-Cinnamon Date: Tue Jul 26 19:33:41 2022 InstallationDate: Installed on 2021-11-24 (244 days ago) InstallationMedia: ubuntucinnamonremix "@BASECODENAME" (20210826) SourcePackage: gdk-pixbuf UpgradeStatus: No upgrade log present (probably fresh install) ** Affects: gdk-pixbuf (Ubuntu) Importance: Undecided Assignee: Joshua Peisach (itzswirlz) Status: New ** Tags: amd64 apport-bug bionic focal xenial ** Information type changed from Private Security to Public Security ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-46829 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gdk-pixbuf in Ubuntu. https://bugs.launchpad.net/bugs/1982898 Title: CVE-2021-46829: Buffer overwrite in io-gif-animation.c composite_frame() in gdk-pixbuf Status in gdk-pixbuf package in Ubuntu: New Bug description: There is a buffer overwrite in gdk-pixbuf. I will eventually create a whole SRU document with how to reproduce and all, but I'll just say it is a nasty one. Opening it on my old iMac from about 2007/2009 in Nemo causes the entire system to run out of memory. (With firefox, 1612/3922 MB - which says something.) It may be possible all apps using gdk-pixbuf can have a problem handling files like the PoC. https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/190 ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: libgdk-pixbuf2.0-0 2.40.0+dfsg-3ubuntu0.2 ProcVersionSignature: Ubuntu 5.15.0-43.46~20.04.1-generic 5.15.39 Uname: Linux 5.15.0-43-generic x86_64 ApportVersion: 2.20.11-0ubuntu27.24 Architecture: amd64 CasperMD5CheckResult: skip CurrentDesktop: X-Cinnamon Date: Tue Jul 26 19:33:41 2022 InstallationDate: Installed on 2021-11-24 (244 days ago) InstallationMedia: ubuntucinnamonremix "@BASECODENAME" (20210826) SourcePackage: gdk-pixbuf UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gdk-pixbuf/+bug/1982898/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1972115] Re: ubuntu-bug exits after dialog instead of sending data
This even happened to me on Focal (latest update) when reporting the gthumb CVE I found. I manually uploaded the crash dump, separated the big apport file and put it up. Maybe a server issue -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apport in Ubuntu. https://bugs.launchpad.net/bugs/1972115 Title: ubuntu-bug exits after dialog instead of sending data Status in apport package in Ubuntu: Confirmed Status in apport source package in Jammy: Confirmed Status in apport source package in Kinetic: Confirmed Bug description: After a gnome-shell crash, I am trying to manually submit it by running 'ubuntu-bug /var/crash/_usr_bin_gnome-shell.1000.crash'. This results in an apport-gtk prompt asking me "Send problem report to the developers?" When I click 'send', the dialog disappears and ubuntu- bug exits, without uploading data to launchpad or interfacing with the browser. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1972115/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1955859] [NEW] ubuntu-core on jammy daily: apt-key has no access to /dev/null
Public bug reported: Ubuntu Jammy Core - Smoke test fails. One of the issues that I believe may be the primary issue is that apt- key has no access to /dev/null. root@Joshua-PC:/# apt-get update Ign:1 http://archive.ubuntu.com/ubuntu jammy-updates InRelease Ign:2 http://security.ubuntu.com/ubuntu jammy-security InRelease Get:3 http://security.ubuntu.com/ubuntu jammy-security Release [89.8 kB] Get:4 http://security.ubuntu.com/ubuntu jammy-security Release.gpg [819 B] 0% [Waiting for headers]/usr/bin/apt-key: 95: cannot create /dev/null: Permission denied /usr/bin/apt-key: 95: cannot create /dev/null: Permission denied /usr/bin/apt-key: 95: cannot create /dev/null: Permission denied E: gpgv, gpgv2 or gpgv1 required for verification, but neither seems installed Ign:4 http://security.ubuntu.com/ubuntu jammy-security Release.gpg Ign:5 http://archive.ubuntu.com/ubuntu jammy InRelease Get:6 http://archive.ubuntu.com/ubuntu jammy-updates Release [89.8 kB] Get:7 http://archive.ubuntu.com/ubuntu jammy-backports InRelease [90.7 kB] 0% [Working] 13.8 kB/s 0s/usr/bin/apt-key: 95: cannot create /dev/null: Permission denied /usr/bin/apt-key: 95: cannot create /dev/null: Permission denied /usr/bin/apt-key: 95: cannot create /dev/null: Permission denied E: gpgv, gpgv2 or gpgv1 required for verification, but neither seems installed Err:7 http://archive.ubuntu.com/ubuntu jammy-backports InRelease gpgv, gpgv2 or gpgv1 required for verification, but neither seems installed Get:8 http://archive.ubuntu.com/ubuntu jammy Release [269 kB] Get:9 http://archive.ubuntu.com/ubuntu jammy-updates Release.gpg [819 B] 0% [Working] 13.8 kB/s 6s/usr/bin/apt-key: 95: cannot create /dev/null: Permission denied /usr/bin/apt-key: 95: cannot create /dev/null: Permission denied /usr/bin/apt-key: 95: cannot create /dev/null: Permission denied E: gpgv, gpgv2 or gpgv1 required for verification, but neither seems installed Ign:9 http://archive.ubuntu.com/ubuntu jammy-updates Release.gpg Get:10 http://archive.ubuntu.com/ubuntu jammy Release.gpg [819 B] 0% [Working] 13.8 kB/s 6s/usr/bin/apt-key: 95: cannot create /dev/null: Permission denied /usr/bin/apt-key: 95: cannot create /dev/null: Permission denied /usr/bin/apt-key: 95: cannot create /dev/null: Permission denied E: gpgv, gpgv2 or gpgv1 required for verification, but neither seems installed Ign:10 http://archive.ubuntu.com/ubuntu jammy Release.gpg Reading package lists... Done W: GPG error: http://security.ubuntu.com/ubuntu jammy-security Release: gpgv, gpgv2 or gpgv1 required for verification, but neither seems installed E: The repository 'http://security.ubuntu.com/ubuntu jammy-security Release' is not signed. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details. W: GPG error: http://archive.ubuntu.com/ubuntu jammy-backports InRelease: gpgv, gpgv2 or gpgv1 required for verification, but neither seems installed E: The repository 'http://archive.ubuntu.com/ubuntu jammy-backports InRelease' is not signed. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details. W: GPG error: http://archive.ubuntu.com/ubuntu jammy-updates Release: gpgv, gpgv2 or gpgv1 required for verification, but neither seems installed E: The repository 'http://archive.ubuntu.com/ubuntu jammy-updates Release' is not signed. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details. W: GPG error: http://archive.ubuntu.com/ubuntu jammy Release: gpgv, gpgv2 or gpgv1 required for verification, but neither seems installed E: The repository 'http://archive.ubuntu.com/ubuntu jammy Release' is not signed. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details. ProblemType: Bug DistroRelease: Ubuntu 21.10 Package: apt 2.3.9 ProcVersionSignature: Ubuntu 5.13.0-22.22-generic 5.13.19 Uname: Linux 5.13.0-22-generic x86_64 NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair ApportVersion: 2.20.11-0ubuntu71 Architecture: amd64 CasperMD5CheckResult: unknown CurrentDesktop: ubuntu:GNOME Date: Mon Dec 27 20:14:22 2021 InstallationDate: Installed on 2020-10-23 (430 days ago) InstallationMedia: Ubuntu 20.10 "Groovy Gorilla" - Release amd64 (20201022) ProcEnviron: SHELL=/bin/bash LANG=en
[Touch-packages] [Bug 1923517] [NEW] tracker-store crashed with signal 5
Public bug reported: This happens with g_listenv jpeisach@Joshua-PCTest ~/D/xreader-2.8.3 (master)> addr2line -e /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.6800.0 3F3A7 -fCi g_listenv ??:? ProblemType: Crash DistroRelease: Ubuntu 21.04 Package: tracker 2.3.6-2 ProcVersionSignature: Ubuntu 5.11.0-13.14-generic 5.11.7 Uname: Linux 5.11.0-13-generic x86_64 ApportVersion: 2.20.11-0ubuntu62 Architecture: amd64 CasperMD5CheckResult: unknown CurrentDesktop: X-Cinnamon Date: Mon Apr 12 18:16:39 2021 ExecutablePath: /usr/libexec/tracker-store InstallationDate: Installed on 2021-04-07 (5 days ago) InstallationMedia: ubuntucinnamonremix "@BASECODENAME" (20210407) ProcCmdline: /usr/libexec/tracker-store RebootRequiredPkgs: libc6 Signal: 5 SourcePackage: tracker StacktraceTop: () at /usr/lib/x86_64-linux-gnu/tracker-2.0/libtracker-data.so tracker_db_interface_sqlite_fts_delete_id () at /usr/lib/x86_64-linux-gnu/tracker-2.0/libtracker-data.so () at /usr/lib/x86_64-linux-gnu/tracker-2.0/libtracker-data.so () at /usr/lib/x86_64-linux-gnu/tracker-2.0/libtracker-data.so () at /usr/lib/x86_64-linux-gnu/tracker-2.0/libtracker-data.so Title: tracker-store crashed with signal 5 UpgradeStatus: No upgrade log present (probably fresh install) UserGroups: adm cdrom dip lpadmin plugdev sudo separator: ** Affects: tracker (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-crash hirsute need-amd64-retrace ** Information type changed from Private to Public -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to tracker in Ubuntu. https://bugs.launchpad.net/bugs/1923517 Title: tracker-store crashed with signal 5 Status in tracker package in Ubuntu: New Bug description: This happens with g_listenv jpeisach@Joshua-PCTest ~/D/xreader-2.8.3 (master)> addr2line -e /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.6800.0 3F3A7 -fCi g_listenv ??:? ProblemType: Crash DistroRelease: Ubuntu 21.04 Package: tracker 2.3.6-2 ProcVersionSignature: Ubuntu 5.11.0-13.14-generic 5.11.7 Uname: Linux 5.11.0-13-generic x86_64 ApportVersion: 2.20.11-0ubuntu62 Architecture: amd64 CasperMD5CheckResult: unknown CurrentDesktop: X-Cinnamon Date: Mon Apr 12 18:16:39 2021 ExecutablePath: /usr/libexec/tracker-store InstallationDate: Installed on 2021-04-07 (5 days ago) InstallationMedia: ubuntucinnamonremix "@BASECODENAME" (20210407) ProcCmdline: /usr/libexec/tracker-store RebootRequiredPkgs: libc6 Signal: 5 SourcePackage: tracker StacktraceTop: () at /usr/lib/x86_64-linux-gnu/tracker-2.0/libtracker-data.so tracker_db_interface_sqlite_fts_delete_id () at /usr/lib/x86_64-linux-gnu/tracker-2.0/libtracker-data.so () at /usr/lib/x86_64-linux-gnu/tracker-2.0/libtracker-data.so () at /usr/lib/x86_64-linux-gnu/tracker-2.0/libtracker-data.so () at /usr/lib/x86_64-linux-gnu/tracker-2.0/libtracker-data.so Title: tracker-store crashed with signal 5 UpgradeStatus: No upgrade log present (probably fresh install) UserGroups: adm cdrom dip lpadmin plugdev sudo separator: To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tracker/+bug/1923517/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1919255] [NEW] tracker-store crashed with signal 5
Public bug reported: This just happened... ProblemType: Crash DistroRelease: Ubuntu 21.04 Package: tracker 2.3.6-2 ProcVersionSignature: Ubuntu 5.10.0-14.15-generic 5.10.11 Uname: Linux 5.10.0-14-generic x86_64 ApportVersion: 2.20.11-0ubuntu60 Architecture: amd64 CasperMD5CheckResult: unknown CrashCounter: 1 Date: Mon Mar 15 17:47:12 2021 ExecutablePath: /usr/libexec/tracker-store InstallationDate: Installed on 2021-02-28 (15 days ago) InstallationMedia: ubuntucinnamonremix "@BASECODENAME" (20210227) ProcCmdline: /usr/libexec/tracker-store Signal: 5 SourcePackage: tracker StacktraceTop: () at /usr/lib/x86_64-linux-gnu/tracker-2.0/libtracker-data.so tracker_db_interface_sqlite_fts_delete_id () at /usr/lib/x86_64-linux-gnu/tracker-2.0/libtracker-data.so () at /usr/lib/x86_64-linux-gnu/tracker-2.0/libtracker-data.so () at /usr/lib/x86_64-linux-gnu/tracker-2.0/libtracker-data.so () at /usr/lib/x86_64-linux-gnu/tracker-2.0/libtracker-data.so Title: tracker-store crashed with signal 5 UpgradeStatus: No upgrade log present (probably fresh install) UserGroups: adm cdrom dip lpadmin plugdev sudo separator: ** Affects: tracker (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-crash hirsute need-amd64-retrace ** Information type changed from Private to Public -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to tracker in Ubuntu. https://bugs.launchpad.net/bugs/1919255 Title: tracker-store crashed with signal 5 Status in tracker package in Ubuntu: New Bug description: This just happened... ProblemType: Crash DistroRelease: Ubuntu 21.04 Package: tracker 2.3.6-2 ProcVersionSignature: Ubuntu 5.10.0-14.15-generic 5.10.11 Uname: Linux 5.10.0-14-generic x86_64 ApportVersion: 2.20.11-0ubuntu60 Architecture: amd64 CasperMD5CheckResult: unknown CrashCounter: 1 Date: Mon Mar 15 17:47:12 2021 ExecutablePath: /usr/libexec/tracker-store InstallationDate: Installed on 2021-02-28 (15 days ago) InstallationMedia: ubuntucinnamonremix "@BASECODENAME" (20210227) ProcCmdline: /usr/libexec/tracker-store Signal: 5 SourcePackage: tracker StacktraceTop: () at /usr/lib/x86_64-linux-gnu/tracker-2.0/libtracker-data.so tracker_db_interface_sqlite_fts_delete_id () at /usr/lib/x86_64-linux-gnu/tracker-2.0/libtracker-data.so () at /usr/lib/x86_64-linux-gnu/tracker-2.0/libtracker-data.so () at /usr/lib/x86_64-linux-gnu/tracker-2.0/libtracker-data.so () at /usr/lib/x86_64-linux-gnu/tracker-2.0/libtracker-data.so Title: tracker-store crashed with signal 5 UpgradeStatus: No upgrade log present (probably fresh install) UserGroups: adm cdrom dip lpadmin plugdev sudo separator: To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tracker/+bug/1919255/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1918186] [NEW] tracker-store crashed with signal 5 in g_printerr()
Public bug reported: Just happened, didn't really do anything. ProblemType: Crash DistroRelease: Ubuntu 21.04 Package: tracker 2.3.6-2 ProcVersionSignature: Ubuntu 5.10.0-14.15-generic 5.10.11 Uname: Linux 5.10.0-14-generic x86_64 ApportVersion: 2.20.11-0ubuntu59 Architecture: amd64 CasperMD5CheckResult: unknown Date: Mon Mar 8 14:50:14 2021 ExecutablePath: /usr/libexec/tracker-store InstallationDate: Installed on 2021-02-28 (8 days ago) InstallationMedia: ubuntucinnamonremix "@BASECODENAME" (20210227) ProcCmdline: /usr/libexec/tracker-store RebootRequiredPkgs: evolution-data-server Signal: 5 SourcePackage: tracker StacktraceTop: g_printerr () at /lib/x86_64-linux-gnu/libglib-2.0.so.0 () at /lib/x86_64-linux-gnu/libsqlite3.so.0 () () () Title: tracker-store crashed with signal 5 in g_printerr() UpgradeStatus: No upgrade log present (probably fresh install) UserGroups: adm cdrom dip lpadmin plugdev sudo separator: ** Affects: tracker (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-crash hirsute need-amd64-retrace ** Information type changed from Private to Public -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to tracker in Ubuntu. https://bugs.launchpad.net/bugs/1918186 Title: tracker-store crashed with signal 5 in g_printerr() Status in tracker package in Ubuntu: New Bug description: Just happened, didn't really do anything. ProblemType: Crash DistroRelease: Ubuntu 21.04 Package: tracker 2.3.6-2 ProcVersionSignature: Ubuntu 5.10.0-14.15-generic 5.10.11 Uname: Linux 5.10.0-14-generic x86_64 ApportVersion: 2.20.11-0ubuntu59 Architecture: amd64 CasperMD5CheckResult: unknown Date: Mon Mar 8 14:50:14 2021 ExecutablePath: /usr/libexec/tracker-store InstallationDate: Installed on 2021-02-28 (8 days ago) InstallationMedia: ubuntucinnamonremix "@BASECODENAME" (20210227) ProcCmdline: /usr/libexec/tracker-store RebootRequiredPkgs: evolution-data-server Signal: 5 SourcePackage: tracker StacktraceTop: g_printerr () at /lib/x86_64-linux-gnu/libglib-2.0.so.0 () at /lib/x86_64-linux-gnu/libsqlite3.so.0 () () () Title: tracker-store crashed with signal 5 in g_printerr() UpgradeStatus: No upgrade log present (probably fresh install) UserGroups: adm cdrom dip lpadmin plugdev sudo separator: To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tracker/+bug/1918186/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1030022] Re: Port from legacy Xlib to modern XCB
It looks like this was already changed more recently in 2019/2020 with 4.4 - 4.6 ** Changed in: muffin (Ubuntu) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cairo in Ubuntu. https://bugs.launchpad.net/bugs/1030022 Title: Port from legacy Xlib to modern XCB Status in Compiz: Triaged Status in 9wm package in Ubuntu: New Status in aewm package in Ubuntu: New Status in aewm++ package in Ubuntu: New Status in afterstep package in Ubuntu: New Status in amiwm package in Ubuntu: Invalid Status in blackbox package in Ubuntu: New Status in cairo package in Ubuntu: New Status in compiz package in Ubuntu: Triaged Status in ctwm package in Ubuntu: New Status in dwm package in Ubuntu: Opinion Status in enlightenment package in Ubuntu: New Status in fvwm package in Ubuntu: New Status in fvwm1 package in Ubuntu: New Status in gtk+3.0 package in Ubuntu: New Status in icewm package in Ubuntu: New Status in jwm package in Ubuntu: Invalid Status in larswm package in Ubuntu: New Status in lwm package in Ubuntu: New Status in matchbox-window-manager package in Ubuntu: New Status in metacity package in Ubuntu: Invalid Status in miwm package in Ubuntu: New Status in muffin package in Ubuntu: Fix Released Status in mutter package in Ubuntu: New Status in pekwm package in Ubuntu: New Status in ratpoison package in Ubuntu: New Status in sapphire package in Ubuntu: New Status in sawfish package in Ubuntu: New Status in spectrwm package in Ubuntu: Fix Released Status in tinywm package in Ubuntu: New Status in tritium package in Ubuntu: New Status in twm package in Ubuntu: New Status in vtwm package in Ubuntu: New Status in w9wm package in Ubuntu: New Status in windowlab package in Ubuntu: New Status in wm2 package in Ubuntu: New Status in wmaker package in Ubuntu: Opinion Status in xmonad package in Ubuntu: New Bug description: Port/rewrite the window manager to use the modern XCB (X C Binding) library instead of the old legacy Xlib. To manage notifications about this bug go to: https://bugs.launchpad.net/compiz/+bug/1030022/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1860826] Re: pam_unix(sudo:auth): Couldn't open /etc/securetty: No such file or directory
I would say there is probably a missing dependency-/etc/securetty doesn't exist in Ubuntu and looks like it could be a typo. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pam in Ubuntu. https://bugs.launchpad.net/bugs/1860826 Title: pam_unix(sudo:auth): Couldn't open /etc/securetty: No such file or directory Status in pam package in Ubuntu: Confirmed Status in pam source package in Groovy: Confirmed Status in pam package in Debian: New Bug description: Hello, after upgrading to focal I found the following in my journalctl output: Jan 24 23:07:00 millbarge sudo[32120]: pam_unix(sudo:auth): Couldn't open /etc/securetty: No such file or directory Jan 24 23:07:01 millbarge sudo[32120]: pam_unix(sudo:auth): Couldn't open /etc/securetty: No such file or directory The login package stopped packaging this file: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731656 and now forcibly removes the file: https://paste.ubuntu.com/p/myh9cGWrHD/ However, the pam package's pam_unix.so module has not yet been adapted to ignore this file: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=674857#25 Thanks ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: libpam-modules 1.3.1-5ubuntu4 ProcVersionSignature: Ubuntu 5.4.0-9.12-generic 5.4.3 Uname: Linux 5.4.0-9-generic x86_64 NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair ApportVersion: 2.20.11-0ubuntu15 Architecture: amd64 Date: Fri Jan 24 23:35:33 2020 ProcEnviron: TERM=rxvt-unicode-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: pam UpgradeStatus: Upgraded to focal on 2020-01-24 (0 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1860826/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1870856] [NEW] Changing Icons does not automatically change on desktop
Public bug reported: Ubuntu Desktop: Please note first that I had cinnamon-remix installed-I was bored so I installed Ubuntu and Ubuntu Budgie desktops, along with gnome-tweaks and gnome-shell. I was changing the icons using GNOME Tweak Tool. In nautilus, the changes automatically would apply. However, for the desktop, the changes would NOT automatically apply. I had to re-login to see the changes. If possible, I hope you guys can install a fresh Ubuntu and confirm this. Theme used was Kimmo-Dark from Ubuntu Cinnamon, and I found this issue for pretty much all the themes. ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: ubuntu-desktop 1.447 ProcVersionSignature: Ubuntu 5.4.0-21.25-generic 5.4.27 Uname: Linux 5.4.0-21-generic x86_64 ApportVersion: 2.20.11-0ubuntu22 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Sat Apr 4 20:39:23 2020 InstallationDate: Installed on 2020-04-04 (0 days ago) InstallationMedia: cinnamon-remix 20.04 "focal" - all amd64 (20200401) SourcePackage: ubuntu-meta UpgradeStatus: No upgrade log present (probably fresh install) ** Affects: ubuntu-meta (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug focal -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ubuntu-meta in Ubuntu. https://bugs.launchpad.net/bugs/1870856 Title: Changing Icons does not automatically change on desktop Status in ubuntu-meta package in Ubuntu: New Bug description: Ubuntu Desktop: Please note first that I had cinnamon-remix installed-I was bored so I installed Ubuntu and Ubuntu Budgie desktops, along with gnome-tweaks and gnome-shell. I was changing the icons using GNOME Tweak Tool. In nautilus, the changes automatically would apply. However, for the desktop, the changes would NOT automatically apply. I had to re-login to see the changes. If possible, I hope you guys can install a fresh Ubuntu and confirm this. Theme used was Kimmo-Dark from Ubuntu Cinnamon, and I found this issue for pretty much all the themes. ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: ubuntu-desktop 1.447 ProcVersionSignature: Ubuntu 5.4.0-21.25-generic 5.4.27 Uname: Linux 5.4.0-21-generic x86_64 ApportVersion: 2.20.11-0ubuntu22 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Sat Apr 4 20:39:23 2020 InstallationDate: Installed on 2020-04-04 (0 days ago) InstallationMedia: cinnamon-remix 20.04 "focal" - all amd64 (20200401) SourcePackage: ubuntu-meta UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-meta/+bug/1870856/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp