[Bug 2059818] Re: Regression: Jammy to Noble, set_label no longer functions
I installed the 58-1 version of gnome-shell-extension-appindicator from noble-proposed and rebooted and can confirm that I now see the label on an appindicator (indicator-sensors in this case) as expected. ** Tags removed: verification-needed verification-needed-noble ** Tags added: verification-done verification-done-noble -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2059818 Title: Regression: Jammy to Noble, set_label no longer functions To manage notifications about this bug go to: https://bugs.launchpad.net/gnome-shell-extension-appindicator/+bug/2059818/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2064685] Re: write says write: effective gid does not match group of /dev/pts/5
For context, this change was introduced in https://ubuntu.com/security/notices/USN-6719-2 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2064685 Title: write says write: effective gid does not match group of /dev/pts/5 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/2064685/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2063271] Re: Illegal opcode in libssl
Thanks for reporting this issue - but it is strange since this update has been published since 2024-02-27 and this is the first such report of any issues. Also given this update has been available for nearly 2 months it is surprising you are seeing errors from it so much later - I wonder if instead whether the on-disk binary has been corrupted? Can you please try reinstalling libssl3 and see if that resolves the issue: sudo apt install --reinstall libssl3 If this does resolve the issue, it might be worth checking whether you have any failing hardware / disks etc that may have led to this problem. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2063271 Title: Illegal opcode in libssl To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2063271/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2063079] Re: samba smbd.service is missing ExecStartPre for update-apparmor-samba-profile
There should not be much risk of regression - this feature was only supported on samba in mantic, not jammy etc so not many users will upgrade from mantic to noble - and the current behaviour where this is broken in noble is the same behaviour as we have in jammy etc. And then even for users upgrading from mantic, this feature is about samba accurately reflecting changes in its configuration into the apparmor policy - so is only needed if you are making changes to the samba configuration to add new shares etc. So I think this is fine for a post-release SRU - no need for it to land for the actual release. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2063079 Title: samba smbd.service is missing ExecStartPre for update-apparmor-samba- profile To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-release-notes/+bug/2063079/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2063079] Re: samba smbd.service is missing ExecStartPre for update-apparmor-samba-profile
Forwarded to debian in https://bugs.debian.org/cgi- bin/bugreport.cgi?bug=1069661 ** Bug watch added: Debian Bug tracker #1069661 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069661 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2063079 Title: samba smbd.service is missing ExecStartPre for update-apparmor-samba- profile To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/2063079/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2063079] Re: samba smbd.service is missing ExecStartPre for update-apparmor-samba-profile
** Patch added: "samba_4.19.5+dfsg-4ubuntu9.1.debdiff" https://bugs.launchpad.net/ubuntu/+source/samba/+bug/2063079/+attachment/5769340/+files/samba_4.19.5+dfsg-4ubuntu9.1.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2063079 Title: samba smbd.service is missing ExecStartPre for update-apparmor-samba- profile To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/2063079/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2063079] [NEW] samba smbd.service is missing ExecStartPre for update-apparmor-samba-profile
Public bug reported: In mantic, the smbd.service unit file contained the line: ExecStartPre=/usr/share/samba/update-apparmor-samba-profile As such, the associated AppArmor profile for smbd etc would be automatically updated to include permissions for the various shares etc on the local files system. Since debian version 2:4.19.4+dfsg-1 this is not included anymore since we are not using the patched version of smb.service.in from packaging/systemd and instead are using one maintained directly in debian/samba.smbd.service - as such, the existing patch d/p/smbd.service-Run-update-apparmor-samba-profile-befor.patch should be dropped and instead the file debian/samba.smbd.service should be updated to include this ExecStartPre line. ProblemType: Bug DistroRelease: Ubuntu 24.04 Package: samba 2:4.19.5+dfsg-4ubuntu9 ProcVersionSignature: Ubuntu 6.8.0-22.22-generic 6.8.1 Uname: Linux 6.8.0-22-generic x86_64 ApportVersion: 2.28.1-0ubuntu2 Architecture: amd64 BothFailedConnect: Yes CasperMD5CheckResult: unknown CloudArchitecture: x86_64 CloudBuildName: server CloudID: lxd CloudName: lxd CloudPlatform: lxd CloudSerial: 20240407 CloudSubPlatform: LXD socket API v. 1.0 (/dev/lxd/sock) Date: Mon Apr 22 06:30:04 2024 NmbdLog: ProcEnviron: LANG=C.UTF-8 PATH=(custom, no user) SHELL=/bin/bash TERM=xterm-256color XDG_RUNTIME_DIR= RebootRequiredPkgs: Error: path contained symlinks. SambaServerRegression: Yes SmbConfIncluded: Yes SmbLog: SourcePackage: samba TestparmExitCode: 0 UpgradeStatus: No upgrade log present (probably fresh install) ** Affects: samba (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug cloud-image noble -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2063079 Title: samba smbd.service is missing ExecStartPre for update-apparmor-samba- profile To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/2063079/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2061155]
Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest coordinating with upstream and posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures ** Tags added: community-security ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2061155 Title: Use-after-close vulnerability in dbus-broker 35. Please upgrade package to 36 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dbus-broker/+bug/2061155/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2061208] Re: package nvidia-dkms-535-server 535.161.08-0ubuntu2.22.04.1 failed to install/upgrade: installed nvidia-dkms-535-server package post-installation script subprocess returned error exit
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2061208 Title: package nvidia-dkms-535-server 535.161.08-0ubuntu2.22.04.1 failed to install/upgrade: installed nvidia-dkms-535-server package post- installation script subprocess returned error exit status 10 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nvidia-graphics-drivers-535-server/+bug/2061208/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2061191]
Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest coordinating with upstream and posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures ** Tags added: community-security ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2061191 Title: Probably stone-age old and insecure version with remote code execution To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qtwebkit-opensource-src/+bug/2061191/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2061305] Re: Can't update to Ubuntu 22.04.4 LTS (Jammy Jellyfish)
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2061305 Title: Can't update to Ubuntu 22.04.4 LTS (Jammy Jellyfish) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-release-upgrader/+bug/2061305/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2061856]
Thanks for taking the time to report this bug and helping to make Ubuntu better. Your bug report is more likely to get attention if it is made in English, since this is the language understood by the majority of Ubuntu developers. Additionally, please only mark a bug as "security" if it shows evidence of allowing attackers to cross privilege boundaries or to directly cause loss of data/privacy. Please feel free to report any other bugs you may find. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2061856 Title: gnome terminal To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xorg/+bug/2061856/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2061856] Re: gnome terminal
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Private Security to Public ** Changed in: xorg (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2061856 Title: gnome terminal To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xorg/+bug/2061856/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2061894] Re: package linux-image-6.8.0-22-generic 6.8.0-22.22 failed to install/upgrade: run-parts: /etc/kernel/postinst.d/dkms exited with return code 11
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2061894 Title: package linux-image-6.8.0-22-generic 6.8.0-22.22 failed to install/upgrade: run-parts: /etc/kernel/postinst.d/dkms exited with return code 11 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dkms/+bug/2061894/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2062011] Re: Please update libjxl to newest version in 24.04 to address security vulnerabilities
Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest coordinating with upstream and posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures ** Information type changed from Private Security to Public Security ** Tags added: community-security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2062011 Title: Please update libjxl to newest version in 24.04 to address security vulnerabilities To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/jpeg-xl/+bug/2062011/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2062440] Re: A few days ago I realized that the time was four hours behind despite it being automatic with the correct time zone.
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2062440 Title: A few days ago I realized that the time was four hours behind despite it being automatic with the correct time zone. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tzdata/+bug/2062440/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2060035] Re: [MIR] msgraph
I reviewed msgraph 0.2.1-0ubuntu3 as checked into noble. This shouldn't be considered a full audit but rather a quick gauge of maintainability. msgraph is a library written in C using the glib, libgoa, and libsoup for providing access to the Microsoft Graph API services. - CVE History - None - Build-Depends - libgoa, glib, libsoup - claims to use librest via meson.build but I couldn't find any evidence of that so sent a MR to remove this - as such should hopefully be able to be removed from Build-Depends in a future update - pre/post inst/rm scripts - None - init scripts - None - systemd units - None - dbus services - None - setuid binaries - None - binaries in PATH - Non - sudo fragments - None - polkit files - None - udev rules - None - unit tests / autopkgtests - unit tests are run at build time via dh_auto_test - autopkgtest simply runs unit tests as well - tests use uhttpmock to mock the service server - average test coverage is 72% as reported by gcovr - cron jobs - None - Build logs - Contains the following warnings: - dh_girepository: warning: Missing Build-Depends: gir1.2-gobject-2.0-dev (ideally with ) - dh_girepository: warning: Missing Build-Depends: gir1.2-gio-2.0-dev (ideally with ) - dh_girepository: warning: libgoa-1.0-dev should have Provides: gir1.2-goa-1.0-dev (= ${binary:Version}) - dh_girepository: warning: Missing Build-Depends: gir1.2-json-1.0-dev (ideally with ) - dh_girepository: warning: librest-dev should have Provides: gir1.2-rest-1.0-dev (= ${binary:Version}) - dh_girepository: warning: Missing Build-Depends: gir1.2-soup-3.0-dev (ideally with ) - Lintian reports the following issues: - libmsgraph-0-1_0.2.1-0ubuntu3_amd64.deb: E: libmsgraph-0-1: custom-library-search-path RUNPATH /usr/lib/x86_64-linux-gnu/libmsgraph [usr/lib/x86_64-linux-gnu/libmsgraph-0.so.0.2.1] - libmsgraph-doc_0.2.1-0ubuntu3_all.deb: W: libmsgraph-doc: stray-devhelp-documentation [usr/share/doc/msgraph-0/msgraph-0.devhelp2] - Processes spawned - No subprocesses spawned - Memory management - Uses standard glib APIs like g_new / g_free appropriately - no obvious memory leaks or similar - File IO - None - Logging - Only a very small amount of direct logging using `g_debug()` to trace use of various functions and when the https port number is changed via environment variable `SG_HTTPS_PORT` - Uses glib GError etc to return error information etc - Sets up libsoup to debug via `g_debug()` - No apparent use of unsafe format-string directives - Environment variable usage - SG_HTTPS_PORT to override https port during testing - MSG_DEBUG - used to set the debug level in libsoup - MSG_LAX_SSL_CERTIFICATES - used to relax SSL validation of certificates for testing to allow to use an expired test cert in this case - this is done by connecting to the accept-certificate signal of libsoup's SoupMessage which is emitted during the TLS handshake after an unacceptable TLS certificate has been received, and hence to override this despite it having various errors - Use of privileged functions - None - Use of cryptography / random number sources etc - Uses libsoup to do certificate validation etc - Use of temp files - None - Use of networking - Uses libsoup to handle underlying network communications - libsoup internally uses GIO's GTlsConnection etc to handle TLS certificate validation etc - this does certification validation etc by default - Use of WebKit - None - Use of PolicyKit - None - No significant cppcheck results - No significant Coverity results - Upstream already does their own Coverity scans: - https://gitlab.gnome.org/GNOME/msgraph/-/blob/main/.gitlab-ci.yml?ref_type=heads#L54 - No significant shellcheck results - No significant Semgrep results The upstream project looks quite young (first commit was 23 July 2022 in a private repo, the public project only has commits since 14 Feb 2024) but the project appears to be quite high quality. Tests account for ~1/5th of the total code and provide 72% code coverage across 90% of all functions are run during the build and via autopkgtests. They also have plans to add additional unit tests for the async function variants in https://gitlab.gnome.org/GNOME/msgraph/-/merge_requests/21. Finally, they also do static analysis via Coverity as well as clang's scan-build to proactively detect any security issues. I sent a MR to remove the unused librest dependency as well in https://gitlab.gnome.org/GNOME/msgraph/-/merge_requests/22 Security team ACK for promoting msgraph to main. ** Changed in: msgraph (Ubuntu) Assignee: Ubuntu Security Team (ubuntu-security) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2060035 Title: [MIR] msgraph To manage notifications about this bug go to:
[Bug 2060575] [NEW] gnome-keyring fails to automatically unlock login keyring after recent updates in noble
Public bug reported: After installing recent updates in 24.04, upon logging in the gnome- shell based UI pops up saying that the login keyring was not unlocked and asking for the users password to be input to unlock it. Similarly a second, non-gnome-shell based UI is also present asking the same thing. Will try and get a screenshot to attach. ProblemType: Bug DistroRelease: Ubuntu 24.04 Package: libpam-gnome-keyring 46.1-2build1 ProcVersionSignature: Ubuntu 6.8.0-22.22-generic 6.8.1 Uname: Linux 6.8.0-22-generic x86_64 NonfreeKernelModules: zfs ApportVersion: 2.28.0-0ubuntu1 Architecture: amd64 CasperMD5CheckResult: pass CurrentDesktop: ubuntu:GNOME Date: Tue Apr 9 06:16:46 2024 InstallationDate: Installed on 2021-08-03 (980 days ago) InstallationMedia: Ubuntu 21.10 "Impish Indri" - Alpha amd64 (20210802) RebootRequiredPkgs: Error: path contained symlinks. SourcePackage: gnome-keyring UpgradeStatus: Upgraded to noble on 2024-01-31 (68 days ago) ** Affects: gnome-keyring (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug noble wayland-session -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2060575 Title: gnome-keyring fails to automatically unlock login keyring after recent updates in noble To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-keyring/+bug/2060575/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2059417] Re: Sync xz-utils 5.6.1-1 (main) from Debian unstable (main)
Given this has been reverted in Debian, it should not be synced into Ubuntu. ** Changed in: xz-utils (Ubuntu) Status: New => Won't Fix -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2059417 Title: Sync xz-utils 5.6.1-1 (main) from Debian unstable (main) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xz-utils/+bug/2059417/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2056696] Re: All Snaps are denied the ability to use DBus for notifications and apptray indicators in KDE-based flavors
Ok whilst I still can't see the /StatusNotifierItem object listed via d-feet I can reproduce the denials when launching element-desktop so I have added some additional changes to the aforementioned PR which resolve these as well. With all the changes from that PR in place all of these mentioned denials are resolved. ** Changed in: snapd Status: New => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2056696 Title: All Snaps are denied the ability to use DBus for notifications and apptray indicators in KDE-based flavors To manage notifications about this bug go to: https://bugs.launchpad.net/snapd/+bug/2056696/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2056696] Re: All Snaps are denied the ability to use DBus for notifications and apptray indicators in KDE-based flavors
Ah although it seems I can reboot the VM at this point and whilst Calamares appeared to run again again in the rebooted vm if I choose Install Calamares closes and I see the installed kubuntu environment - weird Anyway I think I will be able to use this to debug the original issue further - will continue and let you know what I find. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2056696 Title: All Snaps are denied the ability to use DBus for notifications and apptray indicators in KDE-based flavors To manage notifications about this bug go to: https://bugs.launchpad.net/snapd/+bug/2056696/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2056696] Re: All Snaps are denied the ability to use DBus for notifications and apptray indicators in KDE-based flavors
The subsequent error is: Main script file /usr/lib/x86_64-linux- gnu/calamares/modules/automirror/main.py for python job automirror raised an exception. Is there any way I can debug this further? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2056696 Title: All Snaps are denied the ability to use DBus for notifications and apptray indicators in KDE-based flavors To manage notifications about this bug go to: https://bugs.launchpad.net/snapd/+bug/2056696/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2056696] Re: All Snaps are denied the ability to use DBus for notifications and apptray indicators in KDE-based flavors
Yes I hit that exact issue in Calamares but after fixing it I then hit another similar crash in a different script in calamares - will see if I can reproduce and provide you with details. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2056696 Title: All Snaps are denied the ability to use DBus for notifications and apptray indicators in KDE-based flavors To manage notifications about this bug go to: https://bugs.launchpad.net/snapd/+bug/2056696/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2056696] Re: All Snaps are denied the ability to use DBus for notifications and apptray indicators in KDE-based flavors
So I installed kubuntu-desktop on an up-to-date noble VM and then after logging into the kubuntu session I was able to reproduce the issue for Notifications but I couldn't see anything owning the /StatusNotifierItem dbus path. For notifications I submitted https://github.com/snapcore/snapd/pull/13737 to snapd which should resolve that but if anyone can help me reproduce the issue for the status notifier item that would be great. FWIW I have attached a screenshot of d-feet showing the various dbus paths owned by plasmashell and /StatusNotifierItem is not listed. Am I perhaps missing some other package that doesn't get pulled in by the standard kubuntu-desktop metapackage? ** Attachment added: "Pasted image.png" https://bugs.launchpad.net/snapd/+bug/2056696/+attachment/5757409/+files/Pasted%20image.png -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2056696 Title: All Snaps are denied the ability to use DBus for notifications and apptray indicators in KDE-based flavors To manage notifications about this bug go to: https://bugs.launchpad.net/snapd/+bug/2056696/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2058329] [NEW] Update apparmor to 4.0.0-beta3 in noble
Public bug reported: Latest upstream release https://gitlab.com/apparmor/apparmor/-/releases/v4.0.0-beta3 Contains only bug fixes since 4.0.0-beta2 which is currently in noble- proposed thus does not require a FFe. ** Affects: apparmor (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2058329 Title: Update apparmor to 4.0.0-beta3 in noble To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2058329/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2056696] Re: All Snaps are denied the ability to use DBus for notifications and apptray indicators in KDE-based flavors
> Log: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/freedesktop/DBus" interface="org.freedesktop.DBus" member="ListActivatableNames" mask="send" name="org.freedesktop.DBus" pid=2950 label="snap.element-desktop.element-desktop" peer_label="unconfined" This is provided by the system-observe interface in snapd - currently it looks like element-desktop does not plug this so the element-desktop snap needs to be updated to include this. > Log: apparmor="DENIED" operation="dbus_method_call" bus="session" > path="/modules/kwalletd5" interface="org.kde.KWallet" member="isEnabled" > mask="send" name="org.kde.kwalletd5" pid=2950 > label="snap.element-desktop.element-desktop" peer_pid=1762 > peer_label="unconfined" > Log: apparmor="DENIED" operation="dbus_method_call" bus="session" > path="/modules/kwalletd5" interface="org.kde.KWallet" member="close" > mask="send" name="org.kde.kwalletd5" pid=2950 > label="snap.element-desktop.element-desktop" peer_pid=1762 > peer_label="unconfined" These are provided by the password-manager-service interface in snapd - again currently it looks like element-desktop does not plug this so the element-desktop snap needs to be updated to include this as well. Finally, for the last two > Log: apparmor="DENIED" operation="dbus_method_call" bus="session" > path="/StatusNotifierItem" interface="org.freedesktop.DBus.Properties" > member="GetAll" name=":1.45" mask="receive" pid=2950 > label="snap.element-desktop.element-desktop" peer_pid=2394 > peer_label="plasmashell" > Log: apparmor="DENIED" operation="dbus_signal" bus="session" > path="/StatusNotifierItem" interface="org.kde.StatusNotifierItem" > member="NewToolTip" mask="send" name="org.freedesktop.DBus" pid=2950 > label="snap.element-desktop.element-desktop" peer_pid=2394 > peer_label="plasmashell" Yes this is due to the peer_label mismatch - previously plasmashell would run without an AppArmor profile and so was "unconfined" - the most recent apparmor release in Noble contains a new profile for plasmashell in /etc/apparmor.d/plasmashell with the label "plasmashell" - and so now the peer_label doesn't match. This likely needs to be fixed on the snapd side (or we figure out a way in apparmor to not ship this profile). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2056696 Title: All Snaps are denied the ability to use DBus for notifications and apptray indicators in KDE-based flavors To manage notifications about this bug go to: https://bugs.launchpad.net/snapd/+bug/2056696/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2056496] Re: [FFe] AppArmor 4.0-beta2 + prompting support for noble
Uploaded to noble-proposed yesterday https://launchpad.net/ubuntu/+source/apparmor/4.0.0~beta2-0ubuntu3 ** Changed in: apparmor (Ubuntu) Status: Triaged => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2056496 Title: [FFe] AppArmor 4.0-beta2 + prompting support for noble To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2056496/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2056458] Re: upgrade to thunderbird snap, missing snapd depdency
** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2056458 Title: upgrade to thunderbird snap, missing snapd depdency To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/thunderbird/+bug/2056458/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2055761] Re: tracker-extract-3 crashed with SIGSYS in epoll_wait()
Ah fair enough ;) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2055761 Title: tracker-extract-3 crashed with SIGSYS in epoll_wait() To manage notifications about this bug go to: https://bugs.launchpad.net/tracker/+bug/2055761/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2055761] Re: tracker-extract-3 crashed with SIGSYS in epoll_wait()
> Why do we keep having to fix these crashes one by one over such a long period of time? In this case I think this is a consequence of the allow-list nature of the seccomp filters - as glibc changes to implement various functions via different primitive system calls / or the kernel changes to add new system calls and glibc starts to make sure of these, the seccomp filter needs to be updated to take this into account. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2055761 Title: tracker-extract-3 crashed with SIGSYS in epoll_wait() To manage notifications about this bug go to: https://bugs.launchpad.net/tracker/+bug/2055761/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2054924] Re: color emoji are broken with fontconfig 2.15
As per https://gitlab.freedesktop.org/fontconfig/fontconfig/-/issues/409#note_2298588 this can also be fixed by adding an additional rule to /etc/fonts/conf.d/70-no-bitmaps.conf of the form: false ** Bug watch added: gitlab.freedesktop.org/fontconfig/fontconfig/-/issues #409 https://gitlab.freedesktop.org/fontconfig/fontconfig/-/issues/409 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2054924 Title: color emoji are broken with fontconfig 2.15 To manage notifications about this bug go to: https://bugs.launchpad.net/fontconfig/+bug/2054924/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2055114] Re: fail2ban is broken in 24.04 Noble
Relevant upstream issue https://github.com/fail2ban/fail2ban/issues/3487 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2055114 Title: fail2ban is broken in 24.04 Noble To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/fail2ban/+bug/2055114/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2055114] Re: fail2ban is broken in 24.04 Noble
So whilst in Ubuntu we do have python-pyasyncore which provides asyncore, we don't have asynchat so this might need to be packaged separately OR vendored into fail2ban -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2055114 Title: fail2ban is broken in 24.04 Noble To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/fail2ban/+bug/2055114/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2055114] Re: fail2ban is broken in 24.04 Noble
asynchat was removed in python 3.12, which just became the default python3 in 24.04 ** Information type changed from Private Security to Public ** Bug watch added: github.com/fail2ban/fail2ban/issues #3487 https://github.com/fail2ban/fail2ban/issues/3487 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2055114 Title: fail2ban is broken in 24.04 Noble To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/fail2ban/+bug/2055114/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2003864] Re: freshclam assert failure: *** stack smashing detected ***: terminated
Turns out clamav-1.0.0 includes a transition from libclamav9 -> libclamav11 so this is taking a bit longer than expected - but I will keep plugging away. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/2003864 Title: freshclam assert failure: *** stack smashing detected ***: terminated To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/2003864/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2003864] Re: freshclam assert failure: *** stack smashing detected ***: terminated
Looking at the upstream repo for clamav I suspect the following commit is required to be backported to clamav in lunar https://github.com/Cisco- Talos/clamav/commit/375ecf678c714623e6fb5c0119d1bec98dc700dd - or that a merge is done of clamav-1.0.0+dfsg-6 to lunar. The merge is likely the best option I suspect. ** Changed in: clamav (Ubuntu) Status: Invalid => Confirmed ** Changed in: tomsfastmath (Ubuntu) Status: Confirmed => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/2003864 Title: freshclam assert failure: *** stack smashing detected ***: terminated To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/2003864/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2003864] Re: freshclam assert failure: *** stack smashing detected ***: terminated
FWIW I can't reproduce this on a debian sid install of clamav which also uses the same version of libtfm / tomsfastmath. However, Debian is using a newer version of clamav than Ubuntu 23.04 so perhaps this may be fixed by merging that version to Ubuntu (or perhaps even a no-change rebuild of clamav in lunar against the new tomsfastmath may also be enough since it was updated after clamav was merged from Debian back in November). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/2003864 Title: freshclam assert failure: *** stack smashing detected ***: terminated To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/2003864/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2003864] Re: freshclam assert failure: *** stack smashing detected ***: terminated
This crash seems to be from libtfm -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/2003864 Title: freshclam assert failure: *** stack smashing detected ***: terminated To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/2003864/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2003864] Re: freshclam assert failure: *** stack smashing detected ***: terminated
FWIW I was able to get the following backtrace from this crash: (gdb) bt full #0 s_fp_sub (a=0x7ffe3ea481a0, b=, c=0x7ffe3ea481a0) at src/addsub/s_fp_sub.c:30 x = oldbused = oldused = 483582409 t = #1 0x7fa0134db9e1 in fp_add (a=a@entry=0x7ffe3ea48640, b=b@entry=0x7ffe3ea481a0, c=c@entry=0x7ffe3ea481a0) at src/addsub/fp_add.c:36 sa = 0 sb = #2 0x7fa013f4fd9a in cli_decodesig (sig=, plen=16, e=..., n=...) at /build/clamav-BVgrQT/clamav-0.103.7+dfsg/libclamav/dsig.c:81 i = slen = dec = plain = r = {dp = {20, 0 }, used = 0, sign = 0} p = {dp = {7523094288207667809, 8101815670912281193, 8680537053616894577, 5063528411713075833, 5642249794417674311, 6220971177122287695, 3689065128513853527, 3398873257388422452, 14252546126433011493, 3628442678755211665, 2712605966946181364, 15277839593839420578, 8694802841658813312, 5686060832697987328, 12525307746306663233, 3694540437919755632, 16682102428094490919, 5631266801228481616, 14061618276812491434, 12197667988407176409, 11079511681014219552, 3404728260627231669, 13043412223414144931, 8832037575717677253, 6256736375726068327, 1492754453746096941, 2099850458381573509, 9306592184907088834, 6237175487325309377, 10120151704950850987, 11851618273230141658, 11300675668428630678, 17403472256060924040, 689431326608835423, 13397809209459187972, 16470382282525004697, 4147042843502184282, 3335726350839652177, 17704539718282564709, 9328568386471887118, 3029035003742963202, 3721060635362210435, 15422113546084857351, 5242631485635193648, 5585345812499149634, 11028124888168443482, 12505072684500331840, 6166804767040247584, 8327969952893387040, 12531736269459262785, 3930243339632379563, 200911044503768884, 6073254765277986521, 9023911194406650026, 17641743940052621905, 6378363933382259647, 4892725150097842880, 1681410646275668659, 7878974849415667176, 11790566601723893973, 8719326998705976687, 7181653255783712, 2973234752302277065, 14834633410307321860, 8450598079591262979, 11835167384365632637, 12126364641900763477, 3130395059942365217, 3068322677788637080, 12426936100189987562, 4784747591849508306, 13164285774797318797}, used = 449974006, sign = -2091867690} c = {dp = {18446744073709551596, 18446744073709551615 }, used = -1, sign = -1} #3 0x in ?? () No symbol table info available. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/2003864 Title: freshclam assert failure: *** stack smashing detected ***: terminated To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/2003864/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1810241] Re: NULL dereference when decompressing specially crafted archives
Thanks I have updated the status of this CVE in the Ubuntu CVE tracker. ** Changed in: tar (Ubuntu) Status: Triaged => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1810241 Title: NULL dereference when decompressing specially crafted archives To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1810241/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1977701] Re: Update to latest upstream release 20220510 / IPU 2022.1 to fix multiple security vulnerabilities
** Description changed: Intel released version 20220510 / IPU 2022.1 earlier in May to address multiple vulnerabilities, including: - - CVE-2022-21151, INTEL-SA-00617 - - CVE-2021-0146, INTEL-SA-00528 - - CVE-2021-0127, INTEL-SA-00532 + - CVE-2022-21151, INTEL-SA-00617 + - CVE-2021-0146, INTEL-SA-00528 + - CVE-2021-0127, INTEL-SA-00532 This version is already packaged in Ubuntu 22.10 (kinetic). Whilst this is a security update, to allow for increased testing before being more widely deployed the Ubuntu Security team are wishing to - publish this first via -proposed and then to -updates at which point it - will also then be published to -security. + publish this first via -proposed and then to -security at which point it + will also then be published to -updates as per the usual + security->updates sync. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1977701 Title: Update to latest upstream release 20220510 / IPU 2022.1 to fix multiple security vulnerabilities To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/intel-microcode/+bug/1977701/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1977701] Re: Update to latest upstream release 20220510 / IPU 2022.1 to fix multiple security vulnerabilities
** Changed in: intel-microcode (Ubuntu Bionic) Status: New => Fix Committed ** Changed in: intel-microcode (Ubuntu Focal) Status: New => Fix Committed ** Changed in: intel-microcode (Ubuntu Impish) Status: New => Fix Committed ** Changed in: intel-microcode (Ubuntu Jammy) Status: New => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1977701 Title: Update to latest upstream release 20220510 / IPU 2022.1 to fix multiple security vulnerabilities To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/intel-microcode/+bug/1977701/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1977701] [NEW] Update to latest upstream release 20220510 / IPU 2022.1 to fix multiple security vulnerabilities
Public bug reported: Intel released version 20220510 / IPU 2022.1 earlier in May to address multiple vulnerabilities, including: - CVE-2022-21151, INTEL-SA-00617 - CVE-2021-0146, INTEL-SA-00528 - CVE-2021-0127, INTEL-SA-00532 This version is already packaged in Ubuntu 22.10 (kinetic). Whilst this is a security update, to allow for increased testing before being more widely deployed the Ubuntu Security team are wishing to publish this first via -proposed and then to -updates at which point it will also then be published to -security. ** Affects: intel-microcode (Ubuntu) Importance: Undecided Status: New ** Affects: intel-microcode (Ubuntu Bionic) Importance: Undecided Status: New ** Affects: intel-microcode (Ubuntu Focal) Importance: Undecided Status: New ** Affects: intel-microcode (Ubuntu Impish) Importance: Undecided Status: New ** Affects: intel-microcode (Ubuntu Jammy) Importance: Undecided Status: New ** Tags: block-proposed-bionic block-proposed-focal block-proposed-impish block-proposed-jammy ** Also affects: intel-microcode (Ubuntu Bionic) Importance: Undecided Status: New ** Also affects: intel-microcode (Ubuntu Focal) Importance: Undecided Status: New ** Also affects: intel-microcode (Ubuntu Jammy) Importance: Undecided Status: New ** Also affects: intel-microcode (Ubuntu Impish) Importance: Undecided Status: New ** Tags added: block-proposed-bionic ** Tags added: block-proposed-focal block-proposed-impish block- proposed-jammy -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1977701 Title: Update to latest upstream release 20220510 / IPU 2022.1 to fix multiple security vulnerabilities To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/intel-microcode/+bug/1977701/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970228] Re: Multiple vulnerabilities in Bionic, Focal and Jammy
Removing ubuntu-security-sponsors since there is no debdiff to sponsor. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1970228 Title: Multiple vulnerabilities in Bionic, Focal and Jammy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/subversion/+bug/1970228/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970228] Re: Multiple vulnerabilities in Bionic, Focal and Jammy
Setting impish to Incomplete since there is no debdiff to sponsor at this stage. ** Changed in: subversion (Ubuntu Impish) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1970228 Title: Multiple vulnerabilities in Bionic, Focal and Jammy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/subversion/+bug/1970228/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1973322] Re: Bacula for 22.04/Jammy
FYI I have rebuilt the version of bacula for jammy in a PPA - https://launchpad.net/~alexmurray/+archive/ubuntu/lp1973322 - if anyone could give this a test and let me know how it works for you, then we can look at trying to release it via an SRU. Thanks. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1973322 Title: Bacula for 22.04/Jammy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bacula/+bug/1973322/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1971767] Re: [MIR] libfreeaptx
I reviewed libfreeaptx 0.1.1-1ubuntu1 as checked into kinetic. This shouldn't be considered a full audit but rather a quick gauge of maintainability. libfreeaptx is an implementation of the audio processing technology (aptX) codec. It is a fork of the libopenatpx library (which is in universe) - the fork was done since the most recent version of libopenaptx (0.2.1) now has an incompatible license and so this is a fork of the 0.2.0 version with a real license. - No CVE History - No Build-Depends - No pre/post inst/rm scripts - No init scripts - No systemd units - No dbus services - No setuid binaries - 2 binaries in PATH from freeaptx-utils binary package - -rwxr-xr-x root/root 14648 2022-05-20 22:53 ./usr/bin/freeaptxdec - -rwxr-xr-x root/root 14648 2022-05-20 22:53 ./usr/bin/freeaptxenc - utils to read / write raw 24-bit signed stereo samples from / to aptX via stdin/stdout - No sudo fragments - No polkit files - No udev rules - No unit tests - 3 simple autopkgtests - build test compiles a very simple C program using libfreeaptx to check headers / pkg-config files are installed correctly - 2 other tests use freeaptxenc to encode a raw sample to aptX and then decode it again in both regular and HD - No cron jobs - Build logs are quite clean - No processes spawned - No dynamic memory management other than allocating a structure on the heap to store context for the session - Otherwise uses buffers provided by the caller and appears to be quite good at checking buffer lengths etc to not overflow them - No file IO - Logging is only done in CLI based enc/dec tools and is careful not to have potential format string vulnerabilities - No environment variable usage - No use of privileged functions - No use of cryptography / random number sources etc - No use of temp files - No use of networking - No use of WebKit - No use of PolicyKit - No significant cppcheck results - No significant Coverity results - No significant shellcheck results libfreeaptx looks like pretty decent code - it is small and doesn't do anything fancy with memory management and appears quite defensive in how it checks buffer lengths etc. The biggest issue I have with this package is the lack of unit tests for the code - so it will make it hard to verify that any future changes don't inadvertently break it. Lack of these is annoying but the upstream repo doesn't contain them either nor does libopenaptx either so this is not a blocker. Security team ACK for promoting libfreeaptx to main. ** Changed in: libfreeaptx (Ubuntu) Assignee: Ubuntu Security Team (ubuntu-security) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1971767 Title: [MIR] libfreeaptx To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libfreeaptx/+bug/1971767/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1871148] Re: services start before apparmor profiles are loaded
@mardy I thought we had snapd.apparmor specifically to avoid this scenario but I can't see that service mentioned at all in systemd- analyze plot... -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1871148 Title: services start before apparmor profiles are loaded To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1871148/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1970228] Re: Multiple vulnerabilities in Bionic, Focal and Jammy
Thanks for the updated patches - they look a lot better. Note, one thing we try and do is to add references to the patch files to indicate where they came from as per https://dep-team.pages.debian.net/deps/dep3/ - as an example see the update in http://launchpadlibrarian.net/596090586/subversion_1.14.1-3_1.14.1-3ubuntu0.1.diff.gz which shows these headers included in the new debian/patches/CVE- XXX.patch files which got added as part of that update. Including these also makes it a lot easier for reviewers to ensure that the changes are 'official' and match what the upstream. Also the debian/changelog entry is a bit terse compared to what we normally would do - as an example please see step 3 at https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Update_the_packaging However, in this case as you have already put a lot of work into these, I am happy to go with them as they are (although I am replacing the patches with the ones with dep-3 headers from the impish update linked above so we can keep as much attribution etc as possible). I will sponsor these later today/tomorrow. Thanks again. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1970228 Title: Multiple vulnerabilities in Bionic, Focal and Jammy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/subversion/+bug/1970228/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1975407] Re: pulseaudio is getting crashed
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1975407 Title: pulseaudio is getting crashed To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/1975407/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1975408] Re: Performance is much worse than expected (Normal friendly behaviors)
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1975408 Title: Performance is much worse than expected (Normal friendly behaviors) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xorg/+bug/1975408/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1975381] Re: firewall gets disabled
Thank you for taking the time to report this bug and helping to make Ubuntu better. Unfortunately we can't fix it, because your description didn't include enough information. You may find it helpful to read 'How to report bugs effectively' http://www.chiark.greenend.org.uk/~sgtatham/bugs.html. We'd be grateful if you would then provide a more complete description of the problem. We have instructions on debugging some types of problems at http://wiki.ubuntu.com/DebuggingProcedures. At a minimum, we need: 1. the specific steps or actions you took that caused you to encounter the problem, 2. the behavior you expected, and 3. the behavior you actually encountered (in as much detail as possible). Thanks! ** Changed in: iptables (Ubuntu) Status: New => Incomplete ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1975381 Title: firewall gets disabled To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables/+bug/1975381/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1974181] Re: package libreoffice-common 1:7.3.3-0ubuntu0.22.04.1 failed to install/upgrade: installed libreoffice-common package post-installation script subprocess returned error exit status 128
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1974181 Title: package libreoffice-common 1:7.3.3-0ubuntu0.22.04.1 failed to install/upgrade: installed libreoffice-common package post- installation script subprocess returned error exit status 128 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1974181/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1974074] Bug is not a security issue
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1974074 Title: missing symlink in /root/.config/libreoffice/4/user/config/ To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1974074/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1973322] Re: Bacula for 22.04/Jammy
As can be seen at https://launchpad.net/ubuntu/+source/bacula/+publishinghistory bacula was removed from Ubuntu during the jammy development cycle as it failed to compile: > FTBFS, removed from Debian testing, blocks libssl transition; Debian bug #997139 The process to get this back into jammy would be a StableReleaseUpdate - https://wiki.ubuntu.com/StableReleaseUpdates - so a version of bacula which compiles on jammy would have to be prepared and then this procedure can be followed to get it published back into Ubuntu 22.04 LTS. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1973322 Title: Bacula for 22.04/Jammy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bacula/+bug/1973322/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1972043] Re: Please add -ftrivial-auto-var-init=zero to default build flags
doko can you please provide more details on why you think this should be done in dpkg instead of gcc (as we have done for almost all the other hardening options)? As Kees says, adding it to gcc means not only does this benefit Ubuntu archive packages, but also any software which is built on a Ubuntu machine using gcc (ie snaps built by launchpad, packages built on Github using Ubuntu as the CI backend etc) - which is a great benefit IMO. What advantages do you see in adding this to dpkg rather than gcc? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1972043 Title: Please add -ftrivial-auto-var-init=zero to default build flags To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/1972043/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1973827] Re: Laptop freezes when recovering from suspend / sleep mode
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1973827 Title: Laptop freezes when recovering from suspend / sleep mode To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-release-upgrader/+bug/1973827/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1973654] Re: Using debian-installer on a server with a Let's Encrypt cert dies
I believe this is caused by debootstrap - it only uses packages from the release pocket (and this is frozen from the time Ubuntu 20.04 LTS was originally released). This is a known issue https://askubuntu.com/questions/744684/latest-security-updates-with- debootstrap but I am not sure if there is much you can do to get debian- installer to say use multistrap instead of debootstrap. ** Package changed: ca-certificates (Ubuntu) => debian-installer (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1973654 Title: Using debian-installer on a server with a Let's Encrypt cert dies To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/debian-installer/+bug/1973654/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1973644] Re: package nvidia-340 (not installed) failed to install/upgrade: trying to overwrite '/usr/bin/nvidia-bug-report.sh', which is also in package nvidia-utils-470 470.103.01-0ubuntu0.20.04
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1973644 Title: package nvidia-340 (not installed) failed to install/upgrade: trying to overwrite '/usr/bin/nvidia-bug-report.sh', which is also in package nvidia-utils-470 470.103.01-0ubuntu0.20.04.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nvidia-graphics-drivers-340/+bug/1973644/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1973028] Re: gnome-remote-desktop user service is always running
I am not sure I agree with the statement that this is "harmless" for the user service to be running if remote desktop sharing is not enabled - on my jammy system I can see the RDP port open thanks to gnome-remote- desktop: $ ss -tlp | grep gnome-remote LISTEN 0 10*:ms-wbt-server*:* users:(("gnome-remote-de",pid=5851,fd=13)) And I have not manually enabled this - so I feel like this is potentially a security issue and should be prioritised as such for jammy. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1973028 Title: gnome-remote-desktop user service is always running To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-remote-desktop/+bug/1973028/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1973574] Re: The system has become much choppier and no audio is being heard
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1973574 Title: The system has become much choppier and no audio is being heard To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1973574/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1973472] Re: Vea la página de manual apt-secure(8) para los detalles sobre la creación de repositorios y la configuración de usuarios. W: El objetivo Sources (main/source/Sources) está configura
Thanks for taking the time to report this bug and helping to make Ubuntu better. Your bug report is more likely to get attention if it is made in English, since this is the language understood by the majority of Ubuntu developers. Additionally, please only mark a bug as "security" if it shows evidence of allowing attackers to cross privilege boundaries or to directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Private Security to Public ** Changed in: duplicity (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1973472 Title: Vea la página de manual apt-secure(8) para los detalles sobre la creación de repositorios y la configuración de usuarios. W: El objetivo Sources (main/source/Sources) está configurado varias veces en /etc/apt/sources.list:2 y /etc/apt/sources.list:7 W: El objetivo Sources (main/source/Sources) está configurado varias veces en /etc/apt/sources.list:2 y /etc/apt/sources.list:7 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/duplicity/+bug/1973472/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1972043] Re: Please add -ftrivial-auto-var-init=zero to default build flags
+1 from the Security team on this - looks like a good easy win for security with no overhead or other impact from what I can see. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1972043 Title: Please add -ftrivial-auto-var-init=zero to default build flags To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gcc-12/+bug/1972043/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1971288] Re: Merge libseccomp from Debian unstable for kinetic
I uploaded https://launchpad.net/ubuntu/+source/libseccomp/2.5.4-1ubuntu1 earlier today. ** Changed in: libseccomp (Ubuntu) Status: New => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1971288 Title: Merge libseccomp from Debian unstable for kinetic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1971288/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1968556] Re: nvidia-kernel-source-465 465.27-0ubuntu0.20.04.2: nvidia kernel module failed to build
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1968556 Title: nvidia-kernel-source-465 465.27-0ubuntu0.20.04.2: nvidia kernel module failed to build To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nvidia-graphics-drivers-465/+bug/1968556/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1964449] Re: Recordmydesktop Crashing With Segmentation Fault
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1964449 Title: Recordmydesktop Crashing With Segmentation Fault To manage notifications about this bug go to: https://bugs.launchpad.net/recordmydesktop/+bug/1964449/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1968450] Re: snapd hangs startup with an infinite loop of start failures and breaks all user-created symlinks
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1968450 Title: snapd hangs startup with an infinite loop of start failures and breaks all user-created symlinks To manage notifications about this bug go to: https://bugs.launchpad.net/gnome-session/+bug/1968450/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1968397]
Thank you for using Ubuntu and taking the time to report a bug. Your report should contain, at a minimum, the following information so we can better find the source of the bug and work to resolve it. Submitting the bug about the proper source package is essential. For help see https://wiki.ubuntu.com/Bugs/FindRightPackage . Additionally, in the report please include: 1) The release of Ubuntu you are using, via 'cat /etc/lsb-release' or System -> About Ubuntu. 2) The version of the package you are using, via 'dpkg -l PKGNAME | cat' or by checking in Synaptic. 3) What happened and what you expected to happen. The Ubuntu community has also created debugging procedures for a wide variety of packages at https://wiki.ubuntu.com/DebuggingProcedures . Following the debugging instructions for the affected package will make your bug report much more complete. Thanks! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1968397 Title: bootloader To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xorg/+bug/1968397/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1968397] Re: bootloader
Thank you for taking the time to report this bug and helping to make Ubuntu better. Unfortunately we can't fix it, because your description didn't include enough information. You may find it helpful to read 'How to report bugs effectively' http://www.chiark.greenend.org.uk/~sgtatham/bugs.html. We'd be grateful if you would then provide a more complete description of the problem. We have instructions on debugging some types of problems at http://wiki.ubuntu.com/DebuggingProcedures. At a minimum, we need: 1. the specific steps or actions you took that caused you to encounter the problem, 2. the behavior you expected, and 3. the behavior you actually encountered (in as much detail as possible). Thanks! ** Changed in: xorg (Ubuntu) Status: New => Incomplete ** Information type changed from Private Security to Public ** Changed in: xorg (Ubuntu) Status: Incomplete => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1968397 Title: bootloader To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xorg/+bug/1968397/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1968402] Re: Ubuntu 20.04.3 boots to black screen, no TTY available
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1968402 Title: Ubuntu 20.04.3 boots to black screen, no TTY available To manage notifications about this bug go to: https://bugs.launchpad.net/gdm/+bug/1968402/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1968373] Re: Bug
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1968373 Title: Bug To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/update-notifier/+bug/1968373/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1964532] Re: /usr/libexec/udisks2/udisksd:malloc_consolidate(): unaligned fastbin chunk detected
Yep with this patch applied I can no longer reproduce the crash and the valgrind output is clean - have just uploaded this as 2.9.4-1ubuntu1 to jammy-proposed. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1964532 Title: /usr/libexec/udisks2/udisksd:malloc_consolidate(): unaligned fastbin chunk detected To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/udisks2/+bug/1964532/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1964532] Re: /usr/libexec/udisks2/udisksd:malloc_consolidate(): unaligned fastbin chunk detected
Ok so this looks to be the same as https://github.com/storaged- project/udisks/pull/926 which was fixed upstream - and according to the comment there causes exactly the type of issue we are seeing: "leading to memory corruption causing random failures of further atexit handlers such as cryptsetup and openssl destructors." I'll try rebuilding udisks2 with this patch and see if it helps. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1964532 Title: /usr/libexec/udisks2/udisksd:malloc_consolidate(): unaligned fastbin chunk detected To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/udisks2/+bug/1964532/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1964532] Re: /usr/libexec/udisks2/udisksd:malloc_consolidate(): unaligned fastbin chunk detected
Sadly running it under valgrind doesn't detect this memory corruption - we see an invalid memory read on shutdown but that is all: $ sudo valgrind /usr/libexec/udisks2/udisksd ==567833== Memcheck, a memory error detector ==567833== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. ==567833== Using Valgrind-3.18.1 and LibVEX; rerun with -h for copyright info ==567833== Command: /usr/libexec/udisks2/udisksd ==567833== udisks-Message: 15:23:12.496: udisks daemon version 2.9.4 starting ** (udisksd:567833): WARNING **: 15:23:12.985: failed to load module mdraid: libbd_mdraid.so.2: cannot open shared object file: No such file or directory (udisksd:567833): udisks-WARNING **: 15:23:13.018: Failed to load the 'mdraid' libblockdev plugin udisks-Message: 15:23:17.443: udisks daemon version 2.9.4 exiting ==567833== Invalid read of size 4 ==567833==at 0x4B5BB14: g_resource_unref (gresource.c:527) ==567833==by 0x4B5D8C0: g_static_resource_fini (gresource.c:1449) ==567833==by 0x400624D: _dl_fini (dl-fini.c:142) ==567833==by 0x4E85494: __run_exit_handlers (exit.c:113) ==567833==by 0x4E8560F: exit (exit.c:143) ==567833==by 0x4E69D96: (below main) (libc_start_call_main.h:74) ==567833== Address 0x9246130 is 0 bytes inside a block of size 16 free'd ==567833==at 0x484B27F: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) ==567833==by 0x4B5D8B8: g_static_resource_fini (gresource.c:1448) ==567833==by 0x400624D: _dl_fini (dl-fini.c:142) ==567833==by 0x4E85494: __run_exit_handlers (exit.c:113) ==567833==by 0x4E8560F: exit (exit.c:143) ==567833==by 0x4E69D96: (below main) (libc_start_call_main.h:74) ==567833== Block was alloc'd at ==567833==at 0x4848899: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) ==567833==by 0x4D64718: g_malloc (gmem.c:125) ==567833==by 0x4B5D137: UnknownInlinedFun (gresource.c:545) ==567833==by 0x4B5D137: g_resource_new_from_data (gresource.c:613) ==567833==by 0x4B5D1F8: register_lazy_static_resources_unlocked (gresource.c:1374) ==567833==by 0x4B5D8FC: UnknownInlinedFun (gresource.c:1393) ==567833==by 0x4B5D8FC: UnknownInlinedFun (gresource.c:1387) ==567833==by 0x4B5D8FC: g_static_resource_get_resource (gresource.c:1472) ==567833==by 0x14E463: udisks_linux_mount_options_get_builtin (in /usr/libexec/udisks2/udisksd) ==567833==by 0x12BA6E: ??? (in /usr/libexec/udisks2/udisksd) ==567833==by 0x4CCB03E: g_object_new_internal (gobject.c:2053) ==567833==by 0x4CCC757: g_object_new_valist (gobject.c:2355) ==567833==by 0x48C: g_object_new (gobject.c:1824) ==567833==by 0x1288BF: udisks_daemon_new (in /usr/libexec/udisks2/udisksd) ==567833==by 0x128935: ??? (in /usr/libexec/udisks2/udisksd) I also tried rebuilding udisks2, cryptsetup and openssl with ASan enabled but that also didn't appear to detect it... I am out of ideas of where to look / what to try to dig further into this. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1964532 Title: /usr/libexec/udisks2/udisksd:malloc_consolidate(): unaligned fastbin chunk detected To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/udisks2/+bug/1964532/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1964532] Re: /usr/libexec/udisks2/udisksd:malloc_consolidate(): unaligned fastbin chunk detected
I can reproduce this by just running `sudo systemctl restart udisks2.service` - will see if I can perhaps run it under valgrind and see where the memory corruption is happening. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1964532 Title: /usr/libexec/udisks2/udisksd:malloc_consolidate(): unaligned fastbin chunk detected To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/udisks2/+bug/1964532/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1968043] Re: Open CVE-2021-4048 with critical severity
** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1968043 Title: Open CVE-2021-4048 with critical severity To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lapack/+bug/1968043/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1967840] Re: System is super breached and many things are changing and specially in chromium based applications
Thank you for using Ubuntu and taking the time to report a bug. Your report should contain, at a minimum, the following information so we can better find the source of the bug and work to resolve it. Submitting the bug about the proper source package is essential. For help see https://wiki.ubuntu.com/Bugs/FindRightPackage . Additionally, in the report please include: 1) The release of Ubuntu you are using, via 'cat /etc/lsb-release' or System -> About Ubuntu. 2) The version of the package you are using, via 'dpkg -l PKGNAME | cat' or by checking in Synaptic. 3) What happened and what you expected to happen. The Ubuntu community has also created debugging procedures for a wide variety of packages at https://wiki.ubuntu.com/DebuggingProcedures . Following the debugging instructions for the affected package will make your bug report much more complete. Thanks! ** Information type changed from Private Security to Public ** Changed in: linux (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1967840 Title: System is super breached and many things are changing and specially in chromium based applications To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1967840/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1967884] Re: several snap-confine denials for capability net_admin and perfmon on 22.04
Thanks for the heads up @jdstrand - I am seeing this too - I also have one more - fsetid: $ journalctl -b0 -t audit --grep DENIED.*snap-confine Apr 06 08:48:06 graphene audit[3733]: AVC apparmor="DENIED" operation="capable" profile="/usr/lib/snapd/snap-confine" pid=3733 comm="snap-confine" capability=12 capname="net_admin" Apr 06 08:48:06 graphene audit[3733]: AVC apparmor="DENIED" operation="capable" profile="/usr/lib/snapd/snap-confine" pid=3733 comm="snap-confine" capability=38 capname="perfmon" Apr 06 08:48:07 graphene audit[4545]: AVC apparmor="DENIED" operation="capable" profile="/usr/lib/snapd/snap-confine" pid=4545 comm="snap-confine" capability=12 capname="net_admin" Apr 06 08:48:07 graphene audit[4545]: AVC apparmor="DENIED" operation="capable" profile="/usr/lib/snapd/snap-confine" pid=4545 comm="snap-confine" capability=38 capname="perfmon" Apr 06 08:48:07 graphene audit[4614]: AVC apparmor="DENIED" operation="capable" profile="/usr/lib/snapd/snap-confine" pid=4614 comm="snap-confine" capability=12 capname="net_admin" Apr 06 08:48:07 graphene audit[4614]: AVC apparmor="DENIED" operation="capable" profile="/usr/lib/snapd/snap-confine" pid=4614 comm="snap-confine" capability=38 capname="perfmon" Apr 06 08:48:07 graphene audit[4682]: AVC apparmor="DENIED" operation="capable" profile="/usr/lib/snapd/snap-confine" pid=4682 comm="snap-confine" capability=12 capname="net_admin" Apr 06 08:48:07 graphene audit[4682]: AVC apparmor="DENIED" operation="capable" profile="/usr/lib/snapd/snap-confine" pid=4682 comm="snap-confine" capability=38 capname="perfmon" Apr 06 08:48:08 graphene audit[4745]: AVC apparmor="DENIED" operation="capable" profile="/usr/lib/snapd/snap-confine" pid=4745 comm="snap-confine" capability=12 capname="net_admin" Apr 06 08:48:08 graphene audit[4745]: AVC apparmor="DENIED" operation="capable" profile="/usr/lib/snapd/snap-confine" pid=4745 comm="snap-confine" capability=38 capname="perfmon" Apr 06 08:48:26 graphene audit[8216]: AVC apparmor="DENIED" operation="capable" profile="/usr/lib/snapd/snap-confine" pid=8216 comm="snap-confine" capability=12 capname="net_admin" Apr 06 08:48:26 graphene audit[8216]: AVC apparmor="DENIED" operation="capable" profile="/usr/lib/snapd/snap-confine" pid=8216 comm="snap-confine" capability=38 capname="perfmon" Apr 06 08:48:27 graphene audit[8221]: AVC apparmor="DENIED" operation="capable" profile="/usr/lib/snapd/snap-confine" pid=8221 comm="snap-confine" capability=4 capname="fsetid" Apr 06 08:49:22 graphene audit[11287]: AVC apparmor="DENIED" operation="capable" profile="/usr/lib/snapd/snap-confine" pid=11287 comm="snap-confine" capability=12 capname="net_admin" Apr 06 08:49:22 graphene audit[11287]: AVC apparmor="DENIED" operation="capable" profile="/usr/lib/snapd/snap-confine" pid=11287 comm="snap-confine" capability=38 capname="perfmon" Apr 06 08:49:22 graphene audit[11287]: AVC apparmor="DENIED" operation="capable" profile="/usr/lib/snapd/snap-confine" pid=11287 comm="snap-confine" capability=4 capname="fsetid" Apr 06 08:51:05 graphene audit[14806]: AVC apparmor="DENIED" operation="capable" profile="/usr/lib/snapd/snap-confine" pid=14806 comm="snap-confine" capability=4 capname="fsetid" -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1967884 Title: several snap-confine denials for capability net_admin and perfmon on 22.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1967884/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1452115] Re: Python interpreter binary is not compiled as PIE
Nice - thanks @sdeziel -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1452115 Title: Python interpreter binary is not compiled as PIE To manage notifications about this bug go to: https://bugs.launchpad.net/python/+bug/1452115/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1953363] Re: [MIR] python-xmlschema, elementpath, importlib-resources
I reviewed python-xmlschema 1.4.2-1 as checked into jammy. This shouldn't be considered a full audit but rather a quick gauge of maintainability. python-xmlschema is a python package which provides XML schema support to allow XML schemas to be parsed/loaded and queried etc. It also allow XML documents to be validated against XML schema etc. - No CVE History - Interesting Build-Depends - python3-lxml, python3-elementpath - pre/post inst/rm scripts - Standard auto-generated ones from dh_python3 to compile python code on installation / delete compiled code on uninstall - No init scripts - No systemd units - No dbus services - No setuid binaries - 3 binaries in PATH - utilities to translate to/from XML and to validate XML schemas - -rwxr-xr-x root/root 986 2021-01-27 11:04 ./usr/bin/xmlschema-json2xml - -rwxr-xr-x root/root 986 2021-01-27 11:04 ./usr/bin/xmlschema-validate - -rwxr-xr-x root/root 986 2021-01-27 11:04 ./usr/bin/xmlschema-xml2json - No sudo fragments - No polkit files - No udev rules - unit tests / autopkgtests - unit tests run during build via dh_auto_test - unit tests also run as autopkgtests - No cron jobs - Build logs look clean - No processes spawned - Memory management is not relevant as this is python - File IO - As a library, will open files at paths specified by the caller of the library - Since documents can refer to remote resources, includes a sandbox mode so that remote resources will not be fetched / validated for local documents and vice-versa, but by default will fetch all resources - Logging is careful from what I can see - No apparent environment variable usage - No apparent use of privileged functions - No use of cryptography / random number sources etc - No use of temp files (other than during tests) - Use of networking to load remote resources via URIs - No use of WebKit - No use of PolicyKit - No significant cppcheck results - No significant Coverity results (a bunch of false positives) - No significant shellcheck results - No significant bandit results The upstream project looks quite healthy - only 5 open github issues and 247 closed ones, and the oldest open issue is from 3rd February this year. I do note that debian recently updated to 1.10.0 - should this be synced to jammy first? Is there a reason why this hasn't come already via the usual Debian sync process? Security team ACK for promoting python-xmlschema to main. ** Changed in: python-xmlschema (Ubuntu) Assignee: Ubuntu Security Team (ubuntu-security) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1953363 Title: [MIR] python-xmlschema, elementpath, importlib-resources To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/elementpath/+bug/1953363/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1966588] Re: Huge numbers of newlines in bash after snap install command
*** This bug is a duplicate of bug 1964442 *** https://bugs.launchpad.net/bugs/1964442 ** This bug has been marked a duplicate of bug 1964442 [jammy][regression] gnome-shell PolicyKit password prompt sends keys to the terminal -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1966588 Title: Huge numbers of newlines in bash after snap install command To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1966588/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1966349] [NEW] FFe: Enable PIE for python 3.10 in jammy
Public bug reported: As per LP: #1452115 enabling the python interpreter to be compiled as a position independent executable (PIE) has been a long standing request for Ubuntu. Various testing[1] has shown this to have a minimal performance impact for amd64. However, due to ongoing concerns around possible performance impacts on other architectures or other workloads, it is desirable to allow users to still use a non-PIE enabled python interpreter if they wish. As such, the python3.10 source package will generate both the existing python3.10 binary package, which will have the python3 binary compiled with PIE, as well as an additional python3.10-nopie binary package, which will *not* enable PIE. This will allow users who wish to not use PIE to install the python3.10-nopie binary package instead. As outlined in LP: #1452115, the primary motivation to introduce PIE as default for python is that this allows the dynamic loader to perform address space layout randomisation for the python executable. In turn this provides some hardening against memory corruption attacks which may target the python interpreter, making it harder to exploit any future such vulnerabilities on Ubuntu. ** Affects: python3.10 (Ubuntu) Importance: Undecided Status: Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1966349 Title: FFe: Enable PIE for python 3.10 in jammy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python3.10/+bug/1966349/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1452115] Re: Python interpreter binary is not compiled as PIE
Thanks @doko :) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1452115 Title: Python interpreter binary is not compiled as PIE To manage notifications about this bug go to: https://bugs.launchpad.net/python/+bug/1452115/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1887187] Re: [MIR] nftables
I reviewed nftables 1.0.2-1ubuntu1 as checked into jammy. This shouldn't be considered a full audit but rather a quick gauge of maintainability. nftables is a replacement for iptables etc - it provides userspace tooling to control the Netfilter packet classification system within the Linux kernel and can be used to implemenent firewall, advanced packet routing, traffic control and other use-cases. - No CVE History - Security relevant Build-Depends: - libjansson-dev for JSON parsing - libmnl-dev for netlink message handling - pre/post inst/rm scripts - nftables binary package has autogenerated (by dh_installsystemd) scripts to setup systemd for nftables daemon service - python3-nftables binary package has autogenerated (by dh_python3) scripts to compile python files on install - No init scripts - systemd units for the nft daemon - Loads / unloads nft rules on startup / shutdown - Confines the daemon by using both ProtectSystem=full and ProtectHome=true so that it cannot write to /usr, /boot, /efi and /etc and that /home, /root and /run/user are inaccessible - No dbus services - No setuid binaries - 1 binary in PATH - -rwxr-xr-x root/root 26856 2022-03-18 11:45 ./usr/sbin/nft - No sudo fragments - No polkit files - No udev rules - No unit tests run during build - Autopkgtests - Runs the high level 'shell' based internal test suite - Runs internal nft monitor testsuite to ensure output of 'nft monitor' is as expected - Runs test of systemd service to ensure rules get loaded / unloaded appropriately by the systemd unit - Contains a reference to running the internal python-based regression testsuite of nft but this is commented out - I thought it might be easy to get this running (see LP: #1966017) but turns out there are still issues there so perhaps that is best left for a future task - No cron jobs - Clean build logs - No processes spawned - Lots of dynamic memory management (since is written in C) but appears to be careful / defensive - exit's with an error if fails to allocate memory which is fine as this is a command-line tool and appears to check buffer sizes etc as needed - File IO - Paths are specified in input files / rules etc as input - Files are not written to, only read from - Logging appears careful and defensive - Environment variable usage - HOME is used to store a history file for cli interface to store past commands etc - No apparent use of privileged functions - No use of cryptography / random number sources etc - No apparent use of temp files - No direct use of networking - Uses netlink for communication with kernel but whilst this is socket based it does not allow remote access or any other such similar attack surface nor does it handle untrusted input - No use of WebKit - No use of PolicyKit - No significant cppcheck results - Lots of Coverity results but none look super critical - given nftables is expected to handle only trusted input I can't see how they could be used to cross a security boundary etc - Lots of shellcheck results generated by upstream 'shell' and 'monitor' test suites but since these come from upstream and are part of the tests they can be safely ignored IMO In general nftables looks well written and maintained - whilst it is a tool which interfaces directly with the kernel to manage complex security policies and so could be seen as a security risk, it is expected to only handle trusted input and so this reduces the threat model significantly. Security team ACK for promoting nftables to main. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1887187 Title: [MIR] nftables To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nftables/+bug/1887187/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1966017] Re: enable upstream python testsuite in autopkgtests
Attaching the updated debdiff in case we do decide we want this (even in the broken state) ** Patch added: "nftables_1.0.2-1ubuntu2.debdiff" https://bugs.launchpad.net/ubuntu/+source/nftables/+bug/1966017/+attachment/5572129/+files/nftables_1.0.2-1ubuntu2.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1966017 Title: enable upstream python testsuite in autopkgtests To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nftables/+bug/1966017/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1966017] Re: enable upstream python testsuite in autopkgtests
Turns out I wasn't looking closely enough at the autopkgtest logs from my local testing - I was trying to run the tests with the pre-built binary packages and whilst it would indicate the internaltest-py.sh tests were passing, they were actually completely failing without any error indication: autopkgtest [19:10:18]: test internaltest-py.sh: [--- The nftables library at 'src/.libs/libnftables.so.1' does not exist. You need to build the project. autopkgtest [19:10:19]: test internaltest-py.sh: ---] autopkgtest [19:10:20]: test internaltest-py.sh: - - - - - - - - - - results - - - - - - - - - - internaltest-py.sh PASS So I think clearly this is a lot less straightforward than I originally thought and perhaps we shouldn't bother with it at this stage - also since as you say since it doesn't fail the autopkgtest run itself then is there any point trying to enable these tests as we won't be able to use it to easily detect regressions in that case. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1966017 Title: enable upstream python testsuite in autopkgtests To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nftables/+bug/1966017/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1966017] Re: enable upstream python testsuite in autopkgtests
** Patch added: "nftables_1.0.2-1ubuntu2.debdiff" https://bugs.launchpad.net/ubuntu/+source/nftables/+bug/1966017/+attachment/5572061/+files/nftables_1.0.2-1ubuntu2.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1966017 Title: enable upstream python testsuite in autopkgtests To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nftables/+bug/1966017/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1966017] [NEW] enable upstream python testsuite in autopkgtests
Public bug reported: Currently the upstream python-based testsuite for nftables is disabled in the autopkgtests in debian/tests/control as follows: # Disable test until we decide what to do with the nftables python module #Tests: internaltest-py.sh #Depends: @, python #Restrictions: needs-root, allow-stderr, isolation-container, build-needed This should be enabled to ensure testing is as comprehensive as this is in the process of getting promoted to main. ** Affects: nftables (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1966017 Title: enable upstream python testsuite in autopkgtests To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nftables/+bug/1966017/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1964442] Re: [jammy][regression] gnome-shell PolicyKit password prompt sends keys to the terminal
Upstream bug filed https://gitlab.gnome.org/GNOME/gnome- shell/-/issues/5242 ** Bug watch added: gitlab.gnome.org/GNOME/gnome-shell/-/issues #5242 https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/5242 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1964442 Title: [jammy][regression] gnome-shell PolicyKit password prompt sends keys to the terminal To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-shell/+bug/1964442/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1964442] Re: [jammy][regression] gnome-shell PolicyKit password prompt sends keys to the terminal
I personally don't think this should be low priority - this affects any application which ends up causing the gnome shell prompt dialog to appear - so in my case when reading my email and opening a GPG encrypted email I get prompted for my GPG passphrase - whilst this is happening my email client is repeatedly getting sent to it, causing it to advance forward to the next email and mark the current one as read - so this has a real usability impact IMO. This is not just relevant to terminal applications etc. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1964442 Title: [jammy][regression] gnome-shell PolicyKit password prompt sends keys to the terminal To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-shell/+bug/1964442/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1965837] [NEW] Erroneous / extra input generated in requesting application when prompting to unlock keys
Public bug reported: Recently I have noticed that when I am being prompted for the passphrase for to unlock a GPG/SSH key via the gnome-shell prompter, whilst the prompt is visible the requesting window seems to get spammed by input - this can be reproduced via running the following (but replace the gpg recipient with the one of your own user's private key): $ echo RELOADAGENT | gpg-connect-agent; echo foo | gpg --encrypt --recipient alex.mur...@canonical.com | gpg --decrypt See attached for a short video demonstrating the issue. ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: gnome-shell 42~beta-1ubuntu3 ProcVersionSignature: Ubuntu 5.15.0-23.23-generic 5.15.27 Uname: Linux 5.15.0-23-generic x86_64 NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair ApportVersion: 2.20.11-0ubuntu79 Architecture: amd64 CasperMD5CheckResult: pass CurrentDesktop: ubuntu:GNOME Date: Tue Mar 22 11:43:36 2022 DisplayManager: gdm3 InstallationDate: Installed on 2021-08-03 (230 days ago) InstallationMedia: Ubuntu 21.10 "Impish Indri" - Alpha amd64 (20210802) RelatedPackageVersions: mutter-common 42~beta-1ubuntu2 SourcePackage: gnome-shell UpgradeStatus: Upgraded to jammy on 2022-01-14 (66 days ago) ** Affects: gnome-shell (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug jammy wayland-session ** Attachment added: "Screencast from 22-03-22 11:45:41.webm" https://bugs.launchpad.net/bugs/1965837/+attachment/5571537/+files/Screencast%20from%2022-03-22%2011%3A45%3A41.webm -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1965837 Title: Erroneous / extra input generated in requesting application when prompting to unlock keys To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-shell/+bug/1965837/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1965837] Re: Erroneous / extra input generated in requesting application when prompting to unlock keys
If it is not clear from the video - watch the terminal window in the background when the prompt for the passphrase appears - it keeps scrolling as though getting input by newlines all the time - and this then persists even after the prompt is dismissed until I manually provide some input myself. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1965837 Title: Erroneous / extra input generated in requesting application when prompting to unlock keys To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-shell/+bug/1965837/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1964532] Re: /usr/libexec/udisks2/udisksd:malloc_consolidate(): unaligned fastbin chunk detected
This looks to be the same as LP: #1955758 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1964532 Title: /usr/libexec/udisks2/udisksd:malloc_consolidate(): unaligned fastbin chunk detected To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/udisks2/+bug/1964532/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1964532] Re: /usr/libexec/udisks2/udisksd:malloc_consolidate(): unaligned fastbin chunk detected
See attached - it looks like the crash happens during shutdown - see line 11443 ** Attachment added: "journalctl-udisks-crash.log.gz" https://bugs.launchpad.net/ubuntu/+source/udisks2/+bug/1964532/+attachment/5571201/+files/journalctl-udisks-crash.log.gz ** Changed in: udisks2 (Ubuntu) Status: Incomplete => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1964532 Title: /usr/libexec/udisks2/udisksd:malloc_consolidate(): unaligned fastbin chunk detected To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/udisks2/+bug/1964532/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1965235] Re: list-oem-metapackages crashed with AttributeError in packages_for_modalias(): 'Cache' object has no attribute 'packages'
*** This bug is a duplicate of bug 1964923 *** https://bugs.launchpad.net/bugs/1964923 ** This bug has been marked a duplicate of bug 1964923 list-oem-metapackages crashed with AttributeError in packages_for_modalias(): 'Cache' object has no attribute 'packages' -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1965235 Title: list-oem-metapackages crashed with AttributeError in packages_for_modalias(): 'Cache' object has no attribute 'packages' To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/update-notifier/+bug/1965235/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1965235] Re: list-oem-metapackages crashed with AttributeError in packages_for_modalias(): 'Cache' object has no attribute 'packages'
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1965235 Title: list-oem-metapackages crashed with AttributeError in packages_for_modalias(): 'Cache' object has no attribute 'packages' To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/update-notifier/+bug/1965235/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1897454] Re: [snap] Chromium has Wayland support disabled
The priority of this bug is Low but since Wayland is now the default session this means chromium runs via XWayland and then when doing window/screen sharing on say Google Meet I can only share windows which are also using XWayland, not native ones - which is the majority of the rest of the desktop. Any chance this can get given higher priority so we don't regress too much for Jammy? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1897454 Title: [snap] Chromium has Wayland support disabled To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1897454/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1964325] Re: Fails to print due to apparmor denied connect operation for cupsd - /run/systemd/userdb/io.systemd.Machine
I have proposed a fix for this upstream - https://gitlab.com/apparmor/apparmor/-/merge_requests/861 - once that is reviewed then we can include the fix in jammy. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1964325 Title: Fails to print due to apparmor denied connect operation for cupsd - /run/systemd/userdb/io.systemd.Machine To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1964325/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1963590] Re: Missing entry for new Launchpad PPAs (ppa.launchpadcontent.net)
** Patch added: "squid-deb-proxy_0.8.15+nmu1ubuntu2.debdiff" https://bugs.launchpad.net/ubuntu/+source/squid-deb-proxy/+bug/1963590/+attachment/5565432/+files/squid-deb-proxy_0.8.15+nmu1ubuntu2.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1963590 Title: Missing entry for new Launchpad PPAs (ppa.launchpadcontent.net) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/squid-deb-proxy/+bug/1963590/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1963590] [NEW] Missing entry for new Launchpad PPAs (ppa.launchpadcontent.net)
Public bug reported: squid-deb-proxy comes with the existing ppa.launchpad.net entry commented out in mirror-dstdomain.acl.d/10-default but does not include the new ppa.launchpadcontent.net that also supports https - https://blog.launchpad.net/ppa/new-domain-names-for-ppas ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: squid-deb-proxy 0.8.15+nmu1ubuntu1 ProcVersionSignature: Ubuntu 5.15.0-18.18-generic 5.15.12 Uname: Linux 5.15.0-18-generic x86_64 NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair ApportVersion: 2.20.11-0ubuntu78 Architecture: amd64 CasperMD5CheckResult: pass CurrentDesktop: ubuntu:GNOME Date: Fri Mar 4 11:09:44 2022 InstallationDate: Installed on 2021-08-03 (212 days ago) InstallationMedia: Ubuntu 21.10 "Impish Indri" - Alpha amd64 (20210802) PackageArchitecture: all SourcePackage: squid-deb-proxy UpgradeStatus: Upgraded to jammy on 2022-01-14 (48 days ago) ** Affects: squid-deb-proxy (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug jammy wayland-session -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1963590 Title: Missing entry for new Launchpad PPAs (ppa.launchpadcontent.net) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/squid-deb-proxy/+bug/1963590/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs