[Touch-packages] [Bug 1982898] Re: CVE-2021-46829: Buffer overwrite in io-gif-animation.c composite_frame() in gdk-pixbuf

[Jeremy Bicha]

** Also affects: gdk-pixbuf (Ubuntu Focal)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to gdk-pixbuf in Ubuntu.
https://bugs.launchpad.net/bugs/1982898

Title:
  CVE-2021-46829: Buffer overwrite in  io-gif-animation.c
  composite_frame() in gdk-pixbuf

Status in gdk-pixbuf package in Ubuntu:
  In Progress
Status in gdk-pixbuf source package in Focal:
  New

Bug description:
  [Impact]

   * A buffer overwrite exists in gdk-pixbuf's thumbnailer.

   * The GIF loader runs out of memory with specifically crafted files
  with bad frame data (and images with its sizes) over the integer
  limit.

   * After gdk-pixbuf-thum runs out of memory, other apps can and on low
  RAM systems like my old iMac, the system can completely run out of
  memory.

   * Or, in other ways, bad gif files in other applications can open the
  door for exploits.

   * Any app using gdk-pixbuf is affected, mainly file managers and
  image viewers.

  [Test Plan]

   * Take the POC's - they can be found in the issue in the GNOME repo

   * Open them in an application that uses gdk-pixbuf. I have managed to 
produce reactions with:
   - Nautilus, GNOME's file manager
   - Nemo, Cinnamon's file manager
   - Thunar, XFCE's file manager, which has its own thumbnailere (tumbler) that 
also inevitably fails and crashes
   - PCManFM, LXDE's file manager which straight up crashes
   - Caja, MATE's file manager causes libpixbufloader-gif to segfault (app 
still usable, no memory issues)
   - Eye of GNOME (eog) triggers the segfault in syslog
   - Eye of MATE (eom) segfaults

   * If you or the system couldn't tell something is wrong, cat
  /var/log/syslog and enjoy the segfaults or out of memory warnings or
  even kernel spam.

  [Where problems could occur]

   * The patch itself is simple, but since gdk-pixbuf is often used with
  GTK apps a mistake here could be problematic.

   * It is possible, and has happened in the past (which has been
  patched) that other bad GIFs can cause other crashes.

   * That patch is essentially overflow checks -  changes with GLib
  (GNOME's, not to be confused with glibc) and the functions used in not
  only the patch but all of gdk-pixbuf can cause problems

   * Other failures to properly handle GIFs and broken or intentionally
  tampered GIFs can continue and always will open the door for security
  holes for other bugs

  * Again, overall a simple patch but as long as the GIFs remain handled
  properly, and no changes to the GLib functions are made and to other
  apps that use gdk-pixbuf (and assuming are not affected by the change
  and still work), the patch does not have much regression potential.

  [Other Info]

   * Besides Buffer overwrite/overflow issues, as aforementioned out of memory 
errors can happen.
   * Files attached are examples or crashes
   * Again, all apps using gdk-pixbuf are affected
   * https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/121/
   * https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/190
   * 
https://github.com/pedrib/PoC/blob/master/fuzzing/CVE-2021-46829/CVE-2021-46829.md

  ProblemType: Bug
  DistroRelease: Ubuntu 20.04
  Package: libgdk-pixbuf2.0-0 2.40.0+dfsg-3ubuntu0.2
  ProcVersionSignature: Ubuntu 5.15.0-43.46~20.04.1-generic 5.15.39
  Uname: Linux 5.15.0-43-generic x86_64
  ApportVersion: 2.20.11-0ubuntu27.24
  Architecture: amd64
  CasperMD5CheckResult: skip
  CurrentDesktop: X-Cinnamon
  Date: Tue Jul 26 19:33:41 2022
  InstallationDate: Installed on 2021-11-24 (244 days ago)
  InstallationMedia: ubuntucinnamonremix "@BASECODENAME" (20210826)
  SourcePackage: gdk-pixbuf
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gdk-pixbuf/+bug/1982898/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1983207] [NEW] [VivoBook_ASUSLaptop X509JA_X509JA, Realtek ALC256, Mic, Internal] Underruns, dropouts or crackling sound

[Kaleab Asfaw Azezew]

Public bug reported:

The crackling sound happens both with the builtin mic and headset mic.
And it doesn't happen when I boot to windows.

ProblemType: Bug
DistroRelease: Ubuntu 20.04
Package: alsa-base 1.0.25+dfsg-0ubuntu5
ProcVersionSignature: Ubuntu 5.4.0-122.138-generic 5.4.192
Uname: Linux 5.4.0-122-generic x86_64
NonfreeKernelModules: wl
ApportVersion: 2.20.11-0ubuntu27.24
Architecture: amd64
AudioDevicesInUse:
 USERPID ACCESS COMMAND
 /dev/snd/controlC0:  blankk 1760 F pulseaudio
 /dev/snd/pcmC0D0c:   blankk 1760 F...m pulseaudio
 /dev/snd/pcmC0D0p:   blankk 1760 F...m pulseaudio
 /dev/snd/timer:  blankk 1760 f pulseaudio
CasperMD5CheckResult: skip
CurrentDesktop: ubuntu:GNOME
Date: Sun Jul 31 16:41:55 2022
InstallationDate: Installed on 2022-02-06 (175 days ago)
InstallationMedia: Ubuntu 20.04.3 LTS "Focal Fossa" - Release amd64 (20210819)
PackageArchitecture: all
SourcePackage: alsa-driver
Symptom: audio
Symptom_AlsaRecordingTest: ALSA recording test through plughw:PCH successful
Symptom_Card: Built-in Audio - HDA Intel PCH
Symptom_Jack: Mic, Internal
Symptom_PulseAudioLog:
 Jul 31 16:20:16 blankk-Lenovo-V15-IWL dbus-daemon[1078]: [system] Activating 
via systemd: service name='org.freedesktop.RealtimeKit1' 
unit='rtkit-daemon.service' requested by ':1.30' (uid=125 pid=1309 
comm="/usr/bin/pulseaudio --daemonize=no --log-target=jo" label="unconfined")
 Jul 31 16:20:29 blankk-Lenovo-V15-IWL systemd[1303]: pulseaudio.service: 
Succeeded.
 Jul 31 16:20:39 blankk-Lenovo-V15-IWL systemd[1303]: pulseaudio.socket: 
Succeeded.
Symptom_PulseAudioRecordingTest: PulseAudio recording test through plughw:PCH 
successful
Symptom_Type: Underruns, dropouts, or "crackling" sound
Title: [VivoBook_ASUSLaptop X509JA_X509JA, Realtek ALC256, Mic, Internal] 
Underruns, dropouts or crackling sound
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 06/11/2021
dmi.bios.vendor: American Megatrends Inc.
dmi.bios.version: X509JA.308
dmi.board.asset.tag: ATN12345678901234567
dmi.board.name: X509JA
dmi.board.vendor: ASUSTeK COMPUTER INC.
dmi.board.version: 1.0
dmi.chassis.asset.tag: No Asset Tag
dmi.chassis.type: 10
dmi.chassis.vendor: ASUSTeK COMPUTER INC.
dmi.chassis.version: 1.0
dmi.modalias: 
dmi:bvnAmericanMegatrendsInc.:bvrX509JA.308:bd06/11/2021:svnASUSTeKCOMPUTERINC.:pnVivoBook_ASUSLaptopX509JA_X509JA:pvr1.0:rvnASUSTeKCOMPUTERINC.:rnX509JA:rvr1.0:cvnASUSTeKCOMPUTERINC.:ct10:cvr1.0:
dmi.product.family: VivoBook
dmi.product.name: VivoBook_ASUSLaptop X509JA_X509JA
dmi.product.version: 1.0
dmi.sys.vendor: ASUSTeK COMPUTER INC.
mtime.conffile..etc.modprobe.d.alsa-base.conf: 2022-04-08T12:21:11.032664

** Affects: alsa-driver (Ubuntu)
 Importance: Undecided
 Status: New


** Tags: amd64 apport-bug focal

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to alsa-driver in Ubuntu.
https://bugs.launchpad.net/bugs/1983207

Title:
  [VivoBook_ASUSLaptop X509JA_X509JA, Realtek ALC256, Mic, Internal]
  Underruns, dropouts or crackling sound

Status in alsa-driver package in Ubuntu:
  New

Bug description:
  The crackling sound happens both with the builtin mic and headset mic.
  And it doesn't happen when I boot to windows.

  ProblemType: Bug
  DistroRelease: Ubuntu 20.04
  Package: alsa-base 1.0.25+dfsg-0ubuntu5
  ProcVersionSignature: Ubuntu 5.4.0-122.138-generic 5.4.192
  Uname: Linux 5.4.0-122-generic x86_64
  NonfreeKernelModules: wl
  ApportVersion: 2.20.11-0ubuntu27.24
  Architecture: amd64
  AudioDevicesInUse:
   USERPID ACCESS COMMAND
   /dev/snd/controlC0:  blankk 1760 F pulseaudio
   /dev/snd/pcmC0D0c:   blankk 1760 F...m pulseaudio
   /dev/snd/pcmC0D0p:   blankk 1760 F...m pulseaudio
   /dev/snd/timer:  blankk 1760 f pulseaudio
  CasperMD5CheckResult: skip
  CurrentDesktop: ubuntu:GNOME
  Date: Sun Jul 31 16:41:55 2022
  InstallationDate: Installed on 2022-02-06 (175 days ago)
  InstallationMedia: Ubuntu 20.04.3 LTS "Focal Fossa" - Release amd64 (20210819)
  PackageArchitecture: all
  SourcePackage: alsa-driver
  Symptom: audio
  Symptom_AlsaRecordingTest: ALSA recording test through plughw:PCH successful
  Symptom_Card: Built-in Audio - HDA Intel PCH
  Symptom_Jack: Mic, Internal
  Symptom_PulseAudioLog:
   Jul 31 16:20:16 blankk-Lenovo-V15-IWL dbus-daemon[1078]: [system] Activating 
via systemd: service name='org.freedesktop.RealtimeKit1' 
unit='rtkit-daemon.service' requested by ':1.30' (uid=125 pid=1309 
comm="/usr/bin/pulseaudio --daemonize=no --log-target=jo" label="unconfined")
   Jul 31 16:20:29 blankk-Lenovo-V15-IWL systemd[1303]: pulseaudio.service: 
Succeeded.
   Jul 31 16:20:39 blankk-Lenovo-V15-IWL systemd[1303]: pulseaudio.socket: 
Succeeded.
  Symptom_PulseAudioRecordingTest: PulseAudio recording test through plughw:PCH 
successful
  Symptom_Type: Underruns, dropouts, or "crackling" sound
  Title: [VivoBook_ASUSLaptop 

[Touch-packages] [Bug 1863080] Re: Unable to use dead keys in Java apps

[M Conrad]

```bash
lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:Ubuntu 22.04.1 LTS
Release:22.04
Codename:   jammy
muksihs@omen-desktop:~$  set | grep -E 
'XMODIFIERS|GTK_IM_MODULE|QT_IM_MODULE';setxkbmap -query
GTK_IM_MODULE=ibus
QT_IM_MODULE=ibus
XMODIFIERS=@im=ibus
rules:  evdev
model:  pc105
layout: us
variant:altgr-intl
options:compose:lwin,compose:rwin,grp_led:scroll,mod_led:compose
muksihs@omen-desktop:~$ cat .xsessionrc 
#!/bin/bash

export CLUTTER_IM_MODULE=ibus
export GTK_IM_MODULE=ibus
export QT_IM_MODULE=ibus
export XMODIFIERS=@im=ibus

muksihs@omen-desktop:~$ 
```

I'm using ibus with a local m17n layout.

Layout file: https://github.com/CherokeeLanguage/m17n.d/blob/main/chr-
phonetic.mim

My issue with ibus and intellij/pycharm is that the cursor is positioned
before the last character typed instead of after on short sequences
where a longer sequence exists.

The cursor appears to get moved back one character in the matching case.

I'm not sure the issue I'm having is exactly the same as this issue as
I'm not using dead keys. See
https://youtrack.jetbrains.com/issue/PY-55374/ibus-input-issue-where-
cursor-position-ends-being-before-the-character-inserted

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ibus in Ubuntu.
https://bugs.launchpad.net/bugs/1863080

Title:
  Unable to use dead keys in Java apps

Status in ibus:
  Fix Released
Status in ibus package in Ubuntu:
  Confirmed

Bug description:
  This is same bug as #540751, as it happens again in Ubuntu 19.10 with
  Java 11. Way of reproduce it:

  - Fresh Ubuntu 19.10 install.
  - Install default-jre.
  - Download (for example) lastest NetBeans version.
  - Edit a file in NetBeans, you can't insert characters like 'á'.

  The workaround is the same, define XMODIFIERS='' before launching the
  app.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ibus/+bug/1863080/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1981622] Re: mtd device must be supplied (device name is empty)

[Coeur Noir]

Seems fixed in or not affecting other distributions :

https://ubuntuforums.org/showthread.php?t=2476796=3=14104102#post14104102

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1981622

Title:
  mtd device must be supplied (device name is empty)

Status in systemd package in Ubuntu:
  Fix Committed
Status in systemd source package in Focal:
  Confirmed
Status in systemd source package in Jammy:
  Confirmed

Bug description:
  [WORKAROUND]

  This will NOT fix a system that is not booting, because the "mtd
  device must be supplied (device name is empty)" message is not the
  cause of failed boots. This work around is only for those who are
  annoyed by the error message, but are otherwise not experiencing any
  issues.

  If you are not able to boot your system, but you see this error
  message, please open a separate bug with your journalctl and dmesg
  logs.

  # cp /{lib,etc}/systemd/system/systemd-pstore.service
  # sed -i 's/modprobe@mtdpstore.service //' 
/etc/systemd/system/systemd-pstore.service
  # systemctl daemon-reload

  [Impact]

  Due to mtdpstore not being properly configured as a pstore backend,
  when systemd-pstore.service tries to load the module, users get the
  following error in dmesg:

  [   18.453473] systemd[1]: Starting Load Kernel Module mtdpstore...
  [   18.462685] mtd device must be supplied (device name is empty)

  This is a distracting error for users trying to diagnose other system
  issues, especially if their system does not boot after a kernel crash
  and this is the only message displayed on the console.

  [Test Plan]

  * Force a kernel crash to populate /sys/fs/pstore, thus causing
  systemd-pstore.service to start on the subsequent boot:

  # echo 1 > /proc/sys/kernel/sysrq
  # echo 1 > /proc/sys/kernel/panic
  # echo c > /proc/sysrq-trigger

  * When the system reboots, observe the error in dmesg:

  # dmesg | grep mtd

  [Where problems could occur]

  If a system was relying on this pstore backend, and mtdpstore is built
  as a module, it is possible for systemd-pstore.service to trigger
  before mtdpstore is loaded, causing systemd-pstore to not copy the
  contents of /sys/fs/pstore. Note however that before the patched
  introduced as a result of bug 1978079, systemd-pstore.service would
  not attempt to load *any* kernel modules.

  [Original Description]

  After updating my 22.04 system (possibly caused by Systemd update).
  And now booting, dmesg has two errors:

  'mtd device must be supplied (device name is empty)'.

  See line 8 and 134 in the included logfile.

  The system are booting as it should though, and the system are working
  like it should no errors at all.

  Is this maybe caused by 'efi-pstore-not-cleared-on-boot.patch' in
  systemd?

  I have an EFI mounted at boot but it isn't used because I have
  installed my system in legacy BIOS mode.

  Is this maybe the culprit?

  I could ignore the message but it isn't nice though.

  Regards

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1981622/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp