[Touch-packages] [Bug 1982898] Re: CVE-2021-46829: Buffer overwrite in io-gif-animation.c composite_frame() in gdk-pixbuf
** Also affects: gdk-pixbuf (Ubuntu Focal) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gdk-pixbuf in Ubuntu. https://bugs.launchpad.net/bugs/1982898 Title: CVE-2021-46829: Buffer overwrite in io-gif-animation.c composite_frame() in gdk-pixbuf Status in gdk-pixbuf package in Ubuntu: In Progress Status in gdk-pixbuf source package in Focal: New Bug description: [Impact] * A buffer overwrite exists in gdk-pixbuf's thumbnailer. * The GIF loader runs out of memory with specifically crafted files with bad frame data (and images with its sizes) over the integer limit. * After gdk-pixbuf-thum runs out of memory, other apps can and on low RAM systems like my old iMac, the system can completely run out of memory. * Or, in other ways, bad gif files in other applications can open the door for exploits. * Any app using gdk-pixbuf is affected, mainly file managers and image viewers. [Test Plan] * Take the POC's - they can be found in the issue in the GNOME repo * Open them in an application that uses gdk-pixbuf. I have managed to produce reactions with: - Nautilus, GNOME's file manager - Nemo, Cinnamon's file manager - Thunar, XFCE's file manager, which has its own thumbnailere (tumbler) that also inevitably fails and crashes - PCManFM, LXDE's file manager which straight up crashes - Caja, MATE's file manager causes libpixbufloader-gif to segfault (app still usable, no memory issues) - Eye of GNOME (eog) triggers the segfault in syslog - Eye of MATE (eom) segfaults * If you or the system couldn't tell something is wrong, cat /var/log/syslog and enjoy the segfaults or out of memory warnings or even kernel spam. [Where problems could occur] * The patch itself is simple, but since gdk-pixbuf is often used with GTK apps a mistake here could be problematic. * It is possible, and has happened in the past (which has been patched) that other bad GIFs can cause other crashes. * That patch is essentially overflow checks - changes with GLib (GNOME's, not to be confused with glibc) and the functions used in not only the patch but all of gdk-pixbuf can cause problems * Other failures to properly handle GIFs and broken or intentionally tampered GIFs can continue and always will open the door for security holes for other bugs * Again, overall a simple patch but as long as the GIFs remain handled properly, and no changes to the GLib functions are made and to other apps that use gdk-pixbuf (and assuming are not affected by the change and still work), the patch does not have much regression potential. [Other Info] * Besides Buffer overwrite/overflow issues, as aforementioned out of memory errors can happen. * Files attached are examples or crashes * Again, all apps using gdk-pixbuf are affected * https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/121/ * https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/190 * https://github.com/pedrib/PoC/blob/master/fuzzing/CVE-2021-46829/CVE-2021-46829.md ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: libgdk-pixbuf2.0-0 2.40.0+dfsg-3ubuntu0.2 ProcVersionSignature: Ubuntu 5.15.0-43.46~20.04.1-generic 5.15.39 Uname: Linux 5.15.0-43-generic x86_64 ApportVersion: 2.20.11-0ubuntu27.24 Architecture: amd64 CasperMD5CheckResult: skip CurrentDesktop: X-Cinnamon Date: Tue Jul 26 19:33:41 2022 InstallationDate: Installed on 2021-11-24 (244 days ago) InstallationMedia: ubuntucinnamonremix "@BASECODENAME" (20210826) SourcePackage: gdk-pixbuf UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gdk-pixbuf/+bug/1982898/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1983207] [NEW] [VivoBook_ASUSLaptop X509JA_X509JA, Realtek ALC256, Mic, Internal] Underruns, dropouts or crackling sound
Public bug reported: The crackling sound happens both with the builtin mic and headset mic. And it doesn't happen when I boot to windows. ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: alsa-base 1.0.25+dfsg-0ubuntu5 ProcVersionSignature: Ubuntu 5.4.0-122.138-generic 5.4.192 Uname: Linux 5.4.0-122-generic x86_64 NonfreeKernelModules: wl ApportVersion: 2.20.11-0ubuntu27.24 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC0: blankk 1760 F pulseaudio /dev/snd/pcmC0D0c: blankk 1760 F...m pulseaudio /dev/snd/pcmC0D0p: blankk 1760 F...m pulseaudio /dev/snd/timer: blankk 1760 f pulseaudio CasperMD5CheckResult: skip CurrentDesktop: ubuntu:GNOME Date: Sun Jul 31 16:41:55 2022 InstallationDate: Installed on 2022-02-06 (175 days ago) InstallationMedia: Ubuntu 20.04.3 LTS "Focal Fossa" - Release amd64 (20210819) PackageArchitecture: all SourcePackage: alsa-driver Symptom: audio Symptom_AlsaRecordingTest: ALSA recording test through plughw:PCH successful Symptom_Card: Built-in Audio - HDA Intel PCH Symptom_Jack: Mic, Internal Symptom_PulseAudioLog: Jul 31 16:20:16 blankk-Lenovo-V15-IWL dbus-daemon[1078]: [system] Activating via systemd: service name='org.freedesktop.RealtimeKit1' unit='rtkit-daemon.service' requested by ':1.30' (uid=125 pid=1309 comm="/usr/bin/pulseaudio --daemonize=no --log-target=jo" label="unconfined") Jul 31 16:20:29 blankk-Lenovo-V15-IWL systemd[1303]: pulseaudio.service: Succeeded. Jul 31 16:20:39 blankk-Lenovo-V15-IWL systemd[1303]: pulseaudio.socket: Succeeded. Symptom_PulseAudioRecordingTest: PulseAudio recording test through plughw:PCH successful Symptom_Type: Underruns, dropouts, or "crackling" sound Title: [VivoBook_ASUSLaptop X509JA_X509JA, Realtek ALC256, Mic, Internal] Underruns, dropouts or crackling sound UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 06/11/2021 dmi.bios.vendor: American Megatrends Inc. dmi.bios.version: X509JA.308 dmi.board.asset.tag: ATN12345678901234567 dmi.board.name: X509JA dmi.board.vendor: ASUSTeK COMPUTER INC. dmi.board.version: 1.0 dmi.chassis.asset.tag: No Asset Tag dmi.chassis.type: 10 dmi.chassis.vendor: ASUSTeK COMPUTER INC. dmi.chassis.version: 1.0 dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvrX509JA.308:bd06/11/2021:svnASUSTeKCOMPUTERINC.:pnVivoBook_ASUSLaptopX509JA_X509JA:pvr1.0:rvnASUSTeKCOMPUTERINC.:rnX509JA:rvr1.0:cvnASUSTeKCOMPUTERINC.:ct10:cvr1.0: dmi.product.family: VivoBook dmi.product.name: VivoBook_ASUSLaptop X509JA_X509JA dmi.product.version: 1.0 dmi.sys.vendor: ASUSTeK COMPUTER INC. mtime.conffile..etc.modprobe.d.alsa-base.conf: 2022-04-08T12:21:11.032664 ** Affects: alsa-driver (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug focal -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to alsa-driver in Ubuntu. https://bugs.launchpad.net/bugs/1983207 Title: [VivoBook_ASUSLaptop X509JA_X509JA, Realtek ALC256, Mic, Internal] Underruns, dropouts or crackling sound Status in alsa-driver package in Ubuntu: New Bug description: The crackling sound happens both with the builtin mic and headset mic. And it doesn't happen when I boot to windows. ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: alsa-base 1.0.25+dfsg-0ubuntu5 ProcVersionSignature: Ubuntu 5.4.0-122.138-generic 5.4.192 Uname: Linux 5.4.0-122-generic x86_64 NonfreeKernelModules: wl ApportVersion: 2.20.11-0ubuntu27.24 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC0: blankk 1760 F pulseaudio /dev/snd/pcmC0D0c: blankk 1760 F...m pulseaudio /dev/snd/pcmC0D0p: blankk 1760 F...m pulseaudio /dev/snd/timer: blankk 1760 f pulseaudio CasperMD5CheckResult: skip CurrentDesktop: ubuntu:GNOME Date: Sun Jul 31 16:41:55 2022 InstallationDate: Installed on 2022-02-06 (175 days ago) InstallationMedia: Ubuntu 20.04.3 LTS "Focal Fossa" - Release amd64 (20210819) PackageArchitecture: all SourcePackage: alsa-driver Symptom: audio Symptom_AlsaRecordingTest: ALSA recording test through plughw:PCH successful Symptom_Card: Built-in Audio - HDA Intel PCH Symptom_Jack: Mic, Internal Symptom_PulseAudioLog: Jul 31 16:20:16 blankk-Lenovo-V15-IWL dbus-daemon[1078]: [system] Activating via systemd: service name='org.freedesktop.RealtimeKit1' unit='rtkit-daemon.service' requested by ':1.30' (uid=125 pid=1309 comm="/usr/bin/pulseaudio --daemonize=no --log-target=jo" label="unconfined") Jul 31 16:20:29 blankk-Lenovo-V15-IWL systemd[1303]: pulseaudio.service: Succeeded. Jul 31 16:20:39 blankk-Lenovo-V15-IWL systemd[1303]: pulseaudio.socket: Succeeded. Symptom_PulseAudioRecordingTest: PulseAudio recording test through plughw:PCH successful Symptom_Type: Underruns, dropouts, or "crackling" sound Title: [VivoBook_ASUSLaptop
[Touch-packages] [Bug 1863080] Re: Unable to use dead keys in Java apps
```bash lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description:Ubuntu 22.04.1 LTS Release:22.04 Codename: jammy muksihs@omen-desktop:~$ set | grep -E 'XMODIFIERS|GTK_IM_MODULE|QT_IM_MODULE';setxkbmap -query GTK_IM_MODULE=ibus QT_IM_MODULE=ibus XMODIFIERS=@im=ibus rules: evdev model: pc105 layout: us variant:altgr-intl options:compose:lwin,compose:rwin,grp_led:scroll,mod_led:compose muksihs@omen-desktop:~$ cat .xsessionrc #!/bin/bash export CLUTTER_IM_MODULE=ibus export GTK_IM_MODULE=ibus export QT_IM_MODULE=ibus export XMODIFIERS=@im=ibus muksihs@omen-desktop:~$ ``` I'm using ibus with a local m17n layout. Layout file: https://github.com/CherokeeLanguage/m17n.d/blob/main/chr- phonetic.mim My issue with ibus and intellij/pycharm is that the cursor is positioned before the last character typed instead of after on short sequences where a longer sequence exists. The cursor appears to get moved back one character in the matching case. I'm not sure the issue I'm having is exactly the same as this issue as I'm not using dead keys. See https://youtrack.jetbrains.com/issue/PY-55374/ibus-input-issue-where- cursor-position-ends-being-before-the-character-inserted -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ibus in Ubuntu. https://bugs.launchpad.net/bugs/1863080 Title: Unable to use dead keys in Java apps Status in ibus: Fix Released Status in ibus package in Ubuntu: Confirmed Bug description: This is same bug as #540751, as it happens again in Ubuntu 19.10 with Java 11. Way of reproduce it: - Fresh Ubuntu 19.10 install. - Install default-jre. - Download (for example) lastest NetBeans version. - Edit a file in NetBeans, you can't insert characters like 'á'. The workaround is the same, define XMODIFIERS='' before launching the app. To manage notifications about this bug go to: https://bugs.launchpad.net/ibus/+bug/1863080/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1981622] Re: mtd device must be supplied (device name is empty)
Seems fixed in or not affecting other distributions : https://ubuntuforums.org/showthread.php?t=2476796=3=14104102#post14104102 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1981622 Title: mtd device must be supplied (device name is empty) Status in systemd package in Ubuntu: Fix Committed Status in systemd source package in Focal: Confirmed Status in systemd source package in Jammy: Confirmed Bug description: [WORKAROUND] This will NOT fix a system that is not booting, because the "mtd device must be supplied (device name is empty)" message is not the cause of failed boots. This work around is only for those who are annoyed by the error message, but are otherwise not experiencing any issues. If you are not able to boot your system, but you see this error message, please open a separate bug with your journalctl and dmesg logs. # cp /{lib,etc}/systemd/system/systemd-pstore.service # sed -i 's/modprobe@mtdpstore.service //' /etc/systemd/system/systemd-pstore.service # systemctl daemon-reload [Impact] Due to mtdpstore not being properly configured as a pstore backend, when systemd-pstore.service tries to load the module, users get the following error in dmesg: [ 18.453473] systemd[1]: Starting Load Kernel Module mtdpstore... [ 18.462685] mtd device must be supplied (device name is empty) This is a distracting error for users trying to diagnose other system issues, especially if their system does not boot after a kernel crash and this is the only message displayed on the console. [Test Plan] * Force a kernel crash to populate /sys/fs/pstore, thus causing systemd-pstore.service to start on the subsequent boot: # echo 1 > /proc/sys/kernel/sysrq # echo 1 > /proc/sys/kernel/panic # echo c > /proc/sysrq-trigger * When the system reboots, observe the error in dmesg: # dmesg | grep mtd [Where problems could occur] If a system was relying on this pstore backend, and mtdpstore is built as a module, it is possible for systemd-pstore.service to trigger before mtdpstore is loaded, causing systemd-pstore to not copy the contents of /sys/fs/pstore. Note however that before the patched introduced as a result of bug 1978079, systemd-pstore.service would not attempt to load *any* kernel modules. [Original Description] After updating my 22.04 system (possibly caused by Systemd update). And now booting, dmesg has two errors: 'mtd device must be supplied (device name is empty)'. See line 8 and 134 in the included logfile. The system are booting as it should though, and the system are working like it should no errors at all. Is this maybe caused by 'efi-pstore-not-cleared-on-boot.patch' in systemd? I have an EFI mounted at boot but it isn't used because I have installed my system in legacy BIOS mode. Is this maybe the culprit? I could ignore the message but it isn't nice though. Regards To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1981622/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp