[Bug 1223436]

(In reply to comment #1) > The only thing that I could > get to trigger was if I set the 'Resource' in advanced configuration to > 'laptop'. If I removed 'Resource' or changed it to '/laptop', then it > worked. [...] I can say that perhaps it would be reasonable > for empathy/telepathy-gabble to pr

[Bug 417432]

(In reply to comment #10) > Any updates here? Not until/unless... (In reply to comment #4) > As discussed on IRC, the correct solution is not to copy certificates around > wildly; it's to implement the API discussed on bug 29018. ... someone does that, and puts the result here for review. (I do

[Bug 993880]

MC correctly detects sleep... > mcd-DEBUG: 05/10/2012 18:39:45.823941: notify_sleep_cb: about to sleep! > sleep_kind=suspend >mcd-DEBUG: 05/10/2012 18:39:45.824153: on_transport_status_changed: Transport >i love the internet changed status to 2 (disconnected) but before it resumes, it thinks yo

[Bug 993880]

Guillaume appears to have fixed this in commit a5fb89b, which was in Mission Control versions 5.12.2 and 5.13.1. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/993880 Title: Empathy will not connect

[Bug 1217086]

(In reply to comment #3) > > The version of MC in raring appears to be from the middle of a development > > branch > > you mean quantal I guess? Sorry, yes, I meant MC 5.13 (or any future x.odd.z version). -- You received this bug notification because you are a member of Ubuntu Bugs, which is s

[Bug 296867]

(In reply to comment #91) > Realization of the first three points would require adding a new interface > to gabble. I imagine it as an extension of connection interface providing > settings individually for every account. Would using gdbus codegen just > like in case of the currently implemented ot

[Bug 304889]

(In reply to comment #3) > (In reply to comment #0) > > There's several bouncers that > > support socks or by addition of a custom command "CONNECT" in the IRC > > protocol that is used for selecting the target network that should be > > used. > > Support for these would require use of a non-syste

[Bug 1117411] [NEW] CVE-2013-0240: fails to verify SSL certificates when creating accounts

*** This bug is a security vulnerability *** Public security bug reported: See: https://bugzilla.gnome.org/show_bug.cgi?id=693214 https://bugzilla.redhat.com/show_bug.cgi?id=894352 At the time of writing, there is no patch for the 3.6 series, only for 3.4 and 3.7. ** Affects: gnome-online-acc

[Bug 846044] Re: software-center crashed with UnicodeEncodeError in get_dbus_message(): 'ascii' codec can't encode character u'\xfc' in position 65: ordinal not in range(128)

Saying "Apply upstream patch" is rather misleading when I haven't merged it yet (because it fails the upstream regression tests)... -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/846044 Title: softwa

[Bug 984132]

Fixed in 0.16.3, 0.17.1. Cross-references: this bug is also Debian #687370, LP: #984132. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/984132 Title: telepathy-gabble increasingly high cpu usage with

[Bug 846044]

I've applied those patches. Fixed in git for 1.1.2, unless you spot any further problems. (In reply to comment #11) > * I'm not sure that you need the lambda in > test_dbus_exception_convert_str_fail(). You do. In the older form of assertRaises, the thing that raises the exception needs to be a c

[Bug 474012] Re: mission-control should place configs to .config folder

Fixed upstream in 5.13.2. It uses ~/.local/share, because accounts aren't really configuration as such, but that's just as good from the point of view of a "clean" home directory. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https:/

[Bug 1060964] [NEW] does not complete Empathy 3 password migration if MC < 1:5.12.1-3 was ever used

Public bug reported: This is Debian #687933 and is fixed upstream in 5.12.3 and 5.13.2. (We'll be doing a 5.14.0 stable-branch release shortly, with the same code as 5.13.2.) Steps to reproduce == * Have Empathy on an old Ubuntu version (Empathy 2.x) with an IM (e.g. Jabber) acc

[Bug 1060964] Re: does not complete Empathy 3 password migration if MC < 1:5.12.1-3 was ever used

Here is the patch for this specific bug: http://cgit.freedesktop.org/telepathy/telepathy-mission- control/commit/?h=telepathy-mission- control-5.12&id=eaefb264316f206186b2ac7f1f36e6a4692deb3d although I recommend upgrading to 5.14.0 instead. 5.13.x were a development branch and will not receive b

[Bug 556454]

We're going to fix this by removing the gnome-keyring support instead (Bug #32578). Empathy does its own keyring interaction now. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/556454 Title: no way t

[Bug 1058768]

>From the downstream bug, this was an error in the Ubuntu apparmor profile, which we do not support. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1058768 Title: telepathy-gabble crashed with signal

[Bug 984132] Re: telepathy-gabble increasingly high cpu usage with jabber - Error log included

** Bug watch added: freedesktop.org Bugzilla #54634 https://bugs.freedesktop.org/show_bug.cgi?id=54634 ** Also affects: telepathy-gabble via https://bugs.freedesktop.org/show_bug.cgi?id=54634 Importance: Unknown Status: Unknown -- You received this bug notification because you ar

[Bug 970819] Re: multiple security vulnerabilities

** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2006-2082 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2006-2236 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2006-2875 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2006-3

[Bug 296867]

Requires general infrastructure for end-to-end security, which is Bug #29904. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/296867 Title: empathy needs to support OTR encryption To manage notificat

[Bug 911125]

(In reply to comment #1) > If that's not appropriate, I could > add some #if magic to emulate g_thread_new() with a macro that calls > g_thread_create() if you are interested. For 1.4.x it'd be better to make deprecated declarations non-fatal, or even just silence the warning altogether. 1.4.x is

[Bug 911125]

(In reply to comment #1) > This patch works, but it bumps the glib requirement for the tests to 2.31.4 I'd prefer it if this could be avoided, even for 1.5, until 2.32 exists and has ABI stability. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed

[Bug 911125]

Looks good for 1.5, I'll apply it there soon. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/911125 Title: FTBFS due to removed g_thread_init To manage notifications about this bug go to: https://bu

[Bug 911125]

(In reply to comment #4) > This updated patch Applied for 1.5.10, more or less (I also added a comment). (In reply to comment #2) > For 1.4.x it'd be better to make deprecated declarations non-fatal, or even > just silence the warning altogether. I did this for 1.4.18, and we should reapply this

[Bug 75602]

(In reply to comment #17) > If you can get this working well and securely, I'm happy to > review/merge. On the other hand, I still think a more appropriate solution to the problem you outlined on the mailing list and in your git repository (dynamically-allocated users/groups without editing /etc)

[Bug 75602]

(In reply to comment #16) > I'll revisit this patch and address all your concerns focusing > only on EXTERNAL authentication and supplementary groups. My other goal is > also try to not even touch /etc/{passwd,group} at all if not absolutely > necessary. Great. If you can get this working well an

[Bug 75602]

Comment on attachment 76224 Required plumbing for reading process credentials from procfs Review of attachment 76224: - This is a much more intrusive change than you actually need, and appears to aim to change functions' semantics in

[Bug 304889]

(In reply to comment #2) > The real fix would > probably be making idle use glib's GSocketClient to leverage the recently > added transparent proxy capabilities This should now work (since 0.1.11), but that wasn't what was requested: (In reply to comment #0) > There's several bouncers that > supp

[Bug 1078991] Re: Update to 0.2.2

The GStreamer 1.0 version of Farstream is the 'fastream-0.2' source package in experimental. Please sync that instead of upgrading the farstream source package, which will stay at 0.1.x until it is removed. I believe farstream and farstream-0.2 are parallel-installable; they can certainly coexist

[Bug 893091]

(In reply to comment #78) > Created attachment 56390 [details] [review] > Add dbus/_compat.py to nobase_python_PYTHON in Makefile.am. > > make install does not install dbus/_compat.py Pleaes find patch to fix this. Already fixed in Comment #76 and in dbus-python 1.0.0. -- You received this bug

[Bug 893091]

(In reply to comment #80) > I was using the python3 branch. I did not realise that it > was allready merged into master. I've deleted the python3 branch (Barry's version, now merged) and the old py3k branch (John's version, not directly merged but used as inspiration by Barry) to avoid confusion.

[Bug 318963]

I have no idea; the stack trace makes no sense. If this is reproducible, please reopen and provide more information. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/318963 Title: dbus-launch crashed w

[Bug 318963]

As Scott commented downstream, this makes very little sense; kill() doesn't take any pointer arguments... Is this reproducible? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/318963 Title: dbus-laun

[Bug 75602]

The problem here is that the Unix semantics of groups are rather non- obvious. Each Unix process has a primary group ID and an array of of supplementary group IDs; these are *normally* the group ID and supplementary groups of the process's owning user, but things like pam_group cause that not to be

[Bug 75602]

>From that mail: > The solution is a bit hairy, because it does require a changed kernel > (at least I haven't found any other way to test the group of another > process efficiently). There's also an interesting attack based on a race condition, if dbus- daemon performs access control by asking th

[Bug 1064786]

Sure, let's have this. "Don't be remotely crashable" is among my D-Bus design principles. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1064786 Title: empathy-auth-client SIGABRT in tls_certificate

[Bug 1064786]

0.20.3, 0.21.1. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1064786 Title: empathy-auth-client SIGABRT in tls_certificate_got_all_cb(): cert_data != NULL To manage notifications about this bug

[Bug 572737]

Is this reproducible? If so, how? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/572737 Title: mission-control-5 crashed with SIGSEGV in g_cclosure_marshal_VOID__VOID() To manage notifications abo

[Bug 954918]

h syntax like "username:server", flagged as being split at ":" - to keep existing accounts working, we want to separate them again, like we do for IRC. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=44631 Tested-by: Simone Caronni Signed-off-by: Simon McVittie -- You recei

[Bug 954918]

(In reply to comment #6) > 1- When creating the account the only field is "account", no "server" field. > 2- I edit the "connection settings" and fill in the fields. > 3- It asks me for the password, and when filling it in it keeps on asking. > 4- If I edit the account settings to re-check, all the

[Bug 954918]

(In reply to comment #8) > Thanks for the patch. Can you push it to telepathy-haze? I can if someone reviews it (or tbh I'll push it after a while anyway, if nobody actually wants to veto it). > > (In reply to comment #6) > > If you're giving Empathy a protocol-specific > > UI for sametime anyway

[Bug 954918]

What were the old account parameters called? What was their syntax? What are the new account parameters called? What is their syntax? Is there any way we can test Sametime without buying a server for it? Does this untested patch work? diff --git a/src/protocol.c b/src/protocol.c index 639e25e..

[Bug 954918]

(In reply to comment #4) > Is the attached patch for telepathy-haze? Yes. > The old parameters were "account", "server", "port" and "password" IIRC. > > Now I have all of them except the "server" one, to make it work correctly I > have to use the following syntax in the connection parameters dia

[Bug 128624]

On Bug #15589, Scott wrote this useful-looking summary of the bug: > D-Bus relies on the userdb cache being enabled to be able to hold on to user > info structures (which don't have refcounting). > > Test case: > 1) disable the userdb cache > 2) start a minimal dbus server > 3) connect to it _fr

[Bug 724595] Re: new openarena freezes on quit, or during games

This looks like the same thing as so it should have been fixed when ioquake3 >= 1.36+svn1858-2 was synched. ** Bug watch added: Debian Bug tracker #613692 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=613692 ** Also affects: ioquak

[Bug 370609] Re: "/usr/games/game-data-packager: 31: source: not found"

** Changed in: game-data-packager (Ubuntu) Status: New => Fix Released ** Changed in: game-data-packager (Debian) Importance: Unknown => Undecided ** Changed in: game-data-packager (Debian) Status: Unknown => New ** Changed in: game-data-packager (Debian) Remote watch: Debian B

[Bug 306128] Re: easymp3gain: Cannot access Vorbisgain, even though it is installed and works.

Reassigning to easymp3gain, this doesn't seem to be anything to do with mp3gain. easymp3gain and vorbisgain are separate packages. ** Package changed: mp3gain (Ubuntu) => easymp3gain (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ub

[Bug 737137] Re: find_library fails to locate multiarch libraries

** Bug watch added: Debian Bug tracker #618932 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=618932 ** Also affects: cmake (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=618932 Importance: Unknown Status: Unknown -- You received this bug notification because you

[Bug 737603] Re: JNI unable to find libpam.so

** Bug watch added: Debian Bug tracker #620122 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=620122 ** Also affects: libjna-java (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=620122 Importance: Unknown Status: Unknown -- You received this bug notification becau

[Bug 318963] Re: dbus-launch crashed with SIGSEGV in kill()

Is this reproducible/has it ever happened again? As Scott says, the stack trace makes no sense, since kill() doesn't take pointer arguments. Could it have been killed by some other process, or by the OOM-killer? (I'd expect that to use SIGKILL rather than SIGSEGV, though.) -- You received this b

[Bug 571822] Re: Empathy allign RTL text as LTR text on messenger

This was bounced from project to project and ended up in telepathy-spec at . However, I'm not sure whether this is actually relevant to telepathy- spec, because I don't think the communication between Empathy and its MSN backend should need to sp

[Bug 571822] Re: Empathy allign RTL text as LTR text on messenger

An alternative course of action would be to give Telepathy messages a flag similar to MSN's RL=1, which indicates "the main context's writing direction" (as described in ). Since I don't know how RTL languages work, I can't judge whether auto- det

[Bug 604769] Re: openarena crashed with SIGSEGV in pa_pdispatch_run()

This looks a lot like bug 584393. Please try with libasound2 1.0.23-1ubuntu2, and if that works, mark this one as a duplicate of 584393? -- openarena crashed with SIGSEGV in pa_pdispatch_run() https://bugs.launchpad.net/bugs/604769 You received this bug notification because you are a member of Ub

[Bug 434448] Re: Repeatedly/annoyingly creates ./botlib.log file

As far as I can see from the code, this should be fixed in version 0.8.5 - unless you're setting bot_developer to 1, in which case don't do that :-) -- Repeatedly/annoyingly creates ./botlib.log file https://bugs.launchpad.net/bugs/434448 You received this bug notification because you are a membe

[Bug 584393] Re: openarena crashed with SIGSEGV in pa_pdispatch_run()

I suspect this is the same bug as , and I suspect it isn't really openarena's fault (it might be openal-soft, or even pulseaudio). Setting s_alCapture to 0 by default would be a simple hack around it. -- openarena crashed with SIGSEGV in p

[Bug 643407] Re: mission-control-5 crashed with SIGSEGV in g_closure_invoke()

*** This bug is a duplicate of bug 555274 *** https://bugs.launchpad.net/bugs/555274 ** This bug is no longer a duplicate of bug 638671 mission-control-5 crashed with SIGSEGV in g_closure_invoke() ** This bug has been marked a duplicate of bug 555274 mission-control-5 crashed with SIGSEG

[Bug 638671] Re: mission-control-5 crashed with SIGSEGV in g_closure_invoke()

*** This bug is a duplicate of bug 555274 *** https://bugs.launchpad.net/bugs/555274 ** This bug has been marked a duplicate of bug 555274 mission-control-5 crashed with SIGSEGV in g_closure_invoke() * You can subscribe to bug 555274 by following this link: https://bugs.edge.launchpad.net

[Bug 621946] Re: openarena crashed with SIGSEGV in stream_get_timing_info_callback()

*** This bug is a duplicate of bug 584393 *** https://bugs.launchpad.net/bugs/584393 I suspect this is bug #584393, and OA 0.8.5 just makes it more likely to happen... ** This bug has been marked a duplicate of bug 584393 openarena crashed with SIGSEGV in pa_pdispatch_run() -- openarena

[Bug 584393] Re: openarena crashed with SIGSEGV in pa_pdispatch_run()

Daniel, if you've successfully backported upstream's patch or used my workaround from Debian bug 589896, could you please add a pointer to your backport either here or on that Debian bug, so I can encourage the Debian alsa-lib maintainers to do the same? I've looked in the Code and Overview tabs bu

[Bug 618342] Re: Sync openarena 0.8.5-3 (universe) from Debian unstable (main)

In addition to Debian bugs this fixes LP#541059. -- Sync openarena 0.8.5-3 (universe) from Debian unstable (main) https://bugs.launchpad.net/bugs/618342 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-

[Bug 541059] Re: Please upgrade OpenArena from 0.8.1 to 0.8.5

Will be fixed by LP#618342 -- Please upgrade OpenArena from 0.8.1 to 0.8.5 https://bugs.launchpad.net/bugs/541059 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubu

[Bug 616517] Re: CVE-2010-1172 dbus-glib: property access not validated

** Bug watch added: Debian Bug tracker #592753 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=592753 ** Also affects: dbus-glib (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=592753 Importance: Unknown Status: Unknown -- CVE-2010-1172 dbus-glib: property access n

[Bug 1976288] [NEW] testatomic segfaults on Ubuntu arm64 buildd

Public bug reported: The 'testatomic' test-case crashes with a segmentation fault on Ubuntu arm64 buildds, resulting in build-time test results being ignored (via a change from Gianfranco Costamagna). Is this a known problem with the Ubuntu buildds? If yes, is there a timeline for when it can be

[Bug 1976288] Re: testatomic segfaults on Ubuntu arm64 buildd

I would prefer it if any tests that need to be skipped conditionally are accompanied by a reference to a bug report (on the basis that a failing test is technical debt, and technical debt is a bug), either in Launchpad for workarounds for Ubuntu-specific issues, in the Debian BTS for workarounds fo

[Bug 1976288] Re: testatomic segfaults on Ubuntu arm64 buildd

libsdl2_2.0.22+dfsg-4 in Debian hopefully works around this crash, while still having at least minimal test coverage on Ubuntu arm64. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1976288 Title: tes

[Bug 1976288] Re: testatomic segfaults on Ubuntu arm64 buildd

As I had hoped, libsdl2_2.0.22+dfsg-4 in Debian is now running all the tests (successfully), while libsdl2_2.0.22+dfsg-4~build1 in Ubuntu is skipping the one that previously crashed on Ubuntu and running the rest. -- You received this bug notification because you are a member of Ubuntu Bugs, whic

[Bug 1976288] Re: testatomic segfaults on Ubuntu arm64 buildd

A workaround is present in 2.0.22+dfsg-4, but the fact that `testatomic` crashes seems like a bug somewhere (SDL? Ubuntu's toolchain? Ubuntu's buildds? ...) so I'm reopening this. ** Changed in: libsdl2 (Ubuntu) Status: Fix Released => New -- You received this bug notification because you

[Bug 2062406] Re: CVE-2024-32462: Sandbox escape via RequestBackground portal and CWE-88

Jeremy (or other Ubuntu people), are you able to mark this as also affecting Ubuntu focal and bionic? I can't find where to do that. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2062406 Title: CVE-

[Bug 2064672] Re: [SRU] - fixes for apparmor on noble

> add profile for bwrap utility Please check that this doesn't make `flatpak run --unshare=network $APP_ID` regress. Explanation: Some Flatpak apps (the ones that have no legitimate reason to use networking) have `--unshare=network` by default, as a way to prevent them from contacting the intern

[Bug 2062406] [NEW] CVE-2024-32462: Sandbox escape via RequestBackground portal and CWE-88

*** This bug is a security vulnerability *** Public security bug reported: Upstream advisory: https://github.com/flatpak/flatpak/security/advisories/GHSA- phv6-cpc2-2fgj If possible please sync 1.14.6-1 from Debian instead of backporting fixes. That version only fixes the security issue and one

[Bug 2062406] Re: CVE-2024-32462: Sandbox escape via RequestBackground portal and CWE-88

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-32462 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2062406 Title: CVE-2024-32462: Sandbox escape via RequestBackground portal and C

[Bug 2062956] Re: CVE-2024-32462 - Need to update to the last secure patch

*** This bug is a duplicate of bug 2062406 *** https://bugs.launchpad.net/bugs/2062406 This is the same vulnerability as LP: #2062406. ** This bug has been marked a duplicate of bug 2062406 CVE-2024-32462: Sandbox escape via RequestBackground portal and CWE-88 -- You received this bug no

[Bug 2063034] [NEW] CVE-2023-28101: Metadata with ANSI control codes can cause misleading terminal output

*** This bug is a security vulnerability *** Public security bug reported: https://github.com/flatpak/flatpak/security/advisories/GHSA-h43h-fwqx- mpp8 This was fixed in 1.15.4, 1.10.x >= 1.10.8, 1.12.x >= 1.12.8, 1.14.x >= 1.14.4. At the time of writing, noble and mantic are OK, but jammy is vu

[Bug 2063035] [NEW] CVE-2023-28100: TIOCLINUX can send commands outside sandbox if running on a virtual console

*** This bug is a security vulnerability *** Public security bug reported: https://github.com/flatpak/flatpak/security/advisories/GHSA-7qpw-3vjv- xrqp Fixed in 1.15.4, 1.10.x >= 1.10.8, 1.12.x >= 1.12.8, 1.14.x >= 1.14.4. At the time of writing, mantic and noble are OK but jammy, focal and bioni

[Bug 2062406] Re: CVE-2024-32462: Sandbox escape via RequestBackground portal and CWE-88

This also affects focal, bionic, and older LTS suites. If it's possible to update focal to 1.12.9 from the upstream 1.12.x stable branch, that would also resolve LP: #2063034 and LP: #2063035. There isn't much point in the upstream developers doing 1.12.x releases if distributions aren't going to

[Bug 1957716] Re: Update for CVE-2021-43860 and second github advisory

The patches for CVE-2021-43860 (aka GHSA-qpjc-vq3c-572j) include some test-cases, which are run during build and as part of the autopkgtest. There is currently no automated test coverage for GHSA-8ch7-5j3h-g4fx. If possible I would recommend upgrading to 1.12.3 and 1.10.6, rather than backporting

[Bug 1957779] [NEW] Regression: GNOME-specific interfaces not available in main

Public bug reported: Historically, xdg-desktop-portal-gtk had two roles: * Generic GTK implementations of various interfaces, suitable for all GTK desktops (GNOME, XFCE, etc.) and also as a fallback implementation for desktops that do not have something more "native". Interfaces: Access, Account,

[Bug 1957779] Re: Regression: GNOME-specific interfaces not available in main

As a side note, if the Ubuntu maintainers of the x-d-p family need to maintain a patched x-d-p or x-d-p-gtk, you're welcome to use `ubuntu/*` branches in its Debian git repository, similar to how the GNOME team handles their packages that need to be patched in Ubuntu. If this would be useful, pleas

[Bug 1957779] Re: Regression: GNOME-specific interfaces not available in main

The reason I didn't want to do that in Debian is that x-d-p-gnome Recommends gnome-shell, and circular Recommends prevent unused packages from being autoremoved. In Debian, the gnome-core metapackage Depends on x-d-p-gnome. I think ubuntu-desktop pulling it in as a Recommends is also appropriate.

[Bug 1798967] Re: bubblewrap has wrong description after setuid bit was removed

This was fixed in 0.4.1-3 (2021). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1798967 Title: bubblewrap has wrong description after setuid bit was removed To manage notifications about this bug g

[Bug 2077087] [NEW] CVE-2024-42472: Access to files outside sandbox for apps using persistent= (--persist)

*** This bug is a security vulnerability *** Public security bug reported: "A malicious or compromised Flatpak app using persistent directories could read and write files in locations it would not normally have access to, which is an attack on integrity and confidentiality." —https://github.com/f

[Bug 2077087] Re: CVE-2024-42472: Access to files outside sandbox for apps using persistent= (--persist)

> 3. Instead of using the bwrap package, build Flatpak with its vendored convenience copy If someone takes this approach in newer Ubuntu branches where bwrap needs a special AppArmor profile to be allowed to do its job, please note that the vendored convenience copy gets installed as /usr/libexec/

[Bug 2065088] [NEW] AppArmor profiles allowing userns not immediately active in 24.04 live image

Public bug reported: Side issue from . I saw this with Steam, but Ubuntu 24.04's AppArmor setup for Steam is quite simple, so I suspect that the same thing might happen for any of the other third-party software that needs an AppArmor

[Bug 2065088] Re: AppArmor profiles allowing userns not immediately active in 24.04 live image

Installing from Valve's official steam-launcher .deb package runs into the same problem. The same workaround works. 1. Boot an Ubuntu 24.04 live image, in a virtual machine with lots of RAM (I gave it 8G) so that it will have enough space on the root tmpfs to install Steam. Using Debian 12's lib

[Bug 2065088] Re: AppArmor profiles allowing userns not immediately active in 24.04 live image

> sadly yes, the init script has a bail out that stops loading policy on the live cd So am I understanding this correctly? - everything in the live environment is effectively `unconfined`, and before 24.04 this increased security exposure (no mitigations for compromised/malicious apps) but could

[Bug 1943480] Re: flatpak installation permission requirements different from ubuntu software

I would recommend that Ubuntu either uses the Debian package as-is, or branches from the Debian packaging to apply whatever divergence is desired. I'd be happy to let Ubuntu maintainers of flatpak use the `ubuntu/*` namespace on Salsa for this, similar to how gnome-shell is packaged. Obviously I'm

[Bug 1943480] Re: flatpak installation permission requirements different from ubuntu software

With Debian maintainer hat on, I'm willing to have a limited amount of DEB_VENDOR conditionalization in the Debian packaging, like the way we used to compile xdg-desktop-portal with --disable-pipewire before pipewire was available in Ubuntu main. However, I draw the line at applying Ubuntu-specifi

[Bug 1946578] Re: Placeholder for CVE-2021-41133

I think we have the regressions under control now. https://salsa.debian.org/debian/flatpak/-/commits/wip/1.10.x/ is packaging of 1.10.5 aimed at inclusion in Debian 11, including one post-1.10.5 bug fix https://github.com/flatpak/flatpak/pull/4461 which will hopefully be included in 1.10.6. I'm wa

[Bug 2065088] Re: AppArmor profiles allowing userns not immediately active in 24.04 live image

** Also affects: flatpak (Ubuntu) Importance: Undecided Status: New ** Also affects: evolution (Ubuntu) Importance: Undecided Status: New ** Also affects: steam (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a membe

[Bug 2097845] [NEW] Please drop Ubuntu delta

Public bug reported: As previously discussed on https://salsa.debian.org/debian/ikiwiki- hosting/-/merge_requests/4 and https://bugs.debian.org/1076751, the Ubuntu patch that is applied to ikiwiki-hosting makes the test suite pass, but leaves ikiwiki-hosting non-functional on "real" systems. The

[Bug 2089779] Re: Buffer overflow in autopkgtest of wesnoth

> That means we can drop that delta (O2 and reproducible builds) on the merge of the next version Debian unstable now has 2.30.10, which I believe contains the relevant upstream changes. Please resync if appropriate. -- You received this bug notification because you are a member of Ubuntu Bugs,

[Bug 2094275] [NEW] Please drop Ubuntu delta

Public bug reported: There is an Ubuntu-specific change to disable/skip `tests/version.py`. Since version 80, that test is skipped on Ubuntu anyway, so there is no longer any need to have this delta. When version 81 is released, it should be possible to sync it directly from Debian. ** Affects:

<    1   2