There is currently an open CVE on 12.04 that the security team hopes to address soon. Specifically: http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-2864.html
I looked at the diff for this -proposed update and it does not contain the identified fix for the issue: http://cgit.freedesktop.org/mesa/mesa/commit/src/glsl/link_uniforms.cpp?id=ff996cafce511dd8a6c4e066e409c23e147a670c Can someone verify and reupload to -proposed with this fix? Thanks! ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-2864 -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to mesa in Ubuntu. https://bugs.launchpad.net/bugs/1019444 Title: Update Precise to mesa 8.0.4 (bugfix micro-release) Status in “mesa” package in Ubuntu: Fix Released Status in “mesa” source package in Precise: Fix Committed Bug description: [Impact] Fixes graphics corruption, application crashes, and xserver crashes across a wide array of hardware. Several of these issues have been reported against mesa. Others are likely affecting users but they don't realize it's mesa at fault so we haven't seen their bug reports. The release notes for 8.0.3 (http://www.mesa3d.org/relnotes-8.0.3.html) indicates it contains over 20 bug fixes. Some of those are fixes to make tests pass or fix build issues and may or may not be actually relevant to end users. At least two bugs (#952896 and #988343) reported in Launchpad. Others fix corruption issues and xserver crashes seen while running games, memory leaks, and swrast problems. Of particular note, this includes fixes for GPU hangs in 3D functionality. We've had numerous reports of Intel hangs that are difficult for users to reliably reproduce, and it's my hope these fixes will help alleviate some of those hangs. 8.0.4 fixes 8 more bugs on top of that (http://upstream- tracker.org/changelogs/mesa/8.0.4/changelog.html). [Fix] 8.0.3 was uploaded to Quantal prior to Alpha-2. 8.0.4 was also added to Quantal and was in the archive for 4 days prior to us moving to the 9.0 branch. This proposal is targeting the 8.0.4-0ubuntu1 package we used in Quantal for Precise. [Test Case] See the individually mentioned bugs for test cases of the specific bugs. For general validation of the point update of mesa, the piglit test suite can be used. 1. Install prerequisites: sudo apt-get --yes install cmake g++ mesa-common-dev libgl1-mesa-dev \ libtiff4-dev zlib1g-dev libpng12-dev python-numpy \ freeglut3-dev x11proto-gl-dev libxrender-dev 2. Checkout the piglit test suite from upstream git clone git://anongit.freedesktop.org/git/piglit cd piglit; cmake . ; make 3. DISPLAY=:0 piglit-run.py tests/all.tests mesa802.results 4. Install mesa 8.0.4 5. DISPLAY=:0 piglit-run.py tests/all.tests mesa804.results 6. piglit-summary-html.py summary/compare mesa802.results mesa804.results The tests take several hours to run. Note: Piglit is not a comprehensive test suite and cannot guarantee that there are no regressions. However, it is being actively maintained and updated with new tests by the driver maintainers as they add features and fix bugs in mesa, so should have decent coverage for recently made code changes (which is where regressions are more likely to live). [Regression Potential] A/B testing was done on the three major open source drivers. This testing found that the new version did not cause regressions, and actually a number of tests passed that had failed or been skipped in 8.0.2. Results are posted at: http://people.canonical.com/~bryce/mesa804-piglit/ mesa provides 3D acceleration functionality for all of the open source video drivers. Thus, the types of regressions to watch for with this change are: * X.org crashes, freezes, or errors * Graphical corruption when using compositing desktops * Crashes, graphical corruption or other failures in 3D applications and screensavers * Performance regressions in 3D functionality, measured by dropped FPS rates in unity or 3D games For such bugs, the diagnostic process would be to downgrade mesa back to 8.0.2 (without any other system changes), log out and back in, and verify the problem as not reproducible. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mesa/+bug/1019444/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
