[Bug 2062394] Re: Update xdg-desktop-portal to 1.18.4
This bug was fixed in the package xdg-desktop-portal - 1.18.4-1ubuntu2 --- xdg-desktop-portal (1.18.4-1ubuntu2) noble; urgency=medium * Merge with Debian (LP: #2062394). Remaining change: - Import https://github.com/flatpak/xdg-desktop-portal/pull/705 as a distro-patch to add a portal for managing WebExtensions native messaging servers xdg-desktop-portal (1.18.4-1) unstable; urgency=medium * New upstream stable release - Don't allow sandboxed apps to specify commands starting with '-' when generating .desktop files, mitigating CVE-2024-32462 in Flatpak - Do not store device access permission as "denied by user" if there was an error - Fix a crash when config files don't specify a default backend -- Jeremy Bícha Thu, 18 Apr 2024 17:00:47 -0400 ** Changed in: xdg-desktop-portal (Ubuntu Noble) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2062394 Title: Update xdg-desktop-portal to 1.18.4 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xdg-desktop-portal/+bug/2062394/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2062394] Re: Update xdg-desktop-portal to 1.18.4
I've been using 1.18.4-1ubuntu2 for a few weeks and I'm exercising those on a regular basis with the snaps I'm using (mostly firefox, chromium, thunderbird), tested a few extra ones including the flutter-portal-tests and went through the testplan and things work as expected. ** Tags removed: verification-needed verification-needed-noble ** Tags added: verification-done verification-done-noble -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2062394 Title: Update xdg-desktop-portal to 1.18.4 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xdg-desktop-portal/+bug/2062394/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2062394] Re: Update xdg-desktop-portal to 1.18.4
This bug was fixed in the package xdg-desktop-portal - 1.18.4-1ubuntu3 --- xdg-desktop-portal (1.18.4-1ubuntu3) oracular; urgency=medium * Upload to oracular xdg-desktop-portal (1.18.4-1ubuntu2) noble; urgency=medium * Merge with Debian (LP: #2062394). Remaining change: - Import https://github.com/flatpak/xdg-desktop-portal/pull/705 as a distro-patch to add a portal for managing WebExtensions native messaging servers xdg-desktop-portal (1.18.4-1) unstable; urgency=medium * New upstream stable release - Don't allow sandboxed apps to specify commands starting with '-' when generating .desktop files, mitigating CVE-2024-32462 in Flatpak - Do not store device access permission as "denied by user" if there was an error - Fix a crash when config files don't specify a default backend -- Jeremy Bícha Thu, 02 May 2024 14:14:32 -0400 ** Changed in: xdg-desktop-portal (Ubuntu) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2062394 Title: Update xdg-desktop-portal to 1.18.4 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xdg-desktop-portal/+bug/2062394/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2062394] Re: Update xdg-desktop-portal to 1.18.4
Hello Jeremy, or anyone else affected, Accepted xdg-desktop-portal into noble-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/xdg- desktop-portal/1.18.4-1ubuntu2 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- noble to verification-done-noble. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed-noble. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: xdg-desktop-portal (Ubuntu Noble) Status: In Progress => Fix Committed ** Tags added: verification-needed verification-needed-noble -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2062394 Title: Update xdg-desktop-portal to 1.18.4 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xdg-desktop-portal/+bug/2062394/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2062394] Re: Update xdg-desktop-portal to 1.18.4
** Description changed: - This includes part of a CVE security fix; the more important part of the - CVE is in flatpak but there is some hardening on the xdg-desktop-portal - side. + Impact + -- + This includes part of a CVE security fix; the more important part of the CVE is in flatpak but there is some hardening on the xdg-desktop-portal side. https://github.com/flatpak/xdg-desktop-portal/releases/tag/1.18.4 https://github.com/flatpak/xdg-desktop-portal/compare/1.18.3...1.18.4 + + Test Plan + - + Run the tests from https://wiki.ubuntu.com/DesktopTeam/TestPlans/XdgDesktopPortalGnome + + What Could Go Wrong + -- + xdg-desktop-portal is critical functionality for Snaps and Flatpaks including providing the file chooser dialogs for both of the only security supported web browsers in Ubuntu: firefox and chromium (both as snaps) + + xdg-desktop-portal is included in every official Ubuntu desktop flavor + as it has become essential functionality for modern desktops. When used + by desktops, there is a separate backend package to provide the UI. For + Ubuntu Desktop, this is xdg-desktop-portal-gnome. Several other desktops + use xdg-desktop-portal-gtk (even Ubuntu Desktop uses it as a dependency + of -gnome) but there are other backends that follow the standard naming + convention xdg-desktop-portal-* + + xdg-desktop-portal also is used in some apps that are distributed as + .deb packages, for instance it is used for the Set as Background feature + in the Nautilus file browser. + + Other Info + -- + (none) ** Description changed: Impact -- - This includes part of a CVE security fix; the more important part of the CVE is in flatpak but there is some hardening on the xdg-desktop-portal side. + This is a new release in the stable 1.18.x series. It includes part of a CVE security fix; the more important part of the CVE is in flatpak but there is some hardening on the xdg-desktop-portal side. https://github.com/flatpak/xdg-desktop-portal/releases/tag/1.18.4 https://github.com/flatpak/xdg-desktop-portal/compare/1.18.3...1.18.4 Test Plan - Run the tests from https://wiki.ubuntu.com/DesktopTeam/TestPlans/XdgDesktopPortalGnome What Could Go Wrong -- xdg-desktop-portal is critical functionality for Snaps and Flatpaks including providing the file chooser dialogs for both of the only security supported web browsers in Ubuntu: firefox and chromium (both as snaps) xdg-desktop-portal is included in every official Ubuntu desktop flavor as it has become essential functionality for modern desktops. When used by desktops, there is a separate backend package to provide the UI. For Ubuntu Desktop, this is xdg-desktop-portal-gnome. Several other desktops use xdg-desktop-portal-gtk (even Ubuntu Desktop uses it as a dependency of -gnome) but there are other backends that follow the standard naming convention xdg-desktop-portal-* xdg-desktop-portal also is used in some apps that are distributed as .deb packages, for instance it is used for the Set as Background feature in the Nautilus file browser. Other Info -- (none) ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-32462 ** Also affects: xdg-desktop-portal (Ubuntu Noble) Importance: Undecided Status: New ** Changed in: xdg-desktop-portal (Ubuntu Noble) Importance: Undecided => High ** Changed in: xdg-desktop-portal (Ubuntu Noble) Status: New => In Progress ** Changed in: xdg-desktop-portal (Ubuntu) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2062394 Title: Update xdg-desktop-portal to 1.18.4 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xdg-desktop-portal/+bug/2062394/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2062394] Re: Update xdg-desktop-portal to 1.18.4
** Description changed: + This includes part of a CVE security fix; the more important part of the + CVE is in flatpak but there is some hardening on the xdg-desktop-portal + side. + https://github.com/flatpak/xdg-desktop-portal/releases/tag/1.18.4 + + https://github.com/flatpak/xdg-desktop-portal/compare/1.18.3...1.18.4 ** Information type changed from Public to Public Security ** Changed in: xdg-desktop-portal (Ubuntu) Status: Triaged => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2062394 Title: Update xdg-desktop-portal to 1.18.4 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xdg-desktop-portal/+bug/2062394/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs