[Touch-packages] [Bug 1603183] Re: Bottom right area of touchpad no longer treated as right click
@vanvugt I think this is still a big problem lots of 16.04 -> 18.04 upgraders will run into. This one blew my mind after installing 18.04 today. If this is going to be the new default, we need to warn users, because those of us not using Apple/ChromeOS hardware *expect* clickpads to work like they have for a decade now so it feels like an Ubuntu regression / issue. The easier solution may be to do a little bit of hardware detection before Ubuntu configures this one for the users, and set the relevant hardware accordingly (Apple/ChromeOs->"fingers"; Dell/Lenovo/Etc->"areas"). Currently (18.04), the easy fix for this is to set: $ gsettings set org.gnome.desktop.peripherals.touchpad click-method areas My bug 1767383 is almost certainly a dupe of this one (sorry, I was originally searching for it against the old driver), but I'll let someone else decide that. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gsettings-ubuntu-touch- schemas in Ubuntu. https://bugs.launchpad.net/bugs/1603183 Title: Bottom right area of touchpad no longer treated as right click Status in Canonical System Image: Fix Released Status in Mir: Triaged Status in gsettings-ubuntu-touch-schemas package in Ubuntu: Fix Released Status in libinput package in Ubuntu: Incomplete Status in mir package in Ubuntu: Triaged Status in unity8 package in Ubuntu: Invalid Status in unity8-desktop-session package in Ubuntu: Invalid Status in webbrowser-app package in Ubuntu: Invalid Bug description: Using the touchpad I was not able to trigger any right click (with a single finger in the bottom right area), and I tought it was a problem of how unity8 handled the right clicks. Instead I just tried with a mouse and right click trigger different actions from left clicks. In the end the problem is that my touchpad right click is considered a left click by the system. This does not happen with an usb mouse. To manage notifications about this bug go to: https://bugs.launchpad.net/canonical-devices-system-image/+bug/1603183/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1759300] Re: Gnome Shell: Touchpad right click (bottom right) area does not work
This is viewed as a confusing regression by a portion of the userbase[0]. God knows it destroyed my workflow (and morning) when I updated to 18.04 from 16.04. For some of us 'old farts' who never use macs and always relied on the "areas" behavior in both Linux and Windows it would be helpful to have been told that the behavior changed and how to change it back, or simply just asked, on installation, which option you want. [0] https://askubuntu.com/questions/1028776/no-secondary-button-right- click-on-touchpad/1028857#1028857 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gsettings-desktop-schemas in Ubuntu. https://bugs.launchpad.net/bugs/1759300 Title: Gnome Shell: Touchpad right click (bottom right) area does not work Status in gsettings-desktop-schemas package in Ubuntu: Invalid Bug description: The right (second) touchpad click does not work. It ceased to work about three months ago. ubuntu 18,04 aser ex2519 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gsettings-desktop-schemas/+bug/1759300/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1648806] Re: Arbitrary code execution through crafted CrashDB or Package/Source fields in .crash files
@benjaoming Looks like commit notes mixed up between 3114 and 3112.
The eval fix (CVE-2016-9949) is in 3112:
https://bazaar.launchpad.net/~apport-hackers/apport/trunk/revision/3112/
The patch in 3114 fixes CVE-2016-9951 (Relaunch code execution).
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apport in Ubuntu.
https://bugs.launchpad.net/bugs/1648806
Title:
Arbitrary code execution through crafted CrashDB or Package/Source
fields in .crash files
Status in Apport:
Fix Released
Status in apport package in Ubuntu:
Fix Released
Status in apport source package in Precise:
Fix Released
Status in apport source package in Trusty:
Fix Released
Status in apport source package in Xenial:
Fix Released
Status in apport source package in Yakkety:
Fix Released
Status in apport source package in Zesty:
Fix Released
Bug description:
Forwarding private (encrypted) mail from Donncha O'Cearbhaill
:
= 8< ==
Hi Martin,
I have been auditing the Apport software in my free time and
unfortunately I have found some serious security issues.
Untrusted files can be passed to apport-gtk as it is registered as the
default file handler for "text/x-apport" files. The mime-type includes
.crash files but also any unknown file type which begins with
"ProblemType: ". An attacker could social engineer a victim into opening
a malicious Apport crash file simply by clicking on it.
In apport/ui.py, Apport is reading the CrashDB field and then it then
evaluates the field as Python code if it begins with a "{". This is very
dangerous as it can allow remote attackers to execute arbitrary Python code.
The vulnerable code was introduce on 2012-08-22 in Apport revision
2464
(http://bazaar.launchpad.net/~apport-hackers/apport/trunk/files/2464).
This code was first included in release 2.6.1. All Ubuntu Desktop
versions after 12.05 (Precise) include this vulnerable code by default.
An easy fix would be to parse the value as JSON instead of eval()'ing
it.
There is also a path traversal issue where the Package or SourcePackage
fields are not sanitized before being used to build a path to the
package specific hook files in the /usr/share/apport/package-hooks/
directory.
By setting "Package: ../../../../proc/self/cwd/Downloads/rce-hook.py" a
remote attacker could exploit this bug to execute Python scripts that
have be placed in the user's Downloads directory.
Would you like to apply for a CVE for this issues or should I? I'd like
to see these issue fixed soon so that Ubuntu users can be kept safe. I'm
planning to publish a blog post about these issues but I'll wait until
patched version of Apport are available in the repositories.
Please let me know if you have any questions.
Kind Regards,
Donncha
= 8< ==
I just talked to Donna on Jabber, and he plans to disclose that in
around a week.
To manage notifications about this bug go to:
https://bugs.launchpad.net/apport/+bug/1648806/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
