[00:00] Debian bug 908168. I haven't filed an Ubuntu bug yet. [00:00] Debian bug 908168 in src:okular "okular: CVE-2018-1000801" [Important,Open] http://bugs.debian.org/908168 [00:03] The POC is in the KDE bug: https://bugs.kde.org/show_bug.cgi?id=398096 … Please use that when testing. If someone is around within the next few hours, you can test which versions are affected or not. [00:03] KDE bug 398096 in general "Especially crafted Okular archives may lead to an arbitrary file creation on the user workstation" [Major,Resolved: fixed] [00:04] * tsimonq2 goes AFK for two hours. [00:09] -kubuntu-ci:#kubuntu-devel- Project bionic_unstable_kitinerary build #119: STILL FAILING in 14 min: https://kci.pangea.pub/job/bionic_unstable_kitinerary/119/ [00:10] -kubuntu-ci:#kubuntu-devel- Project bionic_unstable_cantor build #188: STILL FAILING in 33 sec: https://kci.pangea.pub/job/bionic_unstable_cantor/188/ [00:10] -kubuntu-ci:#kubuntu-devel- Project cosmic_stable_kamoso build #79: STILL UNSTABLE in 44 min: https://kci.pangea.pub/job/cosmic_stable_kamoso/79/ [00:10] -kubuntu-ci:#kubuntu-devel- Project cosmic_stable_kbounce build #65: STILL UNSTABLE in 24 min: https://kci.pangea.pub/job/cosmic_stable_kbounce/65/ [00:11] -kubuntu-ci:#kubuntu-devel- Project bionic_stable_plasma-browser-integration build #98: STILL UNSTABLE in 16 min: https://kci.pangea.pub/job/bionic_stable_plasma-browser-integration/98/ [00:17] -kubuntu-ci:#kubuntu-devel- Project cosmic_unstable_kitinerary build #74: STILL FAILING in 23 min: https://kci.pangea.pub/job/cosmic_unstable_kitinerary/74/ [00:20] -kubuntu-ci:#kubuntu-devel- Project bionic_unstable_peruse build #135: STILL UNSTABLE in 53 min: https://kci.pangea.pub/job/bionic_unstable_peruse/135/ [00:20] -kubuntu-ci:#kubuntu-devel- Project bionic_unstable_kio-extras build #202: STILL UNSTABLE in 34 min: https://kci.pangea.pub/job/bionic_unstable_kio-extras/202/ [00:20] -kubuntu-ci:#kubuntu-devel- Project cosmic_unstable_kio-extras build #97: STILL UNSTABLE in 1 hr 14 min: https://kci.pangea.pub/job/cosmic_unstable_kio-extras/97/ [00:20] -kubuntu-ci:#kubuntu-devel- Project cosmic_unstable_rocs build #69: STILL UNSTABLE in 1 hr 14 min: https://kci.pangea.pub/job/cosmic_unstable_rocs/69/ [00:20] -kubuntu-ci:#kubuntu-devel- Project bionic_unstable_ark build #237: STILL UNSTABLE in 47 min: https://kci.pangea.pub/job/bionic_unstable_ark/237/ [00:20] -kubuntu-ci:#kubuntu-devel- Project cosmic_unstable_ark build #96: STILL UNSTABLE in 1 hr 15 min: https://kci.pangea.pub/job/cosmic_unstable_ark/96/ [00:20] -kubuntu-ci:#kubuntu-devel- Project cosmic_unstable_plasma-mycroft build #86: STILL UNSTABLE in 54 min: https://kci.pangea.pub/job/cosmic_unstable_plasma-mycroft/86/ [00:20] -kubuntu-ci:#kubuntu-devel- Project cosmic_unstable_kalzium build #72: STILL UNSTABLE in 1 hr 15 min: https://kci.pangea.pub/job/cosmic_unstable_kalzium/72/ [00:20] -kubuntu-ci:#kubuntu-devel- Project cosmic_unstable_kdeconnect-kde build #95: STILL UNSTABLE in 1 hr 15 min: https://kci.pangea.pub/job/cosmic_unstable_kdeconnect-kde/95/ [00:41] -kubuntu-ci:#kubuntu-devel- Project bionic_stable_kitinerary build #11: STILL UNSTABLE in 46 min: https://kci.pangea.pub/job/bionic_stable_kitinerary/11/ [00:45] -kubuntu-ci:#kubuntu-devel- Project cosmic_unstable_peruse build #46: STILL UNSTABLE in 1 hr 0 min: https://kci.pangea.pub/job/cosmic_unstable_peruse/46/ [00:45] -kubuntu-ci:#kubuntu-devel- Project bionic_unstable_plasma-browser-integration build #222: STILL UNSTABLE in 50 min: https://kci.pangea.pub/job/bionic_unstable_plasma-browser-integration/222/ [00:45] -kubuntu-ci:#kubuntu-devel- Project cosmic_unstable_amarok build #63: STILL UNSTABLE in 1 hr 40 min: https://kci.pangea.pub/job/cosmic_unstable_amarok/63/ [00:46] -kubuntu-ci:#kubuntu-devel- Project bionic_unstable_kamoso build #197: STILL UNSTABLE in 35 min: https://kci.pangea.pub/job/bionic_unstable_kamoso/197/ [00:46] -kubuntu-ci:#kubuntu-devel- Project bionic_unstable_discover build #255: STILL FAILING in 50 min: https://kci.pangea.pub/job/bionic_unstable_discover/255/ [00:46] -kubuntu-ci:#kubuntu-devel- Project bionic_unstable_amarok build #186: STILL UNSTABLE in 1 hr 40 min: https://kci.pangea.pub/job/bionic_unstable_amarok/186/ [00:46] -kubuntu-ci:#kubuntu-devel- Project cosmic_unstable_discover build #110: STILL FAILING in 51 min: https://kci.pangea.pub/job/cosmic_unstable_discover/110/ [00:46] -kubuntu-ci:#kubuntu-devel- Project bionic_unstable_plasma-mycroft build #187: STILL UNSTABLE in 1 hr 0 min: https://kci.pangea.pub/job/bionic_unstable_plasma-mycroft/187/ [00:46] -kubuntu-ci:#kubuntu-devel- Project bionic_unstable_kdeconnect-kde build #244: STILL UNSTABLE in 1 hr 0 min: https://kci.pangea.pub/job/bionic_unstable_kdeconnect-kde/244/ [00:46] -kubuntu-ci:#kubuntu-devel- Project cosmic_unstable_k3b build #98: STILL UNSTABLE in 52 min: https://kci.pangea.pub/job/cosmic_unstable_k3b/98/ [00:51] -kubuntu-ci:#kubuntu-devel- Project bionic_unstable_libqapt build #117: FAILURE in 4 min 45 sec: https://kci.pangea.pub/job/bionic_unstable_libqapt/117/ [00:59] -kubuntu-ci:#kubuntu-devel- Project bionic_unstable_labplot build #205: STILL UNSTABLE in 1 hr 14 min: https://kci.pangea.pub/job/bionic_unstable_labplot/205/ [00:59] -kubuntu-ci:#kubuntu-devel- Project cosmic_unstable_labplot build #98: STILL UNSTABLE in 1 hr 14 min: https://kci.pangea.pub/job/cosmic_unstable_labplot/98/ [01:00] -kubuntu-ci:#kubuntu-devel- Project cosmic_unstable_marble build #46: STILL UNSTABLE in 1 hr 4 min: https://kci.pangea.pub/job/cosmic_unstable_marble/46/ [01:02] -kubuntu-ci:#kubuntu-devel- Project cosmic_stable_kdepim-runtime build #34: STILL FAILING in 3 min 51 sec: https://kci.pangea.pub/job/cosmic_stable_kdepim-runtime/34/ [01:10] -kubuntu-ci:#kubuntu-devel- Project bionic_unstable_plasma-workspace build #262: STILL FAILING in 24 min: https://kci.pangea.pub/job/bionic_unstable_plasma-workspace/262/ [01:21] -kubuntu-ci:#kubuntu-devel- Project bionic_unstable_kphotoalbum build #185: STILL UNSTABLE in 22 min: https://kci.pangea.pub/job/bionic_unstable_kphotoalbum/185/ [01:22] -kubuntu-ci:#kubuntu-devel- Project cosmic_unstable_akonadi build #77: STILL FAILING in 1 hr 1 min: https://kci.pangea.pub/job/cosmic_unstable_akonadi/77/ [02:06] -kubuntu-ci:#kubuntu-devel- Project cosmic_unstable_syntax-highlighting build #88: STILL UNSTABLE in 22 min: https://kci.pangea.pub/job/cosmic_unstable_syntax-highlighting/88/ [02:17] -kubuntu-ci:#kubuntu-devel- Project bionic_unstable_breeze build #203: STILL UNSTABLE in 21 min: https://kci.pangea.pub/job/bionic_unstable_breeze/203/ [02:17] -kubuntu-ci:#kubuntu-devel- Project bionic_unstable_baloo build #135: STILL UNSTABLE in 22 min: https://kci.pangea.pub/job/bionic_unstable_baloo/135/ [02:17] -kubuntu-ci:#kubuntu-devel- Project cosmic_unstable_baloo build #70: STILL UNSTABLE in 34 min: https://kci.pangea.pub/job/cosmic_unstable_baloo/70/ [03:05] -kubuntu-ci:#kubuntu-devel- Project cosmic_unstable_phonon build #34: STILL UNSTABLE in 17 min: https://kci.pangea.pub/job/cosmic_unstable_phonon/34/ [03:55] -kubuntu-ci:#kubuntu-devel- Project bionic_unstable_syntax-highlighting build #188: STILL UNSTABLE in 21 min: https://kci.pangea.pub/job/bionic_unstable_syntax-highlighting/188/ [04:04] -kubuntu-ci:#kubuntu-devel- Project cosmic_unstable_kwindowsystem build #58: STILL UNSTABLE in 19 min: https://kci.pangea.pub/job/cosmic_unstable_kwindowsystem/58/ [04:24] -kubuntu-ci:#kubuntu-devel- Project cosmic_stable_pim-data-exporter build #63: STILL FAILING in 2 min 43 sec: https://kci.pangea.pub/job/cosmic_stable_pim-data-exporter/63/ [05:16] -kubuntu-ci:#kubuntu-devel- Project cosmic_unstable_messagelib build #61: STILL FAILING in 26 min: https://kci.pangea.pub/job/cosmic_unstable_messagelib/61/ [05:23] -kubuntu-ci:#kubuntu-devel- Project bionic_stable_akonadi-contacts build #154: STILL UNSTABLE in 16 min: https://kci.pangea.pub/job/bionic_stable_akonadi-contacts/154/ [06:48] -kubuntu-ci:#kubuntu-devel- Project bionic_unstable_kwindowsystem build #191: STILL UNSTABLE in 22 min: https://kci.pangea.pub/job/bionic_unstable_kwindowsystem/191/ [07:21] -kubuntu-ci:#kubuntu-devel- Project mgmt_tooling build #211: STILL FAILING in 4 min 46 sec: https://kci.pangea.pub/job/mgmt_tooling/211/ [07:21] -kubuntu-ci:#kubuntu-devel- Failed tests: [07:21] -kubuntu-ci:#kubuntu-devel- PangeaDPutTest.test_run: https://kci.pangea.pub/job/mgmt_tooling/211/testReport/junit/junit/(root)/PangeaDPutTest/test_run [07:21] -kubuntu-ci:#kubuntu-devel- KCIBuilderTest.test_puts_log: https://kci.pangea.pub/job/mgmt_tooling/211/testReport/junit/junit/(root)/KCIBuilderTest/test_puts_log [08:04] -kubuntu-ci:#kubuntu-devel- Project cosmic_unstable_akonadi-contacts build #43: STILL UNSTABLE in 19 min: https://kci.pangea.pub/job/cosmic_unstable_akonadi-contacts/43/ [08:19] -kubuntu-ci:#kubuntu-devel- Project xenial_stable_plasma-desktop build #180: STILL FAILING in 33 sec: https://kci.pangea.pub/job/xenial_stable_plasma-desktop/180/ [08:20] -kubuntu-ci:#kubuntu-devel- Project xenial_unstable_plasma-desktop build #369: STILL FAILING in 1 min 11 sec: https://kci.pangea.pub/job/xenial_unstable_plasma-desktop/369/ [09:57] -kubuntu-ci:#kubuntu-devel- Project xenial_stable_discover build #179: STILL FAILING in 34 sec: https://kci.pangea.pub/job/xenial_stable_discover/179/ [09:57] -kubuntu-ci:#kubuntu-devel- Project xenial_unstable_discover build #389: STILL FAILING in 34 sec: https://kci.pangea.pub/job/xenial_unstable_discover/389/ [10:06] Howdy folks [10:34] -kubuntu-ci:#kubuntu-devel- Project bionic_unstable_discover build #256: STILL FAILING in 37 min: https://kci.pangea.pub/job/bionic_unstable_discover/256/ [10:41] -kubuntu-ci:#kubuntu-devel- Project cosmic_unstable_discover build #111: STILL FAILING in 44 min: https://kci.pangea.pub/job/cosmic_unstable_discover/111/ [11:49] -kubuntu-ci:#kubuntu-devel- Project mgmt_docker » linode-01 build #2470: SUCCESS in 1 min 16 sec: https://kci.pangea.pub/job/mgmt_docker/label=linode-01/2470/ [11:49] -kubuntu-ci:#kubuntu-devel- Project mgmt_docker » master build #2470: SUCCESS in 1 min 20 sec: https://kci.pangea.pub/job/mgmt_docker/label=master/2470/ [11:52] -kubuntu-ci:#kubuntu-devel- Project mgmt_docker » swy-01 build #2470: SUCCESS in 4 min 24 sec: https://kci.pangea.pub/job/mgmt_docker/label=swy-01/2470/ [12:14] -kubuntu-ci:#kubuntu-devel- Starting build #185 for job mgmt_pause_integration (previous build: ABORTED) [12:15] -kubuntu-ci:#kubuntu-devel- Project mgmt_pause_integration build #185: ABORTED in 1 min 8 sec: https://kci.pangea.pub/job/mgmt_pause_integration/185/ === himcesjf_ is now known as him-cesjf [12:58] -kubuntu-ci:#kubuntu-devel- Starting build #186 for job mgmt_pause_integration (previous build: ABORTED) [13:10] I saw a call for testers for a CVE against Okular? [13:13] 'Morning mparillo, ...CVE? [13:17] Good morning BluesKaj. https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures The way I understand it Okular can (with a malicious file) open arbitrary files outside the intended directory. [13:17] https://bugs.kde.org/show_bug.cgi?id=398096 [13:17] KDE bug 398096 in general "Especially crafted Okular archives may lead to an arbitrary file creation on the user workstation" [Major,Resolved: fixed] [13:18] ahh, ok [13:24] The way I read it, it is fixed in 18.08.1. The package in CC is 18.04.3 (But Help About shows version 1.4.3). [13:25] mparillo: Please do test the POC on as many releases as you can :) [13:26] wxl: If you still have 14.04 systems, testing would be appreciated ^ [14:02] In a CC VM, I cannot even open the file attached to kde bug 398096. I get Could not open file://home/mparillo/Downloads/pocFileCreation.okular Am I doing something wrong? [14:02] KDE bug 398096 in general "Especially crafted Okular archives may lead to an arbitrary file creation on the user workstation" [Major,Resolved: fixed] http://bugs.kde.org/show_bug.cgi?id=398096 [14:05] Also, if I read the bug report, this is only an issue if you run okular as root. I cannot even su - on Kubuntu (maybe I never could, but this is the first time I ever tried on Kubuntu). [14:05] I should have guessed. sudo su - works. [14:08] won't open here either [14:12] OK, on CC, if I sudo su - then run okular from the command line as root (what kind of idiot does that?), then I can open the file and I see the Hello World in the PDF. But I do not see the payloadXXXXXX.pdf in /root [14:13] mparillo: if you are some numpty pretending to be a hacker with kali? [14:14] lol @ "I have contacts in neon" [14:14] I am enough of a newbie to have never in my life (until today) sudo su - in Kubuntu. [14:16] @Santa, given that the 2 main neon devs are in this channel on IRC..... ;) [14:17] we have contacts in neon then :) [14:17] btw I'm inspecting the libkcddb... [14:19] @acheronuk ok, I think the last thing I'm going to try is to set the XDG env var, if that doesn't work I see no other option than disabling the failing network tests [14:20] @acheronuk, I slightly overstated it but still :) [14:20] XD [14:22] @Santa, sounds like tellico. after multiple tries, doko reached a ubuntu5 in the end nuking all the networks tests! [14:23] I think we also have a similar case in a fw package [14:23] iirc I had to void a "ktcpsockettest" or something like that [14:31] acheronuk: tsimonq2: Same behaviour on 18.04. Okular could not even open the proof-of-concept file from dolphin running as mparillo (Maybe some of the hate against disallowing running dolphin as root was unwarranted). [14:32] When I open a konsole, and sudo su - and then okular, I can open the file and see the Hello World, but nothing is written to /root. === himcesjf_ is now known as him-cesjf [14:42] Whoops. It is more complicated that that. Actually, payloadXXXXX.pdf is written to /root. It is just cleaned up when root exits okular. I did not notice it when I invoked okular from the command line because (1) It ties up the shell prompt and (2) I was not running dolphin as root. But if I open two tabs in konsole, and sudo su - in both, I can see that payload is actually written to /root while Okular is running. It is just [14:42] cleaned up on exit. Sorry. Still, I think this is an edge case for the normal kubuntu user. [14:45] -kubuntu-ci:#kubuntu-devel- Project mgmt_docker » linode-01 build #2471: SUCCESS in 55 sec: https://kci.pangea.pub/job/mgmt_docker/label=linode-01/2471/ [14:46] -kubuntu-ci:#kubuntu-devel- Project mgmt_docker » master build #2471: SUCCESS in 1 min 18 sec: https://kci.pangea.pub/job/mgmt_docker/label=master/2471/ [14:49] -kubuntu-ci:#kubuntu-devel- Project mgmt_docker » swy-01 build #2471: SUCCESS in 4 min 18 sec: https://kci.pangea.pub/job/mgmt_docker/label=swy-01/2471/ [15:24] this does seem to be a fairly absurd CVE, but as long as we can verify the fix I guess we apply it and just ***shrug*** [15:26] -kubuntu-ci:#kubuntu-devel- Project mgmt_pause_integration build #186: ABORTED in 2 hr 27 min: https://kci.pangea.pub/job/mgmt_pause_integration/186/ [15:47] I say edge case; you say absurd. ;-) [16:49] @tsimonq2: i assume when you say you want the POC tested, you mean you want to see if the fix fixes it? [16:50] @HMollerCl please file a bug against lubuntu-artwork regarding that PulseAudio icon [16:53] wxl: HMollerCl isn't in here AFAIK [16:54] aw oops [16:54] * wxl drinks more tea, quicker [23:02] -kubuntu-ci:#kubuntu-devel- Project merger_kexi build #486: STILL FAILING in 1 min 23 sec: https://kci.pangea.pub/job/merger_kexi/486/ [23:03] -kubuntu-ci:#kubuntu-devel- Project mgmt_merger build #1183: STILL UNSTABLE in 3 min 36 sec: https://kci.pangea.pub/job/mgmt_merger/1183/ [23:03] -kubuntu-ci:#kubuntu-devel- Project mgmt_progenitor build #1161: STILL UNSTABLE in 3 min 38 sec: https://kci.pangea.pub/job/mgmt_progenitor/1161/ [23:07] -kubuntu-ci:#kubuntu-devel- Project bionic_unstable_krita build #247: STILL FAILING in 2 min 39 sec: https://kci.pangea.pub/job/bionic_unstable_krita/247/ [23:08] -kubuntu-ci:#kubuntu-devel- Project cosmic_unstable_kwin build #105: STILL FAILING in 3 min 26 sec: https://kci.pangea.pub/job/cosmic_unstable_kwin/105/ [23:24] -kubuntu-ci:#kubuntu-devel- Project bionic_unstable_kitinerary build #120: STILL FAILING in 19 min: https://kci.pangea.pub/job/bionic_unstable_kitinerary/120/ [23:27] -kubuntu-ci:#kubuntu-devel- Project cosmic_unstable_krita build #103: STILL FAILING in 21 min: https://kci.pangea.pub/job/cosmic_unstable_krita/103/ [23:50] -kubuntu-ci:#kubuntu-devel- Project bionic_stable_kitinerary build #12: STILL UNSTABLE in 46 min: https://kci.pangea.pub/job/bionic_stable_kitinerary/12/ [23:53] -kubuntu-ci:#kubuntu-devel- Project bionic_stable_krita build #172: STILL FAILING in 2 min 44 sec: https://kci.pangea.pub/job/bionic_stable_krita/172/