Hi everyone, below you will find the updates from the Desktop team from the last week. If you’re interested in discussing a topic please start a thread in the Desktop area of Discourse.
We also have our weekly meeting on IRC. We meet on Tuesday at 13:30 UTC in #ubuntu-desktop on Freenode. There will be an “Any Other Business” section at the end where you are welcome to raise topics. These topics might be discussed during the meeting, or afterwards depending on the time, depth of conversation, topic and so on.
Last week’s notes are here: Desktop Team Updates - Monday 16th November 2020
Pulse Audio snap policy module security vulnerability:
- The fix for a security vulnerability in the Ubuntu pulseaudio package was published this week: USN-4640-1.
- When using a non-default PA client library, it was possible for a snap application to not be detected as such. That would then allow the snap to perform actions it would otherwise be restricted from doing, such as recording audio (if it hadn’t plugged
audio-record) and loading modules.
x-d-p PR #443 was merged, improving the metadata x-d-p detects for snap confined applications.
- I opened x-d-p PR #549, fixing bug #545 which prevented
OpenURI.OpenFile from working with document portal paths.
snapd dbus activation support:
snapd PR #8943 (install dbus activation service files) has been merged to master
- The feature is still gated behind the
experimental.user-daemons (for session services, at least) feature flags.
- This is just shy of the second birthday of the original pull request. I think all the actually useful changes from that PR are now in master: I just need to merge master into it and reconcile the conflicts to make sure.