Very weird problem

Changes I've made:

  1. disable automatic updates in Software Updater

  2. disable automatic standby and screen lock

-- reboot --

  1. Zorin Appearance > Interface > Taskbar Settings > Zorin Taskbar > Position > Date Menu > show seconds

  2. Zorin Appearance > Interface > Taskbar Settings > Zorin Taskbar > Behavior > Isolate workspaces, Ungroup Applications

  3. Zorin Appearance > Interface > Taskbar Settings > Zorin Taskbar > Action > disabled 'Use hotkeys to activate apps'

  4. Zorin Appearance > Interface > disabled 'Enable animations'

  5. Settings > Privacy > Connectivity > disabled 'Connectivity checking'

  6. Settings > Privacy > File History & Trash > Disabled 'File History' and cleared history

  7. Settings > Privacy > File History & Trash > enabled 'Automatically Delete Trash Content'

  8. Settings > Privacy > File History & Trash > enabled 'Automatically Delete Temporary Files'

-- reboot --

  1. In Software application, removed:
    AisleRiot Solitaire
    Calendar
    Cheese
    Clocks
    Contacts
    Deja Dup Backup Tool
    Document Scanner
    Evolution
    GNOME Mahjongg
    GNOME Mines
    GNOME Sudoku
    Maps
    Photos
    Quadrapassel
    Remmina
    RhythmBox
    Sound Recorder
    To Do
    Videos
    Weather

  2. Ran Terminal, with command 'sudo apt autoremove'

-- reboot --

  1. Settings > Keyboard Shortcuts > disabled:
    Turn on-screen keyboard on or off
    Turn screen reader on or off
    Turn zoom on or off
    Zoom in
    Zoom out
    Home folder
    Launch terminal
    Hide all normal windows
    Move to workplace above
    Move to workplace below
    Move window one monitor down
    Move window one monitor to the left
    Move window one monitor to the right
    Move window one monitor up
    Move window one workspace down
    Move window one workspace up
    Move window to last workspace
    Move window to workspace 1

Changed 'Switch applications' to Alt+Tab

Disabled:
Switch system controls
Switch system controls directly
Switch to last workspace
Switch to workspace 1
Switch windows directly
Switch windows of an app directly
Switch windows of an application

Changed 'Copy a screenshot of a window to clipboard' to Print

Disabled 'Copy a screenshot of an area to clipboard'

Changed 'Copy a screenshot to clipboard' to Alt+Print

Disabled:
Record a short screencast
Focus the active notification
Lock screen
Log out
Open the application menu
Restore the keyboard shortcuts
Show all applications
Show the activities overview
Show the notification list
Show the overview
Show the run command prompt
Switch to next input source
Switch to previous input source
Activate the window menu

Changed 'Close window' to Ctrl+W

Disabled:
Close window
Hide window
Maximize window
Move window
Resize window
Restore window
Toggle maximization state
View split on left
View split on right

Added a keyboard shortcut:
Reclaim Memory: Super+M: gnome-terminal -- /bin/sh -c 'sudo sync; sleep 3; sudo sysctl -w vm.drop_caches=3; sleep 3; sudo sync; sudo journalctl --rotate; sleep 20; sudo journalctl --vacuum-time=1s; sleep 5'

Added a keyboard shortcut:
Update All: Super+U: gnome-terminal -- /bin/sh -c 'echo Updating; sleep 5; sudo apt update; sudo apt full-upgrade; sudo flatpak update; sudo snap refresh'

-- reboot --

1 Like
  1. Enable Grub menu to show up on every boot:
    In terminal:
    sudo gedit
    Opened /etc/default/grub
    Changed GRUB_TIMEOUT_STYLE=hidden to GRUB_TIMEOUT_STYLE=menu
    Changed GRUB_TIMEOUT=0 to GRUB_TIMEOUT=20
    Changed #GRUB_TERMINAL=console to GRUB_TERMINAL=console
    Changed #GRUB_GFXMODE=640x480 to GRUB_GFXMODE=640x480
    Saved file and exited gedit, then issued command sudo update-grub

-- reboot --

  1. In Software application, installed 'ungoogled-chromium'.

  2. Downloaded SRWare Iron .deb file, in Terminal, issued command: sudo apt install /home/owner/Desktop/iron64.deb

  3. In Terminal, issued commands sudo apt remove firefox, sudo apt remove firefox-locale-en, sudo apt purge firefox, then sudo apt autoremove

  4. Set default browser to SRWare Iron.

  5. Zorin Appearance > Desktop > enabled Home, Trash and Mounted Storage on desktop

-- reboot --

1 Like
  1. Set up ZFS L2ARC cache drive:

Plug in the external drive. In my case, the device shows in the Disks application as /dev/sdb1. You'll need to note the device path for later. In the Disks application, click the '-' button on the drive you want, to erase the partition(s). Then exit the Disks application.

If you don't already have gdisk:

sudo apt install gdisk

In Terminal, type:

sudo gdisk

That starts up a child process. Type ? to see the options available.

We want to type the o option (create a new empty GUID partition table (GPT)), then confirm the action.

Then we want the w option (write table to disk and exit), then confirm the action.

You should see something like:
OK; writing new GUID partition table (GPT) to /dev/sdb1.
Warning: The kernel is still using the old partition table.
The new table will be used at the next reboot or after you run partprobe(8) or kpartx(8)
The operation has completed successfully.

Now we've got a GPT partition table on the drive. Now you'll have to reboot.

Once Zorin OS has booted, open terminal, and type:

sudo gdisk

The child process starts in Terminal. Now type p to print the partition table.

Disk /dev/sdb1: 62330880 sectors, 29.7 GiB
Sector size (logical/physical): 512/512 bytes
Disk identifier (GUID): 168CC26E-54C1-4F9D-98F0-92227F45620B
Partition table holds up to 128 entries
Main partition table begins at sector 2 and ends at sector 33
First usable sector is 34, last usable sector is 62330846
Partitions will be aligned on 2048-sector boundaries
Total free space is 62330813 sectors (29.7 GiB)

Then type v to verify the disk. You should see "No problems found."

Intestingly, if I type sudo gdisk and enter /dev/sda1 (the internal drive), I get:


Found invalid GPT and valid MBR; converting MBR to GPT format
in memory. THIS OPERATION IS POTENTIALLY DESTRUCTIVE! Exit by
typing 'q' if you don't want to convert your MBR partitions
to GPT format!


That's the GPT layout and ZFS file system that the Zorin OS installation created. So ZFS isn't quite ready for prime-time in this OS. Here's hoping the devs have a way of converting the disk to a valid GPT layout without requiring a reinstall.

Anyway, now we want to get the disk ID:

sudo ls -al /dev/disk/by-id
[sudo] password for owner:
total 0
drwxr-xr-x 2 root root 360 Nov 28 18:09 .
drwxr-xr-x 8 root root 160 Nov 28 18:09 ..
lrwxrwxrwx 1 root root 9 Nov 28 18:09 ata-TOSHIBA_MK6475GSX_X1JGT6RIT -> ../../sda
lrwxrwxrwx 1 root root 10 Nov 28 18:10 ata-TOSHIBA_MK6475GSX_X1JGT6RIT-part1 -> ../../sda1
lrwxrwxrwx 1 root root 10 Nov 28 18:09 ata-TOSHIBA_MK6475GSX_X1JGT6RIT-part2 -> ../../sda2
lrwxrwxrwx 1 root root 10 Nov 28 18:09 ata-TOSHIBA_MK6475GSX_X1JGT6RIT-part5 -> ../../sda5
lrwxrwxrwx 1 root root 10 Nov 28 18:09 ata-TOSHIBA_MK6475GSX_X1JGT6RIT-part6 -> ../../sda6
lrwxrwxrwx 1 root root 10 Nov 28 18:10 ata-TOSHIBA_MK6475GSX_X1JGT6RIT-part7 -> ../../sda7
lrwxrwxrwx 1 root root 9 Nov 28 18:09 ata-TSSTcorp_DVD+_-RW_SN-208BB_R8KL6GIB946979 -> ../../sr0
lrwxrwxrwx 1 root root 9 Nov 28 18:09 usb-Generic-_Multi-Card_20090516388200000-0:0 -> ../../sdb
lrwxrwxrwx 1 root root 10 Nov 28 18:09 usb-Generic-_Multi-Card_20090516388200000-0:0-part1 -> ../../sdb1
lrwxrwxrwx 1 root root 10 Nov 28 18:09 usb-Generic-_Multi-Card_20090516388200000-0:0-part9 -> ../../sdb9
lrwxrwxrwx 1 root root 9 Nov 28 18:09 wwn-0x50000393917859cb -> ../../sda
lrwxrwxrwx 1 root root 10 Nov 28 18:10 wwn-0x50000393917859cb-part1 -> ../../sda1
lrwxrwxrwx 1 root root 10 Nov 28 18:09 wwn-0x50000393917859cb-part2 -> ../../sda2
lrwxrwxrwx 1 root root 10 Nov 28 18:09 wwn-0x50000393917859cb-part5 -> ../../sda5
lrwxrwxrwx 1 root root 10 Nov 28 18:09 wwn-0x50000393917859cb-part6 -> ../../sda6
lrwxrwxrwx 1 root root 10 Nov 28 18:10 wwn-0x50000393917859cb-part7 -> ../../sda7

So my target disk ID is usb-Generic-_Multi-Card_20090516388200000-0:0-part1

Now we can set up that drive as a cache drive on the rpool:

sudo zpool add rpool cache usb-Generic-_Multi-Card_20090516388200000-0:0-part1

And finally, we check the status:

sudo zpool status
pool: bpool
state: ONLINE
scan: scrub repaired 0B in 0 days 00:00:12 with 0 errors on Mon Nov 28 17:11:55 2022
config:

NAME           STATE     READ WRITE CKSUM
bpool          ONLINE       0     0     0
  ed10adf2-06  ONLINE       0     0     0

errors: No known data errors

pool: rpool
state: ONLINE
scan: scrub repaired 0B in 0 days 00:02:35 with 0 errors on Mon Nov 28 17:14:29 2022
config:

NAME                                                   STATE     READ WRITE CKSUM
rpool                                                  ONLINE       0     0     0
  ed10adf2-07                                          ONLINE       0     0     0
cache
  usb-Generic-_Multi-Card_20090516388200000-0:0-part1  ONLINE       0     0     0

errors: No known data errors

Issued Terminal commands:
sudo zpool scrub bpool
sudo zpool scrub rpool

-- reboot --

1 Like
  1. Software Updater > Security updates > Zorin OS base > ZFS SYStem integration (3.6 MB) update.
    Changes for zsys versions:
    Installed version: 0.4.8
    Available version: 0.4.8ubuntu0.1
  • No-change rebuild due to golang-1.13 update

-- reboot --

  1. Sofware Updater > Security updates > Zorin OS base > Change and administer password and group data (799 kB)
    Changes for passwd versions:
    Installed version: 1:4.8.1-1ubuntu5.20.04.2
    Available version: 1:4.8.1-1ubuntu5.20.04.4
  • SECURITY REGRESSION: useradd command does not copy all o /etc/skel (LP: #1998169)
  • debian/patches/CVE-2013-4235-pre1.patch: removed
  • debian/patches/CVE-2013-4235-pre2.patch: removed
  • debian/patches/CVE-2013-4235-1.patch: removed
  • debian/patches/CVE-2013-4235-2.patch: removed
  • debian/patches/CVE-2013-4235-3.patch: removed
  • debian/patches/CVE-2013-4235-4.patch: removed
  • debian/patches/CVE-2013-4235-5.patch: removed
  • debian/patches/CVE-2013-4235-6.patch: removed
  • debian/patches/CVE-2013-4235-7.patch: removed
  • debian/patches/CVE-2013-4235-post1.patch: removed
  • debian/patches/CVE-2013-4235-post2.patch: removed
  • debian/patches/CVE-2013-4235-post3.patch: removed

-- reboot --

1 Like
  1. Settings > Network > Firewall configuration > Enable Firewall

  2. Software Updater > Security updates > Zorin OS base > Command line tool for transferring data with URL syntax (162 kB)
    Changes for curl versions:
    Installed version: 7.68.0-1ubuntu2.13
    Available version: 7.68.0-1ubuntu2.14

  • SECURITY UPDATE: POST following PUT confusion
  • debian/patches/CVE-2022-32221.patch: when POST is set, reset the 'upload' field in lib/setopt.c.
  • CVE-2022-32221

-- reboot --

  1. Software Updater > Security updates > Zorin OS base > Common files used by various X servers (27 kB)
    Changes for xserver-common versions:
    Installed version: 2:1.20.13-1ubuntu1~20.04.3
    Available version: 2:1.20.13-1ubuntu1~20.04.4
  • SECURITY UPDATE: GetCountedString Buffer Overflow
  • debian/patches/CVE-2022-3550.patch: add a check for client -> req_len size for _GetCountedString in xkb/xkb.c.
  • CVE-2022-3550
  • SECURITY UPDATE: ProcXkbGetKbdByName Memory Lead
  • debian/patches/CVE-2022-3551.patch: add calls to free allocated memory if the execution reaches failures in ProcXkbGetKbdByName in xkb/xkb.c.
  • CVE-2022-3551

-- reboot --

NOTE: The last update installed caused the machine to stall on the shutdown toward reboot. No error messages, and the machine booted normally after power cycling.

-- reboot --

The machine rebooted normally.

  1. Software Updater > Security updates > Zorin OS base > Complete Generic Linux kernel and headers (2 kB)
    Changes for linux-generic-hwe-20.04 versions:
    Installed version: 5.15.0.52.58~20.04.20
    Available version: 5.15.0.53.59~20.04.21
  • Bump ABI 5.15.0-53.59~20.04
  • build backport-lwllwifi-dkms as linux-modules/lwlwifi-ABI (LP: #1969434)
  • [Packaging] hwe-5.15: support standalone dksm module builds
  • [Packaging] hwe-5.15: skip standalone dksm modules for virtual flavour

-- reboot --

  1. Software Updater > Security updates > Zorin OS base > Easy-to-use client-side URL transfer library (GnuTLS flavour) (233 kB)
    Changes for libcurl3-gnutls versions:
    Installed version: 7.68.0-1ubuntu2.13
    Available version: 7.68.0-1ubuntu2.14
  • SECURITY UPDATE: POST following PUT confusion
  • debian/patches/CVE-2022-32221.patch: when POST is set, reset the 'upload' field in lib/setopt.c.
  • CVE-2022-32221

-- reboot --

  1. Software Updater > Security updates > Zorin OS base > Free Lossless Audio Coded - runtime C library (104 kB)
    Changes for libflac8 versions:
    Installed version: 1.3.3-1build1
    Available version: 1.3.3-1ubuntu0.1
  • SECURITY UPDATE: out of bounds read in bitreader.c
  • debian/patches/CVE-2020-0499.patch: fix out-of-bounds read (libFLAC/bitreader.c).
    -CVE-2020-0499
  • SECURITY UPDATE: out of bounds write in stream_encoder.c
  • debian/patches/CVE-2021-0561.patch: exit at EOS in verify mode (libFLAC)
  • CVE-2021-0561

-- reboot --

  1. Software Updater > Security updates > Zorin OS base > Free Remote Desktop Protocol library (core library)
    Changes for libfreerdp2-2 versions:
    Installed version: 2.2.0+dfsg1-0ubuntu0.20.04.3
    Available version: 2.2.0+dfsg1-0ubuntu0.20.04.4
  • SECURITY UPDATE: out of bounds read via parallel driver
  • debian/patches/CVE-2022-39282.patch: fix length checks in parallel driver in channels/parallel/client/parallel_main.c.
  • CVE-2022-39282
  • SECURITY UPDATE: out of bounds read via video channel
  • debian/patches/CVE-2022-39283.patch: fixed missing length check in video channel in channels/video/client/video_main.c.
  • CVE-2022-39283
  • SECURITY UPDATE: out of bounds reads in ZGFX decoder component
  • debian/patches/CVE-2022-39316_7.patch: added missing length checks in zgfx_decompress_segment in libfreerdp/codec/zgfx.c.
  • CVE-2022-39316
  • CVE-2022-39317
  • SECURITY UPDATE: missing input validation in urbdrc
  • debian/patches/CVE-2022-39318.patch: fixed division by zero in urbdrc in channels/urbdrc/client/libusb/libusb_udevice.c.
  • CVE-2022-39318
  • SECURITY UPDATE: missing input length validation in urbdrc
  • debian/patches/CVE-2022-39319-1.patch: fixed missing input buffer length check in urbdrc in channels/urbdrc/client/data_transfer.c.
  • debian/patches/CVE-2022-39319-2.patch: added missing length check in urb_control_transfer in channels/urbdrc/client/data_transfer.c.
  • CVE-2022-39319
  • SECURITY UPDATE: out of bounds read in usb
  • debian/patches/CVE-2022/39320.patch: ensure urb_create_iocompletion uses size_t for calculation in channels/urbdrc/client/data_transfer.c.
  • CVE-2022-39320
  • SECURITY UPDATE: missing path canonicalization and base path check for drive channel
  • debian/patches/CVE-2022-39347-1.patch: added function _wcsncmp in winpr/include/winpr/string.h, winpr/libwinpr/crt/string.c.
  • debian/patches/CVE-2022-39347-2.patch: fix wcscmp and wcslen checks in winpr/libwinpr/crt/string.c.
  • debian/patches/CVE-2022-39347-3.patch: added wcsstr implementation in winpr/include/winpr/string.h, winpr/libwinpr/crt/string.c.
  • debian/patches/CVE-2022-39347-4.patch: fixed path validation in drive channel in channels/drive/client/drive_file.c., channels/drive/client/drive_file.h, channels/drive/client/drive_main.c.
  • CVE-2022-39347

-- reboot --

1 Like
  1. Software Updater > Security updates > Zorin OS base > JavaScript engine library from WebKitGTK
    Changes for libjavascriptcoregtk-4.0-18 versions:
    Installed version: 2.36.8-0ubuntu0.20.04.1
    Available version: 2.38.2-0ubuntu0.20.04.1
  • Updated to 2.38.2 to fix security issues.
  • debian/patches/*.patch: sync from lunar package.
  • debian/control, debian/rules: use bundled docs since gi-docgen is not available in focal.
  • debian/libwebkit2gtk-4.0-37.symbols: updated for new version.
  • CVE-2022-32888, CVE-2022-32923, CVE-2022-42799, CVE-2022-42823, CVE-2022-42824

-- reboot --

  1. Software Updater > Security updates > Zorin OS base > JavaScript engine library from WebKitGTK - GObject introspection data
    Changes for gir1.2-javascriptcoregtk-4.0 versions:
    Installed version: 2.36.8-0ubuntu0.20.04.1
    Available version: 2.38.2-0ubuntu0.20.04.1
  • Updated to 2.38.2 to fix security issues.
  • debian/patches/*.patch: sync from lunar package
  • debian/control, debian/rules: use bundled docs since gi-docgen is not available in focal.
  • debian/libwebkit2gtk-4.0-37.symbols: updated for new version.
  • CVE-2022-32888, CVE-2022-32923, CVE-2022-42799, CVE-2022-42823, CVE-2022-42824

-- reboot --

  1. Software Updater > Security updates > Zorin OS base > JBIGkit libraries
    Changes for libjbig0 versions:
    Installed version: 2.1-3.1build1
    Available version: 2.1-3.1ubuntu0.20.04.1
  • SECURITY UPDATE: abort when memory allocations fail in jbig.c
  • debian/patches/CVE-2017-9937-1.patch: set maximum decoded image size to 2GB.
  • debian/patches/CVE-2017-9937-2.patch: check for end-of-file within MARKER_NEWLEN (jbg_newlen()).
  • CVE-2017-9937

-- reboot --

  1. Software Updater > Security updates > Zorin OS base > Nested X server
    Changes for xserver-xephyr versions:
    Installed version: 2:1.20.13-1ubuntu1~20.04.3
    Available version: 2:1.20.13-1ubuntu1~20.04.04
  • SECURITY UPDATE: GetCountedString Buffer Overflow
  • debian/patches/CVE-2022-3550.patch: add a check for client -> req_len size for _GetCountedString in xkb/xkb.c.
  • CVE-2022-3550
  • SECURITY UPDATE: ProcXkbGetKbdByName Memory Leak
  • debian/patches/CVE-2022-3551.patch: add calls to free allocated memory if the execution reaches failures in ProcXkbGetKbdByName in xkb/xkb.c.
  • CVE-2022-3551

-- reboot --

  1. Software Updater > Security updates > Zorin OS base > Pixel-manipulation library for X and cairo
    Changes for libpixman-1-0 versions:
    Installed version: 0.38.4-0ubuntu1
    Available version: 0.38.4-0ubuntu2.1
  • SECURITY UPDATE: OOB write in rasterize_edges_8
  • debian/patches/CVE-2022/44638.patch: avoid integer overflow leading to out-of-bounds write in pixman/pixman-trap.c.
  • CVE-2022-44638

-- reboot --

  1. Software Updater > Security updates > Zorin OS base > Raw image decoder library
    Changes for libraw19 versions:
    Installed version: 0.19.5-1ubuntu1
    Available version: 0.19.5-1ubuntu1.1
  • SECURITY UPDATE: missing thumbnail size range checks
  • debian/patches/CVE-2020-15503.patch: add checks to libraw/libraw_const.h, src/libraw_cxx.cpp.
  • CVE-2020-15503
  • SECURITY UPDATE: out-of-bounds write via X3F file
  • debian/patches/CVE-2020-35530.patch: check huffman tree size in internal/libraw_x3f.cpp.
  • CVE-2020-35530
  • SECURITY UPDATE: out-of-bounds read in get_huffman_diff()
  • debian/patches/CVE-2020-35531.patch: check for data offset limit in internal/libraw_x3f.cpp.
  • CVE-2020-35531
  • SECURITY UPDATE: out-of-bounds read via a large row_stride field
  • debian/patches/CVE-2020-35532.patch: check for data offset limit in internal/libraw_x3f.cpp.
  • CVE-2020-35532
  • SECURITY UPDATE: out-of-bounds read in adobe_copy_pixel()
  • debian/patches/CVE-2020-35533.patch: more room for ljpeg row in dcraw/dcraw.c.
  • CVE-2020-35533

-- reboot --

The WiFi connection glitched after this reboot. It wouldn't connect.

-- reboot --

The WiFi connection glitched again. I had to forget the connection, and reconnect.

-- reboot --

The WiFi connection glitched again. I set it back to the settings it originally had:
Details > Make available to other users
Identity > Only SSID field filled
IPv6 > Automatic

-- reboot --

1 Like

The WiFi connection is working properly again. I'll fiddle with it more when I get all the updates installed.

  1. Software Updater > Security updates > Zorin OS base > Read/write NTFS driver for FUSE (388 kB); Read/write NTFS driver for FUSE (runtime library) (150 kB)
    Changes for ntfs-3g and libntfs-3g883 versions:
    Installed version: 1:2017.3.23AR.3-3ubuntu1.2
    Available version: 1:2017.3.23AR.3-3ubuntu1.3
  • SECURITY UPDATE: code execution via incorrect validation of metadata
  • debian/patches/CVE-2022-40284-1.patch: rejected zero-sized runs in libntfs-3g/runlist.c.
  • debian/patches/CVE-2022-40284-2.patch: avoided merging runlists with no runs in libntfs-3g/runlist.c.
  • CVE-2022-40284

-- reboot --

  1. Software Updater > Security updates > Zorin OS base > Setuid root Xorg server wrapper (33 kB); Xorg X server - core server (1.3 MB); Xwayland X server (869 kB)
    Changes for xserver-xorg-legacy versions:
    Installed version: 2:1.20.13-1ubuntu1~20.04.3
    Available version: 2:1.20.13-1ubuntu1~20.04.4
  • SECURITY UPDATE: GetCountedString Buffer Overflow
  • debian/patches/CVE-2022-3550.patch: add a check for client -> req_len size for _GetCountedString in xkb/xkb.c.
  • CVE-2022-3550
  • SECURITY UPDATE: ProcXkbGetKbdByName Memory Leak
  • debian/patches/CVE-2022-3551.patch: add calls to free allocated memory if the execution reaches failure in ProcXkbGetKbdByName in xkb/xkb.c.
  • CVE-2022-3551

-- reboot --

  1. Software Updater > Security updates > Zorin OS base > Simple interprocess messaging system (daemon and utilities) (152 kB); Simple interprocess messaging system (library) (180 kB); Simple interprocess messaging system (systemd --user integration) (10 kB); Simple interprocess messaging system (X11 deps) (23 kB)
    Changes for dbus versions:
    Installed version: 1.12.16-2ubuntu2.2
    Available version: 1.12.16-2ubuntu2.3
  • SECURITY UPDATE: Assertion failure in dbus-marshal-validate
  • debian/patches/CVE-2022-42010.patch: Check brackets in signature nest correctly.
  • CVE-2022-42010
  • SECURITY UPDATE: Out-of-bound access in dbus-marshal-validate
  • debian/patches/CVE-2022-42011.patch: Validate length of arrays of fixed-length items
  • CVE-2022-42011
  • SECURITY UPDATE: Out-of-bound access in dbus access in dbus-marshal-byteswap
  • debian/patches/CVE-2022-42012.patch: Byte-swap Unix fd indexes if needed
  • CVE-2022-42012

-- reboot --

  1. Software Updater > Security updates > Zorin OS base > SQLite 3 shared library (549 kB)
    Changes for libsqlite3-0 versions:
    Installed version: 3.31.1-4ubuntu0.4
    Available version: 3.31.1-4ubuntu0.5
  • SECURITY UPDATE: array-bounds overflow via large string argument
  • debian/patches/CVE-2022-35737.patch: increase the size of loop variables in scr/printf.c.
  • CVE-2022-35737

-- reboot --

  1. Software Updater > Security updates > Zorin OS base > System login tools (221 kB)
    Changes for login versions:
    Installed version: 1:4.8.1-1ubuntu5.20.04.2
    Available version: 1:4.8.1-1ubuntu5.20.04.4
  • SECURITY REGRESSION: useradd command does not copy all of /etc/skel (LP: #1998169)
  • debian/patches/CVE-2013-4235-pre1.patch: removed
  • debian/patches/CVE-2013-4235-pre2.patch: removed
  • debian/patches/CVE-2013-4235-1.patch: removed
  • debian/patches/CVE-2013-4235-2.patch: removed
  • debian/patches/CVE-2013-4235-3.patch: removed
  • debian/patches/CVE-2013-4235-4.patch: removed
  • debian/patches/CVE-2013-4235-5.patch: removed
  • debian/patches/CVE-2013-4235-6.patch: removed
  • debian/patches/CVE-2013-4235-7.patch: removed
  • debian/patches/CVE-2013-4235-post1.patch: removed
  • debian/patches/CVE-2013-4235-post2.patch: removed
  • debian/patches/CVE-2013-4235-post3.patch: removed

-- reboot --

  1. Software Updater > Security updates > Zorin OS base > Tag Image File Format (TIFF) library (163 kB)
    Changes for libtiff5 versions:
    Installed version: 4.1.0+git191117-2ubuntu0.20.04.5
    Available version: 4.1.0+git191117-2ubuntu0.20.04.6
  • SECURITY UPDATE: out-of-bound read/write in tiffcrop
  • debian/patches/CVE-2022-2867_2868_2869.patch: Fix heap-buffer-overflow by correcting uint32_t underflow
  • CVE-2022-2867
  • CVE-2022-2868
  • CVE-2022-2869
  • SECURITY UPDATE: heap-based buffer overflow
  • debian/patches/CVE-2022-3570_3598.patch: Increases buffer sizes for subroutines in tools/tiffcrop.c.
  • CVE-2022-3570
  • CVE-2022-3598
  • SECURITY UPDATE: out-of-bound write in tiffcrop
  • debian/patches/CVE-2022-3599.patch: Revised handling of TIFFTAG_INKNAMES and related TIFFTAG_NUMBEROFINKS value
  • CVE-2022-3599
  • SECURITY UPDATE: stack overflow in _TIFFVGetField
  • debian/patches/CVE-2022-34526.patch: Add _TIFFCheckFieldIsValidForCodec() return FALSE when passed a codec-specific tag and the codec is not configured
  • CVE-2022-34526

-- reboot --

  1. Software Updater > Security updates > Zorin OS base > Time zone and daylight-saving time data (286 kB)
    Changes for tzdata versions:
    Installed version: 2022e-0ubuntu0.20.04.0
    Available version: 2022f-0ubuntu0.20.04.1
  • Update ICU data to 2022f (LP: #1995601)

-- reboot --

  1. Software Updater > Security updates > Zorin OS base > Windows Portable Runtime library (1.0 MB)
    Changes for libwinpr2-2 versions:
    Installed version: 2.2.0+dfsg1-0ubuntu0.20.04.3
    Available version: 2.2.0+dfsg1-0ubuntu0.20.04.4
  • SECURITY UPDATE: out of bounds read via parallel driver
  • debian/patches/CVE-2022-39282.patch: fix length checks in parallel driver in channels/parallel/client/parallel_main.c.
  • CVE-2022-39282
  • SECURITY UPDATE: out of bounds read via video channel
  • debian/patches/CVE-2022-39283.patch: fixed missing length check in video channel in channels/video/client/video_main.c.
  • CVE-2022-39283
  • SECURITY UPDATE: out of bounds reads in ZGFX decoder component
  • debian/patches/CVE-2022-39316_7.patch: added missing length checks in zgfx_decompress_segment in libfreerdp/codec/zgfx.c.
  • CVE-2022-39316
  • CVE-2022-39317
  • SECURITY UPDATE: missing input validation in urbdrc
  • debian/patches/CVE-2022-39318.patch: fixed division by zero in urbdrc in channels/urbdrc/client/libusb/libusb_udevice.c.
  • CVE-2022-39318
  • SECURITY UPDATE: missing input length validation in urbdrc
  • debian/patches/CVE-2022-39319-1.patch: fixed missing input buffer length check in urbdrc in channels/urbdrc/client/data_transfer.c.
  • debian/patches/CVE-2022-39319-2.patch: added missing length check in urb_control_transfer in channels/urbdrc/client/data_transfer.c.
  • CVE-2022-39319
  • SECURITY UPDATE: out of bounds read in usb
  • debian/patches/CVE-2022-39320.patch: ensure urb_create_iocompletion uses size_t for calculation in channels/urbdrc/client/data_transfer.c.
  • CVE-2022-39320
  • SECURITY UPDATE: missing path canonicalization and base path check for drive channel
  • debian/patches/CVE-2022-39347-1.patch: added function_wcsncmp in winpr/include/winpr/string.h, winpr/libwinpr/crt/string.c.
  • debian/patches/CVE-2022-39347-2.patch: fix wcscmp and wcslen checks in winpr/libwinpr/crt/string.c.
  • debian/patches/CVE-2022-39347-3.patch: added wcsstr implementation in winpr/include/winpr/string.h, winpr/libwinpr/crt/string.c.
  • debian/patches/CVE-2022-39347-4.patch: fixed path validation in drive channel in channels/drive/client/drive_file.c, channels/drive/client/drive_file.h, channels/drive/client/drive_main.c.
  • CVE-2022-39347

-- reboot --

1 Like

Okey……. :sweat_smile:

Maybe start with the suggestion @Aravisian has posted ?

1 Like

Thorough and tenacious - Mr Magoo is leaving no stone unturned. :wink:

1 Like

You have earned 'Long post', 'Patient', 'Detailed', 'Writer' and 'Badges combo' badges :grin:.

1 Like
  1. Software Updater > Security updates > Zorin OS base > XML parsing C library - runtime library (75 kB)
    Changes for libexpat1 versions:
    Installed version: 2.2.9-1ubuntu0.4
    Available version: 2.2.9-1ubuntu0.6
  • SECURITY UPDATE: use-after-free
  • debian/patches/CVE-2022-43680-1.patch: adds tests to cover DTD destruction in XML_ExternalEntityParserCreate in expat/tests/runtests.c.
  • debian/patches/CVE-2022-43680-2.patch: fix overeager DTD destruction in XML_ExternalEntityParserCreate in expat/lib/xmlparse.c.
  • CVE-2022-43680

-- reboot --

Software Updater closed on its own as I was deselecting updates so only one was installed.

-- reboot --

Software Updater is working normally again.

  1. Software Updater > Other updates > Zorin OS base > /dev/ and hotplug management daemon (1.4 MB); Libudev shared library (76 kB)
    Changes for udev versions:
    Installed version: 245.4-4ubuntu3.18
    Available version: 245.4-4ubuntu3.19

[ dann frazier ]

  • Add support for the v247 network naming scheme, but keep v245 as default (LP: #1945225)
    Author: dann frazier
    Files:
  • debian/patches/lp1945225/0001-udev-net_id-parse-_SUN-ACPI-index-as-a-signed-intege.patch
  • debian/patches/lp1945225/0002-udev-net-id-don-t-generate-slot-based-names-if-multi.patch
  • debian/patches/lp1945225/0003-net_id-fix-newly-added-naming-scheme-name.patch
  • debian/patches/lp1945225/0004-Add-remaining-supported-schemes-as-options-for-defau.patch
  • debian/rules
    ~ubuntu-core-dev/ubuntu/+source/systemd - [no description]

[ Dimitri John Ledkov ]

-- reboot --

  1. Software Updater > Other updates > Zorin OS base > Firmware for Linux kernel drivers (130.9 MB)
    Changes for linux-firmware versions:
    Installed version: 1.187.33
    Available version: 1.187.35
  • linux-firmware: add sdio firmware for qca9377 wifi module (LP: #1993609)
  • ath10k: add SDIO firmware for QCA9377 WiFi

-- reboot --

  1. Software Updater > Other updates > Zorin OS base > Information about the distributions' releases (data files) (5 kB)
    Changes for distro-info-data versions:
    Installed version: 0.43ubuntu1.10
    Available version: 0.43ubuntu1.11
  • Add Ubuntu 23.04 Lunar Lobster (LP: #1993667)
  1. Enabled Mouse Keys

-- reboot --

  1. Software Updater > Other updates > Zorin OS base > Minimalistic service to synchronize local time with NTP servers (29 kB); Nss module providing dynamic user and group name resolution (96 kB); System and service manager (3.8 MB); System and service manager - PAM module (187 kB); System and service manager - SysV links (11 kB); Systemd utility library (269 kB)

Changes for systemd-timesyncd; libnss-systemd; systemd; libpam-systemd; systemd-sysv; libsystemd0 versions:
Installed version: 245.4-4ubuntu3.18
Available version: 245.4-4ubuntu3.19

[ dann frazier ]

  • Add support for the v247 network naming scheme, but keep v245 as default (LP: #1945225)
    Author: dann frazier
    Files:
  • debian/patches/lp1945225/0001-udev-net_id-parse-_SUN-ACPI-index-as-a-signed-intege.patch
  • debian/patches/lp1945225/0002-udev-net-id-don-t-generate-slot-based-names-if-multi.patch
  • debian/patches/lp1945225/0003-net_id-fix-newly-added-naming-scheme-name.patch
  • debian/patches/lp1945225/0004-Add-remaining-supported-schemes-as-options-for-defau.patch
  • debian/rules
    ~ubuntu-core-dev/ubuntu/+source/systemd - [no description]

[ Dimitri John Ledkov ]

-- reboot --

  1. Software Updater > Other updates > Zorin OS base > MySQL database client library (1.3 MB)
    Changes for libmysqlclient21 versions:
    Installed version: 8.0.31-0ubuntu0.20.04.1
    Available version: 8.0.31-0ubuntu0.20.04.2
  • d/mysql-server-8.0.postinst: Confirm mysqld shuts down with stop_servr after initialization to avoid overlapping use of port 3306 (LP: #1921378)

-- reboot --

  1. In Terminal: sudo apt remove libfprint-2-2
    Removed fingerprint reader software.

-- reboot --

  1. In Terminal: sudo apt autoremove

-- reboot --

  1. In Terminal:
    Created the file usb-storage.conf:
    sudo touch /etc/modules-load.d/usb-storage.conf

Edited that file:
sudo gedit
Opened /etc/modules-load.d/usb-storage.conf
Entered text: usb-storage
Saved file.
Exited gedit

That should fix the "No caching mode page found" error on boot.

-- reboot --

  1. Software Updater > Other updates > Browser support for Zorin Connect (84 kB); Connect your mobile device with your Zorin OS computer (280 kB)
    Changes for gnome-shell-extension-zorin-connect-browsers; gnome-shell-extension-zorin-connect
    Installed version: 53.3
    Available version: 53.5
  • Updated Portuguese translation

-- reboot --

  1. Software Updater > Other updates > Zorin Exec Guard - App Database (6 kB)
    Changes for zorin-exec-guard-app-db versions:
    Installed version: 1.2.10
    Available version: 1.2.11
  • Recommend installing Pinta as an alternative to Paint.NET and added Linux installers for several emulator executables on Windows.

-- reboot --

  1. Software Updater > Settings > Additional Drivers > Using X.Org X Server -- Nouveau display driver from xserver-xorg-video-nouveau (open source)

-- reboot --

  1. Software application > Installed Stacer application

Using Stacer System Cleaner, cleaned Package Caches, Crash Reports, Application Logs, Application Caches, Trash. 873.0 MB cleaned.

-- reboot --

  1. Removed Braille Services
    In Terminal:
    to remove Braille Services: sudo apt remove brltty
    To remove libpkcs11-helper1: sudo apt purge brltty
    To remove unused dependency libpcre2-32-0: sudo apt autoremove

-- reboot --

  1. In Terminal: sudo apt upgrade to install python3-apport; python3-problem-report

-- reboot --

  1. Removed OpenVPN
    In Terminal:
    To remove OpenVPN: sudo apt remove openvpn
    To remove unused dependency libpkcs11-helper1: sudo apt purge openvpn
    sudo apt autoremove

-- reboot --

  1. Removed Text-To-Speech services
    In Terminal:
    To remove Speech-Dispatcher: sudo apt remove speech-dispatcher

To remove espeak-ng-data gir1.2-wnck-3.0 libbrlapi0.7 libdotconf0 libespeak-ng1 libpcaudio0 libsonic0 libspeechd2 libwnck-3-0 libwnck-3-common libxres1 python3-brlapi python3-louis python3-pyatspi python3-speechd python3-xdg sound-icons speech-dispatcher-audio-plugins xbrlapi: sudo apt purge speech-dispatcher

sudo apt autoremove

-- reboot --

  1. To finish up Text-to-Speech removal, in Terminal:
    sudo apt remove speech-dispatcherd

sudo apt purge speech-dispatcherd

sudo apt autoremove

-- reboot --

1 Like
  1. Installed TLP-UI
    Increase battery life with TLPUI

Enabled CPU Scaling and CPU Turbo Boost

Disabled USB Auto-Suspend

-- reboot --

Time to fiddle with the Wifi to see if I can get it back to what I had before:

Details > Make available to other users unchecked
Identity > SSID, BSSID, MAC Address, Cloned Address fields filled
IPv6 > Disabled

Ok, apparently WiFi doesn't like using a random cloned MAC address... which is weird, since I used to change the MAC address under Windows once a day, and it worked fine under Zorin OS before.

1 Like

Well, the only things I haven't set up are Wine / Lutris / Steam...

... so that must have been what was causing the issues.

My wife bought me a new laptop (I'll clone the drive to a backup to preserve the Windows installation, then install Zorin OS on it), so I'm setting this old machine up to be used by my kids.

1 Like

Lutris and Steam are just fine, you don't need wine for it because they both use runners aka proton based on wine.

For lutris i would advise wine-ge

For steam i would use proton-ge or the proton builds from steam it self, currently i use the proton 7 from steam to run my games.

1 Like

-- reboot --

  1. Software application > installed VLC Media Player

-- reboot --

  1. My Nvidia GeForce GT 525M GPU isn't working under the Nouveau driver. I'm going to switch to the Nvidia driver, since 390.157 is the latest from Nvidia for this GPU.

Software Updater > Settings > Additional Drivers > 'Using NVIDIA driver metapackage from nvidia-driver-390 (proprietary)'

That actually makes the computer noticeably faster than using the Intel GPU (this laptop has two GPUs: one Intel, one Nvidia).

-- reboot --

1 Like
  1. Software application > Updates:
    Freedesktop Platform 21.08.16 Shared libraries (201.4 MB)
    runtime/org.freedesktop.Platform/x86_64/21.08.21.08.16

KDE Application Platform 5.15 Shared libraries used by KDE applications. (325.0 MB)
runtime/org.kde.Platform/x86_64/5.15-22.08

-- reboot --

1 Like

I plugged in another USB drive and rebooted, and the L2ARC cache drive (which was sdb1) moved to sdc1. That's why you shouldn't use the device node or device path to set up your ZFS pools. That can change.

sudo zpool status shows the rpool is still operating correctly.

So the directions here seem to work:

1 Like
  1. Software Updater > Security updates > Zorin OS base > Daemon and tooling that enables snap packages (37.6 MB)
    Changes for snapd versions:
    Installed version: 2.57.5+20.04
    Available version: 2.57.5+20.04ubuntu01
  • SECURITY UPDATE: Local privilege escalation
  • snap-confine: Fix race condition in snap-confine when preparing a private tmp mount namespace for a snap
  • CVE-2022-3328

-- reboot --

  1. Software Updater > Other updates > Zorin OS base > Complete Generic Linux kernel and headers (2 kB); Generic Linux kernel headers (3 kB); Header files related to Linux kernel version 5.15.0 (12.1 MB); Linux Kernel Headers for development (1.1 MB); Linux kernel headers for version 5.15.0 on 64 bit x86 SMP (2.8 MB)

Changes for linux-generic-hwe-20.04 versions:
Installed version: 5.15.0.53.59~20.04.21
Available version: 5.15.0.56.62~20.04.22

  • Bump ABI 5.15.0-56.62~20.04

Changes for linux-headers-5.15.0-56-generic versions:
Installed version: None
Available version: 5.15.0-56.62~20.04.1

Changes for linux-hwe-5.15-headers-5.15.0-56 versions:
Installed version: None
Available version: 5.15.0-56.62~20.04.1

  • focal/linux-hwe-5.15.0-56.62~20.04.1 -proposed tracker (LP: #1997078)

[ Ubuntu: 5.15.0-56.62 ]

  • jammy/linux: 5.15.0-56.62 - proposed tracker (LP: #1997079)
  • CVE-2022-3566
  • tcp: Fix data races around icsk -> icsk_af_ops.
  • CVE-2022-3567
  • ipv6: annotate some data-races around sk -> sk_prot
  • ipv6: Fix data races around sk -> sk_prot.
  • CVE-2022-3621
  • nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level()
  • CVE-2022-3564
  • Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu
  • CVE-2022-3524
  • tcp/udp: Fix memory leak in ipv6_renew_options().
  • CVE-2022-3565
  • mlSDN: fix use-after-free bugs in l1oip timer handlers
  • CVE-2022-3594
  • r8152: Rate limit overflow messages
  • CVE-2022-43945
  • SUNRPC: Fix svcxdr_init_decode's end-of-buffer calculation
  • SUNRPC: Fix svcxdr_init_encode's buflen calculation
  • NFSD: Protect against send buffer overflow in NFSv2 READDIR
  • NFSD: Protect against send buffer overflow in NFSv3 READDIR
  • NFSD: Protect against send buffer overflow in NFSv2 READ
  • NFSD: Protect against send buffer overflow in NFSv3 READ
  • NFSD: Remove "inline" directives on op_rsize_bop helpers
  • NFSD: Cap rsize_bop result based on send buffer size
  • CVE-2022-42703
  • mm/rmap: Fix anon_vma -> degree ambiguity leading to double-reuse
  • 5.15.0-53-generic no longer boots (LP: #1996740)
  • drm/amd/display: Add helper for blanking all dp displays

Changes for linux-libc-dev versions:
Installed version: 5.4.0-132.148
Available version: 5.4.0-135.152

  • focal/linux: 5.4.0-135.152 -proposed tracker (LP: #1997412)
  • containerd sporadic timeouts (LP: #1996678)
  • epoll: call final ep_events_available() check under the lock
  • epoll: check for events when removing a timed out thread for the wait queue
  • Revert "fs: check FMODE_LSEEK to control internal pipe splicing"
  • CVE-2022-3621
  • nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level()
  • CVE-2022-3565
  • mlSDN: fix use-after-free bugs in l1oip timer handlers
  • CVE-2022-3566
  • tcp: Fix data races around icsk -> icsk_af_ops.
  • CVE-2022-3567
  • ipv6: annotate some data-races around sk -> sk_prot
  • ipv6: Fix data races around sk -> sk_prot.
  • CVE-2022-3564
  • Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu
  • CVE-2022-3524
  • tcp/udp: Fix memory leak in ipv6_renew_options().
  • CVE-2022-3594
  • r8152: Rate limit overflow messages
  • CVE-2022-42703
  • mm/rmap.c: don't reuse anon_vma if we just want a copy

-- reboot --

Oddly, Software Updater showed a new kernel, but after I installed all the headers above, that no longer shows. Maybe it'll show again later.

1 Like

Ok, the computer in question is now the property of my kids... I expect I'll be hearing a lot of "Dad! I don't know what I did, but something isn't working now!", but it's time they learned how to administer their own computers. They're almost teenagers, after all.

2 Likes

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.