Ubuntu
xscreensaver package

xscreensaver Warning message "This version of xscreensaver is VERY OLD! Please upgrade!" on waking my lunar box this morning

Bug #2009306 reported by Chris Guiver
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
xscreensaver (Ubuntu)
Fix Released
High
Aaron Rainbolt
Kinetic
Fix Released
Critical
Aaron Rainbolt
Lunar
Fix Released
High
Aaron Rainbolt

Bug Description

[ Impact ]

The XScreenSaver author appears to be quite intent on getting people to use the latest version of XScreenSaver that he publishes, and as such has built checks into XScreenSaver that detects if the version of XScreenSaver in use is outdated. These checks cause alarming warnings to appear on the user's screen that encourage them to update XScreenSaver.

While this is likely helpful for users of rolling-release distros, or for advanced users who intentionally compile XScreenSaver from source, this is detrimental for Ubuntu, as it may lead inexperienced users to attempt to install XScreenSaver from source code and possibly break their system in so doing. Ubuntu doesn't need the user to update XScreenSaver to a newer upstream version since we backport fixes, so this message does nothing except scare the user and possibly lead them to do something dangerous.

There are two messages that are displayed by these checks - one of them appears when one opens xscreensaver-settings. It appears in a pop-up dialog box, and reads as follows:

    This version of xscreensaver is VERY OLD!
    Please upgrade!

    https://www.jwz.org/xscreensaver/

    (If this is the latest version that your distro ships, then
    your distro is doing you a disservice. Build from source.)

The other one appears on the lock screen in solid red text just above the username and password fields:

    Update available!
    This version is very old.

The Kinetic SRU for this bug comments out the code snippets responsible for displaying these messages, with a bit of explanation as for why the code has been commented out. An "else if" statement is also changed to an "if" statement in order to avoid a syntax error resulting from commenting out one of the code snippets.

[ Test Plan ]

1. Install any flavor of Ubuntu 22.10 into a virtual machine, fully update the system, and install XScreenSaver into it. (Lubuntu works particularly well here since it ships XScreenSaver by default.)
2. Open the Application Menu, and search for "Screensaver".
3. Open the Screensaver app. You will see the first warning message.
4. Click File -> Lock Screen Now, wait for the screensaver to start, then move the mouse. You will see the second warning message.
5. Enable -proposed.
6. Run "sudo apt update && sudo apt install xscreensaver".
7. Close the screensaver settings app, and re-open it. This time you should not see the first warning message.
8. Click File -> Restart Daemon.
9. Wait for XScreenSaver to restart, then click File -> Lock Screen Now, wait for the screen aver to start, then move the mouse. You should not see the second warning message.
10. Ensure that all basic functionality (Blank Screen Now, Lock Screen Now, automatic screen blanking, automatic screen locking, Preview, Settings, Documentation) is still operational.

[ Where problems could occur ]

A typo in the code changes could cause XScreenSaver to become unable to launch, or could possibly cause critical functionality to break (i.e., the screen could fail to lock automatically even if the system has been idle for an extended period of time). The above test plan is designed to catch any glaring errors.

The sections of code being patched appear to be dedicated purely to warning about the age of the current XScreenSaver version, and they also appear to be entirely skipped over by default if XScreenSaver is young enough. It is therefore unlikely that anything will go wrong, as commenting out these sections of code will likely do hardly anything different than what the code usually does.

[ Other Info ]

Due to the possible scare this could cause our users, and the possible damage users may do to their systems as a result of this bug, I believe it is reasonable to fast-track this SRU.

---------------------------------------------------------------------------

Original bug report:

On waking my lunar box today; instead of just entering the password into xscreensaver I got a warning box

---
Warning:

This version of xscreensaver is VERY OLD!
Please upgrade!

https://www.jwz.org/xscreensaver/

(If this is the latest version that your distro ships, then
 your distro is doing you a disservice. Build from source.)
---

This isn't ideal on a unreleased product, esp. if it's there still at day 1 of release.

On opening xscreensaver settings the same error message also shows.

ProblemType: Bug
DistroRelease: Ubuntu 23.04
Package: xscreensaver 6.02+dfsg1-2ubuntu1
ProcVersionSignature: Ubuntu 6.1.0-16.16-generic 6.1.6
Uname: Linux 6.1.0-16-generic x86_64
ApportVersion: 2.26.0-0ubuntu2
Architecture: amd64
CasperMD5CheckResult: unknown
CurrentDesktop: LXQt
Date: Mon Mar 6 10:18:25 2023
InstallationDate: Installed on 2023-01-25 (39 days ago)
InstallationMedia: Lubuntu 23.04 "Lunar Lobster" - Alpha amd64 (20230124)
SourcePackage: xscreensaver
UpgradeStatus: No upgrade log present (probably fresh install)

See original description

Related branches

~mkukri/ubuntu/+source/xscreensaver:merge
Simon Chopin (community): Approve
Diff: 283 lines (+192/-1)
8 files modified
debian/changelog (+60/-0)
debian/control (+2/-1)
debian/patches/remove_version_upgrade_warnings.patch (+73/-0)
debian/patches/series (+3/-0)
debian/patches/ubuntu-branding.patch (+22/-0)
debian/rules (+10/-0)
debian/source_xscreensaver.py (+21/-0)
debian/xscreensaver.dirs (+1/-0)
Revision history for this message
Chris Guiver (guiverc) wrote :
summary: xscreensaver Warning message "This version of xscreensaver is VERY OLD!
- Please upgrade!\n" on waking my lunar box this morning
+ Please upgrade!" on waking my lunar box this morning
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in xscreensaver (Ubuntu):
status: New → Confirmed
Revision history for this message
Aaron Rainbolt (arraybolt3) wrote :

I am able to reproduce this on the latest Lubuntu Lunar ISO, and also have identified the code snippet that causes this warning. Currently in the process of testing what happens if I patch the code out. (It's looks to be a simple "if this version of XScreenSaver is old, warn the user" thing, so I doubt anything will go wrong.)

Revision history for this message
Aaron Rainbolt (arraybolt3) wrote :

In the process of patching the message mentioned above, a second one was found which has also been patched out in Lunar and should be published soon.

Kinetic uses the same version of XScreenSaver as Lunar, so this almost undoubtedly affected Kinetic too. Which is very bad, because it means users are being told there is an update available for XScreenSaver that we do not and will not offer, and they are being told to build a newer XScreenSaver version from source which is potentially dangerous.

Changed in xscreensaver (Ubuntu Lunar):
importance: Undecided → High
Changed in xscreensaver (Ubuntu Kinetic):
importance: Undecided → Critical
Aaron Rainbolt (arraybolt3)
Changed in xscreensaver (Ubuntu Kinetic):
status: New → Confirmed
status: Confirmed → In Progress
Changed in xscreensaver (Ubuntu Lunar):
status: Confirmed → In Progress
assignee: nobody → Aaron Rainbolt (arraybolt3)
Changed in xscreensaver (Ubuntu Kinetic):
assignee: nobody → Aaron Rainbolt (arraybolt3)
Aaron Rainbolt (arraybolt3)
description: updated
Revision history for this message
Chris Halse Rogers (raof) wrote : Please test proposed package

Hello Chris, or anyone else affected,

Accepted xscreensaver into kinetic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/xscreensaver/6.02+dfsg1-2ubuntu1.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-kinetic to verification-done-kinetic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-kinetic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in xscreensaver (Ubuntu Kinetic):
status: In Progress → Fix Committed
tags: added: verification-needed verification-needed-kinetic
Aaron Rainbolt (arraybolt3)
description: updated
description: updated
Changed in xscreensaver (Ubuntu Lunar):
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package xscreensaver - 6.02+dfsg1-2ubuntu2

---------------
xscreensaver (6.02+dfsg1-2ubuntu2) lunar; urgency=medium

  * Patch out multiple messages warning users to upgrade XScreenSaver. Ubuntu
    backports bug and security fixes to older versions of software as needed
    and as possible, and XScreenSaver is specifically maintained by the
    Lubuntu team, therefore this message is not necessary for us.
    (LP: #2009306)

 -- Aaron Rainbolt <email address hidden> Sun, 05 Mar 2023 17:25:54 -0600

Changed in xscreensaver (Ubuntu Lunar):
status: Fix Committed → Fix Released
Revision history for this message
Aaron Rainbolt (arraybolt3) wrote :

SRU tested on Lubuntu Kinetic. Basic functionality still works, no regressions detected. Test case went as expected.

tags: added: verification-done verification-done-kinetic
removed: verification-needed verification-needed-kinetic
Revision history for this message
Chris Halse Rogers (raof) wrote : Update Released

The verification of the Stable Release Update for xscreensaver has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package xscreensaver - 6.02+dfsg1-2ubuntu1.2

---------------
xscreensaver (6.02+dfsg1-2ubuntu1.2) kinetic; urgency=medium

  * Patch out multiple messages warning users to upgrade XScreenSaver. Ubuntu
    backports bug and security fixes to older versions of software as needed
    and as possible, and XScreenSaver is specifically maintained by the
    Lubuntu team, therefore this message is not necessary for us.
    (LP: #2009306)

 -- Aaron Rainbolt <email address hidden> Sun, 05 Mar 2023 17:25:54 -0600

Changed in xscreensaver (Ubuntu Kinetic):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.