Comment 0 for bug 2066372

Dear Security Team of Ubuntu,

I am running Ubuntu 22.04.4 LTS with 6.5.0-35-generic with the sway desktop manager in multi user mode.
I installed sway and its dependencies via apt which installs around 2 year old versions.

    sway version 1.7-1
    swaylock version 1.5-2ubuntu1
    swaybg version 1.0-2build1
    swayidle version 1.7-1 (part of sway)
    i3status 2.13-3 © 2008

I have an automatic lock function that also turns off the screens after a certain timeout in my sway configuration.

    # Idle Lockscreen
    exec swayidle -w \
         timeout 300 'swaylock -f -c 000000' \
         timeout 360 'swaymsg "output * power off"' \
              resume 'swaymsg "output * power on"' \
         before-sleep 'swaylock -f -c 000000'

Now the problem. As soon as I resume the screen is turned on but automatically unlocked. This corresponds with a bugreport I have found on Red Hat https://bugzilla.redhat.com/show_bug.cgi?id=2066597 which also describes this problem with swaylock under Fedora on swaylock v 1.5 which is fixed under swaylock 1.6. Please consider updating the packages of sway, swaylock for security concerns in Ubuntu 22.04 LTS.
This is btw also the case when I change the resume string to.

              resume 'swaymsg "output * power on"; swaylock -f -c 000000' \

I currently have a workaround which shows my screens unlocked for a full 2 seconds. But this is not the solution to the problem.

             resume 'swaymsg "output * dpms on"; sleep 2 ; swaylock -f -c 000000' \

A friend of mine also has Ubuntu 22.04.4 LTS installed but installed sway and sway dependencies via https://guix.gnu.org/ and does not have this security incident running swaylock version 1.7.2.

For further questions and information please don't hesitate to contact me.

Greetings,
Sebastian Dichler