Your message dated Fri, 27 Sep 2019 09:34:41 +0000 with message-id <[email protected]> and subject line Bug#930707: fixed in evince 3.32.0-3 has caused the Debian Bug report #930707, regarding evince: misc apparmor profile updates to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 930707: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930707 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: evince Version: 3.32.0-1 Severity: normal Tags: patch User: [email protected] Usertags: origin-ubuntu eoan ubuntu-patch Dear Maintainer, In Ubuntu, the attached patch was applied to achieve the following: * debian/apparmor-profile: - allow 'rk' on @{HOME}/.config/enchant/* in evince - add additional org.gtk.vfs rules for metadata and List* DBus APIs - silence noisy denial for mktexpk, mktextfm, dvipdfm, dvipdfmx and mkofm since with the new gnome-desktop3 invocations of thumbnailers, NNP (no new privs) blocks transition to sanitized_helper. In addition, thumbnails are generated just fine without these - allow access to @{PROC}/@{pid}/fd/, @{PROC}/@{pid}/mountinfo and /sys/devices/system/cpu/ in the thumbnailer (needed by some helpers) - allow 'r' on @{HOME}/.texmf*/** in the thumbnailer - update gnome-desktop and add evince-thumbnailer /tmp file paths - allow read on '/' and deny write on /missfont.log which is happening now due to new thumbnailer invocation * debian/apparmor-profile.abstraction: allow directory read on /var/lib/texmf Thanks for considering the patch. -- System Information: Debian Release: buster/sid APT prefers xenial-updates APT policy: (500, 'xenial-updates'), (500, 'disco-updates'), (500, 'disco-security'), (500, 'disco') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.0.0-16-generic (SMP w/4 CPU cores) Kernel taint flags: TAINT_WARN Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enableddiff -Nru evince-3.32.0/debian/apparmor-profile evince-3.32.0/debian/apparmor-profile --- evince-3.32.0/debian/apparmor-profile 2019-03-15 05:11:25.000000000 -0500 +++ evince-3.32.0/debian/apparmor-profile 2019-06-18 16:57:04.000000000 -0500 @@ -107,6 +107,7 @@ /etc/dconf/** r, owner @{HOME}/.cache/dconf/user rw, owner @{HOME}/.config/dconf/user r, + owner @{HOME}/.config/enchant/* rk, owner /{,var/}run/user/*/dconf/ w, owner /{,var/}run/user/*/dconf/user rw, owner /{,var/}run/user/*/dconf-service/keyfile/ w, @@ -219,6 +220,21 @@ member="ListMountableInfo" peer=(label=unconfined), + # updating gvfs-metadata for thumbnails is unneeded, so explicitly deny it + deny dbus (send) + bus=session + path="/org/gtk/vfs/metadata" + interface="org.gtk.vfs.Metadata" + member="GetTreeFromDevice" + peer=(label=unconfined), + deny @{HOME}/.local/share/gvfs-metadata/* r, + + dbus (send) + bus=session + path="/org/gtk/vfs/Daemon" + interface="org.gtk.vfs.Daemon" + member="List*" + peer=(label=unconfined), # The thumbnailer doesn't need access to everything in the nameservice # abstraction. Allow reading of /etc/passwd and /etc/group, but suppress @@ -242,10 +258,14 @@ /etc/xpdf/* r, /usr/bin/gs-esp ixr, - /usr/bin/mktexpk Cx -> sanitized_helper, - /usr/bin/mktextfm Cx -> sanitized_helper, - /usr/bin/dvipdfm Cx -> sanitized_helper, - /usr/bin/dvipdfmx Cx -> sanitized_helper, + # Silence these denials since 'no new privs' drops transitions to + # sanitized_helper, we don't want all those perms in the thumbnailer + # and the thumbnailer generates thumbnails without these just fine. + deny /usr/bin/mktexpk x, + deny /usr/bin/mktextfm x, + deny /usr/bin/dvipdfm x, + deny /usr/bin/dvipdfmx x, + deny /usr/bin/mkofm x, # supported archivers /{usr/,}bin/gzip ixr, @@ -260,6 +280,11 @@ /{usr/,}bin/tar ixr, /usr/bin/xz ixr, + # miscellaneous access for the above + owner @{PROC}/@{pid}/fd/ r, + owner @{PROC}/@{pid}/mountinfo r, + /sys/devices/system/cpu/ r, + # allow read access to anything in /usr/share, for plugins and input methods /usr/local/share/** r, /usr/share/** r, @@ -291,6 +316,7 @@ /**.[xX][zZ] r, owner @{HOME}/.texlive*/** r, + owner @{HOME}/.texmf*/** r, owner @{HOME}/.local/share/{,flatpak/exports/share/}mime/** r, owner @{HOME}/.local/share/{,flatpak/exports/share/}mime/** r, @@ -301,7 +327,12 @@ owner /media/** r, owner /tmp/.gnome_desktop_thumbnail* w, - owner /tmp/gnome-desktop-thumbnailer* w, + owner /tmp/gnome-desktop-* rw, + owner /tmp/evince-thumbnailer*/{,**} rw, + + # these happen post pivot_root + / r, + deny /missfont.log w, # Site-specific additions and overrides. See local/README for details. #include <local/usr.bin.evince> diff -Nru evince-3.32.0/debian/apparmor-profile.abstraction evince-3.32.0/debian/apparmor-profile.abstraction --- evince-3.32.0/debian/apparmor-profile.abstraction 2019-03-15 05:11:25.000000000 -0500 +++ evince-3.32.0/debian/apparmor-profile.abstraction 2019-06-18 16:55:48.000000000 -0500 @@ -62,7 +62,7 @@ /usr/share/** r, /usr/lib/ghostscript/** mr, /var/lib/ghostscript/** r, - /var/lib/texmf/** r, + /var/lib/texmf/{,**} r, # from http://live.gnome.org/Evince/SupportedDocumentFormats. Allow # read for all supported file formats
--- End Message ---
--- Begin Message ---Source: evince Source-Version: 3.32.0-3 We believe that the bug you reported is fixed in the latest version of evince, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Simon McVittie <[email protected]> (supplier of updated evince package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 27 Sep 2019 09:52:04 +0100 Source: evince Architecture: source Version: 3.32.0-3 Distribution: unstable Urgency: medium Maintainer: Debian GNOME Maintainers <[email protected]> Changed-By: Simon McVittie <[email protected]> Closes: 927820 930707 Changes: evince (3.32.0-3) unstable; urgency=medium . * Team upload * d/tests/libevince-dev: Add a superficial build test * Use debhelper-compat 12 * Enable gir and gnome debhelper addons via dh-sequence-* build-dependencies * d/*.symbols: Add Build-Depends-Package field * Standards-Version: 4.4.0 (no changes required) * Set Rules-Requires-Root to no * Update AppArmor profiles from Ubuntu (thanks to Jamie Strandboge): + debian/apparmor-profile: - allow 'rk' on @{HOME}/.config/enchant/* in evince - add additional org.gtk.vfs rules for metadata and List* DBus APIs - silence noisy denial for mktexpk, mktextfm, dvipdfm, dvipdfmx and mkofm since with the new gnome-desktop3 sandboxed invocation of NO_NEW_PRIVS blocks transition to sanitized_helper. In addition, thumbnails are generated just fine without these - allow access to @{PROC}/@{pid}/fd/, @{PROC}/@{pid}/mountinfo and /sys/devices/system/cpu/ in the thumbnailer (needed by some helpers) - allow 'r' on @{HOME}/.texmf*/** in the thumbnailer - update gnome-desktop and add evince-thumbnailer /tmp file paths - allow read on '/' and deny write on /missfont.log which is happening now due to new sandboxed thumbnailer invocation + debian/apparmor-profile.abstraction: allow directory read on /var/lib/texmf (Closes: #930707) * d/p/tiff-Handle-failure-from-TIFFReadRGBAImageOriented.patch: Add patch from upstream to avoid displaying uninitialized memory if TIFFREADGBAImageOriented fails. Thanks to Leonidas S. Barbosa / Ubuntu. (Closes: #927820, CVE-2019-11459) * Remove migration path from legacy -dbg package older than Debian 9 Checksums-Sha1: b5d395311a0655a7de6ba0b36e781572ca76ab97 3294 evince_3.32.0-3.dsc 8f6cf7859e0bc1741540e4f9c47a1ed4820c2f60 31936 evince_3.32.0-3.debian.tar.xz 012d35a17655f2f6ee61d2ebc9fce3f84a5a52e9 18549 evince_3.32.0-3_source.buildinfo Checksums-Sha256: 7d612b06847d828d14ea13ae5d35f57f5d2716785282c1adf204c8e36d96c864 3294 evince_3.32.0-3.dsc edb2f62b01f6a18cc5998055be7860a7cf0f8325d8413b122a15be25065e1d1d 31936 evince_3.32.0-3.debian.tar.xz 7eb595d114c130d9af5909c67775a41d1a03711c6727effa191a5248d6c7dfcb 18549 evince_3.32.0-3_source.buildinfo Files: d413e3379ec791a01dcd44305f87621c 3294 gnome optional evince_3.32.0-3.dsc 6fa7c4170a6153e9b6d5ae151d0942df 31936 gnome optional evince_3.32.0-3.debian.tar.xz 9cdbbec0eb0eb8d61841fcfddb060a26 18549 gnome optional evince_3.32.0-3_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJEBAEBCAAuFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAl2N01oQHHNtY3ZAZGVi aWFuLm9yZwAKCRDgWuFHj4FMT5oDD/44YL9RWtBGoxUDM3TCHRvpU4Q7jPTKtQu5 B/xJg0fFBddI4Q/ZcBG0WT4AZuYqTylgsBD4l6t0neSrJkwyK+PF+53tYFmA2Nbr 9vUy/tQaLrB5QAc2etxeBdjYwpTcyBRvSfvZqMSH2E4tU3HeiMYQrpW7UaHWnrHh sITAdS/hc745e5rAsyxeyiln7Q/+6kdjTGVy+Gf/6Y7k2Fqw7jj1+F3Y+aAJAf46 11g7t/Mm3QBSIdmxzPmvay3Y3C1MYUpgU66k/ficVRAYj9Ba4rKrEf+YLJFdHAh8 rsWr3V3em5SxWFZlkpbA+fMOHHf6GREbsJx6tKBgR3cYD7XxyLk5etNtpV2PN6yB kxWDO9Tz+RAvY1VEVLjxeslGszRodWlLv0dCj30juBPEwyAyk2wt9HMKxo5URbWA nCMMRv22PX46bh4309J4WY6kp51MofbLVJMhZ+DBbNlo1aL1T4F4rBmbZ5GK3IZQ F1pw/8kX72hp1cWdAUos5q5utUISLw+EsdJytg8ekiS98KSF4VeisucGTODBSBCB anHelKsWqg/Qx/nObv9vfIRfnMKloIKCT8DzGaUIei7uJ/qM4NpJATLwsndV2Emv Gt7eOlDSZQIsXWGFSZTI4aE7HqWvpmfCSNn65kOX6FV+76MO/6VZnCnaaCmFsMrQ gUL0tmiMoA== =xHnK -----END PGP SIGNATURE-----
--- End Message ---
