Package: release.debian.org Severity: normal Tags: trixie X-Debbugs-Cc: [email protected] Control: affects -1 + src:remmina User: [email protected] Usertags: pu
Dear Release Managers, I would like to close these bugs regarding trixie through p-u: https://bugs.debian.org/1109981 https://bugs.debian.org/1123632 [ Reason ] remmina_1.4.39+dfsg-1 phones home which is considered a privacy issue according to https://wiki.debian.org/PrivacyIssues. In bug #1109981 Holger Levsen mentioned a discussion/agreement on #debian-release that the issue can be fixed in a point-release [1]. [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109981#10 [ Impact ] Without this fix Remmina in trixie keeps phoning home. [ Tests ] Run Remmina unpatched - Watch HTTP/HTTPS traffic using whireshark: -> two requests. - Click Menu -> Plugins: Not installed plugins available upstream are listed. - Run a VNC session. Run Remmina patched - Watch HTTP/HTTPS traffic using whireshark: -> no request. - Click Menu -> Plugins: No additional plugins available upstream are listed. - Run a VNC session: Works the same way as with the unpatched Remmina. [ Risks ] Code changes are trivial, only two invocations to curl used for phoning home are commented out. As all these invocations are done asynchronously it is sufficient to just drop them. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Other Info ] For forky/sid exactly the same patch had been applied per MR [2]. [2] https://salsa.debian.org/debian-remote-team/remmina/-/merge_requests/4 Best, Sven -- GPG Fingerprint 3DF5 E8AA 43FC 9FDF D086 F195 ADF5 0EDA F8AD D585
diff -Nru remmina-1.4.39+dfsg/debian/changelog remmina-1.4.39+dfsg/debian/changelog --- remmina-1.4.39+dfsg/debian/changelog 2025-01-06 10:33:54.000000000 +0100 +++ remmina-1.4.39+dfsg/debian/changelog 2026-04-09 20:52:47.000000000 +0200 @@ -1,3 +1,10 @@ +remmina (1.4.39+dfsg-1+deb13u1) UNRELEASED; urgency=medium + + * Team upload. + * Add patch to prevent remmina from phoning home (Closes: #1109981, #1123632). + + -- Sven Geuer <[email protected]> Thu, 09 Apr 2026 20:52:47 +0200 + remmina (1.4.39+dfsg-1) unstable; urgency=medium * New upstream release diff -Nru remmina-1.4.39+dfsg/debian/patches/do-not-phone-home.patch remmina-1.4.39+dfsg/debian/patches/do-not-phone-home.patch --- remmina-1.4.39+dfsg/debian/patches/do-not-phone-home.patch 1970-01-01 01:00:00.000000000 +0100 +++ remmina-1.4.39+dfsg/debian/patches/do-not-phone-home.patch 2026-04-09 20:52:47.000000000 +0200 @@ -0,0 +1,42 @@ +Description: Comment out HTTPS requests causing phoning home +Author: Sven Geuer <[email protected]> +Bug: https://gitlab.com/Remmina/Remmina/-/issues/3130 +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109981 +Last-Update: 2025-10-31 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- a/src/remmina_info.c ++++ b/src/remmina_info.c +@@ -1259,7 +1259,9 @@ + enc_s = json_generator_to_data(g, NULL); + g_object_unref(g); + ++ /* Do not phone home. + remmina_curl_compose_message(enc_s, "POST", PERIODIC_UPLOAD_URL, NULL); ++ */ + + json_node_unref(n); + +@@ -1327,7 +1329,9 @@ + json_generator_set_root(g, n2); + enc_s = json_generator_to_data(g, NULL); + g_object_unref(g); ++ /* Do not phone home. + remmina_curl_compose_message(enc_s, "POST", INFO_REQUEST_URL, NULL); ++ */ + if(n != NULL){ + json_node_unref(n); + } +--- a/src/remmina_plugin_manager.c ++++ b/src/remmina_plugin_manager.c +@@ -1301,7 +1301,10 @@ + g_object_unref(g); + json_node_free(n); + } ++ /* Do not phone home and query upstream regarding plugins, ++ * in Debian plugins come in dedicated packages anyway. + remmina_curl_compose_message(formdata, "POST", LIST_URL, NULL); ++ */ + return NULL; + } + diff -Nru remmina-1.4.39+dfsg/debian/patches/series remmina-1.4.39+dfsg/debian/patches/series --- remmina-1.4.39+dfsg/debian/patches/series 1970-01-01 01:00:00.000000000 +0100 +++ remmina-1.4.39+dfsg/debian/patches/series 2026-04-09 20:52:47.000000000 +0200 @@ -0,0 +1 @@ +do-not-phone-home.patch
signature.asc
Description: This is a digitally signed message part
