Bug#1054150: surf: no longer display web pages after webkitgtk upgrades
Alberto Garcia wrote on Fri, Oct 20, 2023 at 04:19:55PM +0200: > On Wed, Oct 18, 2023 at 05:06:16PM +0900, Dominique Martinet wrote: > > After upgrading my system to the latest security updates surf no > > longer displays anything. > > I had a look at this, the problem is caused by Surf's AppArmor > configuration. d'oh ! I need to remember debian now ships this on by default... > I can make it run on my computer with something like this added to > /etc/apparmor.d/usr.bin.surf, but your mileage may vary: > > /sys/devices/virtual/dmi/id/chassis_type r, > /etc/glvnd/egl_vendor.d/ r, > /etc/glvnd/egl_vendor.d/** r, > /usr/share/glvnd/egl_vendor.d/ r, > /usr/share/glvnd/egl_vendor.d/** r, > /usr/share/libdrm/* r, Thanks, I can confirm this works for me as well on various systems (bullseye VM and bookworm with intel GPU) (I'm especially annoyed because I saw these in strace output, but the previous version of webkit also used to try to look at chassis_type and egl_vendor.d directories so I dismissed that too fast... It's possible previous versions of webkit were also disabling compositing mode due to the apparmor rules, but the new one fails to disable it properly when it didn't find what it wanted there? If so I guess one could argue that's a bug on its own) > I think that Surf's AppArmor profile is just too restrictive for a > program that has so many dependencies. Right, I guess it's a tight line between trying to sandbox a web browser and allowing all sort of things a web browser might need to do... I'll leave follow-ups to Reiner (surf's maintainer), and definitely remember about apparmor next time. Thank you again for looking Alberto ! -- Dominique
Bug#1054150: surf: no longer display web pages after webkitgtk upgrades
On Wed, Oct 18, 2023 at 05:06:16PM +0900, Dominique Martinet wrote: > After upgrading my system to the latest security updates surf no > longer displays anything. I had a look at this, the problem is caused by Surf's AppArmor configuration. I can make it run on my computer with something like this added to /etc/apparmor.d/usr.bin.surf, but your mileage may vary: /sys/devices/virtual/dmi/id/chassis_type r, /etc/glvnd/egl_vendor.d/ r, /etc/glvnd/egl_vendor.d/** r, /usr/share/glvnd/egl_vendor.d/ r, /usr/share/glvnd/egl_vendor.d/** r, /usr/share/libdrm/* r, I think that Surf's AppArmor profile is just too restrictive for a program that has so many dependencies. Berto
Bug#1054150: surf: no longer display web pages after webkitgtk upgrades
On Wed, Oct 18, 2023 at 05:06:16PM +0900, Dominique Martinet wrote: > For bullseye, this package upgrade reliably triggers the issue, and > installing old packages back makes surf work again: > Unpacking libwebkit2gtk-4.0-37:amd64 (2.42.1-1~deb11u1) over > (2.40.5-1~deb11u1) ... > Unpacking libjavascriptcoregtk-4.0-18:amd64 (2.42.1-1~deb11u1) over > (2.40.5-1~deb11u1) ... I checked and every other WebKitGTK browser that I tested in bullseye works fine (epiphany, luakit, midori, giara, and WebKitGTK's own MiniBrowser), so I suspect that there's something odd that Surf is doing. Until this is investigated I would just run it with WEBKIT_DISABLE_COMPOSITING_MODE=1. Surf could also be patched downstream in Debian to force this, it also needs to force the x11 backend because its Wayland support is broken (see #1012739). Berto
Bug#1054150: surf: no longer display web pages after webkitgtk upgrades
Package: surf Version: 2.0+git20201107-2 Severity: grave Justification: renders package unusable X-Debbugs-Cc: dominique.marti...@atmark-techno.com Dear Maintainer, After upgrading my system to the latest security updates surf no longer displays anything. The pages actually load, hovering on links shows the cursor changing and links can be clicked, but the page is blank I've tested both in VMs on debian bullseye (this bug report) and debian stable on real hardware (2.1+git20221016-4), both exhibit the same issue. For bullseye, this package upgrade reliably triggers the issue, and installing old packages back makes surf work again: Unpacking libwebkit2gtk-4.0-37:amd64 (2.42.1-1~deb11u1) over (2.40.5-1~deb11u1) ... Unpacking libjavascriptcoregtk-4.0-18:amd64 (2.42.1-1~deb11u1) over (2.40.5-1~deb11u1) ... Thanks you -- System Information: Debian Release: 11.7 APT prefers oldstable-updates APT policy: (500, 'oldstable-updates'), (500, 'oldstable-security'), (500, 'oldstable') Architecture: amd64 (x86_64) Foreign Architectures: arm64, armhf Kernel: Linux 5.10.0-25-amd64 (SMP w/4 CPU threads) Locale: LANG=ja_JP.UTF-8, LC_CTYPE=ja_JP.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages surf depends on: ii libc62.31-13+deb11u7 ii libgcr-base-3-1 3.38.1-2 ii libgcr-ui-3-13.38.1-2 ii libglib2.0-0 2.66.8-1 ii libgtk-3-0 3.24.24-4+deb11u3 ii libjavascriptcoregtk-4.0-18 2.42.1-1~deb11u1 ii libwebkit2gtk-4.0-37 2.42.1-1~deb11u1 ii libx11-6 2:1.7.2-1+deb11u2 Versions of packages surf recommends: ii curl 7.74.0-1.3+deb11u10 ii gnome-terminal [x-terminal-emulator] 3.38.3-1 ii suckless-tools46-1 ii x11-utils 7.7+5 ii xterm [x-terminal-emulator] 366-1+deb11u1 Versions of packages surf suggests: ii apparmor 2.13.6-10 -- no debconf information