Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock
Please unblock package nautilus.
Nautilus contains an embedded copy of the thumbnailing code from
`gnome-desktop3'. This has received several updates upstream, which it'd
be great to get into buster. Here's my changelog entry, to avoid
repeating myself too much:
* Update gnome-desktop code. Nautilus contains a copy of this code,
which originated in gnome-desktop3.
+ Fixes a potential crash during thumbnailing
+ Fixes thumbnailer on 32-bit systems where /lib64 is not available.
+ Also improves handling of usrmerged and non-usrmerged systems.
+ Mounts the fontconfig cache dir, to improve performance if fontconfig
is used
- Add a corresponding BD on libfontconfig1-dev, to fetch the needed
variable from its pcfile.
+ Fixes seccomp filter bypass. CVE-2019-11461
+ Closes: #928054
I don't actually know how the CVE could be triggered from Nautilus, but
it got 'medium' severity and a request from the security team to be
fixed. That's the main reason for this upload, but there are also other
important fixes in this code too. I'd be grateful if you could consider
it for buster.
unblock nautilus/3.30.5-2
Cheers,
--
Iain Lane [ i...@orangesquash.org.uk ]
Debian Developer [ la...@debian.org ]
Ubuntu Developer [ la...@ubuntu.com ]
diff -Nru nautilus-3.30.5/debian/changelog nautilus-3.30.5/debian/changelog
--- nautilus-3.30.5/debian/changelog 2018-12-22 13:53:04.000000000 +0000
+++ nautilus-3.30.5/debian/changelog 2019-05-29 12:47:33.000000000 +0100
@@ -1,3 +1,20 @@
+nautilus (3.30.5-2) unstable; urgency=medium
+
+ * debian/control{,.in}, gbp.conf: Update debian branch to debian/buster
+ * Update gnome-desktop code. Nautilus contains a copy of this code,
+ which originated in gnome-desktop3.
+ + Fixes a potential crash during thumbnailing
+ + Fixes thumbnailer on 32-bit systems where /lib64 is not available.
+ + Also improves handling of usrmerged and non-usrmerged systems.
+ + Mounts the fontconfig cache dir, to improve performance if fontconfig
+ is used
+ - Add a corresponding BD on libfontconfig1-dev, to fetch the needed
+ variable from its pcfile.
+ + Fixes seccomp filter bypass. CVE-2019-11461
+ + Closes: #928054
+
+ -- Iain Lane <la...@debian.org> Wed, 29 May 2019 12:47:33 +0100
+
nautilus (3.30.5-1) unstable; urgency=medium
* New upstream release
diff -Nru nautilus-3.30.5/debian/control nautilus-3.30.5/debian/control
--- nautilus-3.30.5/debian/control 2018-12-22 13:53:04.000000000 +0000
+++ nautilus-3.30.5/debian/control 2019-05-29 12:47:33.000000000 +0100
@@ -15,6 +15,7 @@
gobject-introspection (>= 0.9.12-4~),
gtk-doc-tools (>= 1.10),
libatk1.0-dev (>= 1.32.0),
+ libfontconfig1-dev,
libgail-3-dev,
libgexiv2-dev (>= 0.10.0),
libgirepository1.0-dev (>= 0.10.7-1~),
@@ -41,7 +42,7 @@
Rules-Requires-Root: no
Homepage: https://wiki.gnome.org/action/show/Apps/Nautilus
Vcs-Browser: https://salsa.debian.org/gnome-team/nautilus
-Vcs-Git: https://salsa.debian.org/gnome-team/nautilus.git
+Vcs-Git: https://salsa.debian.org/gnome-team/nautilus.git -b debian/buster
Standards-Version: 4.2.1
Package: nautilus
diff -Nru nautilus-3.30.5/debian/control.in nautilus-3.30.5/debian/control.in
--- nautilus-3.30.5/debian/control.in 2018-12-22 13:53:04.000000000 +0000
+++ nautilus-3.30.5/debian/control.in 2019-05-29 12:47:33.000000000 +0100
@@ -11,6 +11,7 @@
gobject-introspection (>= 0.9.12-4~),
gtk-doc-tools (>= 1.10),
libatk1.0-dev (>= 1.32.0),
+ libfontconfig1-dev,
libgail-3-dev,
libgexiv2-dev (>= 0.10.0),
libgirepository1.0-dev (>= 0.10.7-1~),
@@ -37,7 +38,7 @@
Rules-Requires-Root: no
Homepage: https://wiki.gnome.org/action/show/Apps/Nautilus
Vcs-Browser: https://salsa.debian.org/gnome-team/nautilus
-Vcs-Git: https://salsa.debian.org/gnome-team/nautilus.git
+Vcs-Git: https://salsa.debian.org/gnome-team/nautilus.git -b debian/buster
Standards-Version: 4.2.1
Package: nautilus
diff -Nru nautilus-3.30.5/debian/gbp.conf nautilus-3.30.5/debian/gbp.conf
--- nautilus-3.30.5/debian/gbp.conf 2018-12-22 13:53:04.000000000 +0000
+++ nautilus-3.30.5/debian/gbp.conf 2019-05-29 12:47:33.000000000 +0100
@@ -1,6 +1,6 @@
[DEFAULT]
pristine-tar = True
-debian-branch = debian/master
+debian-branch = debian/buster
upstream-branch = upstream/latest
upstream-vcs-tag = %(version)s
diff -Nru
nautilus-3.30.5/debian/patches/Define-symbol-needed-for-gnome-desktop.patch
nautilus-3.30.5/debian/patches/Define-symbol-needed-for-gnome-desktop.patch
--- nautilus-3.30.5/debian/patches/Define-symbol-needed-for-gnome-desktop.patch
1970-01-01 01:00:00.000000000 +0100
+++ nautilus-3.30.5/debian/patches/Define-symbol-needed-for-gnome-desktop.patch
2019-05-29 12:47:33.000000000 +0100
@@ -0,0 +1,47 @@
+From: Emmanuele Bassi <eba...@gnome.org>
+Date: Sun, 14 Apr 2019 13:28:06 +0100
+Subject: Define symbol needed for gnome-desktop
+
+The copy-paste of libgnome-desktop's thumbnailing code is missing a
+symbol that is defined by the libgnome-desktop build, which breaks
+Nautilus's own build.
+
+Origin: upstream, commit:08c6d9e6cdd903ae67c496ffd7ae3de4619c6f40
+---
+ meson.build | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/meson.build b/meson.build
+index 996360a..3db1dca 100644
+--- a/meson.build
++++ b/meson.build
+@@ -137,6 +137,8 @@ tracker_sparql = dependency('tracker-sparql-2.0')
+ x11 = dependency('x11')
+ xml = dependency('libxml-2.0', version: '>= 2.7.8')
+
++fontconfig = dependency('fontconfig', required: false)
++
+ ####################
+ # End dependencies #
+ ####################
+@@ -159,6 +161,12 @@ endif
+
+ application_id = 'org.gnome.Nautilus' + profile
+
++if fontconfig.found()
++ fontconfig_cache_path = fontconfig.get_pkgconfig_variable('cachedir')
++else
++ fontconfig_cache_path = join_paths(libdir, 'fontconfig/cache')
++endif
++
+ conf.set_quoted('APPLICATION_ID', application_id)
+ conf.set_quoted('GETTEXT_PACKAGE', 'nautilus')
+ conf.set_quoted('INSTALL_PREFIX', prefix)
+@@ -169,6 +177,7 @@ conf.set_quoted('NAUTILUS_EXTENSIONDIR',
join_paths(prefix, extensiondir))
+ conf.set_quoted('PACKAGE_VERSION', meson.project_version())
+ conf.set_quoted('PROFILE', profile)
+ conf.set_quoted('VERSION', '@0@-@VCS_TAG@'.format(meson.project_version()))
++conf.set_quoted('FONTCONFIG_CACHE_PATH', fontconfig_cache_path)
+
+ ###################################################
+ # gnome-desktop macros for thumbnailer sandboxing #
diff -Nru nautilus-3.30.5/debian/patches/series
nautilus-3.30.5/debian/patches/series
--- nautilus-3.30.5/debian/patches/series 2018-12-22 13:53:04.000000000
+0000
+++ nautilus-3.30.5/debian/patches/series 2019-05-29 12:47:33.000000000
+0100
@@ -1 +1,3 @@
multiarch_fallback.patch
+Update-gnome-desktop-code.patch
+Define-symbol-needed-for-gnome-desktop.patch
diff -Nru nautilus-3.30.5/debian/patches/Update-gnome-desktop-code.patch
nautilus-3.30.5/debian/patches/Update-gnome-desktop-code.patch
--- nautilus-3.30.5/debian/patches/Update-gnome-desktop-code.patch
1970-01-01 01:00:00.000000000 +0100
+++ nautilus-3.30.5/debian/patches/Update-gnome-desktop-code.patch
2019-05-29 12:47:33.000000000 +0100
@@ -0,0 +1,124 @@
+From: Ernestas Kulik <eku...@redhat.com>
+Date: Sun, 14 Apr 2019 10:44:32 +0200
+Subject: Update gnome-desktop code
+
+Nautilus contains a copy of this code, originating in gnome-desktop3.
+
+Fixes a potential crash during thumbnailing
+
+Fixes thumbnailer on 32-bit systems where /lib64 is not available. Also
+improve handling of usrmerged and non-usrmerged systems. (Related to LP:
+
+Fixes CVE-2019-11461
+
+Origin: upstream,commit:031b814d526895c612fae98ac75379e60469161b
+Applied-Upstream: 3.30.6
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928054
+---
+ src/gnome-desktop/gnome-desktop-thumbnail-script.c | 60 ++++++++++++++++++++--
+ src/gnome-desktop/gnome-desktop-thumbnail.c | 2 +
+ 2 files changed, 57 insertions(+), 5 deletions(-)
+
+diff --git a/src/gnome-desktop/gnome-desktop-thumbnail-script.c
b/src/gnome-desktop/gnome-desktop-thumbnail-script.c
+index 14e2fed..8e8b876 100644
+--- a/src/gnome-desktop/gnome-desktop-thumbnail-script.c
++++ b/src/gnome-desktop/gnome-desktop-thumbnail-script.c
+@@ -343,7 +343,7 @@ setup_seccomp (GPtrArray *argv_array,
+ {SCMP_SYS (clone), &SCMP_A0 (SCMP_CMP_MASKED_EQ, CLONE_NEWUSER,
CLONE_NEWUSER)},
+
+ /* Don't allow faking input to the controlling tty (CVE-2017-5226) */
+- {SCMP_SYS (ioctl), &SCMP_A1(SCMP_CMP_EQ, (int)TIOCSTI)},
++ {SCMP_SYS (ioctl), &SCMP_A1(SCMP_CMP_MASKED_EQ, 0xFFFFFFFFu,
(int)TIOCSTI)},
+ };
+
+ struct
+@@ -506,22 +506,72 @@ setup_seccomp (GPtrArray *argv_array,
+ #endif
+
+ #ifdef HAVE_BWRAP
++static gboolean
++path_is_usrmerged (const char *dir)
++{
++ /* does /dir point to /usr/dir? */
++ g_autofree char *target = NULL;
++ GStatBuf stat_buf_src, stat_buf_target;
++
++ if (g_stat (dir, &stat_buf_src) < 0)
++ return FALSE;
++
++ target = g_strdup_printf ("/usr/%s", dir);
++
++ if (g_stat (target, &stat_buf_target) < 0)
++ return FALSE;
++
++ return (stat_buf_src.st_dev == stat_buf_target.st_dev) &&
++ (stat_buf_src.st_ino == stat_buf_target.st_ino);
++}
++
+ static gboolean
+ add_bwrap (GPtrArray *array,
+ ScriptExec *script)
+ {
++ const char * const usrmerged_dirs[] = { "bin", "lib64", "lib", "sbin" };
++ int i;
++
+ g_return_val_if_fail (script->outdir != NULL, FALSE);
+ g_return_val_if_fail (script->s_infile != NULL, FALSE);
+
+ add_args (array,
+ "bwrap",
+ "--ro-bind", "/usr", "/usr",
+- "--ro-bind", "/lib", "/lib",
+- "--ro-bind", "/lib64", "/lib64",
++ "--ro-bind", "/etc/ld.so.cache", "/etc/ld.so.cache",
++ NULL);
++
++ /* These directories might be symlinks into /usr/... */
++ for (i = 0; i < G_N_ELEMENTS (usrmerged_dirs); i++)
++ {
++ g_autofree char *absolute_dir = g_strdup_printf ("/%s",
usrmerged_dirs[i]);
++
++ if (!g_file_test (absolute_dir, G_FILE_TEST_EXISTS))
++ continue;
++
++ if (path_is_usrmerged (absolute_dir))
++ {
++ g_autofree char *symlink_target = g_strdup_printf ("/usr/%s",
absolute_dir);
++
++ add_args (array,
++ "--symlink", symlink_target, absolute_dir,
++ NULL);
++ }
++ else
++ {
++ add_args (array,
++ "--ro-bind", absolute_dir, absolute_dir,
++ NULL);
++ }
++ }
++
++ /* fontconfig cache if necessary */
++ if (!g_str_has_prefix (FONTCONFIG_CACHE_PATH, "/usr/"))
++ add_args (array, "--ro-bind-try", FONTCONFIG_CACHE_PATH,
FONTCONFIG_CACHE_PATH, NULL);
++
++ add_args (array,
+ "--proc", "/proc",
+ "--dev", "/dev",
+- "--symlink", "usr/bin", "/bin",
+- "--symlink", "usr/sbin", "/sbin",
+ "--chdir", "/",
+ "--setenv", "GIO_USE_VFS", "local",
+ "--unshare-all",
+diff --git a/src/gnome-desktop/gnome-desktop-thumbnail.c
b/src/gnome-desktop/gnome-desktop-thumbnail.c
+index b31bad5..566fbeb 100644
+--- a/src/gnome-desktop/gnome-desktop-thumbnail.c
++++ b/src/gnome-desktop/gnome-desktop-thumbnail.c
+@@ -969,6 +969,8 @@ get_preview_thumbnail (const char *uri,
+
+ object = g_file_info_get_attribute_object (file_info,
+ G_FILE_ATTRIBUTE_PREVIEW_ICON);
++ if (object)
++ g_object_ref (object);
+ g_object_unref (file_info);
+
+ if (!object)
