--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: buster-pu: package geoclue-2.0/2.5.2-1
- From: Laurent Bigonville <bigon@debian.org>
- Date: Fri, 25 Dec 2020 22:29:05 +0100
- Message-id: <160893174552.636755.10825466249970838913.reportbug@edoras.bigon.be>
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian.org@packages.debian.org
Usertags: pu
Hello,
[ Reason ]
There are currently several issues with geoclue-2.0 in debian buster:
1) The daemon is not respecting the user choice to not query the
location, that could be seen as a privacy/GDPR breach as it contacts MLS
and sends data (ESSID,..) to them without explicit approval. This is
only happening for "system" (non-flatpak) applications.
2) The indicator (in the gnome-shell,...) showing that geoclue is active
and looking for the location of the computer is never turned on.
3) This version of geoclue is using a generic Mozilla Location service
API key, Mozilla would like us to use a dedicated key for geoclue in
debian: https://gitlab.freedesktop.org/geoclue/geoclue/-/issues/136
[ Impact ]
There is a privacy issue and also the risk that geoclue might stop
working overnight when MLS revoke the API key currently used.
[ Tests ]
Smoke testing on a debian buster VM
[ Risks ]
The changes are minimal and straightforward. All the patches have been
backported from upstream git repository
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
[ Changes ]
1) The biggest change is the fact that the daemon will now query the
"agent" (gnome-shell or other) to check the user preference about the
usage of geolocation before querying the location (and contacting MLS).
2) The "in_use" property is set now when there is a client requesting
the location connected.
3) We also change the MLS API key to the one generated especially for
debian and stop exposing it in the configuration file. While testing, I
discovered that the daemon is crashing if submission-url is not defined
in the configuration file, this is fixed as well.
[ Other info ]
NA
-- System Information:
Debian Release: bullseye/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 5.9.0-5-amd64 (SMP w/8 CPU threads)
Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8), LANGUAGE=fr_BE:fr
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: SELinux: enabled - Mode: Permissive - Policy name: refpolicy
diff --git a/debian/README.Debian b/debian/README.Debian
new file mode 100644
index 0000000..7f1315b
--- /dev/null
+++ b/debian/README.Debian
@@ -0,0 +1,8 @@
+geoclue-2.0 for Debian
+---------------------
+
+geoclue uses the Mozilla Location Service (MLS) to estimate the location of
+your computer. Please refer to the Privacy Notice on the Mozilla website for
+all privacy concerns: https://location.services.mozilla.com/privacy
+
+ -- Laurent Bigonville <bigon@debian.org> Thu, 23 Apr 2020 14:28:03 +0200
diff --git a/debian/changelog b/debian/changelog
index 02ce138..4b654ce 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,21 @@
+geoclue-2.0 (2.5.2-1+deb10u1) buster; urgency=medium
+
+ * debian/README.Debian: Add information about MLS and a link to the service
+ Privacy Notice page
+ * Check the maximum allowed accuracy level even for system applications.
+ Respect the value of the user preference concerning the usage of their
+ geolocation. This should fix the privacy and GDPR conformity concerns as
+ the user explicitly needs to enable the option.
+ Note that there is no distinction between the system applications
+ anymore, turning on the option is allowing them all to get the location.
+ (Closes: #924516, #958497)
+ * d/p/: Add a patch to make the Mozilla API key configurable
+ * debian/rules: Use the key that has been allocated to debian for MLS queries
+ * d/p: Add an upstream patch to fix the display of the usage indicator
+ * Fix crash if submission-url is not set in the config, patch from upstream
+
+ -- Laurent Bigonville <bigon@debian.org> Fri, 25 Dec 2020 17:19:50 +0100
+
geoclue-2.0 (2.5.2-1) unstable; urgency=medium
* [da1f3cfb] New upstream version 2.5.2
diff --git a/debian/patches/0001-service-Check-the-maximum-allowed-accuracy-level-eve.patch b/debian/patches/0001-service-Check-the-maximum-allowed-accuracy-level-eve.patch
new file mode 100644
index 0000000..f4183d8
--- /dev/null
+++ b/debian/patches/0001-service-Check-the-maximum-allowed-accuracy-level-eve.patch
@@ -0,0 +1,70 @@
+From: Laurent Bigonville <bigon@bigon.be>
+Date: Fri, 23 Oct 2020 21:37:12 +0200
+Subject: service: Check the maximum allowed accuracy level even for system
+ apps
+
+We need to check the maximum allowed accuracy even for system apps
+otherwise the user cannot disable the geolocalization for these
+(max_accuracy set to 0)
+
+Fix: https://gitlab.freedesktop.org/geoclue/geoclue/-/issues/111
+---
+ src/gclue-service-client.c | 16 +++++-----------
+ 1 file changed, 5 insertions(+), 11 deletions(-)
+
+diff --git a/src/gclue-service-client.c b/src/gclue-service-client.c
+index 247fdb6..62ea932 100644
+--- a/src/gclue-service-client.c
++++ b/src/gclue-service-client.c
+@@ -447,6 +447,7 @@ handle_post_agent_check_auth (StartData *data)
+ GClueConfig *config;
+ GClueAppPerm app_perm;
+ guint32 uid;
++ gboolean system_app;
+
+ uid = gclue_client_info_get_user_id (priv->client_info);
+ max_accuracy = gclue_agent_get_max_accuracy_level (priv->agent_proxy);
+@@ -471,8 +472,11 @@ handle_post_agent_check_auth (StartData *data)
+ app_perm = gclue_config_get_app_perm (config,
+ data->desktop_id,
+ priv->client_info);
++ system_app = (gclue_client_info_get_xdg_id (priv->client_info) == NULL);
+
+- if (app_perm == GCLUE_APP_PERM_ALLOWED) {
++ if (app_perm == GCLUE_APP_PERM_ALLOWED || system_app) {
++ /* Since we have no reliable way to identify system apps, no
++ * need for auth for them. */
+ complete_start (data);
+ return;
+ }
+@@ -556,7 +560,6 @@ gclue_service_client_handle_start (GClueDBusClient *client,
+ const char *desktop_id;
+ GClueAppPerm app_perm;
+ guint32 uid;
+- gboolean system_app = FALSE;
+
+ if (priv->locator != NULL) {
+ /* Already started */
+@@ -569,7 +572,6 @@ gclue_service_client_handle_start (GClueDBusClient *client,
+ if (desktop_id == NULL) {
+ /* Non-xdg app */
+ desktop_id = gclue_dbus_client_get_desktop_id (client);
+- system_app = TRUE;
+ }
+
+ if (desktop_id == NULL) {
+@@ -605,14 +607,6 @@ gclue_service_client_handle_start (GClueDBusClient *client,
+ data->accuracy_level = ensure_valid_accuracy_level
+ (data->accuracy_level, GCLUE_ACCURACY_LEVEL_EXACT);
+
+- if (system_app) {
+- /* Since we have no reliable way to identify system apps, no
+- * need for auth for them. */
+- complete_start (data);
+-
+- return TRUE;
+- }
+-
+ /* No agent == No authorization */
+ if (priv->agent_proxy == NULL) {
+ /* Already a pending Start()? Denied! */
diff --git a/debian/patches/0002-config-Make-the-Mozilla-API-key-configurable.patch b/debian/patches/0002-config-Make-the-Mozilla-API-key-configurable.patch
new file mode 100644
index 0000000..d4a8c8c
--- /dev/null
+++ b/debian/patches/0002-config-Make-the-Mozilla-API-key-configurable.patch
@@ -0,0 +1,79 @@
+From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com>
+Date: Tue, 1 Oct 2019 13:27:41 +0000
+Subject: config: Make the Mozilla API key configurable
+
+And do not expose it in the configuration file.
+---
+ data/geoclue.conf.in | 18 ++++++++++--------
+ meson.build | 1 +
+ meson_options.txt | 3 +++
+ src/gclue-config.c | 4 ++--
+ 4 files changed, 16 insertions(+), 10 deletions(-)
+
+--- a/data/geoclue.conf.in
++++ b/data/geoclue.conf.in
+@@ -42,13 +42,13 @@ enable=true
+ # Enable WiFi source
+ enable=true
+
+-# URL to the wifi geolocation service. The key can currenty be anything, just
+-# needs to be present but that is likely going to change in future.
+-url=https://location.services.mozilla.com/v1/geolocate?key=geoclue
++# URL to the WiFi geolocation service. If not set, defaults to Mozilla's
++# Location Service with a hardcoded key. To use a custom key, uncomment this URL
++# while changing YOUR_KEY to your MLS API key.
++#url=https://location.services.mozilla.com/v1/geolocate?key=YOUR_KEY
+
+-# To use the Google geolocation service instead of mozilla's, simply uncomment
+-# this url while changing API_KEY to your Google API key and comment out or
+-# remove the url above.
++# To use the Google geolocation service instead of Mozilla's, uncomment this URL
++# while changing YOUR_KEY to your Google API key.
+ #
+ # WARNING: Please make sure that you are complying with the Google's ToS and
+ # policies if you uncomment this:
+@@ -63,8 +63,10 @@ url=https://location.services.mozilla.co
+ #
+ submit-data=false
+
+-# URL to submission API of Mozilla Location Service
+-submission-url=https://location.services.mozilla.com/v1/submit?key=geoclue
++# URL to submission API of Mozilla Location Service. If not set, defaults to
++# Mozilla's API with a hardcoded key. To use a custom key, uncomment this URL
++# while changing YOUR_KEY to your MLS API key.
++#submission-url=https://location.services.mozilla.com/v1/submit?key=YOUR_KEY
+
+ # A nickname to submit network data with. This is currently used for leaderboard:
+ # https://location.services.mozilla.com/leaders
+--- a/meson.build
++++ b/meson.build
+@@ -30,6 +30,7 @@ conf.set_quoted('PACKAGE_BUGREPORT', 'ht
+ conf.set_quoted('TEST_SRCDIR', meson.source_root() + '/data/')
+ conf.set_quoted('LOCALEDIR', localedir)
+ conf.set_quoted('SYSCONFDIR', sysconfdir)
++conf.set_quoted('MOZILLA_API_KEY', get_option('mozilla-api-key'))
+ conf.set10('GCLUE_USE_3G_SOURCE', get_option('3g-source'))
+ conf.set10('GCLUE_USE_CDMA_SOURCE', get_option('cdma-source'))
+ conf.set10('GCLUE_USE_MODEM_GPS_SOURCE', get_option('modem-gps-source'))
+--- a/meson_options.txt
++++ b/meson_options.txt
+@@ -34,3 +34,6 @@ option('systemd-system-unit-dir',
+ option('dbus-srv-user',
+ type: 'string', value: 'root',
+ description: 'The user (existing) as which the service will run')
++option('mozilla-api-key',
++ type: 'string', value: 'geoclue',
++ description: 'Your API key for Mozilla Location Service')
+--- a/src/gclue-config.c
++++ b/src/gclue-config.c
+@@ -216,8 +216,8 @@ load_enable_source_config (GClueConfig *
+ return enable;
+ }
+
+-#define DEFAULT_WIFI_URL "https://location.services.mozilla.com/v1/geolocate?key=geoclue";
+-#define DEFAULT_WIFI_SUBMIT_URL "https://location.services.mozilla.com/v1/submit?key=geoclue";
++#define DEFAULT_WIFI_URL "https://location.services.mozilla.com/v1/geolocate?key="; MOZILLA_API_KEY
++#define DEFAULT_WIFI_SUBMIT_URL "https://location.services.mozilla.com/v1/submit?key="; MOZILLA_API_KEY
+
+ static void
+ load_wifi_config (GClueConfig *config)
diff --git a/debian/patches/0003-service-Sync-in_use-property-when-apps-get-connected.patch b/debian/patches/0003-service-Sync-in_use-property-when-apps-get-connected.patch
new file mode 100644
index 0000000..1f5fcb6
--- /dev/null
+++ b/debian/patches/0003-service-Sync-in_use-property-when-apps-get-connected.patch
@@ -0,0 +1,43 @@
+From: Sujanan Bhathiya <sujananbhathiya@gmail.com>
+Date: Mon, 16 Mar 2020 17:19:30 +0530
+Subject: service: Sync in_use property when apps get connected
+
+Earlier we only synced in_use property when apps
+get deleted from the service. Here we set the in_use
+property when apps get connected to the service as well.
+This fixes the issue #112
+---
+ src/gclue-service-manager.c | 13 +++++++++++++
+ 1 file changed, 13 insertions(+)
+
+diff --git a/src/gclue-service-manager.c b/src/gclue-service-manager.c
+index d7f5e55..849debd 100644
+--- a/src/gclue-service-manager.c
++++ b/src/gclue-service-manager.c
+@@ -140,6 +140,14 @@ delete_client (GClueServiceManager *manager,
+ sync_in_use_property (manager);
+ }
+
++static void
++on_client_notify_active (GObject *gobject,
++ GParamSpec *pspec,
++ gpointer user_data)
++{
++ sync_in_use_property (GCLUE_SERVICE_MANAGER (user_data));
++}
++
+ static void
+ on_peer_vanished (GClueClientInfo *info,
+ gpointer user_data)
+@@ -216,6 +224,11 @@ complete_get_client (OnClientInfoNewReadyData *data)
+ }
+ g_debug ("Number of connected clients: %u", priv->num_clients);
+
++ g_signal_connect (client,
++ "notify::active",
++ G_CALLBACK (on_client_notify_active),
++ data->manager);
++
+ g_signal_connect (info,
+ "peer-vanished",
+ G_CALLBACK (on_peer_vanished),
diff --git a/debian/patches/0005-config-Clear-error-after-submission-URL-lookup-fails.patch b/debian/patches/0005-config-Clear-error-after-submission-URL-lookup-fails.patch
new file mode 100644
index 0000000..a438ce3
--- /dev/null
+++ b/debian/patches/0005-config-Clear-error-after-submission-URL-lookup-fails.patch
@@ -0,0 +1,23 @@
+From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com>
+Date: Tue, 1 Oct 2019 13:42:11 +0000
+Subject: config: Clear error after submission URL lookup fails
+
+Otherwise we have a dangling pointer causing a crash when the error
+value is reused.
+---
+ src/gclue-config.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/gclue-config.c b/src/gclue-config.c
+index df4adcc..9ae2367 100644
+--- a/src/gclue-config.c
++++ b/src/gclue-config.c
+@@ -255,7 +255,7 @@ load_wifi_config (GClueConfig *config)
+ &error);
+ if (error != NULL) {
+ g_debug ("No wifi submission URL: %s", error->message);
+- g_error_free (error);
++ g_clear_error (&error);
+ priv->wifi_submit_url = g_strdup (DEFAULT_WIFI_SUBMIT_URL);
+ }
+
diff --git a/debian/patches/series b/debian/patches/series
index 3a75c3b..a63e750 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1 +1,5 @@
02-move-demo-lib.patch
+0001-service-Check-the-maximum-allowed-accuracy-level-eve.patch
+0002-config-Make-the-Mozilla-API-key-configurable.patch
+0003-service-Sync-in_use-property-when-apps-get-connected.patch
+0005-config-Clear-error-after-submission-URL-lookup-fails.patch
diff --git a/debian/rules b/debian/rules
index 0580fc3..440da91 100755
--- a/debian/rules
+++ b/debian/rules
@@ -16,12 +16,22 @@ ifneq ($(filter nodoc, $(DEB_BUILD_OPTIONS)),)
BUILD_DOC := -Dgtk-doc=false
endif
+# The following API key has been allocated for Debian only
+# If you are a derivative, please request your own key as discussed here:
+# https://gitlab.freedesktop.org/geoclue/geoclue/-/issues/136
+# See also: https://location.services.mozilla.com/api and
+# https://blog.mozilla.org/services/2019/09/03/a-new-policy-for-mozilla-location-service/
+ifeq ($(shell dpkg-vendor --query vendor),Debian)
+ MLS_API_KEY := -Dmozilla-api-key=484bfbac-6433-4492-aed3-16cc094eff93
+endif
+
override_dh_auto_configure:
dh_auto_configure -- --libexecdir=/usr/lib/geoclue-2.0 \
-Ddbus-srv-user=geoclue \
-Dsystemd-system-unit-dir=/lib/systemd/system \
${BUILD_DOC} \
- ${MM_NM_FLAGS}
+ ${MM_NM_FLAGS} \
+ ${MLS_API_KEY}
override_dh_auto_test:
# testsuite fails on missing latitude (et.al)
--- End Message ---