Bug#990719: marked as done (unblock: tracker-miners/2.3.5-2.1)

To: Sebastian Ramacher <sramacher@respighi.debian.org>
Subject: Bug#990719: marked as done (unblock: tracker-miners/2.3.5-2.1)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Tue, 06 Jul 2021 16:57:03 +0000
Message-id: <[🔎] handler.990719.D990719.162559040117060.ackdone@bugs.debian.org>
Reply-to: 990719@bugs.debian.org
References: <E1m0oJw-00060r-Qp@respighi.debian.org> <[🔎] YOMjWwVFpXHacUjf@qwark.sigxcpu.org>

Your message dated Tue, 06 Jul 2021 16:53:16 +0000
with message-id <E1m0oJw-00060r-Qp@respighi.debian.org>
and subject line unblock tracker-miners
has caused the Debian Bug report #990719,
regarding unblock: tracker-miners/2.3.5-2.1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
990719: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990719
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: unblock: tracker-miners/2.3.5-2.1
From: Guido Günther <agx@sigxcpu.org>
Date: Mon, 5 Jul 2021 17:20:59 +0200
Message-id: <[🔎] YOMjWwVFpXHacUjf@qwark.sigxcpu.org>

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: pkg-gnome-maintainers@lists.alioth.debian.org

Please unblock package tracker-miners

[ Reason ]
The filesystem miner crashes repeatedly on (at least) arm64 and linux
5.11 or later kernels. See #983637.

Due to a missing syscall whitelist of the miner's sandbox the filesystem
tracker crashes repeatedly on startup.  This doesn't happen on bullseye
amd64 and linux 5.10 but can be reproduced on amd64 and (at least)
kernel 5.11 or later.

[ Impact ]
Makes the miner unusable but also drains the battery quickly since
systemd restarts the miner unconditionally and endlessly. This is
especially bad if core files are enabled since the writing of those
over and over drains battery even quicker.

[ Tests ]
Whether the service is up can be checked via

   systemctl start --user tracker-miner-fs.service

[ Risks ]
The proposed fix is a backport of an upstream fix so
the risk seems minimal. Theoretically allowing more
syscalls in the sandbox could open a security hole.

unblock tracker-miners/2.3.5-2.1

diff --git a/debian/changelog b/debian/changelog
index 353d69ddf..4fa33a6bd 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+tracker-miners (2.3.5-2.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * libtracker-miners-common: Add newstatat/statat64 syscalls.
+    Backport upstream commit b3fdbaf to avoid constant crashes every 2s.
+    Thanks Julian Andres Klode for forwarding this initially.
+    (Closes: #983637)
+
+ -- Guido Günther <agx@sigxcpu.org>  Mon, 05 Jul 2021 12:40:50 +0200
+
 tracker-miners (2.3.5-2) unstable; urgency=medium
 
   * Make the 'audio' tests non-fatal on powerpc and sparc64 as well
diff --git a/debian/patches/libtracker-miners-common-Add-newstatat-statat64-syscalls.patch b/debian/patches/libtracker-miners-common-Add-newstatat-statat64-syscalls.patch
new file mode 100644
index 000000000..832386d2c
--- /dev/null
+++ b/debian/patches/libtracker-miners-common-Add-newstatat-statat64-syscalls.patch
@@ -0,0 +1,24 @@
+From: Carlos Garnacho <carlosg@gnome.org>
+Date: Sun, 25 Oct 2020 15:37:13 +0100
+Subject: libtracker-miners-common: Add newstatat/statat64 syscalls
+
+These are done in recent glib versions, should be observed here.
+
+(cherry picked from commit b3fdbaf1ab23ce7191ace6db79575dfce5f90881)
+---
+ src/libtracker-miners-common/tracker-seccomp.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/libtracker-miners-common/tracker-seccomp.c b/src/libtracker-miners-common/tracker-seccomp.c
+index c0327eb..01887e8 100644
+--- a/src/libtracker-miners-common/tracker-seccomp.c
++++ b/src/libtracker-miners-common/tracker-seccomp.c
+@@ -91,6 +91,8 @@ tracker_seccomp_init (void)
+ 	/* Basic filesystem access */
+ 	ALLOW_RULE (fstat);
+ 	ALLOW_RULE (fstat64);
++	ALLOW_RULE (fstatat64);
++	ALLOW_RULE (newfstatat);
+ 	ALLOW_RULE (stat);
+ 	ALLOW_RULE (stat64);
+ 	ALLOW_RULE (statfs);
diff --git a/debian/patches/series b/debian/patches/series
index a9bd2953d..f56af3a1f 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -5,3 +5,4 @@ prefer_systemd_activation.patch
 dont_start_for_root.patch
 Don-t-immediately-restart-tracker-extract-on-SIGSYS.patch
 debian/Revert-build-Include-libdir-in-rpath.patch
+libtracker-miners-common-Add-newstatat-statat64-syscalls.patch

--- End Message ---

--- Begin Message ---

To: 990719-done@bugs.debian.org

Subject: unblock tracker-miners

From: Sebastian Ramacher <sramacher@respighi.debian.org>

Date: Tue, 06 Jul 2021 16:53:16 +0000

Message-id: <E1m0oJw-00060r-Qp@respighi.debian.org>
Unblocked.
--- End Message ---

Reply to:

References:
- Bug#990719: unblock: tracker-miners/2.3.5-2.1
  - From: Guido Günther <agx@sigxcpu.org>

Prev by Date: Bug#990766: unblock: kakoune/2020.01.16-3
Next by Date: Bug#990723: marked as done (unblock: barman/2.12-2)
Previous by thread: Bug#990719: unblock: tracker-miners/2.3.5-2.1
Next by thread: Bug#990723: unblock: barman/2.12-2
Index(es):
- Date
- Thread