[pkg-apparmor] Bug#805546: apparmor-profiles-extra: AppArmor profile prevents pidgin from starting

intrigeri intrigeri at boum.org
Fri Jun 24 15:51:42 UTC 2016


Hi pidgin-sipe maintainers!

intrigeri wrote (30 Dec 2015 11:32:19 GMT) :
> Guido Günther wrote (19 Nov 2015 13:29:13 GMT) :
>> $ dpkg -S  /usr/bin/pidgin.orig 
>> diversion by pidgin-sipe from: /usr/bin/pidgin
>> diversion by pidgin-sipe to: /usr/bin/pidgin.orig

>> It's a shell wrapper:

>> ----
>> #!/bin/bash

>> CONF=/etc/default/pidgin-sipe

>> if [[ -r $CONF ]]
>> then
>>         . $CONF 
>> fi

>> /usr/bin/pidgin.orig $*
>> ----                        

> OK, got it, thanks! I had a quick look.

> It seems that this wrapper [1] and the corresponding 'default' file
> [2] were introduced three years ago in pidgin-sipe 1.13.1-2.1, as
> a way to make it slightly easier for users of to communicate with
> Microsoft OCS/Lync servers that had not got the fixes for the BEAST
> attack (CVE-2011-3389) yet. This workaround that apparently was meant
> to be temporary [3]. My understanding is that Microsoft published the
> fixes needed server-side on 2012-01-10 ([4], [5]). I would hope that
> the server-side situation has evolved a bit in four years, wrt.
> supporting BEAST fixes.

> With this in mind, I'm not super excited at the idea of modifying the
> Pidgin profile to support this possibly obsolete workaround: I'd like
> to first see its relevance reconsidered among pidgin-sipe maintainers.
> Was it done recently?

> If they decide it's worth keeping the workaround in testing/sid, then
> yay, why not, let's check what exact modifications the dpkg-divert
> + wrapper technique requires on our side, and consider adding them to
> the profile somehow (possibly #include'ing a file that could be
> shipped by pidgin-sipe?).

> Fair enough?

> [1] https://sources.debian.net/src/pidgin-sipe/1.20.0-2/debian/extra/pidgin/
> [2] https://sources.debian.net/src/pidgin-sipe/1.20.0-2/debian/extra/pidgin-sipe/
> [3] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642199#76
> [4] https://technet.microsoft.com/library/security/ms12-006
> [5] https://support.microsoft.com/en-us/kb/2643584

Ping?

Cheers,
--
intrigeri



More information about the pkg-apparmor-team mailing list