[Pkg-gnome-extras-maintainers] Bug#1130549: evince: Thumbnails not displayed - just empty icon
Jeffrey Ratcliffe
jffry at posteo.net
Thu Mar 12 21:14:52 GMT 2026
Package: evince
Version: 49~alpha-2
Severity: normal
Dear Maintainer,
*** Reporter, please consider answering these questions, where appropriate ***
* What led up to the situation?
I upgraded to the latest version, the first using Gtk4
* What exactly did you do (or not do) that was effective (or
ineffective)?
Viewed a PDF
* What was the outcome of this action?
The main windows rendered the PDF, but an empty icon was displayed in place of
the thumbnail.
* What outcome did you expect instead?
A thumbnail of the page should have been displayed, just like in the previous
version.
*** End of the template - remove these template lines ***
-- System Information:
Debian Release: forky/sid
APT prefers testing-debug
APT policy: (500, 'testing-debug'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 6.17.13+deb14-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages evince depends on:
ii dconf-gsettings-backend [gsettings-backend] 0.49.0-4
ii evince-common 49~alpha-2
ii gsettings-desktop-schemas 50~alpha-1
ii libadwaita-1-0 1.9~beta-2
ii libc6 2.42-13
ii libcairo2 1.18.4-3
ii libevdocument-4.0-6 49~alpha-2
ii libevview-4.0-5 49~alpha-2
ii libgdk-pixbuf-2.0-0 2.44.5+dfsg-4
ii libglib2.0-0t64 2.87.2-3
ii libgnome-desktop-4-2t64 44.5-1
ii libgtk-4-1 4.21.5+ds-5
ii libpango-1.0-0 1.57.0-1
ii libsecret-1-0 0.21.7-2
ii shared-mime-info 2.4-5+b3
Versions of packages evince recommends:
ii dbus-user-session [default-dbus-session-bus] 1.16.2-4
ii dbus-x11 [dbus-session-bus] 1.16.2-4
Versions of packages evince suggests:
ii gvfs 1.59.90-3
pn nautilus-sendto <none>
ii poppler-data 0.4.12-1
pn unrar <none>
-- Configuration Files:
/etc/apparmor.d/usr.bin.evince changed:
include <tunables/global>
/usr/bin/evince flags=(complain) {
include <abstractions/audio>
include <abstractions/bash>
include <abstractions/cups-client>
include <abstractions/dbus-accessibility>
include <abstractions/evince>
include <abstractions/ibus>
include <abstractions/nameservice>
include <abstractions/ubuntu-browsers>
include <abstractions/ubuntu-console-browsers>
include <abstractions/ubuntu-email>
include <abstractions/ubuntu-console-email>
include <abstractions/ubuntu-media-players>
# allow evince to spawn browsers distributed as snaps (LP: #1794064)
include if exists <abstractions/snap_browsers>
# For now, let evince talk to any session services over dbus. We can
# blacklist any problematic ones (but note, evince uses libsecret :\)
include <abstractions/dbus-session>
include <abstractions/dbus-strict>
dbus (receive) bus=system,
# Allow getting information from various system services
dbus (send)
bus=system
member="Get*"
peer=(label=unconfined),
# Allow talking to avahi with whatever polkit allows
dbus (send)
bus=system
interface="org.freedesktop.Avahi{,.*}",
# Allow talking to colord with whatever polkit allows
dbus (send)
bus=system
interface="org.freedesktop.ColorManager{,.*}",
# Terminals for using console applications. These abstractions should ideally
# have 'ix' to restrict access to what only evince is allowed to do
include <abstractions/ubuntu-gnome-terminal>
# By default, we won't support launching a terminal program in Xterm or
# KDE's konsole. It opens up too many unnecessary files for most users.
# People who need this functionality can uncomment the following:
##include <abstractions/ubuntu-xterm>
##include <abstractions/ubuntu-konsole>
/usr/bin/evince rmPx,
/usr/bin/evince-previewer Px,
/usr/bin/papers-previewer Px,
/usr/bin/yelp Cx -> sanitized_helper,
/usr/bin/bug-buddy px,
# 'Show Containing Folder' (LP: #1022962)
/usr/bin/nautilus Cx -> sanitized_helper, # Gnome
/usr/bin/pcmanfm Cx -> sanitized_helper, # LXDE
/usr/bin/krusader Cx -> sanitized_helper, # KDE
/usr/bin/thunar Cx -> sanitized_helper, # XFCE
# Print Dialog
/usr/lib/@{multiarch}/libproxy/*/pxgsettings Cx -> sanitized_helper,
# For Xubuntu to launch the browser
include <abstractions/exo-open>
# For text attachments
/usr/bin/gedit ixr,
# For Send to
/usr/bin/nautilus-sendto Cx -> sanitized_helper,
# GLib desktop launch helper (used under the hood by g_app_info_launch)
/usr/lib/@{multiarch}/glib-[0-9]*/gio-launch-desktop rmix,
/usr/bin/env ixr,
# allow directory listings (ie 'r' on directories) so browsing via the file
# dialog works
/ r,
/**/ r,
# This is need for saving files in your home directory without an extension.
# Changing this to '@{HOME}/** r' makes it require an extension and more
# secure (but with 'rw', we still have abstractions/private-files-strict in
# effect).
owner @{HOME}/** rw,
owner /media/** rw,
owner @{HOME}/.local/share/gvfs-metadata/** l,
owner /{,var/}run/user/*/gvfs-metadata/** l,
owner @{HOME}/.gnome2/evince/* rwl,
owner @{HOME}/.gnome2/accels/ rw,
owner @{HOME}/.gnome2/accelsevince rw,
owner @{HOME}/.gnome2/accels/evince rw,
# Maybe add to an abstraction?
/etc/dconf/** r,
owner @{HOME}/.cache/dconf/user rw,
owner @{HOME}/.config/dconf/user r,
owner @{HOME}/.config/enchant/* rk,
owner /{,var/}run/user/*/dconf/ w,
owner /{,var/}run/user/*/dconf/user rw,
owner /{,var/}run/user/*/dconf-service/keyfile/ w,
owner /{,var/}run/user/*/dconf-service/keyfile/user rw,
owner /{,var/}run/user/*/at-spi2-*/ rw,
owner /{,var/}run/user/*/at-spi2-*/** rw,
# Allow access to the non-abstract D-Bus socket used by at-spi > 2.42.0
# https://gitlab.gnome.org/GNOME/at-spi2-core/-/issues/43
owner /{,var/}run/user/*/at-spi/bus* rw,
# from http://live.gnome.org/Evince/SupportedDocumentFormats. Allow
# read and write for all supported file formats
/**.[aA][iI] rw,
/**.[bB][mM][pP] rw,
/**.[dD][jJ][vV][uU] rw,
/**.[dD][vV][iI] rw,
/**.[gG][iI][fF] rw,
/**.[jJ][pP][gG] rw,
/**.[jJ][pP][eE][gG] rw,
/**.[oO][dD][pP] rw,
/**.[fFpP][dD][fF] rw,
/**.[pP][nN][mM] rw,
/**.[pP][nN][gG] rw,
/**.[pP][sS] rw,
/**.[eE][pP][sS] rw,
/**.[tT][iI][fF] rw,
/**.[tT][iI][fF][fF] rw,
/**.[xX][pP][mM] rw,
/**.[gG][zZ] rw,
/**.[bB][zZ]2 rw,
/**.[cC][bB][rRzZ7] rw,
/**.[xX][zZ] rw,
# evince creates a temporary stream file like '.goutputstream-XXXXXX' in the
# directory a file is saved. This allows that behavior.
owner /**/.goutputstream-* w,
# allow evince to spawn browsers distributed as snaps (LP: #1794064)
/{,snap/core/[0-9]*/,snap/snapd/[0-9]*/}usr/bin/snap mrCx -> snap_browsers,
}
/usr/bin/evince-previewer flags=(complain) {
include <abstractions/audio>
include <abstractions/bash>
include <abstractions/cups-client>
include <abstractions/dbus-accessibility>
include <abstractions/evince>
include <abstractions/ibus>
include <abstractions/nameservice>
include <abstractions/ubuntu-browsers>
include <abstractions/ubuntu-console-browsers>
include <abstractions/ubuntu-email>
include <abstractions/ubuntu-console-email>
include <abstractions/ubuntu-media-players>
# For now, let evince talk to any session services over dbus. We can
# blacklist any problematic ones (but note, evince uses libsecret :\)
include <abstractions/dbus-session>
include <abstractions/dbus-strict>
dbus (receive) bus=system,
# Allow getting information from various system services
dbus (send)
bus=system
member="Get*"
peer=(label=unconfined),
# Allow talking to avahi with whatever polkit allows
dbus (send)
bus=system
interface="org.freedesktop.Avahi{,.*}",
# Allow talking to colord with whatever polkit allows
dbus (send)
bus=system
interface="org.freedesktop.ColorManager{,.*}",
# Terminals for using console applications. These abstractions should ideally
# have 'ix' to restrict access to what only evince is allowed to do
include <abstractions/ubuntu-gnome-terminal>
# By default, we won't support launching a terminal program in Xterm or
# KDE's konsole. It opens up too many unnecessary files for most users.
# People who need this functionality can uncomment the following:
##include <abstractions/ubuntu-xterm>
/usr/bin/evince-previewer mr,
/usr/bin/yelp Cx -> sanitized_helper,
/usr/bin/bug-buddy px,
# Lenient, but remember we still have abstractions/private-files-strict in
# effect). Write is needed for 'print to file' from the previewer.
@{HOME}/ r,
@{HOME}/** rw,
# Maybe add to an abstraction?
owner /{,var/}run/user/*/dconf/ w,
owner /{,var/}run/user/*/dconf/user rw,
}
/usr/bin/evince-thumbnailer flags=(complain) {
include <abstractions/base>
include <abstractions/private-files-strict>
include <abstractions/fonts>
deny @{HOME}/.{,cache/}fontconfig/** wl,
deny @{HOME}/missfont.log wl,
include <abstractions/dbus-session-strict>
dbus (receive) bus=session,
dbus (send)
bus=session
path="/org/gtk/vfs/mounttracker"
interface="org.gtk.vfs.MountTracker"
member="ListMountableInfo"
peer=(label=unconfined),
# updating gvfs-metadata for thumbnails is unneeded, so explicitly deny it
deny dbus (send)
bus=session
path="/org/gtk/vfs/metadata"
interface="org.gtk.vfs.Metadata"
member="GetTreeFromDevice"
peer=(label=unconfined),
deny @{HOME}/.local/share/gvfs-metadata/* r,
dbus (send)
bus=session
path="/org/gtk/vfs/Daemon"
interface="org.gtk.vfs.Daemon"
member="List*"
peer=(label=unconfined),
# The thumbnailer doesn't need access to everything in the nameservice
# abstraction. Allow reading of /etc/passwd and /etc/group, but suppress
# logging denial of nsswitch.conf.
/etc/passwd r,
/etc/group r,
deny /etc/nsswitch.conf r,
# TCP/UDP network access for NFS
network inet stream,
network inet6 stream,
network inet dgram,
network inet6 dgram,
/etc/papersize r,
/usr/bin/evince-thumbnailer mr,
/etc/texmf/ r,
/etc/texmf/** r,
/etc/xpdf/* r,
/usr/bin/gs-esp ixr,
# Silence these denials since 'no new privs' drops transitions to
# sanitized_helper, we don't want all those perms in the thumbnailer
# and the thumbnailer generates thumbnails without these just fine.
deny /usr/bin/mktexpk x,
deny /usr/bin/mktextfm x,
deny /usr/bin/dvipdfm x,
deny /usr/bin/dvipdfmx x,
deny /usr/bin/mkofm x,
# supported archivers
/{usr/,}bin/gzip ixr,
/{usr/,}bin/bzip2 ixr,
/usr/bin/unrar* ixr,
/usr/bin/unzip ixr,
/usr/bin/7zr ixr,
/usr/lib/p7zip/7zr ixr,
/usr/bin/7za ixr,
/usr/lib/p7zip/7za ixr,
/usr/bin/zipnote ixr,
/{usr/,}bin/tar ixr,
/usr/bin/xz ixr,
# miscellaneous access for the above
owner @{PROC}/@{pid}/fd/ r,
owner @{PROC}/@{pid}/mountinfo r,
/sys/devices/system/cpu/ r,
# allow read access to anything in /usr/share, for plugins and input methods
/usr/local/share/** r,
/usr/share/** r,
/usr/lib/ghostscript/** mr,
/var/lib/ghostscript/** r,
/var/lib/texmf/** r,
# from http://live.gnome.org/Evince/SupportedDocumentFormats. Allow
# read for all supported file formats
/**.[bB][mM][pP] r,
/**.[dD][jJ][vV][uU] r,
/**.[dD][vV][iI] r,
/**.[gG][iI][fF] r,
/**.[jJ][pP][gG] r,
/**.[jJ][pP][eE][gG] r,
/**.[oO][dD][pP] r,
/**.[fFpP][dD][fF] r,
/**.[pP][nN][mM] r,
/**.[pP][nN][gG] r,
/**.[pP][sS] r,
/**.[eE][pP][sS] r,
/**.[eE][pP][sS][fFiI23] r,
/**.[tT][iI][fF] r,
/**.[tT][iI][fF][fF] r,
/**.[xX][pP][mM] r,
/**.[gG][zZ] r,
/**.[bB][zZ]2 r,
/**.[cC][bB][rRtTzZ7] r,
/**.[xX][zZ] r,
owner @{HOME}/.texlive*/** r,
owner @{HOME}/.texmf*/** r,
owner @{HOME}/.local/share/{,flatpak/exports/share/}mime/** r,
owner @{HOME}/.local/share/{,flatpak/exports/share/}mime/** r,
# With the network rules above, this allows data exfiltration for files
# not covered by private-files-strict.
@{HOME}/ r,
owner @{HOME}/[^.]** r,
owner /media/** r,
owner /tmp/.gnome_desktop_thumbnail* w,
owner /tmp/gnome-desktop-* rw,
owner /tmp/evince-thumbnailer*/{,**} rw,
# these happen post pivot_root
/ r,
deny /missfont.log w,
# Site-specific additions and overrides. See local/README for details.
include <local/usr.bin.evince>
}
-- no debconf information
More information about the pkg-gnome-extras-maintainers
mailing list