Bug#1064259: Remove spurious Depends: bubblewrap (it moved to libgnome-desktop-*)
Trent W. Buck
trentbuck at gmail.com
Mon Feb 19 06:29:46 GMT 2024
Package: nautilus
Version: 43.2-1
Severity: minor
Right now nautilus has Depends: bubblewrap, but it doesn't actually use bubblewrap.
https://salsa.debian.org/search?search=bubblewrap&nav_source=navbar&project_id=5329&group_id=2002&search_code=true&repository_ref=debian%2Flatest
This happened because nautilus used to contain an embedded copy of libgnome-desktop.
That was fixed, but the bubblewrap dependency was not removed.
https://salsa.debian.org/gnome-team/nautilus/-/commit/673c81cf9f1d68b71041220e6e44624dee44dbfc (libgnome-desktop embedded, bwrap required)
https://salsa.debian.org/gnome-team/nautilus/-/commit/4eb2d8705b7f799a16046b316a16ebde3af8dd0e (bwrap dependency documented)
https://salsa.debian.org/gnome-team/nautilus/-/commit/3862cf798039ccf3cb57d39400288314f04db25c (libgnome-desktop not embedded anymore, bwrap not directly required)
"libgnome-desktop* Depends: bubblewrap" provide this dependency already where it is still needed.
https://salsa.debian.org/search?search=bubblewrap&nav_source=navbar&project_id=5207&group_id=2002&search_code=true&repository_ref=debian%2Flatest
Boring context:
1. Can I use bwrap to harden XFCE's tumbler against the next
https://security-tracker.debian.org/tracker/CVE-2023-4863 ?
2. Oh, nautilus Depends: bubblewrap directly.
It's probably something simple (and steal-able!) like
nautilus.desktop: TryExec=nautilus
nautilus.desktop: Exec=bwrap ⋯ nautilus
3. Waitaminute, this isn't using bubblewrap *at all*?! >Confused<
-- System Information:
Debian Release: 12.5
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'proposed-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.5.0-0.deb12.4-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages nautilus depends on:
ii bubblewrap 0.8.0-2
ii desktop-file-utils 0.26-1
ii gsettings-desktop-schemas 43.0-1
ii gvfs 1.50.3-1
ii libadwaita-1-0 1.2.2-1
ii libc6 2.36-9+deb12u4
ii libcairo2 1.16.0-7
ii libcloudproviders0 0.3.1-2
ii libgdk-pixbuf-2.0-0 2.42.10+dfsg-1+b1
ii libgexiv2-2 0.14.0-1+b1
ii libglib2.0-0 2.74.6-2
ii libglib2.0-data 2.74.6-2
ii libgnome-autoar-0-0 0.4.3-1
ii libgnome-desktop-4-2 43.2-2
ii libgstreamer-plugins-base1.0-0 1.22.0-3+deb12u1
ii libgstreamer1.0-0 1.22.0-2
ii libgtk-4-1 4.8.3+ds-2+deb12u1
ii libnautilus-extension4 43.2-1
ii libpango-1.0-0 1.50.12+ds-1
ii libportal-gtk4-1 0.6-4
ii libportal1 0.6-4
ii libselinux1 3.4-1+b6
ii libtracker-sparql-3.0-0 3.4.2-1
ii nautilus-data 43.2-1
ii shared-mime-info 2.2-1
ii tracker 3.4.2-1
ii tracker-extract 3.4.3-1
ii tracker-miner-fs 3.4.3-1
Versions of packages nautilus recommends:
ii gnome-sushi 43.0-2
ii gvfs-backends 1.50.3-1
ii libgdk-pixbuf2.0-bin 2.42.10+dfsg-1+b1
ii librsvg2-common 2.54.7+dfsg-1~deb12u1
Versions of packages nautilus suggests:
ii eog 43.2-1
ii evince [pdf-viewer] 43.1-2+b1
pn nautilus-extension-brasero <none>
pn nautilus-sendto <none>
ii totem 43.0-2
ii vlc [mp3-decoder] 3.0.20-0+deb12u1
ii xdg-user-dirs 0.18-1
ii xpdf [pdf-viewer] 3.04+git20220601-1+b2
-- no debconf information
More information about the pkg-gnome-maintainers
mailing list