916076 – app-misc/tracker-miners-3.5.4 security stabilization

Bug 916076 - app-misc/tracker-miners-3.5.4 security stabilization

Summary: app-misc/tracker-miners-3.5.4 security stabilization

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Stabilization (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Linux Gnome Desktop Team

URL:
Whiteboard:
Keywords:	CC-ARCHES, SECURITY

Depends on:	922509
Blocks:	CVE-2023-5557
	Show dependency tree

Reported:	2023-10-21 21:45 UTC by Mart Raudsepp
Modified:	2024-03-22 13:35 UTC (History)
CC List:	2 users (show)

See Also:
Package list:	app-misc/tracker-miners-3.5.4
Runtime testing required:	---

Flags:	nattka: sanity-check-

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Mart Raudsepp gentoo-dev

2023-10-21 21:45:23 UTC

app-misc/tracker-miners-3.5.3 includes the sandboxing tightening to disallow cases like bug 915500 from becoming a one-click RCE via tracker-miners.

Comment 1 Mart Raudsepp gentoo-dev

2023-10-30 11:35:04 UTC

Postponing due to this info from the security bug:

As usual with seccomp, a bunch of issues have cropped up with the fix here:
* https://gitlab.gnome.org/GNOME/tracker-miners/-/issues/280
* https://gitlab.gnome.org/GNOME/tracker-miners/-/issues/281
* https://gitlab.gnome.org/GNOME/tracker-miners/-/issues/283
* https://gitlab.gnome.org/GNOME/tracker-miners/-/issues/284
* https://gitlab.gnome.org/GNOME/tracker-miners/-/issues/288
* https://gitlab.gnome.org/GNOME/tracker-miners/-/issues/287
* https://gitlab.gnome.org/GNOME/tracker-miners/-/issues/285
* https://gitlab.gnome.org/GNOME/tracker-miners/-/issues/289

Comment 2 NATTkA bot gentoo-dev

2023-10-30 11:40:10 UTC Comment hidden (obsolete)

Keywords are not fully specified and arches are not CC-ed for the following packages:

- =app-misc/tracker-miners-3.5.3

Comment 3 Mart Raudsepp gentoo-dev

2023-11-08 11:05:51 UTC

Lets go with 3.5.4

Comment 4 matoro archtester

2023-12-15 23:19:24 UTC

This needs https://gitlab.gnome.org/GNOME/tracker-miners/-/merge_requests/407

Comment 5 NATTkA bot gentoo-dev

2024-03-02 22:36:22 UTC

Unable to check for sanity:

> no match for package: app-misc/tracker-miners-3.5.4

Comment 6 Arthur Zamarin archtester

2024-03-22 13:21:02 UTC

I think this bug can be closed, since the only version in tree is 3.6.2