a typo in evince-previewer.desktop breaks /etc/mailcap

Bug #1716357 reported by Esko Järnfors on 2017-09-11
24
This bug affects 3 people
Affects Status Importance Assigned to Milestone
evince (Ubuntu)
Medium
Unassigned
Xenial
Medium
Unassigned
Zesty
Medium
Unassigned

Bug Description

* Impact
there is an extra ";" in the mimetype list leading to a buggy mailcap entry

* Test case:
check if /etc/mailcap contains a line
"; evince-previewer %s; test=test -n "$DISPLAY""

* regression potentiel
check that evince is correcly used when trying to open file associated to it

-----------------

Release version: Ubuntu 16.04.3 LTS
Package version: 3.18.2-1ubuntu4.1

/usr/share/applications/evince-previewer.desktop comes from the evince package. It has an empty entry in mime types between application/x-ext-cb7 and application/oxps.

===8<===
...
MimeType=application/pdf;application/x-bzpdf;application/x-gzpdf;application/x-xzpdf;application/x-ext-pdf;application/postscript;application/x-bzpostscript;application/x-gzpostscript;image/x-eps;image/x-bzeps;image/x-gzeps;application/x-ext-ps;application/x-ext-eps;application/x-dvi;application/x-bzdvi;application/x-gzdvi;application/x-ext-dvi;image/vnd.djvu;application/x-ext-djv;application/x-ext-djvu;image/tiff;application/x-cbr;application/x-cbz;application/x-cb7;application/x-ext-cbr;application/x-ext-cbz;application/x-ext-cb7;;application/oxps;application/vnd.ms-xpsdocument;
...
===>8===

This entry gets included in /etc/mailcap via update-mime trigger from the package mime-support and the result is a broken line:

===8<===
...
application/x-ext-cb7; evince-previewer %s; test=test -n "$DISPLAY"
; evince-previewer %s; test=test -n "$DISPLAY"
application/oxps; evince-previewer %s; test=test -n "$DISPLAY"
...
===>8===

Some programs that use /etc/mailcap get confused by the broken line so it would be nice if the typo it originates from was fixed.

The expected result in /etc/mailcap from running update-mime:
===8<===
...
application/x-ext-cb7; evince-previewer %s; test=test -n "$DISPLAY"
application/oxps; evince-previewer %s; test=test -n "$DISPLAY"
...
===>8===

CVE References

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in evince (Ubuntu):
status: New → Confirmed

The attachment "A patch for configure.ac that fixes this issue." seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

tags: added: patch
Changed in evince (Ubuntu):
importance: Undecided → Low
Sebastien Bacher (seb128) wrote :

That's a regression from CVE-2017-1000083.patch, upstream fixed it with
https://git.gnome.org/browse/evince/commit/?h=gnome-3-20&id=ef6c1d98

Steve, how do we handle regression due to security uploads like that? (the problem is minor but ideally should be addressed)

Changed in evince (Ubuntu):
assignee: nobody → Steve Beattie (sbeattie)
Kenrick Bingham (loxo) wrote :

Please observe that this bug causes all lines in /etc/mailcap after the broken line to be skipped. Therefore it also prevents other mime type files from being opened by the intended application.

(In my case, I ran into this because alpine start saying that it did not know how to handle files of type Application/VND.OPENXMLFORMATS-OFFICEDOCUMENT.WORDPROCESSINGML.DOCUMENT, even though /etc/mailcap contains the proper line, evoking soffice.)

Would this raise the importance of the bug?

Sebastien Bacher (seb128) wrote :

I've uploaded a SRU bugfix for xenial

Changed in evince (Ubuntu):
status: Confirmed → Fix Committed
description: updated
Changed in evince (Ubuntu):
assignee: Steve Beattie (sbeattie) → Sebastien Bacher (seb128)
Chris J Arges (arges) wrote :

Does this also affect Artful? Looks like Zesty is also affected.

Changed in evince (Ubuntu Xenial):
importance: Undecided → Medium
Changed in evince (Ubuntu Zesty):
importance: Undecided → Medium
Changed in evince (Ubuntu):
importance: Low → Medium
Steve Beattie (sbeattie) wrote :

Yes, zesty is affected. artful is not affected, as upstream did not apply the fix for CVE-2017-1000083 to trunk, due to the introduction of using libarchive by default. trusty is also not affected, as the mime types configure processing is handled differently there.

Sebastien Bacher (seb128) wrote :

it's fixed in artful, it might affect zesty but I don't think it's important enough to be fixed in a non LTS which is about to become the non current one

Brian Murray (brian-murray) wrote :

Xenial to Zesty is still a supported upgrade path though.

Brian Murray (brian-murray) wrote :

Additionally, if it is a regression due to an update in zesty it certainly should be fixed there.

Sebastien Bacher (seb128) wrote :

Well, feel free to work on a zesty update, I just don't intend to spend effort on a non LTS-version which is going to be the non current one before the SRU is in updates

Changed in evince (Ubuntu):
assignee: Sebastien Bacher (seb128) → nobody
Sebastien Bacher (seb128) wrote :

unassigning myself so others are free to take on and do the extra work requested

Hello Esko, or anyone else affected,

Accepted evince into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/evince/3.18.2-1ubuntu4.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in evince (Ubuntu Xenial):
status: New → Fix Committed
tags: added: verification-needed verification-needed-xenial
Brian Murray (brian-murray) wrote :

I ended up doing the extra work myself.

Changed in evince (Ubuntu Zesty):
status: New → Fix Committed
tags: added: verification-needed-zesty
Brian Murray (brian-murray) wrote :

Hello Esko, or anyone else affected,

Accepted evince into zesty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/evince/3.24.0-0ubuntu1.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-zesty to verification-done-zesty. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-zesty. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Kenrick Bingham (loxo) wrote :

Tested version 3.18.2-1ubuntu4.2 (packages evince_3.18.2-1ubuntu4.2_amd64.deb, evince-common_3.18.2-1ubuntu4.2_all.deb, libevdocument3-4_3.18.2-1ubuntu4.2_amd64.deb and libevview3-3_3.18.2-1ubuntu4.2_amd64.deb) on xenial.

It fixed the bug for me.

Thank you!

tags: added: verification-done-xenial
removed: verification-needed-xenial
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package evince - 3.18.2-1ubuntu4.2

---------------
evince (3.18.2-1ubuntu4.2) xenial; urgency=medium

  * debian/patches/git_mimetype_typo.patch:
    - remove trailing ";" which leads to non working mailcap, regression
      introduced in the previous upload (lp: #1716357)

 -- Sebastien Bacher <email address hidden> Fri, 29 Sep 2017 15:17:37 -0400

Changed in evince (Ubuntu Xenial):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for evince has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

tags: added: verification-done-zesty
removed: verification-needed-zesty
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package evince - 3.24.0-0ubuntu1.2

---------------
evince (3.24.0-0ubuntu1.2) zesty; urgency=medium

  * debian/patches/git_mimetype_typo.patch:
    - remove trailing ";" which leads to non working mailcap, regression
      introduced in the previous upload (lp: #1716357)

 -- Brian Murray <email address hidden> Fri, 13 Oct 2017 17:26:21 -0700

Changed in evince (Ubuntu Zesty):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers