Adding debian version 4:7.4.7-1+deb12u1.debian/4%7.4.7-1+deb12u1

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 28 insertions, 0 deletions

diff --git a/debian/patches/apparmor-gnupg-tofu.diff b/debian/patches/apparmor-gnupg-tofu.diff
new file mode 100644
index 000000000..a2ee52f40
--- /dev/null
+++ b/debian/patches/apparmor-gnupg-tofu.diff
@@ -0,0 +1,28 @@
+From: Benjamin Barenblat <bbaren@google.com>
+Subject: Support tofu+pgp trust model in GnuPG
+Bug-Debian: https://bugs.debian.org/955271
+Forwarded: no
+
+GnuPG supports a trust-on-first-use layer that sits on top of the
+standard PGP trust model. If this is enabled, 'gpg --list-keys' needs
+write and lock permissions on the TOFU database to return any useful
+data. Allow this access through AppArmor.
+
+--- libreoffice-7.1.2.2/sysui/desktop/apparmor/program.soffice.bin
++++ libreoffice-7.1.2.2/sysui/desktop/apparmor/program.soffice.bin
+@@ -2,6 +2,7 @@
+ #
+ #    Copyright (C) 2016 Canonical Ltd.
+ #    Copyright (C) 2018 Software in the Public Interest, Inc.
++#    Copyright (C) 2021 Google LLC
+ #
+ #    This Source Code Form is subject to the terms of the Mozilla Public
+ #    License, v. 2.0. If a copy of the MPL was not distributed with this
+@@ -215,6 +216,7 @@   profile gpg {
+ 
+     owner @{HOME}/.gnupg/* r,
+     owner @{HOME}/.gnupg/random_seed rk,
++    owner @{HOME}/.gnupg/tofu.db rwk,
+   }
+ 
+   # probably should become a subprofile like gpg above, but then it doesn't