From edaebb65d92a48d7075c8c1f64c5ffd87054827b Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 7 Apr 2024 11:07:31 +0200 Subject: Adding debian version 4:7.4.7-1+deb12u1. Signed-off-by: Daniel Baumann --- debian/patches/apparmor-gnupg-tofu.diff | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 debian/patches/apparmor-gnupg-tofu.diff (limited to 'debian/patches/apparmor-gnupg-tofu.diff') diff --git a/debian/patches/apparmor-gnupg-tofu.diff b/debian/patches/apparmor-gnupg-tofu.diff new file mode 100644 index 000000000..a2ee52f40 --- /dev/null +++ b/debian/patches/apparmor-gnupg-tofu.diff @@ -0,0 +1,28 @@ +From: Benjamin Barenblat +Subject: Support tofu+pgp trust model in GnuPG +Bug-Debian: https://bugs.debian.org/955271 +Forwarded: no + +GnuPG supports a trust-on-first-use layer that sits on top of the +standard PGP trust model. If this is enabled, 'gpg --list-keys' needs +write and lock permissions on the TOFU database to return any useful +data. Allow this access through AppArmor. + +--- libreoffice-7.1.2.2/sysui/desktop/apparmor/program.soffice.bin ++++ libreoffice-7.1.2.2/sysui/desktop/apparmor/program.soffice.bin +@@ -2,6 +2,7 @@ + # + # Copyright (C) 2016 Canonical Ltd. + # Copyright (C) 2018 Software in the Public Interest, Inc. ++# Copyright (C) 2021 Google LLC + # + # This Source Code Form is subject to the terms of the Mozilla Public + # License, v. 2.0. If a copy of the MPL was not distributed with this +@@ -215,6 +216,7 @@ profile gpg { + + owner @{HOME}/.gnupg/* r, + owner @{HOME}/.gnupg/random_seed rk, ++ owner @{HOME}/.gnupg/tofu.db rwk, + } + + # probably should become a subprofile like gpg above, but then it doesn't -- cgit v1.2.3