a typo in evince-previewer.desktop breaks /etc/mailcap

Status changed to 'Confirmed' because the bug affects multiple users.

The attachment "A patch for configure.ac that fixes this issue." seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

That's a regression from CVE-2017-1000083.patch, upstream fixed it with
https://git.gnome.org/browse/evince/commit/?h=gnome-3-20&id=ef6c1d98

Steve, how do we handle regression due to security uploads like that? (the problem is minor but ideally should be addressed)

Please observe that this bug causes all lines in /etc/mailcap after the broken line to be skipped. Therefore it also prevents other mime type files from being opened by the intended application.

(In my case, I ran into this because alpine start saying that it did not know how to handle files of type Application/VND.OPENXMLFORMATS-OFFICEDOCUMENT.WORDPROCESSINGML.DOCUMENT, even though /etc/mailcap contains the proper line, evoking soffice.)

Would this raise the importance of the bug?

I've uploaded a SRU bugfix for xenial

Does this also affect Artful? Looks like Zesty is also affected.

Yes, zesty is affected. artful is not affected, as upstream did not apply the fix for CVE-2017-1000083 to trunk, due to the introduction of using libarchive by default. trusty is also not affected, as the mime types configure processing is handled differently there.

it's fixed in artful, it might affect zesty but I don't think it's important enough to be fixed in a non LTS which is about to become the non current one

Xenial to Zesty is still a supported upgrade path though.

Additionally, if it is a regression due to an update in zesty it certainly should be fixed there.

Well, feel free to work on a zesty update, I just don't intend to spend effort on a non LTS-version which is going to be the non current one before the SRU is in updates

unassigning myself so others are free to take on and do the extra work requested

Hello Esko, or anyone else affected,

Accepted evince into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/evince/3.18.2-1ubuntu4.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

I ended up doing the extra work myself.

Hello Esko, or anyone else affected,

Accepted evince into zesty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/evince/3.24.0-0ubuntu1.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-zesty to verification-done-zesty. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-zesty. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Tested version 3.18.2-1ubuntu4.2 (packages evince_3.18.2-1ubuntu4.2_amd64.deb, evince-common_3.18.2-1ubuntu4.2_all.deb, libevdocument3-4_3.18.2-1ubuntu4.2_amd64.deb and libevview3-3_3.18.2-1ubuntu4.2_amd64.deb) on xenial.

It fixed the bug for me.

Thank you!

This bug was fixed in the package evince - 3.18.2-1ubuntu4.2

---------------
evince (3.18.2-1ubuntu4.2) xenial; urgency=medium

  * debian/patches/git_mimetype_typo.patch:
    - remove trailing ";" which leads to non working mailcap, regression
      introduced in the previous upload (lp: #1716357)

 -- Sebastien Bacher <email address hidden> Fri, 29 Sep 2017 15:17:37 -0400

The verification of the Stable Release Update for evince has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

This bug was fixed in the package evince - 3.24.0-0ubuntu1.2

---------------
evince (3.24.0-0ubuntu1.2) zesty; urgency=medium

  * debian/patches/git_mimetype_typo.patch:
    - remove trailing ";" which leads to non working mailcap, regression
      introduced in the previous upload (lp: #1716357)

 -- Brian Murray <email address hidden> Fri, 13 Oct 2017 17:26:21 -0700