Your message dated Thu, 18 Jun 2026 10:49:20 +0000
with message-id <[email protected]>
and subject line Bug#1091643: fixed in xdg-desktop-portal 1.22.1+ds-1
has caused the Debian Bug report #1091643,
regarding xdg-desktop-portal: doesn't implement statfs()/statx() on
/run/user/$uid/doc, breaks unrelated software parsing `df`
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1091643: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1091643
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: xdg-desktop-portal
Version: 1.16.0-2
Severity: important
Tags: upstream
Doesn't implement statfs() or statx() like fuse filesystems are meant
to. Breaks df. df was worked around in gnulib to not output for
fuse.portal filesystems:
https://bugzilla.redhat.com/show_bug.cgi?id=1913358 but not for `df
-a` or any user programs parsing /proc/mounts. But either way, the
place to fix a problem is the source of the problem, not the 1000's of
downstream users or unrelated software that now suddenly need to know
about an internal implementation defect of some unrelated flaky
desktop software.
Upstream bug: https://github.com/flatpak/xdg-desktop-portal/issues/512
closed and reopened as
https://github.com/flatpak/xdg-desktop-portal/issues/553
-- System Information:
Debian Release: 12.8
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500,
'stable'), (5, 'testing'), (2, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 6.10.11+bpo-amd64 (SMP w/16 CPU threads; PREEMPT)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages xdg-desktop-portal depends on:
ii bubblewrap 0.8.0-2+deb12u1
ii dbus-user-session [default-dbus-session-bus] 1.14.10-1~deb12u1
ii dbus-x11 [dbus-session-bus] 1.14.10-1~deb12u1
ii fuse3 3.14.0-4
ii init-system-helpers 1.65.2
ii libc6 2.36-9+deb12u9
ii libfuse3-3 3.14.0-4
ii libgdk-pixbuf-2.0-0 2.42.10+dfsg-1+deb12u1
ii libglib2.0-0 2.74.6-2+deb12u4
ii libjson-glib-1.0-0 1.6.6-1
ii libpipewire-0.3-0 1.2.5-1~bpo12+1
ii libsystemd0 252.31-1~deb12u1
xdg-desktop-portal recommends no packages.
xdg-desktop-portal suggests no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: xdg-desktop-portal
Source-Version: 1.22.1+ds-1
Done: Simon McVittie <[email protected]>
We believe that the bug you reported is fixed in the latest version of
xdg-desktop-portal, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Simon McVittie <[email protected]> (supplier of updated xdg-desktop-portal
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 18 Jun 2026 11:22:44 +0100
Source: xdg-desktop-portal
Architecture: source
Version: 1.22.1+ds-1
Distribution: unstable
Urgency: medium
Maintainer: Utopia Maintenance Team
<[email protected]>
Changed-By: Simon McVittie <[email protected]>
Closes: 1091643 1132958
Changes:
xdg-desktop-portal (1.22.1+ds-1) unstable; urgency=medium
.
* New upstream security fix release
- Prevent a malicious or compromised sandboxed app from redirecting
drag-and-drop and copy/paste data to itself (GHSA-c5cf-79w8-pvfh)
- Prevent a malicious or compromised sandboxed app from gaining
arbitrary write access to nonexistent files outside the sandbox
(GHSA-cm83-2936-gxjm)
- Validate all App IDs in the Document Portal to prevent maliciouss
applications from providing a crafted App ID which causes the
parsing of arbitrary files on the host as GLib.KeyFile
(#2023 upstream)
- Disable PipeWire's realtime module to prevent deadlocks
(#2012 upstream)
.
xdg-desktop-portal (1.22.0+ds-1) experimental; urgency=medium
.
* New upstream release
- Reports placeholder data for the root of the xdg-documents-portal
filesystem, rather than an error (Closes: #1091643)
* d/p/debian/allow-no-graphical-session-target.patch:
Add patch from Ubuntu to avoid a regression in desktop environments
that don't integrate with `systemd --user`.
Thanks to Alessandro Astone (LP: #2144855)
* d/watch, d/gbp.conf: Follow the 1.22.x branch
* Revert "d/control, d/gbp.conf: Branch for experimental"
.
xdg-desktop-portal (1.21.1+ds-1) experimental; urgency=medium
.
* New upstream development prerelease
- This version fixes a vulnerability in which a malicious or compromised
Flatpak app could send any file or directory to the trash, including
those outside its sandbox.
(GHSA-rqr9-jwwf-wxgj) (Closes: #1132958)
* Merge packaging from unstable
* Drop patches that were applied upstream
* Standards-Version: 4.7.4 (no changes required)
* Normalize formatting of packaging (debputy reformat)
Checksums-Sha1:
63edb4058138faa621b6ea1ea37d1e98598d6d6c 3316
xdg-desktop-portal_1.22.1+ds-1.dsc
e8698fa389c52461419f672a7dfa65a31d7a2e1c 918588
xdg-desktop-portal_1.22.1+ds.orig.tar.xz
2fd7fb8f44a94e08227d85ff783a3047f428a0ec 16664
xdg-desktop-portal_1.22.1+ds-1.debian.tar.xz
1925ec0f0ea642c91ed826b4951dd2a9c0810d97 18961
xdg-desktop-portal_1.22.1+ds-1_source.buildinfo
Checksums-Sha256:
467e9d42cdc8f419d357a621d5dea37e43e81e44cb405f3404d7580d0a354a27 3316
xdg-desktop-portal_1.22.1+ds-1.dsc
97169dc09c91b619c554def9158df2a6faec8e614af29f064feceb5c22188a9f 918588
xdg-desktop-portal_1.22.1+ds.orig.tar.xz
4005e07af0d2cb08fd4d8426a597703c912fb158e75c1399bd81d4cbc05fafb1 16664
xdg-desktop-portal_1.22.1+ds-1.debian.tar.xz
a222a989e62f089cd760e2e5fd4017a4aba3634e818a7be1b68cdce7b24f1bdc 18961
xdg-desktop-portal_1.22.1+ds-1_source.buildinfo
Files:
e7f1e970387ec4b1b5d654bdba2a989f 3316 admin optional
xdg-desktop-portal_1.22.1+ds-1.dsc
1119061f82e2ae45cf010b9c2ca82e0d 918588 admin optional
xdg-desktop-portal_1.22.1+ds.orig.tar.xz
ef98409dbb5181b4b7f682e330b74333 16664 admin optional
xdg-desktop-portal_1.22.1+ds-1.debian.tar.xz
c9650060b555a1062bb7f12b4bbfc317 18961 admin optional
xdg-desktop-portal_1.22.1+ds-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEegc60a5pT6Jb/2LlI1wJnT6zMHYFAmozymQACgkQI1wJnT6z
MHa8pA//UbegD2ImKsPVIa64qD1fwlo3eKnZOt/yOk4MkqaB9s3pOsmE2QF0AmNt
Uu5tc4jAM/sB2JYYiMT1uYszctjaBkYYOKQ4EQFUW9MqIyXEO7fD2uz8fkF39hVk
3sSG8yB0IfXIzwhjPLETTW7oXbYo1zjyp1T4WUtD+H7FoYizFa77o5PSt8M+vN2q
PwMAB+W6xXsVKOXn9yFJXU3m9F2WatT8tLAiqcpI1O4W9wHhjFcK6ih710VFS6q+
H3bX0H8HIRF8YvfXxoLVJ0wB7na/OkqvnpP9/UWNuyUeiK9FfHipk+/8VsRiBIrZ
/qw3k7JbdQtr76+AWhNUKbovBWXuyyR7IXKbIZHjRXr00Ofs4tua+GtJRqhtr3oB
efsM2TClzfy+SQSDr14XtPTXwC1f6yoW+5fGCYqHA5mDjGVkRovXZAWypYxt7+H6
7BWEf95cpahOTbB+ivq11OkQUq1eqcER9H/MG6BL7aSM7dtyOJsdIkV458IoNY6k
g+/4s/4ZexHRKevzUQtxe+ey8/ykhyupZIRJmCQMI4J9Ux7FmPAl2wKNmK+geuGJ
TJgmGxJWI4eFsDxyJ/sU4/cVKH/4ZDJjG96oMCenQCnr8pZVPPW3/qro3KH5kuAD
W8CxVXq20ah/xYB02n7xTihP5fGUBviUibUEGukunWusLU7x48s=
=+OhO
-----END PGP SIGNATURE-----
pgphpnMYNjHQ9.pgp
Description: PGP signature
--- End Message ---
