Bug#978091: buster-pu: package geoclue-2.0/2.5.2-1

[Adam D. Barratt]

Control: tags -1 + confirmed

On Fri, 2020-12-25 at 22:29 +0100, Laurent Bigonville wrote:
> There are currently several issues with geoclue-2.0 in debian buster:
> 
> 1) The daemon is not respecting the user choice to not query the
> location, that could be seen as a privacy/GDPR breach as it contacts
> MLS
> and sends data (ESSID,..) to them without explicit approval. This is
> only happening for "system" (non-flatpak) applications.
> 
> 2) The indicator (in the gnome-shell,...) showing that geoclue is
> active
> and looking for the location of the computer is never turned on.
> 
> 3) This version of geoclue is using a generic Mozilla Location
> service
> API key, Mozilla would like us to use a dedicated key for geoclue in
> debian: https://gitlab.freedesktop.org/geoclue/geoclue/-/issues/136
> 

Please go ahead.

Regards,

Adam

Bug#978091: buster-pu: package geoclue-2.0/2.5.2-1

[Laurent Bigonville]

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu

Hello,

[ Reason ]
There are currently several issues with geoclue-2.0 in debian buster:

1) The daemon is not respecting the user choice to not query the
location, that could be seen as a privacy/GDPR breach as it contacts MLS
and sends data (ESSID,..) to them without explicit approval. This is
only happening for "system" (non-flatpak) applications.

2) The indicator (in the gnome-shell,...) showing that geoclue is active
and looking for the location of the computer is never turned on.

3) This version of geoclue is using a generic Mozilla Location service
API key, Mozilla would like us to use a dedicated key for geoclue in
debian: https://gitlab.freedesktop.org/geoclue/geoclue/-/issues/136

[ Impact ]
There is a privacy issue and also the risk that geoclue might stop
working overnight when MLS revoke the API key currently used.

[ Tests ]
Smoke testing on a debian buster VM

[ Risks ]
The changes are minimal and straightforward. All the patches have been
backported from upstream git repository

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
1) The biggest change is the fact that the daemon will now query the
"agent" (gnome-shell or other) to check the user preference about the
usage of geolocation before querying the location (and contacting MLS).

2) The "in_use" property is set now when there is a client requesting
the location connected.

3) We also change the MLS API key to the one generated especially for
debian and stop exposing it in the configuration file. While testing, I
discovered that the daemon is crashing if submission-url is not defined
in the configuration file, this is fixed as well.

[ Other info ]
NA

-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.9.0-5-amd64 (SMP w/8 CPU threads)
Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_BE:fr
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: SELinux: enabled - Mode: Permissive - Policy name: refpolicy
diff --git a/debian/README.Debian b/debian/README.Debian
new file mode 100644
index 000..7f1315b
--- /dev/null
+++ b/debian/README.Debian
@@ -0,0 +1,8 @@
+geoclue-2.0 for Debian
+-
+
+geoclue uses the Mozilla Location Service (MLS) to estimate the location of
+your computer. Please refer to the Privacy Notice on the Mozilla website for
+all privacy concerns: https://location.services.mozilla.com/privacy
+
+ -- Laurent Bigonville   Thu, 23 Apr 2020 14:28:03 +0200
diff --git a/debian/changelog b/debian/changelog
index 02ce138..4b654ce 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,21 @@
+geoclue-2.0 (2.5.2-1+deb10u1) buster; urgency=medium
+
+  * debian/README.Debian: Add information about MLS and a link to the service
+Privacy Notice page
+  * Check the maximum allowed accuracy level even for system applications.
+Respect the value of the user preference concerning the usage of their
+geolocation. This should fix the privacy and GDPR conformity concerns as
+the user explicitly needs to enable the option.
+Note that there is no distinction between the system applications
+anymore, turning on the option is allowing them all to get the location.
+(Closes: #924516, #958497)
+  * d/p/: Add a patch to make the Mozilla API key configurable
+  * debian/rules: Use the key that has been allocated to debian for MLS queries
+  * d/p: Add an upstream patch to fix the display of the usage indicator
+  * Fix crash if submission-url is not set in the config, patch from upstream
+
+ -- Laurent Bigonville   Fri, 25 Dec 2020 17:19:50 +0100
+
 geoclue-2.0 (2.5.2-1) unstable; urgency=medium
 
   * [da1f3cfb] New upstream version 2.5.2
diff --git 
a/debian/patches/0001-service-Check-the-maximum-allowed-accuracy-level-eve.patch
 
b/debian/patches/0001-service-Check-the-maximum-allowed-accuracy-level-eve.patch
new file mode 100644
index 000..f4183d8
--- /dev/null
+++ 
b/debian/patches/0001-service-Check-the-maximum-allowed-accuracy-level-eve.patch
@@ -0,0 +1,70 @@
+From: Laurent Bigonville 
+Date: Fri, 23 Oct 2020 21:37:12 +0200
+Subject: service: Check the maximum allowed accuracy level even for system
+ apps
+
+We need to check the maximum allowed accuracy even for system apps
+otherwise the user cannot disable the geolocalization for these
+(max_accuracy set to 0)
+
+Fix: https://gitlab.freedesktop.org/geoclue/geoclue/-/issues/111
+---
+ src/gclue-service-client.c | 16 +---
+ 1 file changed, 5 insertions(+), 11 deletions(-)
+
+diff --git