Your message dated Sat, 15 Oct 2016 17:20:14 +0000
with message-id <>
and subject line Bug#821945: fixed in apparmor 2.10.95-5
has caused the Debian Bug report #821945,
regarding abstractions/ubuntu-browsers: please include 
/usr/lib/firefox-esr/firefox-esr as a browser
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact

Debian Bug Tracking System
Contact with problems
--- Begin Message ---
Package: apparmor
Version: 2.10-4
Severity: normal
File: /etc/apparmor.d/abstractions/ubuntu-browsers

* Use firefox-esr as preferred browser
* Enable the evince profile
* View a PDF in evince
* Click a http link in that PDF

Expected result:
* evince can execute firefox-esr with appropriate environment scrubbing

Actual result:
* exec of /usr/lib/firefox-esr/firefox-esr is denied

This pseudo-patch appears to work:

   # this should cover all firefox browsers and versions (including shiretoko
   # and abrowser)
   /usr/bin/firefox Cxr -> sanitized_helper,
-  /usr/lib/firefox*/firefox*.sh Cx -> sanitized_helper,
+  /usr/lib/firefox*/firefox*{,.sh} Cx -> sanitized_helper,

The usr.lib.firefox.firefox profile in "extras" should probably also include
firefox-esr (see #746418).


-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.5.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages apparmor depends on:
ii  debconf [debconf-2.0]  1.5.59
ii  libapparmor-perl       2.10-4
ii  libc6                  2.22-7
ii  lsb-base               9.20160110
pn  python3:any            <none>

apparmor recommends no packages.

Versions of packages apparmor suggests:
ii  apparmor-docs            2.10-4
ii  apparmor-profiles        2.10-4
ii  apparmor-profiles-extra  1.6
ii  apparmor-utils           2.10-4

-- debconf information:

--- End Message ---
--- Begin Message ---
Source: apparmor
Source-Version: 2.10.95-5

We believe that the bug you reported is fixed in the latest version of
apparmor, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
intrigeri <> (supplier of updated apparmor package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing

Hash: SHA512

Format: 1.8
Date: Sat, 15 Oct 2016 16:04:40 +0000
Source: apparmor
Binary: apparmor apparmor-utils apparmor-profiles apparmor-docs libapparmor-dev 
libapparmor1 libapparmor-perl libapache2-mod-apparmor libpam-apparmor 
apparmor-notify python-libapparmor python3-libapparmor python-apparmor 
python3-apparmor dh-apparmor apparmor-easyprof
Architecture: source
Version: 2.10.95-5
Distribution: unstable
Urgency: medium
Maintainer: Debian AppArmor Team <>
Changed-By: intrigeri <>
Closes: 821945 827335
 apparmor-docs - documentation for AppArmor
 apparmor-easyprof - AppArmor easyprof profiling tool
 apparmor-notify - AppArmor notification system
 apparmor-profiles - profiles for AppArmor Security policies
 apparmor   - user-space parser utility for AppArmor
 apparmor-utils - utilities for controlling AppArmor
 dh-apparmor - AppArmor debhelper routines
 libapache2-mod-apparmor - changehat AppArmor library as an Apache module
 libapparmor1 - changehat AppArmor library
 libapparmor-dev - AppArmor development libraries and header files
 libapparmor-perl - AppArmor library Perl bindings
 libpam-apparmor - changehat AppArmor library as a PAM module
 python3-apparmor - AppArmor Python3 utility library
 python3-libapparmor - AppArmor library Python3 bindings
 python-apparmor - AppArmor Python utility library
 python-libapparmor - AppArmor library Python bindings
 apparmor (2.10.95-5) unstable; urgency=medium
   * Merge from ubuntu-citrain up to revision 1600. Remaining Debian changes:
     - debian/apparmor.init: don't call handle_system_policy_package_updates.
   * r3566-wayland.patch: new patch, to support Wayland in at least Evince
     (Closes: #827335).
   * r3487-add-firefox-esr-to-ubuntu-browsers.patch: new patch, to support
     firefox-esr in abstractions/ubuntu-browsers (Closes: #821945).
   * Drop "Replaces: apparmor-parser": that package has never been part of
     Debian, and if has ever been included in Ubuntu, that must have been
     ages ago.
   * Drop Breaks: lxc (<< 1.1.0~alpha1-0ubuntu5~).
     - Wrt. Ubuntu: Xenial ships a newer lxc.
     - Wrt. Debian: this Breaks was added in Ubuntu in order to "restrict
       signal, ptrace and unix mediation to the container" (LP: #1373555).
       These features require third-party Linux kernel patches, that we
       haven't in Debian, so even though Jessie has lxc 1.0, we don't need
       this Breaks relationship.
   * Drop Breaks: lightdm (<< 1.11.8-0ubuntu2~).
     - Wrt. Debian: it was added in Ubuntu because lightdm 1.11.8-0ubuntu2
       brings "updates for unix socket mediation". But Unix socket mediation
       requires third-party Linux kernel patches, that we haven't in Debian.
     - Wrt. Ubuntu: even Vivid includes a newer lightdm.
   * Drop Breaks+Replaces on a version of debhelper older than the one included
     in Precise and Wheezy.
   * Drop Breaks+Replaces on versions of our own binary packages that are older
     than the ones included in Jessie and Xenial.
   * Drop Breaks: rsyslog (<< 7.4.4-1ubuntu9~). Bot Jessie and Xenial ship
     a newer one.
   * Drop Breaks: apparmor-easyprof-ubuntu (<< 1.2.22). Xenial ships
     a newer one.
   * Drop Breaks: libvirt-bin (<< 1.2.6-0ubuntu6~). Jessie and Xenial
     have a newer one.
   * Drop Breaks+Replaces: apparmor-utils << 2.8.0: Jessie and Trusty ship
     a newer one.
   * Drop Breaks+Replaces: libapache2-mod-apparmor (<< 2.5.1-0ubuntu3):
     Precise and Wheezy shipped with something newer.
   * Version dependency on lsb-base to >= 3.0-6, as advised by Lintian's
     init.d-script-needs-depends-on-lsb-base tag.
 cf285b4d1236c9d035c69087512d5282105f23c0 3176 apparmor_2.10.95-5.dsc
 d50053023c8b424140b8640d6427a3738d7fbdd6 100276 
 ef35a3219e401078e10f6d3615c541b2e269b3fe46f73fa0f36436f8d79b5d42 3176 
 cd4cb464314bcd0c5feecb3a8dbf83541f56c390814cb894f08671953b7aabc0 100276 
 07744c436dfba9ae7dfde1dd0c99ed52 3176 admin extra apparmor_2.10.95-5.dsc
 61c752f5db88b6bb2862f18397f7fe87 100276 admin extra 



--- End Message ---

Reply via email to