Your message dated Sat, 15 Oct 2016 17:20:14 +0000
with message-id <e1bvsd4-0007tb...@franck.debian.org>
and subject line Bug#821945: fixed in apparmor 2.10.95-5
has caused the Debian Bug report #821945,
regarding abstractions/ubuntu-browsers: please include
/usr/lib/firefox-esr/firefox-esr as a browser
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
821945: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=821945
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: apparmor
Version: 2.10-4
Severity: normal
File: /etc/apparmor.d/abstractions/ubuntu-browsers
Steps:
* Use firefox-esr as preferred browser
* Enable the evince profile
* View a PDF in evince
* Click a http link in that PDF
Expected result:
* evince can execute firefox-esr with appropriate environment scrubbing
Actual result:
* exec of /usr/lib/firefox-esr/firefox-esr is denied
This pseudo-patch appears to work:
# this should cover all firefox browsers and versions (including shiretoko
# and abrowser)
/usr/bin/firefox Cxr -> sanitized_helper,
- /usr/lib/firefox*/firefox*.sh Cx -> sanitized_helper,
+ /usr/lib/firefox*/firefox*{,.sh} Cx -> sanitized_helper,
The usr.lib.firefox.firefox profile in "extras" should probably also include
firefox-esr (see #746418).
Regards,
S
-- System Information:
Debian Release: stretch/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1,
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.5.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages apparmor depends on:
ii debconf [debconf-2.0] 1.5.59
ii libapparmor-perl 2.10-4
ii libc6 2.22-7
ii lsb-base 9.20160110
pn python3:any <none>
apparmor recommends no packages.
Versions of packages apparmor suggests:
ii apparmor-docs 2.10-4
ii apparmor-profiles 2.10-4
ii apparmor-profiles-extra 1.6
ii apparmor-utils 2.10-4
-- debconf information:
apparmor/homedirs:
--- End Message ---
--- Begin Message ---
Source: apparmor
Source-Version: 2.10.95-5
We believe that the bug you reported is fixed in the latest version of
apparmor, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 821...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
intrigeri <intrig...@debian.org> (supplier of updated apparmor package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 15 Oct 2016 16:04:40 +0000
Source: apparmor
Binary: apparmor apparmor-utils apparmor-profiles apparmor-docs libapparmor-dev
libapparmor1 libapparmor-perl libapache2-mod-apparmor libpam-apparmor
apparmor-notify python-libapparmor python3-libapparmor python-apparmor
python3-apparmor dh-apparmor apparmor-easyprof
Architecture: source
Version: 2.10.95-5
Distribution: unstable
Urgency: medium
Maintainer: Debian AppArmor Team <pkg-apparmor-t...@lists.alioth.debian.org>
Changed-By: intrigeri <intrig...@debian.org>
Closes: 821945 827335
Description:
apparmor-docs - documentation for AppArmor
apparmor-easyprof - AppArmor easyprof profiling tool
apparmor-notify - AppArmor notification system
apparmor-profiles - profiles for AppArmor Security policies
apparmor - user-space parser utility for AppArmor
apparmor-utils - utilities for controlling AppArmor
dh-apparmor - AppArmor debhelper routines
libapache2-mod-apparmor - changehat AppArmor library as an Apache module
libapparmor1 - changehat AppArmor library
libapparmor-dev - AppArmor development libraries and header files
libapparmor-perl - AppArmor library Perl bindings
libpam-apparmor - changehat AppArmor library as a PAM module
python3-apparmor - AppArmor Python3 utility library
python3-libapparmor - AppArmor library Python3 bindings
python-apparmor - AppArmor Python utility library
python-libapparmor - AppArmor library Python bindings
Changes:
apparmor (2.10.95-5) unstable; urgency=medium
.
* Merge from ubuntu-citrain up to revision 1600. Remaining Debian changes:
- debian/apparmor.init: don't call handle_system_policy_package_updates.
* r3566-wayland.patch: new patch, to support Wayland in at least Evince
(Closes: #827335).
* r3487-add-firefox-esr-to-ubuntu-browsers.patch: new patch, to support
firefox-esr in abstractions/ubuntu-browsers (Closes: #821945).
* Drop "Replaces: apparmor-parser": that package has never been part of
Debian, and if has ever been included in Ubuntu, that must have been
ages ago.
* Drop Breaks: lxc (<< 1.1.0~alpha1-0ubuntu5~).
- Wrt. Ubuntu: Xenial ships a newer lxc.
- Wrt. Debian: this Breaks was added in Ubuntu in order to "restrict
signal, ptrace and unix mediation to the container" (LP: #1373555).
These features require third-party Linux kernel patches, that we
haven't in Debian, so even though Jessie has lxc 1.0, we don't need
this Breaks relationship.
* Drop Breaks: lightdm (<< 1.11.8-0ubuntu2~).
- Wrt. Debian: it was added in Ubuntu because lightdm 1.11.8-0ubuntu2
brings "updates for unix socket mediation". But Unix socket mediation
requires third-party Linux kernel patches, that we haven't in Debian.
- Wrt. Ubuntu: even Vivid includes a newer lightdm.
* Drop Breaks+Replaces on a version of debhelper older than the one included
in Precise and Wheezy.
* Drop Breaks+Replaces on versions of our own binary packages that are older
than the ones included in Jessie and Xenial.
* Drop Breaks: rsyslog (<< 7.4.4-1ubuntu9~). Bot Jessie and Xenial ship
a newer one.
* Drop Breaks: apparmor-easyprof-ubuntu (<< 1.2.22). Xenial ships
a newer one.
* Drop Breaks: libvirt-bin (<< 1.2.6-0ubuntu6~). Jessie and Xenial
have a newer one.
* Drop Breaks+Replaces: apparmor-utils << 2.8.0: Jessie and Trusty ship
a newer one.
* Drop Breaks+Replaces: libapache2-mod-apparmor (<< 2.5.1-0ubuntu3):
Precise and Wheezy shipped with something newer.
* Version dependency on lsb-base to >= 3.0-6, as advised by Lintian's
init.d-script-needs-depends-on-lsb-base tag.
Checksums-Sha1:
cf285b4d1236c9d035c69087512d5282105f23c0 3176 apparmor_2.10.95-5.dsc
d50053023c8b424140b8640d6427a3738d7fbdd6 100276
apparmor_2.10.95-5.debian.tar.xz
Checksums-Sha256:
ef35a3219e401078e10f6d3615c541b2e269b3fe46f73fa0f36436f8d79b5d42 3176
apparmor_2.10.95-5.dsc
cd4cb464314bcd0c5feecb3a8dbf83541f56c390814cb894f08671953b7aabc0 100276
apparmor_2.10.95-5.debian.tar.xz
Files:
07744c436dfba9ae7dfde1dd0c99ed52 3176 admin extra apparmor_2.10.95-5.dsc
61c752f5db88b6bb2862f18397f7fe87 100276 admin extra
apparmor_2.10.95-5.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJYAlhdAAoJEOxtg78p/CqOWjYP/RTh4JKKwgb3BmHgeHDI8QX0
0Jq/dgZwkwnWgTNmsZhUZIeRYlq/8kph68xUEZN9OZT6GA2qRxYMw4Hi3nqHTpSw
+jauM/eNhsFZioRhaTGfmxPEpRfYQ+rj0w1Y0nq3sqPvY9NHSO7FzI0MDwn20pSD
q18WvXGqHB1E7weiM6uS+s2m1fvmXp+WH7ktZ//Sfg7mv6/B3tQuFD3hHHcgvw92
kOrtAhZDSmbrtfkscY8VzHcghSM+rZkPQWvhi1KQIle0vCQqvJQtoKgyHqOgIKao
mlw0cJ20oV8yTWyNcnqA0InzoTFqDLSShxgoUWgL9SPaRpt1BOnzuZ9MMctS8Gvp
uEwt8J7OB21OznZsERn2G5VZT8mm2rpkNbX34u6hUzPpXtsH1GuzA7PbHNaBa/se
wxqNurmgYQwV9gSIeX0v3N8cuRXqKKpP91iMJ++ZyUvCXunHDZ6Dhapo7wiXXijy
1IicCJNtFSasDCT9tIdsK77Kq/9u+AZbLa8mhncmN+K3BFcF1UZuKqmJ0r2yLlKb
2TYN6zmgiFTOy5wvOHaAmCeWieu1ba6cmaP4cO0ivipeEMZgzvWY4O8SPc01QaYL
dGjc1emMJx6ostVW/AtaCx3D/FsM0aHBihbhv4QMM9tkxfOb517AaqXWO54MXTez
4TQdi9llG8S2E+G9Tq0m
=Dy4U
-----END PGP SIGNATURE-----
--- End Message ---