** Description changed:
[ Impact ]
This SRU has several fixes:
add unconfined profile for tuxedo-control-center (Bug 2046844)
fix issues appointed by coverity
fix samba profile (https://gitlab.com/apparmor/apparmor/-/issues/386)
fix redefinition of _ which caused an issue with
** Description changed:
[ Impact ]
This SRU has several fixes:
add unconfined profile for tuxedo-control-center (Bug 2046844)
fix issues appointed by coverity
fix samba profile (https://gitlab.com/apparmor/apparmor/-/issues/386)
fix redefinition of _ which caused an issue with
Thanks. That version should have the nautilus profile that makes the
thumbnails appear, so we will need to dig a bit deeper.
Could you paste the results of the following command? This will show us if
there is a profile for nautilus loaded and it should look something like this
$ sudo aa-status
*** This bug is a duplicate of bug 2046844 ***
https://bugs.launchpad.net/bugs/2046844
Hello! Thanks for tagging apparmor. Yes, this is a duplicate of bug
2046844. We are working on an update that introduces a profile for bwrap
which would allow setzer (and several other applications) to work
If you're still running into this issue, do you mind sharing which AppArmor
version are you running? For that you can run
apt-cache policy apparmor
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Description changed:
[ Impact ]
This SRU has several fixes:
add unconfined profile for tuxedo-control-center (Bug 2046844)
fix issues appointed by coverity
fix samba profile (https://gitlab.com/apparmor/apparmor/-/issues/386)
fix redefinition of _ which caused an issue with
I added the suggested patch to QRT:
https://code.launchpad.net/~georgiag/qa-regression-testing/+git/qa-regression-testing/+merge/465526
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2062138
Title:
** Description changed:
[ Impact ]
This SRU has several fixes:
add unconfined profile for tuxedo-control-center (Bug 2046844)
fix issues appointed by coverity
fix samba profile (https://gitlab.com/apparmor/apparmor/-/issues/386)
fix redefinition of _ which caused an issue with
Public bug reported:
[ Impact ]
This SRU has several fixes:
add unconfined profile for tuxedo-control-center (Bug 2046844)
fix issues appointed by coverity
fix samba profile (https://gitlab.com/apparmor/apparmor/-/issues/386)
fix redefinition of _ which caused an issue with translation, failing
The mqueue patches are present in jammy-linux-gcp-fips: commits
6e7ff802c7b10 and b4ebbcfebd4d3
** Tags removed: verification-needed-jammy-linux-gcp-fips
** Tags added: verification-done-jammy-linux-gcp-fips
--
You received this bug notification because you are a member of Ubuntu
Bugs, which
The fix is similar for privoxy. I attached the debdiff that fixes it.
** Patch added: "privoxy_3.0.34-3ubuntu2.debdiff"
https://bugs.launchpad.net/ubuntu/+source/cups-browsed/+bug/2058866/+attachment/5759689/+files/privoxy_3.0.34-3ubuntu2.debdiff
--
You received this bug notification
Ah, sorry, Łukasz. I didn't see you were working on it.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2058866
Title:
proposed-migration for cups-browsed 2.0.0-0ubuntu8
To manage notifications
Erich Eickmeyer, I don't have a Tuxedo Computer to test, so could you
please check if the following profile works for you?
$ echo "# This profile allows everything and only exists to give the
# application a name instead of having the label "unconfined"
abi ,
include
profile
This issue should be fixed by apparmor 4.0.0~beta2-0ubuntu3 which is
currently in -proposed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2047256
Title:
Ubuntu 24.04 Some image thumbnails no longer
Verification in mantic was successful:
georgia@sec-mantic-amd64:~$ uname -a
Linux sec-mantic-amd64 6.5.0-27-generic #28-Ubuntu SMP PREEMPT_DYNAMIC Thu Mar
7 18:21:00 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
georgia@sec-mantic-amd64:~$ cat
/sys/kernel/security/apparmor/features/mount/move_mount
*** This bug is a duplicate of bug 2051932 ***
https://bugs.launchpad.net/bugs/2051932
** This bug has been marked a duplicate of bug 2051932
attach_disconnected test from test_regression_testsuite of
ubuntu_qrt_apparmor failed with "Unable to run test sub-executable" on Mantic
--
You
*** This bug is a duplicate of bug 2032851 ***
https://bugs.launchpad.net/bugs/2032851
** This bug has been marked a duplicate of bug 2032851
package apparmor 2.12-4ubuntu5.3 failed to install/upgrade: new apparmor
package pre-installation script subprocess returned error exit status 1
The mqueue patches are present in jammy-linux-mtk: commits 6e7ff802c7b10
and b4ebbcfebd4d3
** Tags removed: verification-needed-jammy-linux-mtk
** Tags added: verification-done-jammy-linux-mtk
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to
The mqueue patches are present in linux-azure-fips: commits
6e7ff802c7b10 and b4ebbcfebd4d3
** Tags removed: verification-needed-jammy-linux-azure-fips
** Tags added: verification-done-jammy-linux-azure-fips
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
The mqueue patches are present in linux-nvidia-tegra: commits
6e7ff802c7b10 and b4ebbcfebd4d3
** Tags removed: verification-needed-jammy-linux-nvidia-tegra
** Tags added: verification-done-jammy-linux-nvidia-tegra
--
You received this bug notification because you are a member of Ubuntu
Bugs,
I can confirm that the mqueue patches are present in linux-xilinx-
zynqmp: commits 6e7ff802c7b10 and b4ebbcfebd4d3
** Tags removed: verification-needed-jammy-linux-xilinx-zynqmp
** Tags added: verification-done-jammy-linux-xilinx-zynqmp
--
You received this bug notification because you are a
@Sebastien, yes, I asked people from the security team to sponsor it but
we are still reviewing the snap_browsers abstraction. We are denying
access to /run/user/[0-9]*/gdm/Xauthority in the policy but if that was
the case, then the browser should not have been able to open, but it
does open so we
** Patch added: "apparmor_2.12-4ubuntu5.2.debdiff"
https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1794064/+attachment/5581885/+files/apparmor_2.12-4ubuntu5.2.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
@Sebastien, yes, just did. Thank you!
I also attached the debdiffs for evince and apparmor for bionic, focal, impish
and jammy. They were also uploaded into the Security Proposed PPA:
https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/+packages?field.name_filter=apparmor
** Patch added: "apparmor_3.0.3-0ubuntu1.1.debdiff"
https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1794064/+attachment/5581883/+files/apparmor_3.0.3-0ubuntu1.1.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Patch added: "apparmor_2.13.3-7ubuntu5.2.debdiff"
https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1794064/+attachment/5581884/+files/apparmor_2.13.3-7ubuntu5.2.debdiff
** Patch removed: "apparmor_3.0.3-0ubuntu1.1.debdiff"
** Patch added: "apparmor_3.0.3-0ubuntu1.1.debdiff"
https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1794064/+attachment/5581882/+files/apparmor_3.0.3-0ubuntu1.1.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Patch added: "apparmor_3.0.4-2ubuntu3.debdiff"
https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1794064/+attachment/5581881/+files/apparmor_3.0.4-2ubuntu3.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Patch added: "evince_3.28.4-0ubuntu1.3.debdiff"
https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1794064/+attachment/5581880/+files/evince_3.28.4-0ubuntu1.3.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Patch added: "evince_3.36.10-0ubuntu1.1.debdiff"
https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1794064/+attachment/5581879/+files/evince_3.36.10-0ubuntu1.1.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Patch added: "evince_40.4-2ubuntu0.1.debdiff"
https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1794064/+attachment/5581878/+files/evince_40.4-2ubuntu0.1.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Patch added: "evince_42.1-3ubuntu1.debdiff"
https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1794064/+attachment/5581877/+files/evince_42.1-3ubuntu1.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Description changed:
- This is related to bug #1792648. After fixing that one (see discussion
- at https://salsa.debian.org/gnome-team/evince/merge_requests/1),
- clicking a hyperlink in a PDF opens it correctly if the default browser
- is a well-known application (such as /usr/bin/firefox),
** Changed in: apparmor (Ubuntu)
Assignee: (unassigned) => Georgia Garcia (georgiag)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1794064
Title:
Clicking a hyperlink in a PDF fails to o
I'm working on a SRU for apparmor and evince to introduce the snap_browsers
abstraction on apparmor as a workaround for this issue.
It is based on these two merge requests from upstream:
https://gitlab.com/apparmor/apparmor/-/merge_requests/806
I was able to reproduce this issue on focal and bionic but not on
impish. I'm still investigating why, since I don't see any changes in
policies that might affect this issue, but I could have missed
something.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which
** Changed in: evince (Ubuntu)
Assignee: (unassigned) => Georgia Garcia (georgiag)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1794064
Title:
Clicking a hyperlink in a PDF fails to o
Tested on -proposed by causing the leak and checking the memory used
with "free", since CONFIG_DEBUG_KMEMLEAK is not set. It worked as
expected - the memory used shown in "free" after removing the profile
was in an expected range.
** Tags removed: verification-needed-bionic
** Description changed:
There's a memory leak in the kernel when removing a profile.
A simple reproducible example:
root@ubuntu:~# echo "profile foo {}" > profile
root@ubuntu:~# apparmor_parser profile
root@ubuntu:~# apparmor_parser -R profile
root@ubuntu:~# echo scan >
Tested on bionic-proposed using the test binary that can be obtained in
the old description and it worked as expected:
root@ubuntu:~# gcc ./readlink-ns.c && sudo apparmor_parser -r
./readlink-ns.apparmor && sudo aa-exec -p test -- ./a.out -p 1 -n pid
path: /proc/1/ns/pid
rpath: pid:[4026531836]
** Tags added: hirsute
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1918410
Title:
isc-dhcp-client denied by apparmor
To manage notifications about this bug go to:
*** This bug is a duplicate of bug 1918410 ***
https://bugs.launchpad.net/bugs/1918410
This is likely a duplicate of bug #1918410
** This bug has been marked a duplicate of bug 1918410
isc-dhcp-client denied by apparmor
--
You received this bug notification because you are a member of
From the commits mentioned that solve the issue, 338d0be437ef was not
available on 4.15 kernels. The cherry-pick was submitted to the kernel
team for approval.
** Description changed:
- Per 'man namespaces':
+ SRU Justification:
- "Permission to dereference or read (readlink(2)) these
After downloading the apparmor source from hirsute-proposed and running
the regression tests, I was able to confirm that the i18n test is now
passing for arm64.
** Tags removed: verification-needed verification-needed-hirsute
** Tags added: verification-done verification-done-hirsute
--
You
44 matches
Mail list logo