Bug#1011426: bullseye-pu: package tcpdump/4.99.0-2+deb11u1

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#1011426: bullseye-pu: package tcpdump/4.99.0-2+deb11u1
From: Romain Francoise <rfrancoise@debian.org>
Date: Sun, 22 May 2022 16:51:33 +0000
Message-id: <[🔎] 01020180ecae655d-91b912ce-cf3d-4332-bc98-7e5ec3aa913d-000000@eu-west-1.amazonses.com>
Reply-to: Romain Francoise <rfrancoise@debian.org>, 1011426@bugs.debian.org

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian.org@packages.debian.org
Usertags: pu

Hi,

I would like to update the AppArmor profile for tcpdump in bullseye to
match the one in bookworm; the changes don't really qualify for a stable
update per se, but they are trivial and would be important
quality-of-life improvements for users who are not knowledgeable about
AppArmor and don't understand why they get -EPERM in some cases.

The update would fix the following bugs (both "normal"):
* "AppArmor grants access to *.pcap but not *.cap"
  https://bugs.debian.org/989433
* "apparmor profile prevents -C -W"
  https://bugs.debian.org/1010688

Full debdiff is attached.

Thanks.

diffstat for tcpdump-4.99.0 tcpdump-4.99.0

 changelog       |    8 ++++++++
 usr.bin.tcpdump |    4 ++++
 2 files changed, 12 insertions(+)

diff -Nru tcpdump-4.99.0/debian/changelog tcpdump-4.99.0/debian/changelog
--- tcpdump-4.99.0/debian/changelog	2021-01-15 23:41:47.000000000 +0100
+++ tcpdump-4.99.0/debian/changelog	2022-05-22 18:22:50.000000000 +0200
@@ -1,3 +1,11 @@
+tcpdump (4.99.0-2+deb11u1) bullseye; urgency=medium
+
+  * Minor AppArmor profile updates (debian/usr.bin.tcpdump):
+    + Grant access to *.cap (closes: #989433).
+    + Account for numerical suffix in filenames added by -W (closes: #1010688).
+
+ -- Romain Francoise <rfrancoise@debian.org>  Sun, 22 May 2022 18:22:50 +0200
+
 tcpdump (4.99.0-2) unstable; urgency=medium
 
   * Add autopkgtest support, running the upstream test suite.
diff -Nru tcpdump-4.99.0/debian/usr.bin.tcpdump tcpdump-4.99.0/debian/usr.bin.tcpdump
--- tcpdump-4.99.0/debian/usr.bin.tcpdump	2021-01-03 21:25:50.000000000 +0100
+++ tcpdump-4.99.0/debian/usr.bin.tcpdump	2022-05-22 18:19:03.000000000 +0200
@@ -54,6 +54,10 @@
 
   # for -r, -F and -w
   /**.[pP][cC][aA][pP] rw,
+  /**.[cC][aA][pP] rw,
+  # -W adds a numerical suffix
+  /**.[pP][cC][aA][pP][0-9]* rw,
+  /**.[cC][aA][pP][0-9]* rw,
 
   # for convenience with -r (ie, read pcap files from other sources)
   /var/log/snort/*log* r,

Reply to:

Follow-Ups:
- Bug#1011426: bullseye-pu: package tcpdump/4.99.0-2+deb11u1
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Processed: Re: Bug#1011426: bullseye-pu: package tcpdump/4.99.0-2+deb11u1
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>
- Bug#1011426: tcpdump 4.99.0-2+deb11u1 flagged for acceptance
  - From: Adam D Barratt <adam@adam-barratt.org.uk>

Prev by Date: Bug#1010422: Bug#1011265: Britney fails to pin complete set in "Provides" api transitions [Was: Bug#1010422: transition: r-api-bioc-3.15]
Next by Date: Bug#1010422: Bug#1011265: Britney fails to pin complete set in "Provides" api transitions [Was: Bug#1010422: transition: r-api-bioc-3.15]
Previous by thread: Processed: block 1007170 with 1011009
Next by thread: Bug#1011426: bullseye-pu: package tcpdump/4.99.0-2+deb11u1
Index(es):
- Date
- Thread