--- Begin Message ---
Package: cups-daemon
Version: 1.7.5-3
Severity: normal
Tags: patch
X-Debbugs-Cc: Debian AppArmor team <pkg-apparmor-team@lists.alioth.debian.org>
Hi,
since the upgrade to 1.7.5-3, the /etc/apparmor.d/usr.sbin.cupsd
profile doesn't parse on sid anymore, and is thus entirely disabled.
That's because it contains rules that depend:
* to be useful: on kernel patches that were not submitted to Linux
mainline yet
* to parse at all, regardless of the kernel's AppArmor feature: on
AppArmor 2.9 userspace (unreleased yet), that is able to ignore
rules the kernel doesn't support
The attached patch fixes this. Of course, the resulting profile is
less strict than it could be, but oh well, at least it will
be enabled.
Cheers,
--
intrigeri
--- /etc/apparmor.d/usr.sbin.cupsd.orig 2014-09-30 13:04:05.000000000 +0200
+++ /etc/apparmor.d/usr.sbin.cupsd 2014-10-01 21:03:01.191242269 +0200
@@ -141,7 +141,6 @@
# silence noise
deny /etc/udev/udev.conf r,
- signal (receive, send) peer=third_party,
profile third_party {
# third party backends, filters, and drivers get relatively no restrictions
# as they often need high privileges, are unpredictable or otherwise beyond
@@ -150,10 +149,6 @@
capability,
audit deny capability mac_admin,
network,
- dbus,
- signal,
- ptrace,
- unix,
}
# Site-specific additions and overrides. See local/README for details.
--- End Message ---
--- Begin Message ---
Source: cups
Source-Version: 1.7.5-4
We believe that the bug you reported is fixed in the latest version of
cups, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 763673@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Didier Raboud <odyx@debian.org> (supplier of updated cups package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 01 Oct 2014 21:40:15 +0200
Source: cups
Binary: libcups2 libcupsimage2 libcupscgi1 libcupsmime1 libcupsppdc1 cups cups-core-drivers cups-daemon cups-client libcups2-dev libcupsimage2-dev libcupscgi1-dev libcupsmime1-dev libcupsppdc1-dev cups-bsd cups-common cups-server-common cups-ppdc cups-dbg
Architecture: source all
Version: 1.7.5-4
Distribution: unstable
Urgency: medium
Maintainer: Debian Printing Team <debian-printing@lists.debian.org>
Changed-By: Didier Raboud <odyx@debian.org>
Description:
cups - Common UNIX Printing System(tm) - PPD/driver support, web interfa
cups-bsd - Common UNIX Printing System(tm) - BSD commands
cups-client - Common UNIX Printing System(tm) - client programs (SysV)
cups-common - Common UNIX Printing System(tm) - common files
cups-core-drivers - Common UNIX Printing System(tm) - PPD-less printing
cups-daemon - Common UNIX Printing System(tm) - daemon
cups-dbg - Common UNIX Printing System(tm) - debugging symbols
cups-ppdc - Common UNIX Printing System(tm) - PPD manipulation utilities
cups-server-common - Common UNIX Printing System(tm) - server common files
libcups2 - Common UNIX Printing System(tm) - Core library
libcups2-dev - Common UNIX Printing System(tm) - Development files CUPS library
libcupscgi1 - Common UNIX Printing System(tm) - CGI library
libcupscgi1-dev - Common UNIX Printing System(tm) - Development files for CGI libra
libcupsimage2 - Common UNIX Printing System(tm) - Raster image library
libcupsimage2-dev - Common UNIX Printing System(tm) - Development files CUPS image li
libcupsmime1 - Common UNIX Printing System(tm) - MIME library
libcupsmime1-dev - Common UNIX Printing System(tm) - Development files MIME library
libcupsppdc1 - Common UNIX Printing System(tm) - PPD manipulation library
libcupsppdc1-dev - Common UNIX Printing System(tm) - Development files PPD library
Closes: 763673
Changes:
cups (1.7.5-4) unstable; urgency=medium
.
[ intrigeri ]
* In the apparmor profile, drop features yet unsupported in Debian
(Closes: #763673)
.
[ Didier Raboud ]
* Add the Ubuntu-specific apparmor profile as Ubuntu-specific patch
Checksums-Sha1:
372bb09f7ea483cfc7d81df3a9d70b72f4637ba6 3529 cups_1.7.5-4.dsc
6ed26974643c09e9aef5e368423620b0c19e88e1 297732 cups_1.7.5-4.debian.tar.xz
6dd91b8ac8b2053264374c3090ab2ce41d46f4f9 272646 cups-common_1.7.5-4_all.deb
d05b722cc9deb718b56a07acb6c12251920e30d8 618066 cups-server-common_1.7.5-4_all.deb
Checksums-Sha256:
377baaaa697a968ae89b00ab503cfd97cd3d185d22d4e1ab02aedc7af2ee0eb9 3529 cups_1.7.5-4.dsc
4d0ca62f64737652e40e7898f55f6f2b9904659eeb5fa12fef9c348c64a986f8 297732 cups_1.7.5-4.debian.tar.xz
8b1c89c86f1ed3d09929628f1c789313bbad206cc274be85dc225be93a6fec55 272646 cups-common_1.7.5-4_all.deb
46322f5e115e51d86eaada3c5bb6e2333ad1970d26ea910153a7778f3bac2db5 618066 cups-server-common_1.7.5-4_all.deb
Files:
29e11b21573cdd9b9252df876c4a162c 272646 net optional cups-common_1.7.5-4_all.deb
744a0f50ca975cdb999f94dc84910e58 618066 net optional cups-server-common_1.7.5-4_all.deb
7f0f43940e6aa918c101fa9a6b94e196 3529 net optional cups_1.7.5-4.dsc
ca6760b09e16315a6d624685f7e0a277 297732 net optional cups_1.7.5-4.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQGcBAEBCAAGBQJULRUAAAoJEIvPpx7KFjRVX1YL/04agXT76197gSSwFhM5xJHx
oOcJhlCnp21ZNMN6n7qh3quQw4VRsiOnUMQd72ALO3nYoisdwN7FVHNAMVnROYdY
Ht+lpXYud4UDgeDEbOISasaowfjKHMbQJliAf0Ek5tJtBzMy9r+HegRocUcGJs3S
y+J/2oahz3pX8gkhcSF3lYZwXBUtTOymV7R05KzFaQopccEUvnHvQBtdltrpfq4m
mCx3dFPm2vZeEPk9gW+cbMM0TWSRUjtq/dww+bfrR8Fq4TnEI3YteeLxHiCkPlN2
Ds0jJvYnevgUC1T252/V6WMd/pp0uE2csHOQUlvTLH0oaXG9p5FZyHAJYYzJAXer
nLGS8r5txTAuOB/nwgUOzvD+i7gqROKbIDEf/xG78/sDxGUaktYYZ5uXnXgbsl0R
5hBx6nRWYFZawfBevnIpBDp5XN905zC2rftbOqoY5E2AI5dRSnOfoBYjKIsa2duy
zOjh9xZkz+tBQwa/PtSEqnWqw3yDaFA8VsHQi8N03A==
=o67f
-----END PGP SIGNATURE-----
--- End Message ---