Your message dated Tue, 24 Aug 2021 13:48:35 +0000 with message-id <E1mIWn5-000BW9-1C@fasolo.debian.org> and subject line Bug#988764: fixed in cups-filters 1.28.10-1 has caused the Debian Bug report #988764, regarding cups-browsed: apparmor blocks access to /usr/share/{cups/,}/locale to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 988764: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988764 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: cups-browsed: apparmor blocks access to /usr/share/{cups/,}/locale
- From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
- Date: Wed, 19 May 2021 10:33:10 +0000
- Message-id: <20210519103310.Horde.RKLHa27Nnd_qs5bNBhJjY2M@mail.das-netzwerkteam.de>
Package: cups-browsed Version: 1.28.7-1 Severity: normal Tags: patch With CUPS on buster and bullseye I see these messages in /var/log/syslog:May 19 12:26:12 server03 kernel: [4563725.605605] audit: type=1400 audit(1621419972.056:193): apparmor="DENIED" operation="open" profile="/usr/sbin/cups-browsed" name="/usr/share/cups/locale/" pid=17771 comm="cups-browsed" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 May 19 12:26:12 server03 kernel: [4563725.606138] audit: type=1400 audit(1621419972.056:194): apparmor="DENIED" operation="open" profile="/usr/sbin/cups-browsed" name="/usr/share/locale/" pid=17771 comm="cups-browsed" requested_mask="r" denied_mask="r" fsuid=0 ouid=0May 19 12:27:08 server03 systemd[1]: cups-browsed.service: Succeeded.These error messages / folder access blocks can be amended by this change in /etc/apparmor.d/usr.sbin.cups-browsed:```diff --git a/apparmor.d/usr.sbin.cups-browsed b/apparmor.d/usr.sbin.cups-browsedindex 4cf9301..cb78f2d 100644 --- a/apparmor.d/usr.sbin.cups-browsed +++ b/apparmor.d/usr.sbin.cups-browsed @@ -10,6 +10,8 @@ /etc/cups/cups-browsed.conf r, /etc/cups/lpoptions r, /etc/cups/ppd/* r, + /usr/share/cups/locale/ r, + /usr/share/locale/ r, /{var/,}run/cups/certs/* r, /var/cache/cups/* rw, /var/log/cups/* rw, ``` Greets, Mike -- DAS-NETZWERKTEAM c\o Technik- und Ökologiezentrum Eckernförde Mike Gabriel, Marienthaler Str. 17, 24340 Eckernförde mobile: +49 (1520) 1976 148 landline: +49 (4351) 850 8940 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.deAttachment: pgpeUMOSAdp6Q.pgp
Description: Digitale PGP-Signatur
--- End Message ---
--- Begin Message ---
- To: 988764-close@bugs.debian.org
- Subject: Bug#988764: fixed in cups-filters 1.28.10-1
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Tue, 24 Aug 2021 13:48:35 +0000
- Message-id: <E1mIWn5-000BW9-1C@fasolo.debian.org>
- Reply-to: Didier Raboud <odyx@debian.org>
Source: cups-filters Source-Version: 1.28.10-1 Done: Didier Raboud <odyx@debian.org> We believe that the bug you reported is fixed in the latest version of cups-filters, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 988764@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Didier Raboud <odyx@debian.org> (supplier of updated cups-filters package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 24 Aug 2021 15:25:58 +0200 Source: cups-filters Architecture: source Version: 1.28.10-1 Distribution: unstable Urgency: medium Maintainer: Debian Printing Team <debian-printing@lists.debian.org> Changed-By: Didier Raboud <odyx@debian.org> Closes: 988434 988764 989306 Changes: cups-filters (1.28.10-1) unstable; urgency=low . * New 1.28.10 upstream version - Stop installing ttfread, not built anymore * Packaging cleanup: - Redo get-orig-source d/rules target - Run wrap-and-sort -baskt - Upgrade to S-V 4.6.0 without changes needed . cups-filters (1.28.9-1) experimental; urgency=medium . * New 1.28.9 upstream version * Only install /etc/modules-load.d/cups-filters.conf on amd64 i386 mips64el mipsel alpha hppa ia64 sparc64 (Closes: #989306) . cups-filters (1.28.8-3) experimental; urgency=medium . [ Mike Gabriel ] * Apparmor: allow read-access to /usr/share/{,cups/}locale (Closes: #988764) . cups-filters (1.28.8-2) experimental; urgency=low . [ Sergio Durigan Junior ] * Backport upstream patch to circumvent conflict with upcoming OpenLDAP 2.5: cups-browsed: Renamed ldap_connect() due to conflict in new openldap (Closes: #988434) . cups-filters (1.28.8-1) experimental; urgency=low . * New 1.28.8 upstream release Checksums-Sha1: 4917a39436ef0b5ad5f4b64a8e9d7ac8a13fbbfe 2939 cups-filters_1.28.10-1.dsc b0958ef20c50dc41cbbaf8903e4fdb3a1231b3ec 1503924 cups-filters_1.28.10.orig.tar.xz 8cc79bccef227c7cdac8ca9db5162a5021b27379 83228 cups-filters_1.28.10-1.debian.tar.xz Checksums-Sha256: f021a2fed0e911ae596549ccc368f1c9dc69b67812f9dedd9448043bc0ec29c0 2939 cups-filters_1.28.10-1.dsc cf8c904694c44cf689b5724e46d23da9ae5125d54374b340c642077cc29ca837 1503924 cups-filters_1.28.10.orig.tar.xz c4b7a9df6e2643b835169d222e83a472ab1c405463cdf39d0a46ec4b2c00f1f1 83228 cups-filters_1.28.10-1.debian.tar.xz Files: cfe7de244e50fe4195c7d9751639fee9 2939 net optional cups-filters_1.28.10-1.dsc 828b8c81534ecb996d6c6b7e1332412f 1503924 net optional cups-filters_1.28.10.orig.tar.xz 572ea071ecdb60b67dfa0e8f7841f78a 83228 net optional cups-filters_1.28.10-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEJ3k7rA0YCplkx4gZqcb6xg1jAWkFAmEk9XAACgkQqcb6xg1j AWkCsRAAqS7iP4wStFwbs/+Trei6qsJFNTTfh/r+D8NGO30K0aiVUOgwpXHaDqwr IYtuIPIZbQgHgpfDgRjP05Qs2PY4fZ298udvZZLfEFlhPkbxfQvKLUmPYZ5Xc+Nu Mes5nwv2AXcIGNxyBUGvXrbI4EYiGr7N3hvy9VmUEQeuwaciNyHm+Rw98Mdk10R8 QvbSxnSkNvggg86MCf/VieH+YQZpf2cT67pjN4XhfncqzP381XI4nTingADwkPkb CwAQsbUHSTZlkmcjr7pFeLy8NczI8x2nEOmEW1BOWh3y2HFoKNS2UnIO5fkTSAHo F2CDK4QEiw0X/Wxnach9LtIqtEEmPbNuYYtvQ91T6xc0hzSZ4a6aJruKXpC2Dskm DNHeOSYR9PbtZP6FGqwEJZdQ6GE99wGZqm1ajwVPLuWBvTlVVgptu8jr36d/HSYz eVR9/SiJ35uqZSqw81jZaEf6lxvYKqF8Dy8XM+EOqC0sSPmw+LdipFunFr+JcsqE qqaOKIsrGQ5WQa2aFmoVDORMjMnkCGHPe/FkzQe/xwAI6m2inN00V/ySCYgQtzrr oZ3w0da59d/P9pSWEoe3Gizp2/QHmTktGeOzMRVg3wG451P36IXdqtHTiiGOgyWC Q+AE2Rx5DCEeZ3X5PHy13TDEEwjzuuGYgth7HyJHxUM18ksmiSg= =7CS4 -----END PGP SIGNATURE-----
--- End Message ---