Bug #590462 “In a PDF document, the mailto link does not work” : Bugs : apparmor package : Ubuntu

Revision history for this message

Elbarbudo (patricearnal) wrote on 2010-06-06:

#1

Dependencies.txt Edit (4.7 KiB, text/plain; charset="utf-8")
RelatedPackageVersions.txt Edit (131 bytes, text/plain; charset="utf-8")

Revision history for this message

Elbarbudo (patricearnal) wrote on 2010-06-06:

#2

HTTP links do work correctly.

Revision history for this message

Sebastien Bacher (seb128) wrote on 2010-06-07:

#3

it seems apparmor is block the software

affects:

evince (Ubuntu) → apparmor (Ubuntu)

Revision history for this message

Sebastien Bacher (seb128) wrote on 2010-06-07:

#4

the issue is with the ubuntu-email abstraction list rather

Revision history for this message

Sebastien Bacher (seb128) wrote on 2010-06-07:

#5

see /etc/apparmor.d/abstractions/ubuntu-email

Revision history for this message

Elbarbudo (patricearnal) wrote on 2010-06-07: Re: [Bug 590462] Re: In a PDF document, the mailto link does not work

#6

Le 07/06/2010 11:03, Sebastien Bacher a écrit :
> see /etc/apparmor.d/abstractions/ubuntu-email
>
>
You are right : it works by adding the line

/usr/lib/thunderbird-3.0.4/thunderbird Ux,

in /etc/apparmor.d/abstractions/ubuntu-email a,d restarting apparmor

Thank you

Jamie Strandboge (jdstrand) on 2010-06-07

Changed in apparmor (Ubuntu):
status:	New → Triaged
assignee:	nobody → Jamie Strandboge (jdstrand)
importance:	Undecided → Low

Jamie Strandboge (jdstrand) on 2010-06-07

Changed in apparmor (Ubuntu):
status:	Triaged → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2010-08-06:

#7

This bug was fixed in the package apparmor - 2.5.1~pre1393-0ubuntu1

---------------
apparmor (2.5.1~pre1393-0ubuntu1) maverick; urgency=low

  * Update to upstream bzr revision 1393 from lp:apparmor/2.5.
    * add dbus-session abstraction (LP: #566207)
    * require owner in user-tmp abstraction (LP: #578922)
    * don't use uninitialized $opt_s (LP: #582075)
    * allow thunderbird 3 in abstractions/ubuntu-email (LP: #590462)
    * allow gmplayer in abstractions/ubuntu-media-players (LP: #591421)
  * debian/control: updated branches.
  * debian/patches/0001-local-includes.patch: backported patch from trunk to
    allow local administrators to customize their profiles without modifying
    a shipped profile
  * debian/rules:
    - don't pass RELEASE to libapparmor's 'make install' as it breaks the
      build and isn't used by the Makfile anyway
    - install apparmor.d/local/README in apparmor, not apparmor-profiles
    - don't install apparmor.d/local/usr.sbin.ntpd
  * Drop the following patches already included upstream:
    - 0001-lp538561.patch
    - 0002-aalogprof-warnings.patch
    - 0003-fix-memleaks.patch
    - 0004-lp549557.patch
    - 0005-lp538661.patch
    - 0006-lp611248.patch
-- Jamie Strandboge <email address hidden> Thu, 05 Aug 2010 16:10:46 -0500

Changed in apparmor (Ubuntu):
status:	Fix Committed → Fix Released

Jamie Strandboge (jdstrand) on 2010-11-02

Changed in apparmor (Ubuntu Lucid):
assignee:	nobody → Jamie Strandboge (jdstrand)
importance:	Undecided → Low
milestone:	none → lucid-updates
status:	New → In Progress

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2010-11-03:

#8

SRU test PDF Edit (20.6 KiB, application/pdf)

description:

updated

Revision history for this message

Martin Pitt (pitti) wrote on 2010-12-03: Please test proposed package

#9

Accepted apparmor into lucid-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Changed in apparmor (Ubuntu Lucid):
status:	In Progress → Fix Committed
tags:	added: verification-needed

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2010-12-14:

#10

Upgraded to 2.5.1-0ubuntu0.10.04.1 in lucid-proposed and this issue is resolved.

Martin Pitt (pitti) on 2010-12-14

tags:

added: verification-done
removed: verification-needed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2010-12-15:

#11

Download full text (10.1 KiB)

This bug was fixed in the package apparmor - 2.5.1-0ubuntu0.10.04.1

---------------
apparmor (2.5.1-0ubuntu0.10.04.1) lucid-proposed; urgency=low

  * Backport 2.5.1-0ubuntu0.10.10.1 from maverick for userspace tools to work
    with newer kernels (LP: #660077)
    NOTE: user-tmp now uses 'owner' match, so non-default profiles will have
    to be adjusted when 2 separately confined applications that both use the
    user-tmp abstraction depend on being able to cooperatively share files
    with each other in /tmp or /var/tmp.
  * remove the following patches (features not appropriate for SRU):
    - 0002-add-chromium-browser.patch
    - 0003-local-includes.patch
    - 0004-ubuntu-abstractions-updates.patch
  * debian/rules (this makes it the same as what was shipped in 10.04 LTS
    release):
    - don't ship aa-update-browser and its man page (requires
      0004-ubuntu-abstractions-updates.patch)
    - don't ship apparmor.d/local/ (requires 0003-local-includes.patch)
    - don't use dh_apparmor (not in Ubuntu 10.04 LTS)
    - don't ship chromium profile
  * remove debian/profiles/chromium-browser
  * remove debian/aa-update-browser*
  * debian/apparmor-profiles.postinst: revert to that in lucid release
    (requires dh_apparmor and 0002-add-chromium-browser.patch)
  * remove debian/apparmor-profiles.postrm: doesn't make sense without
    0002-add-chromium-browser.patch
  * debian/control:
    - revert Build-Depends on debhelper (>= 5)
    - revert Standards-Version to 3.8.4
    - revert Vcs-Bzr
    - use Conflicts/Replaces version that was in Ubuntu 10.04 LTS
  * debian/patches/0011-lucid-compat-dbus.patch: move /var/lib/dbus/machine-id
    back into dbus, since profiles on 10.04 LTS expect it there
  * debian/patches/0012-lucid-compat-kde.patch: add kde4-config to kde
    abstraction, since the firefox profile on Ubuntu 10.04 LTS expects it to
    be there

apparmor (2.5.1-0ubuntu0.10.10.2) maverick-proposed; urgency=low

  * New upstream release (LP: #660077)
    - The following patches were refreshed:
      + 0001-fix-release.patch
      + 0003-local-includes.patch
      + 0004-ubuntu-abstractions-updates.patch
      + 0008-lp648900.patch: renamed as 0005-lp648900.patch
    - The following patches were dropped (included upstream):
      + 0005-lp601583.patch
      + 0006-network-interface-enumeration.patch
      + 0007-gnome-updates.patch
  * debian/patches/0006-testsuite-fixes.patch: testsuite fixes from head
    of 2.5 branch. These are needed for QRT and SRU testing (LP: #652211)
  * debian/patches/0007-honor-cflags.patch: have the parser makefile honor
    CFLAGS environment variable. Brings back missing symbols for the retracer
  * debian/patches/0008-lp652674.patch: fix warnings for messages without
    denied or requested masks (LP: #652674)
  * debian/apparmor.init: fix path to aa-status (LP: #654841)
  * debian/apport/source_apparmor.py: apport hook should use
    root_command_hook() for running apparmor_status (LP: #655529)
  * debian/apport/source_apparmor.py: use ProcKernelCmdline and don't clobber
    cmdline details (LP: #657091)
  * debian/{rules,control}: move apache2 abstractions into the base package
    so we can put ...

This bug was fixed in the package apparmor - 2.5.1-0ubuntu0.10.04.1

---------------
apparmor (2.5.1-0ubuntu0.10.04.1) lucid-proposed; urgency=low

* Backport 2.5.1-0ubuntu0.10.10.1 from maverick for userspace tools to work
    with newer kernels (LP: #660077)
    NOTE: user-tmp now uses 'owner' match, so non-default profiles will have
    to be adjusted when 2 separately confined applications that both use the
    user-tmp abstraction depend on being able to cooperatively share files
    with each other in /tmp or /var/tmp.
  * remove the following patches (features not appropriate for SRU):
    - 0002-add-chromium-browser.patch
    - 0003-local-includes.patch
    - 0004-ubuntu-abstractions-updates.patch
  * debian/rules (this makes it the same as what was shipped in 10.04 LTS
    release):
    - don't ship aa-update-browser and its man page (requires
      0004-ubuntu-abstractions-updates.patch)
    - don't ship apparmor.d/local/ (requires 0003-local-includes.patch)
    - don't use dh_apparmor (not in Ubuntu 10.04 LTS)
    - don't ship chromium profile
  * remove debian/profiles/chromium-browser
  * remove debian/aa-update-browser*
  * debian/apparmor-profiles.postinst: revert to that in lucid release
    (requires dh_apparmor and 0002-add-chromium-browser.patch)
  * remove debian/apparmor-profiles.postrm: doesn't make sense without
    0002-add-chromium-browser.patch
  * debian/control:
    - revert Build-Depends on debhelper (>= 5)
    - revert Standards-Version to 3.8.4
    - revert Vcs-Bzr
    - use Conflicts/Replaces version that was in Ubuntu 10.04 LTS
  * debian/patches/0011-lucid-compat-dbus.patch: move /var/lib/dbus/machine-id
    back into dbus, since profiles on 10.04 LTS expect it there
  * debian/patches/0012-lucid-compat-kde.patch: add kde4-config to kde
    abstraction, since the firefox profile on Ubuntu 10.04 LTS expects it to
    be there

apparmor (2.5.1-0ubuntu0.10.10.2) maverick-proposed; urgency=low

* New upstream release (LP: #660077)
    - The following patches were refreshed:
      + 0001-fix-release.patch
      + 0003-local-includes.patch
      + 0004-ubuntu-abstractions-updates.patch
      + 0008-lp648900.patch: renamed as 0005-lp648900.patch
    - The following patches were dropped (included upstream):
      + 0005-lp601583.patch
      + 0006-network-interface-enumeration.patch
      + 0007-gnome-updates.patch
  * debian/patches/0006-testsuite-fixes.patch: testsuite fixes from head
    of 2.5 branch. These are needed for QRT and SRU testing (LP: #652211)
  * debian/patches/0007-honor-cflags.patch: have the parser makefile honor
    CFLAGS environment variable. Brings back missing symbols for the retracer
  * debian/patches/0008-lp652674.patch: fix warnings for messages without
    denied or requested masks (LP: #652674)
  * debian/apparmor.init: fix path to aa-status (LP: #654841)
  * debian/apport/source_apparmor.py: apport hook should use
    root_command_hook() for running apparmor_status (LP: #655529)
  * debian/apport/source_apparmor.py: use ProcKernelCmdline and don't clobber
    cmdline details (LP: #657091)
  * debian/{rules,control}: move apache2 abstractions into the base package
    so we can put apache2 profiles into the -profiles package without
    aa-logprof bailing out. Patch by Marc Deslauriers.
    (LP: #539441)
  * debian/patches/0009-sensible-browser-pix.patch: use Pix with
    sensible-browser
  * debian/patches/0010-ubuntu-buildd.patch: skip parser caching test if
    the AppArmor securityfs introspection directory is not mounted, as
    is the case on Ubuntu buildds.

apparmor (2.5.1~rc1-0ubuntu2) maverick; urgency=low

* abstractions/ubuntu-email: adjustment for ever-changing thunderbird path
    (LP: #648900)

apparmor (2.5.1~rc1-0ubuntu1) maverick; urgency=low

[ Jamie Strandboge ]
  * New upstream RC release (revision 1413). In addition to getting the tools
    to work with the maverick kernel, this update fixes:
    - LP: #619521
    - LP: #633369
    - LP: #626451
    - LP: #581525
    - LP: #623467 (link and unlink still need to be addressed)
  * Dropped the following patches, included upstream:
    - 0002-lp615177.patch
    - 0004-ubuntu-pux.patch
    - 0006-kde4-config-pux.patch
    - 0007-lp605835.patch
    - 0012-lp625041.patch
    - 0013-lp623586.patch
  * Update the following patches:
    - rename 0010-fix-release.patch as 0001-fix-release.patch since this will
      likely always need to be here
    - rename 0005-add-chromium-browser.patch as
      0002-add-chromium-browser.patch
    - rename 0001-local-includes.patch as 0003-local-includes.patch and update
      to use r1493 (from trunk) of local/README file. This can be dropped in
      2.6.
    - collect the ubuntu abstractions updates pulled from trunk into
      0004-ubuntu-abstractions-updates.patch. This can be dropped in 2.6.
    - rename 0008-lp601583.patch as 0005-lp601583.patch. This can be dropped
      in 2.5.1 final.
  * fix up some lintian warnings:
    - debian/control:
      + don't use 'Section' in apparmor-notify, since it is the same as the
        source
      + updates Standards-Version to 3.9.1
      + add ${misc:Depends} to libapparmor-dev and apparmor-notify
    - add debian/source/format
    - debian/libapache2-mod-apparmor.postrm: use #DEBHELPER#
    - debian/libapache2-mod-apparmor.preinst: use #DEBHELPER#
    - add debian/watch
  * debian/notify/notify.conf: set show_notifications="yes" by default
  * debian/patches/0006-network-interface-enumeration.patch: allow network
    interface enumeration. This can be dropped in 2.5.1 final.
  * debian/patches/0007-gnome-updates.patch: update for font/icon/mime
    locations in current gnome. This can be dropped in 2.5.1 final.

[ Kees Cook ]
  * debian/apparmor.init: rename "stop" to "teardown", drop caches on
    "stop" and warn about the dangers of "teardown".

apparmor (2.5.1~pre1393-0ubuntu6) maverick; urgency=low

* debian/profiles/chromium-browser: updated to have the proper path to
    local/
  * debian/patches/0011-lp514356+573344+593413.patch: browser abstraction
    updates for /net, kmozillahelper and gnome-appearance-properties
    (LP: #593413, LP: #514356, LP: #573344)
  * debian/patches/0012-lp625041.patch: add sensible-browser (LP: #625041)
  * debian/patches/0013-lp623586.patch: allow access to ghostscript fonts when
    not using defoma (LP: #623586)

apparmor (2.5.1~pre1393-0ubuntu5) maverick; urgency=low

* debian/patches/0007-lp605835.patch: allow ca-certificates in ssl_certs
    abstraction (LP: #605835)
  * debian/patches/0008-lp601583.patch: adjust X abstraction for newer gdm
    (LP: #601583)
  * debian/patches/0009-lp565753.patch: add ubuntu-feed-readers abstraction
    and have ubuntu-browsers.d/multimedia use it (LP: #565753)
  * debian/apparmor.config: don't try to read in the existing value from
    /etc/apparmor.d/tunables/home.d/ubuntu, but instead always use what is
    in debconf. (LP: #561694)
  * add aa-update-browser for giving a programmatic way to update browser
    profiles to use browser abstractions
    - add debian/aa-update-browser
    - add debian/aa-update-browser.8
    - debian/rules: install aa-update-browser*
  * debian/patches/0003-ubuntu-browsers-d.patch: updated to generalize java
    child profile names
  * debian/patches/0010-fix-release.patch: update common/Make.rules to use
    lsb_release

apparmor (2.5.1~pre1393-0ubuntu4) maverick; urgency=low

* debian/patches/0001-local-includes.patch: updated to adjust local/README
    to have upstream clarifications
  * debian/patches/0003-ubuntu-browsers-d.patch: add ubuntu-browsers.d/*
    abstractions
  * debian/patches/0004-ubuntu-pux.patch: use 'PUx' instead of 'Ux' in
    abstractions/ubuntu-*
  * add chromium-browser profile. All this can be removed once
    chromium-browser ships its own profile:
    - debian/patches/0005-add-chromium-browser.patch: add preliminary
      profiles/apparmor.d/usr.bin.chromium-browser
    - debian/profiles/chromium-browser: added for use with ubuntu-browsers.d
    - debian/rules: ship debian/profiles/chromium-browser in apparmor-profiles
  * don't make /etc/apparmor.d/local/* from apparmor-profiles conffiles
    - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
    - debian/rules: use dh_apparmor instead of shipping the files as conffiles
    - debian/apparmor-profiles.postinst: move DEBHELPER before initscript
      reload
    - debian/apparmor-profiles.postrm: added to remove chromium-browser config
      file
  * debian/patches/0006-kde4-config-pux.patch: remove kde4-config from kde
    abstraction and add it to kde ubuntu-browsers abstraction

apparmor (2.5.1~pre1393-0ubuntu3) maverick; urgency=low

* debian/patches/0002-lp615177.patch: 'owner' match in commit 1406 too
    strict for /tmp/ and /var/tmp/ (LP: #615177)

apparmor (2.5.1~pre1393-0ubuntu2) maverick; urgency=low

* debian/rules: move local/usr.lib.apache2.mpm-prefork.apache2 to
    libapache2-mod-apparmor

apparmor (2.5.1~pre1393-0ubuntu1) maverick; urgency=low

* Update to upstream bzr revision 1393 from lp:apparmor/2.5.
    * add dbus-session abstraction (LP: #566207)
    * require owner in user-tmp abstraction (LP: #578922)
    * don't use uninitialized $opt_s (LP: #582075)
    * allow thunderbird 3 in abstractions/ubuntu-email (LP: #590462)
    * allow gmplayer in abstractions/ubuntu-media-players (LP: #591421)
  * debian/control: updated branches.
  * debian/patches/0001-local-includes.patch: backported patch from trunk to
    allow local administrators to customize their profiles without modifying
    a shipped profile
  * debian/rules:
    - don't pass RELEASE to libapparmor's 'make install' as it breaks the
      build and isn't used by the Makfile anyway
    - install apparmor.d/local/README in apparmor, not apparmor-profiles
    - don't install apparmor.d/local/usr.sbin.ntpd
  * Drop the following patches already included upstream:
    - 0001-lp538561.patch
    - 0002-aalogprof-warnings.patch
    - 0003-fix-memleaks.patch
    - 0004-lp549557.patch
    - 0005-lp538661.patch
    - 0006-lp611248.patch

apparmor (2.5-0ubuntu4) maverick; urgency=low

* debian/patches/0006-lp611248.patch: allow access to gdk-pixbuf loaders
    LP: #611248
 -- Jamie Strandboge <jamie@ubuntu.com>   Tue, 02 Nov 2010 13:33:15 -0500

Changed in apparmor (Ubuntu Lucid):
status:	Fix Committed → Fix Released

Ubuntu Foundations Team Bug Bot (crichton) on 2011-09-19

tags:

added: testcase

Revision history for this message

Maxime Chavagne (a-maxime) wrote on 2012-06-13:

#12

I have the same bug from PDF document with HTTP links. I am running Ubuntu 11.10 oneiric and Firefox 13.0.
When i click on a link in a pdf document in evince i have the message :
"Impossible d'ouvrir le lien externe
L'exécution du processus fils « firefox » a échoué (Permission non accordée)"
and the link is not opened.

I have this line in /etc/apparmor.d/abstractions/ubuntu-browsers :
/usr/lib/firefox-*/firefox.sh PUx,

And it should be
/usr/lib/firefox/firefox.sh PUx,
or
/usr/lib/firefox*/firefox.sh PUx,

If i list /usr/lib I have :

# ls /usr/lib/ | grep firefox
firefox
firefox-3.6.10
firefox-addons

If I change the line in /etc/apparmor.d/abstractions/ubuntu-browsers and restart apparmor it works.

Revision history for this message

Maxime Chavagne (a-maxime) wrote on 2012-06-13:

#13

Do I have to post a new bug or is it OK in here ?

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2012-06-13:

#14

Maxime, you are almost certainly seeing bug #990931, which was fixed yesterday.

Revision history for this message

Maxime Chavagne (a-maxime) wrote on 2012-06-13:

#15

That's right. Thanks a lot !

Ubuntu
apparmor package

In a PDF document, the mailto link does not work

Bug Description

Related branches

Other bug subscribers

Bug attachments

Remote bug watches

Affects		Status	Importance	Assigned to	Milestone
	apparmor (Ubuntu)	Fix Released	Low	Jamie Strandboge
	Lucid	Fix Released	Low	Jamie Strandboge	Ubuntu lucid-updates

Ubuntuapparmor package

In a PDF document, the mailto link does not work

Bug Description

Related branches

Other bug subscribers

Bug attachments

Remote bug watches

Ubuntu
apparmor package