apparmor profile does not allow for rotating savefiles using the -C and -W options

This is the patch that should fix this issue in Focal

This is the patch that should fix this issue in Jammy

Hi Georgia,

Thank you for providing a fix for the bug.

I'd like to make a few recommendations for the next time. Hopefully these will help you better understand and navigate the sponsorship process :-).

1) Providing a PPA with the proposed package built goes a long way to help the sponsor verify the changes. If the package has DEP8 tests, providing a log of a DEP8 test run is also very welcome.

2) I noticed that you targeted jammy-security in the Jammy debdiff. I believe this may have been a typo/thinko, but just in case: if an upload needs to go to the -security pocket, then the process is a bit different. You need to contact the Security team, and they will perform their own checks. Also, uploads to the -security pocket don't go through the normal SRU process, and can't be sponsored by Ubuntu Sponsors.

3) When you have the time, I'd recommend learning about the git-ubuntu workflow. I personally don't mind sponsoring debdiffs, but I've noticed several people using git-ubuntu lately, and I think it can make the process a bit easier for the contributor.

Otherwise, the debdiffs are great. I just had to adjust the changelog message (the path for the file being changed is debian/usr.{s,}bin.tcpdump), and the target pocket for Jammy.

Uploaded.

Thanks!

A few other things:

- I added tasks for Jammy and Focal, and set the status of the Noble task to Fix Released because I couldn't reproduce the problem there. However, I did notice that both in Mantic and Noble your testcase segfaults. Can you just double check that that's another problem and not something related to this bug, plase?

- I'm unsubscribing ubuntu-sponsors. If you need more help, please resubscribe it.

Thanks.

Hello Koen, or anyone else affected,

Accepted tcpdump into jammy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/tcpdump/4.99.1-3ubuntu0.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-jammy to verification-done-jammy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-jammy. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Hello Koen, or anyone else affected,

Accepted tcpdump into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/tcpdump/4.9.3-4ubuntu0.3 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

I have tested both jammy and focal version of the package.
Issue has been resolved !

Thank you all for the quick follow up on this.

Also kudos to my colleague, Wim Mariën, who did the actual bug find.

On Friday, February 09 2024, Koen Dierckx wrote:

> I have tested both jammy and focal version of the package.
> Issue has been resolved !

Hi Koen,

Thank you for testing the package. However, when we're dealing with
SRUs, it is strongly recommended to provide more information about the
test that was performed. This information includes:

- The output of "apt policy PACKAGE", before and after upgrading it, to
  show that the bug could be reproduced with the old package and is
  fixed by the new one.

- The output of one or more commands (from the Test Plan section)
  showing the bug manifesting with the previous package, and then not
  manifesting anymore with the new package.

Lastly, as mentioned in the SRU acceptance message, you need to modify
this bug's tags to reflect that the verification step was properly done,
so that the SRU team knows that they can release the package when the
waiting period is over.

Thanks,

--
Sergio
GPG key ID: E92F D0B3 6B14 F1F4 D8E0 EB2F 106D A1C8 C3CB BF14

JAMMY

mkdir /test
chmod 777 /test

apt policy tcpdump
tcpdump:
  Installed: 4.99.1-3ubuntu0.1
  Candidate: 4.99.1-3ubuntu0.1
  Version table:
     4.99.1-3ubuntu0.2 400
        400 http://archive.ubuntu.com/ubuntu jammy-proposed/main amd64 Packages
 *** 4.99.1-3ubuntu0.1 500
        500 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages
        100 /var/lib/dpkg/status
     4.99.1-3build2 500
        500 http://archive.ubuntu.com/ubuntu jammy/main amd64 Packages

tcpdump -Z root -ni any -s 0 -w /test/pcap.pcap -C 500 -W 500 host 1.1.1.1
tcpdump: data link type LINUX_SLL2
tcpdump: /test/pcap.pcap000: Permission denied

apt install tcpdump/jammy-proposed
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Selected version '4.99.1-3ubuntu0.2' (Ubuntu:22.04/jammy-proposed [amd64]) for 'tcpdump'
The following packages will be upgraded:
  tcpdump
1 upgraded, 0 newly installed, 0 to remove and 95 not upgraded.
Need to get 501 kB of archives.
After this operation, 0 B of additional disk space will be used.
Get:1 http://archive.ubuntu.com/ubuntu jammy-proposed/main amd64 tcpdump amd64 4.99.1-3ubuntu0.2 [501 kB]
Fetched 501 kB in 0s (1930 kB/s)
(Reading database ... 74590 files and directories currently installed.)
Preparing to unpack .../tcpdump_4.99.1-3ubuntu0.2_amd64.deb ...
Unpacking tcpdump (4.99.1-3ubuntu0.2) over (4.99.1-3ubuntu0.1) ...
Setting up tcpdump (4.99.1-3ubuntu0.2) ...
Installing new version of config file /etc/apparmor.d/usr.bin.tcpdump ...
Processing triggers for man-db (2.10.2-1) ...

apt policy tcpdump
tcpdump:
  Installed: 4.99.1-3ubuntu0.2
  Candidate: 4.99.1-3ubuntu0.2
  Version table:
 *** 4.99.1-3ubuntu0.2 400
        400 http://archive.ubuntu.com/ubuntu jammy-proposed/main amd64 Packages
        100 /var/lib/dpkg/status
     4.99.1-3ubuntu0.1 500
        500 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages
     4.99.1-3build2 500
        500 http://archive.ubuntu.com/ubuntu jammy/main amd64 Packages

tcpdump -Z root -ni any -s 0 -w /test/pcap.pcap -C 500 -W 500 host 1.1.1.1
tcpdump: data link type LINUX_SLL2
tcpdump: listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes

FOCAL

apt policy tcpdump
tcpdump:
  Installed: 4.9.3-4ubuntu0.1
  Candidate: 4.9.3-4ubuntu0.2
  Version table:
     4.9.3-4ubuntu0.2 500
        500 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages
 *** 4.9.3-4ubuntu0.1 500
        500 http://security.ubuntu.com/ubuntu focal-security/main amd64 Packages
        100 /var/lib/dpkg/status
     4.9.3-4 500
        500 http://archive.ubuntu.com/ubuntu focal/main amd64 Packages

tcpdump -Z root -ni any -s 0 -w /test/pcap.pcap -C 500 -W 500 host 1.1.1.1
tcpdump: /test/pcap.pcap000: Permission denied

apt install tcpdump/focal-proposed
Reading package lists... Done
Building dependency tree
Reading state information... Done
Selected version '4.9.3-4ubuntu0.3' (Ubuntu:20.04/focal-proposed [amd64]) for 'tcpdump'
The following packages will be upgraded:
  tcpdump
1 upgraded, 0 newly installed, 0 to remove and 175 not upgraded.
Need to get 370 kB of archives.
After this operation, 1024 B of additional disk space will be used.
Get:1 http://archive.ubuntu.com/ubuntu focal-proposed/main amd64 tcpdump amd64 4.9.3-4ubuntu0.3 [370 kB]
Fetched 370 kB in 1s (349 kB/s)
(Reading database ... 73218 files and directories currently installed.)
Preparing to unpack .../tcpdump_4.9.3-4ubuntu0.3_amd64.deb ...
Unpacking tcpdump (4.9.3-4ubuntu0.3) over (4.9.3-4ubuntu0.1) ...
Setting up tcpdump (4.9.3-4ubuntu0.3) ...
Installing new version of config file /etc/apparmor.d/usr.sbin.tcpdump ...
Processing triggers for man-db (2.9.1-1) ...

apt policy tcpdump
tcpdump:
  Installed: 4.9.3-4ubuntu0.3
  Candidate: 4.9.3-4ubuntu0.3
  Version table:
 *** 4.9.3-4ubuntu0.3 400
        400 http://archive.ubuntu.com/ubuntu focal-proposed/main amd64 Packages
        100 /var/lib/dpkg/status
     4.9.3-4ubuntu0.2 500
        500 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages
     4.9.3-4ubuntu0.1 500
        500 http://security.ubuntu.com/ubuntu focal-security/main amd64 Packages
     4.9.3-4 500
        500 http://archive.ubuntu.com/ubuntu focal/main amd64 Packages

tcpdump -Z root -ni any -s 0 -w /test/pcap.pcap -C 500 -W 500 host 1.1.1.1
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 bytes
^C0 packets captured
0 packets received by filter
0 packets dropped by kernel

This bug was fixed in the package tcpdump - 4.99.1-3ubuntu0.2

---------------
tcpdump (4.99.1-3ubuntu0.2) jammy; urgency=medium

  * debian/usr.bin.tcpdump: allow read/write to .pcapng files along with
    a permission to the .pcap, .pcapng, .cap files followed by a numeric
    suffix required by the -W parameter (LP: #2052493)

 -- Georgia Garcia <email address hidden> Thu, 08 Feb 2024 10:21:43 -0300

The verification of the Stable Release Update for tcpdump has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

This bug was fixed in the package tcpdump - 4.9.3-4ubuntu0.3

---------------
tcpdump (4.9.3-4ubuntu0.3) focal; urgency=medium

  * debian/usr.sbin.tcpdump: allow read/write to .cap and .pcapng files
    along with a permission to the .pcap, .pcapng, .cap files followed by
    a numeric suffix required by the -W parameter (LP: #2052493)

 -- Georgia Garcia <email address hidden> Thu, 08 Feb 2024 10:08:41 -0300