Your message dated Mon, 30 Jul 2018 15:04:04 +0000 with message-id <e1fk9io-000gw8...@fasolo.debian.org> and subject line Bug#904983: fixed in bind9 1:9.11.4+dfsg-4 has caused the Debian Bug report #904983, regarding bind9: Syntax error in /etc/apparmor.d/usr.sbin.named prevents bind9 from starting to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 904983: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904983 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: bind9 Version: 1:9.11.4+dfsg-3 Severity: grave Justification: renders package unusable Dear Maintainer, bind9 9.11.4+dfsg-3's /etc/apparmor.d/usr.sbin.named is missing a comma at the end of line 33, which causes apparmor to fail parsing it and in turn deny bind9's access to /usr/share/dns/root.hints: Ιουλ 30 10:36:23 hs named[21729]: could not configure root hints from '/usr/share/dns/root.hints': permission denied Ιουλ 30 10:36:23 hs named[21729]: loading configuration: permission denied Ιουλ 30 10:36:23 hs named[21729]: exiting (due to fatal error) After adding a comma at this end of this line, bind9 is able to start again: /usr/share/dns/root.* r Thank you! -- System Information: Debian Release: buster/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.17.0-1-amd64 (SMP w/2 CPU cores) Locale: LANG=el_GR.UTF-8, LC_CTYPE=el_GR.UTF-8 (charmap=UTF-8), LANGUAGE=el_GR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages bind9 depends on: ii adduser 3.117 ii bind9utils 1:9.11.4+dfsg-3 ii debconf [debconf-2.0] 1.5.69 ii dns-root-data 2018013001 ii libbind9-160 1:9.11.4+dfsg-3 ii libc6 2.27-5 ii libcap2 1:2.25-1.2 ii libcom-err2 1.44.3-1 ii libdns1102 1:9.11.4+dfsg-3 ii libfstrm0 0.3.0-1+b1 ii libgeoip1 1.6.12-1 ii libgssapi-krb5-2 1.16-2 ii libisc169 1:9.11.4+dfsg-3 ii libisccc160 1:9.11.4+dfsg-3 ii libisccfg160 1:9.11.4+dfsg-3 ii libjson-c3 0.12.1-1.3 ii libk5crypto3 1.16-2 ii libkrb5-3 1.16-2 ii liblmdb0 0.9.22-1 ii liblwres160 1:9.11.4+dfsg-3 ii libprotobuf-c1 1.2.1-2 ii libssl1.1 1.1.0h-4 ii libxml2 2.9.4+dfsg1-7+b1 ii lsb-base 9.20170808 ii net-tools 1.60+git20161116.90da8a0-2 ii netbase 5.4 ii zlib1g 1:1.2.11.dfsg-1 bind9 recommends no packages. Versions of packages bind9 suggests: pn bind9-doc <none> ii dnsutils 1:9.11.4+dfsg-3 pn resolvconf <none> pn ufw <none> -- Configuration Files: /etc/apparmor.d/usr.sbin.named changed: /usr/sbin/named flags=(attach_disconnected) { #include <abstractions/base> #include <abstractions/nameservice> capability net_bind_service, capability setgid, capability setuid, capability sys_chroot, capability sys_resource, # /etc/bind should be read-only for bind # /var/lib/bind is for dynamically updated zone (and journal) files. # /var/cache/bind is for slave/stub data, since we're not the origin of it. # See /usr/share/doc/bind9/README.Debian.gz /etc/bind/** r, /var/lib/bind/** rw, /var/lib/bind/ rw, /var/cache/bind/** lrw, /var/cache/bind/ rw, # gssapi /etc/krb5.keytab kr, /etc/bind/krb5.keytab kr, # ssl /etc/ssl/openssl.cnf r, # root hints from dns-data-root /usr/share/dns/root.* r, # GeoIP data files for GeoIP ACLs /usr/share/GeoIP/** r, # dnscvsutil package /var/lib/dnscvsutil/compiled/** rw, # Allow changing worker thread names owner @{PROC}/@{pid}/task/@{tid}/comm rw, @{PROC}/net/if_inet6 r, @{PROC}/*/net/if_inet6 r, @{PROC}/sys/net/ipv4/ip_local_port_range r, /usr/sbin/named mr, /{,var/}run/named/named.pid w, /{,var/}run/named/session.key w, # support for resolvconf /{,var/}run/named/named.options r, # some people like to put logs in /var/log/named/ instead of having # syslog do the heavy lifting. /var/log/named/** rw, /var/log/named/ rw, # gssapi /var/lib/sss/pubconf/krb5.include.d/** r, /var/lib/sss/pubconf/krb5.include.d/ r, /var/lib/sss/mc/initgroups r, /etc/gss/mech.d/ r, # ldap /etc/ldap/ldap.conf r, /{,var/}run/slapd-*.socket rw, # dynamic updates /var/tmp/DNS_* rw, # Site-specific additions and overrides. See local/README for details. #include <local/usr.sbin.named> } /etc/bind/named.conf changed: // This is the primary configuration file for the BIND DNS server named. // // Please read /usr/share/doc/bind9/README.Debian.gz for information on the // structure of BIND configuration files in Debian, *BEFORE* you customize // this configuration file. // // If you are just adding zones, please do that in /etc/bind/named.conf.local include "/etc/bind/named.conf.options"; include "/etc/bind/named.conf.local"; //include "/etc/bind/named.conf.default-zones"; /etc/bind/named.conf.local changed: // // Do any local configuration here // // Consider adding the 1918 zones here, if they are not used in your // organization //include "/etc/bind/zones.rfc1918"; include "/etc/bind/ddns.key"; include "/etc/bind/view.main"; include "/etc/bind/view.internet"; include "/etc/bind/view.local"; /etc/bind/named.conf.options changed: options { directory "/var/cache/bind"; // If there is a firewall between you and nameservers you want // to talk to, you may need to fix the firewall to allow multiple // ports to talk. See http://www.kb.cert.org/vuls/id/800113 dnssec-validation auto; check-names master ignore; allow-transfer { localhost; }; notify no; forwarders { // 10.1.0.2; 2a02:587:101:0:212:205:212:205; 2a02:587:101:0:195:170:0:1; 212.205.212.205; 195.170.0.1; }; listen-on-v6 { any; // ::1; // fd11:2358:1321:3401::1; }; listen-on { 127.0.0.1; 10.1.0.1; }; }; logging { channel default_syslog { syslog daemon; print-category yes; }; category general { null; }; category dnssec { null; }; category resolver { null; }; category lame-servers { null; }; category edns-disabled { null; }; category update { null; }; category update-security { null; }; category xfer-in { null; }; category xfer-out { null; }; category notify { null; }; }; -- debconf information: bind9/different-configuration-file: bind9/run-resolvconf: false bind9/start-as-user: bind
--- End Message ---
--- Begin Message ---Source: bind9 Source-Version: 1:9.11.4+dfsg-4 We believe that the bug you reported is fixed in the latest version of bind9, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 904...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Bernhard Schmidt <be...@debian.org> (supplier of updated bind9 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 30 Jul 2018 16:28:21 +0200 Source: bind9 Binary: bind9 bind9utils bind9-doc bind9-host libbind-dev libbind9-160 libdns1102 libirs160 libisc169 liblwres160 libisccc160 libisccfg160 dnsutils libbind-export-dev libdns-export1102 libdns-export1102-udeb libirs-export160 libirs-export160-udeb libisc-export169 libisc-export169-udeb libisccc-export160 libisccc-export160-udeb libisccfg-export160 libisccfg-export160-udeb Architecture: source Version: 1:9.11.4+dfsg-4 Distribution: unstable Urgency: medium Maintainer: BIND 9 Package <bi...@package.debian.org> Changed-By: Bernhard Schmidt <be...@debian.org> Description: bind9 - Internet Domain Name Server bind9-doc - Documentation for BIND bind9-host - DNS lookup utility (deprecated) bind9utils - Utilities for BIND dnsutils - Clients provided with BIND libbind-dev - Static Libraries and Headers used by BIND libbind-export-dev - Development files for the exported BIND libraries libbind9-160 - BIND9 Shared Library used by BIND libdns-export1102 - Exported DNS Shared Library libdns-export1102-udeb - Exported DNS library for debian-installer (udeb) libdns1102 - DNS Shared Library used by BIND libirs-export160 - Exported IRS Shared Library libirs-export160-udeb - Exported IRS library for debian-installer (udeb) libirs160 - DNS Shared Library used by BIND libisc-export169 - Exported ISC Shared Library libisc-export169-udeb - Exported ISC library for debian-installer (udeb) libisc169 - ISC Shared Library used by BIND libisccc-export160 - Command Channel Library used by BIND libisccc-export160-udeb - Command Channel Library used by BIND (udeb) libisccc160 - Command Channel Library used by BIND libisccfg-export160 - Exported ISC CFG Shared Library libisccfg-export160-udeb - Exported ISC CFG library for debian-installer (udeb) libisccfg160 - Config File Handling Library used by BIND liblwres160 - Lightweight Resolver Library used by BIND Closes: 904983 Changes: bind9 (1:9.11.4+dfsg-4) unstable; urgency=medium . * Brown-paper-bag release :-( * Fix missing colon in AppArmor profile (Closes: #904983) Checksums-Sha1: b8b29e0ed0c719866114f982c418a6345fb94491 3894 bind9_9.11.4+dfsg-4.dsc 07a86cf353747fcee39f406301568e62939b7272 76344 bind9_9.11.4+dfsg-4.debian.tar.xz 7b026577fb9eb7c1e9f65717c74cd87351bb24e3 19907 bind9_9.11.4+dfsg-4_amd64.buildinfo Checksums-Sha256: bfc29751b80e30977669d37afa0a873ca1e4b3923619c57c54ec3b53a6ba67b7 3894 bind9_9.11.4+dfsg-4.dsc 7a8613aa8e2b9cfcf1223b294b51f9c21cff2cbd6bb9889535b2dfa1345bd6f1 76344 bind9_9.11.4+dfsg-4.debian.tar.xz 518e1abd494aabed0cfc5debf3df655fcea7984264b4bf97cb02642eb509b17a 19907 bind9_9.11.4+dfsg-4_amd64.buildinfo Files: 5cc73d5f662dd3efb1c4c2ebd02010d9 3894 net optional bind9_9.11.4+dfsg-4.dsc 646e8cce16ed6f7196a85fbf3d1c1d1a 76344 net optional bind9_9.11.4+dfsg-4.debian.tar.xz dcb3dc9617661b158273203329c7e208 19907 net optional bind9_9.11.4+dfsg-4_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQJFBAEBCgAvFiEE1uAexRal3873GVbTd1B55bhQvJMFAltfJFkRHGJlcm5pQGRl Ymlhbi5vcmcACgkQd1B55bhQvJPx2g//eyHCmeJ4A2hJBKJfFY+Fbb3u2gqJaW+O qUE8K7uSZmmLvsqgenb5Nt0bT+Av8x1ooUPyZPMuXcBzoYiVYmOingZ6sEJVHfE4 k4eHHdlyMmlK+sS+SFVQoEPlDOfKoDKVy5rKZkaLdkGCMQHAkq67Ejz91O6UmTVE K1iP951VOYZFEGjWwt/0oQk22R2KMWze9dMwcy/BYBE3VJAzFGjOEM2S2BjwZ+M4 L5LlBgr+xeit+fmFISXzXNF89JmWQtnXLvgg2jv29Pt8Wx90zYcRFM27mq1O3VeV qcub8km4ekSd4TW6nHMzeubbhABhX9n1xthmw98UgiXXpqA3NBd3/zFDLCUYqbw0 11GI908xPhUHWeZYup7AfxSI+bTuUNsFqKf4kXqeoixFmopCvF20QtrVVDUP3HRD IIbxnpTlO8UEx7KH15B/YC85hKzHkciNMiYq1ItqbRS9HIh9yfdrXpwbHkrTwx5r esjuCO+uDNFN0HDGtlXqZyeJsQY2rNMnTSC8F6dGCYTaDLAjwcmixJndOd0mH3zE UGRx5tHs8ncWZkNSouchf3/8IQJef8zQUKbiMZuB4LYew7fbFZGC/9ATAPobBM8M BRmiFUORmFqdjZJWGfXm6fVCUCRoAJLl/M2l2XZTPGfauDCsq5xv6zvbw2+C1Y06 71P04KmXvWU= =Nd2R -----END PGP SIGNATURE-----
--- End Message ---
