AppArmor 2.9.5

AppArmor 2.9.5 Release

Milestone information

Project:
AppArmor
Series:
2.9
Version:
2.9.5
Released:
2017-10-19  
Registrant:
John Johansen
Release registered:
2017-10-19
Active:
No. Drivers cannot target bugs and blueprints to this milestone.  

Download RDF metadata

Activities

Assigned to you:
No blueprints or bugs assigned to you.
Assignees:
No users assigned to blueprints and bugs.
Blueprints:
No blueprints are targeted to this milestone.
Bugs:
5 Fix Released

Download files for this release

After you've downloaded a file, you can verify its authenticity using its MD5 sum or signature. (How do I verify a download?)

File Description Downloads
download icon apparmor-2.9.5.tar.gz (md5, sig) AppArmor 2.9.5 36
last downloaded 11 weeks ago
Total downloads: 36

Release notes 

AppArmor 2.9.5 is an incremental bug fix release over AppArmor 2.9.4 that is focused on fixing issues in the userspace code.

It includes the changes in the 2.9 branch between r3045 (AppArmor 2.9.4) and r3068.

Policy Compiler (a.k.a apparmor_parser)

    Fix af_unix downgrade of network rules
    parser Fix delete after new[]

Init

    Preserve unknown profiles when restarting apparmor init/job/unit. CVE-2017-6507 lp#1668892

Utils

    aa-logprof - Ignore change_hat events with error=-1 and "unconfined can not change_hat"
    aa-unconfined - fix netstat invocation regression
    Add aa-remove-unknown utility to unload unknown profiles lp#1668892
    Remove re.LOCALE flag lp#1661766

Policy

    abstractions
        base - update for glibc use of /proc/*/auxv and /proc/*/status
        apache2 - updates for proper signal handling, optional saslauth, and OCSP stapling
        freedesktop.org: support /usr/local/applications; support subdirs of applications folder
        Adjust python abstraction for python3.6
    dovecot
        Allow /var/run/dovecot/login-master-notify* in dovecot imap-login profiles
        add the attach_disconnected flag
        change Px to mrPx for /usr/lib/dovecot/*
        Add several permissions to the dovecot profiles that are needed on ubuntu lp#1512131
        dovecot-lda needs lp#1650827
    traceroute updates https://bugzilla.opensuse.org/show_bug.cgi?id=1057900
    Samba profile updates for ActiveDirectory / Kerberos
    Postfix

 ** change abstractions/postfix-common to allow /etc/postfix/*.db k
 ** add several permissions to postfix/error, postfix/lmtp and postfix/pipe
 ** remove superfluous abstractions/kerberosclient from all postfix

Documentation

    aa-status: update man page for updated podchecker lp#1707614
    utils: Add --no-reload option to manpage

Tests

    libapparmor/tests
        remove test_multi unconfined-change_hat.profile
    regression/tests
        fix environ fail case

Changelog 

This release does not have a changelog.

0 blueprints and 5 bugs targeted

Bug report Importance Assignee Status
1512131 #1512131 Apparmor complains about multiple /run/dovecot file access 1 Undecided   10 Fix Released
1650827 #1650827 /usr/lib/dovecot/dovecot-lda: "Failed name lookup - disconnected path" 1 Undecided   10 Fix Released
1658238 #1658238 apache2 abstraction incomplete 1 Undecided   10 Fix Released
1658239 #1658239 base abstraction missing glibc /proc/$pid/ things 1 Undecided   10 Fix Released
1668892 #1668892 CVE-2017-6507: apparmor service restarts and package upgrades unload privately managed profiles 1 Undecided   10 Fix Released
This milestone contains Public information
Everyone can see this information.