Change log for apparmor package in Debian

153 of 53 results
Published in buster-release on 2017-11-11
Published in sid-release on 2017-11-06
apparmor (2.11.1-3) unstable; urgency=medium

  * upstream-commit-92752f5-support-Google-Chrome-beta.patch:
    new patch, backported from upstream (Closes: #880923).

 -- intrigeri <email address hidden>  Sun, 05 Nov 2017 19:26:47 +0000
Superseded in buster-release on 2017-11-11
Superseded in sid-release on 2017-11-08
apparmor (2.11.1-2) unstable; urgency=medium

  * apparmor: drop obsolete dependency on libapparmor-perl.
    This dependency was added in 2.8.0-0ubuntu15, when aa-exec (that was
    written in Perl back then) got moved to the apparmor package.
    Nowadays aa-exec is written in C and AFAICT there's nothing in the
    apparmor package that uses libapparmor-perl.
  * apparmor-utils: drop obsolete dependency on libapparmor-perl.
    All the programs shipped in this package were rewritten in Python.
  * Drop obsolete dependencies on python{,3}-pkg-resources.
    They were added to "fix autopkgtests in click-apparmor and
    apparmor-easyprof-ubuntu". We don't ship these packages in Debian,
    and I'm told they're going away in Ubuntu anyway.

 -- intrigeri <email address hidden>  Wed, 25 Oct 2017 13:58:08 +0000
Superseded in sid-release on 2017-11-01
apparmor (2.11.1-1) unstable; urgency=medium

  * Import upstream 2.11.1 release.
    Drop obsolete patches and refresh remaining ones as need.
  * pin-feature-set.patch: new patch, that pins the AppArmor feature set
    to Linux 4.13.4-2's (Closes: #879584).
    The AppArmor policy we ship is not fully ready for Linux 4.14 yet.
    Once our policy has been updated (#877581) we can bump the pinned
    feature set to Linux 4.14's.
    Note, however, that this is not fully effective in the specific case
    of 4.14-rcN up to 4.14-rc6 due to a kernel bug with pinned older
    feature sets, that will likely be fixed in Linux 4.14-rc7.
    For example, with Linux 4.14-rc5 some network (e.g. unix, inet, inet6)
    operations are denied despite the fact this pinned feature does not
    enable network mediation support. For details, see:
  * Disable parser-include-usr-share-apparmor.patch: it's not used on Debian
    and would be made fuzzy by pin-feature-set.patch, thus causing useless
    maintenance busywork.
  * Improve phrasing of long packages description, based on a patch
    by Vincas Dargis <email address hidden> (Closes: #795431).
  * Replace build-dependency on dh-systemd with a versioned one
    on debhelper, that now ships dh_systemd_*.
  * Set priority to "optional": "extra" is deprecated.
  * Bump Standards-Version to 4.1.1.
  * Drop "Testsuite: autopkgtest" control field: it is automatically added
    by dpkg-source(1) since dpkg 1.17.1 when a debian/tests/control file exists,
    which is the case here.
  * Move libapache2-mod-apparmor to Section "httpd", as suggested by Lintian.

 -- intrigeri <email address hidden>  Mon, 23 Oct 2017 14:19:33 +0000
Superseded in buster-release on 2017-10-31
Superseded in sid-release on 2017-10-24
apparmor (2.11.0-11) unstable; urgency=medium

  * Only use systemd-detect-virt when it's installed (Closes: #871953).
  * dh_apparmor: include the version of the package, so that one can find
    packages that were built with a particular version of dh_apparmor.
    (Closes: #872167).
  * Import patch submitted upstream to support Flatpak exports
    (Closes: #865206).
  * Revert "Build with GCC-6 on mips64el to workaround Debian#871538":
    that gcc-7 bug was fixed in 7.2.0-3 on 2017-09-02, presumably all buildd's
    chroot should have it by now.
  * Merge from Ubuntu citrain up to revision 1627, aka. 2.11.0-2ubuntu17.
    Applied all changes (filtering from that list what had already been
    done in Debian):
     - Remove apparmor system upstart job on upgrades.
     - r3631-apparmor-utils-python3.6-LOCALE.patch: fix utils to avoid
       breakage with python 3.6 (LP: #1661766).
     - nameservice-add-stub-resolv.patch: allow read access to systemd stub
       resolver configuration

 -- intrigeri <email address hidden>  Sun, 03 Sep 2017 09:05:00 +0000
Superseded in buster-release on 2017-09-26
Superseded in sid-release on 2017-09-21
apparmor (2.11.0-10) unstable; urgency=medium

  * Build with GCC-6 on mips64el to workaround #871538.

 -- intrigeri <email address hidden>  Wed, 09 Aug 2017 13:37:47 +0000
Superseded in sid-release on 2017-08-11
apparmor (2.11.0-9) unstable; urgency=medium

  * debian-chromium-paths.patch: new patch, fixes e.g. opening links
    (e.g. from Thunderbird) when Chromium is the default web browser
    (reported in #858911).

 -- intrigeri <email address hidden>  Mon, 07 Aug 2017 22:36:01 +0000
Superseded in sid-release on 2017-08-10
apparmor (2.11.0-7) unstable; urgency=medium

  * compare_and_save_debsums(): fix quieting of diff on initial installation
    (Closes: #870696).
  * Don't explicitly pass runlevel nor sequence number to update-rc.d
    via dh_installinit (Closes: #870695).
    Thanks to Michael Biebl for the hint!
  * wayland-cursor.patch: new patch, to allow wayland-cursor-shared-*
    (Closes: #870807).
  * Merge from Ubuntu citrain up to revision 1620, i.e. 2.11.0-2ubuntu11.
    Applied all changes:
     - fix-aa-status-pod.patch: updates aa-status for newer podchecker
       (LP: #1707614)
     - adjust-python-for-3.6.patch: update python abstraction for 3.6
     - adjust-nameservice-for-systemd-resolved.patch: grant access to
       systemd-resolved in the nameservice abstraction (LP: #1598759).
    … and then disabled adjust-nameservice-for-systemd-resolved.patch
    that's dangerous without fine-grained AppArmor mediation of
    D-Bus traffic.
  * Remove upstart configuration: Upstart was removed in Debian Stretch
    so this file is no longer useful.
  * Drop ubuntu-manpage-updates.patch, that was only relevant with Upstart.

 -- intrigeri <email address hidden>  Sat, 05 Aug 2017 14:21:08 +0000
Superseded in buster-release on 2017-08-15
Superseded in sid-release on 2017-08-07
apparmor (2.11.0-6) unstable; urgency=medium

  * libapparmor-dev: stop installing /lib/*/ (Closes: #866636).

 -- intrigeri <email address hidden>  Fri, 30 Jun 2017 17:20:45 +0000
Superseded in sid-release on 2017-07-01
apparmor (2.11.0-5) unstable; urgency=medium

  * pass-compiler-flags-binutils.patch: new patch, fixes missing
    hardening flags in aa-enabled and aa-exec.
  * Merge from Ubuntu citrain up to revision 1617, i.e. 2.11.0-2ubuntu8.

 -- intrigeri <email address hidden>  Sat, 24 Jun 2017 21:12:47 +0000
Superseded in sid-release on 2017-07-04
apparmor (2.11.0-4) unstable; urgency=medium

  * Run parts of the upstream test suite as autopkgtests.
  * Declare compliance with Standards-Version 4.0.0 (no change required).
  * Add mentions-deprecated-usr-lib-perl5-directory to Lintian overrides,
    since usr-lib-perl5-mentioned has been renamed.
  * libapparmor1.symbols: require 2.8.94 instead of 2.8.94-0ubuntu1.
  * debian/rules: use variables provided by dpkg/ instead
    of parsing the output of dpkg-parsechangelog.
  * Override mistaken apache2-module-depends-on-real-apache2-package
    Lintian check.
  * Merge from Ubuntu citrain up to revision 1616, i.e. 2.11.0-2ubuntu5
    (more recent changes, up to 2.11.0-2ubuntu8, have not been pushed
    to the citrain repo yet; they don't seen critical though).

 -- intrigeri <email address hidden>  Sat, 24 Jun 2017 15:15:09 +0000
Published in stretch-release on 2017-03-31
Superseded in sid-release on 2017-06-25
apparmor (2.11.0-3) unstable; urgency=medium

  * Fix CVE-2017-6507: don't unload unknown profiles during package
    configuration or when restarting the apparmor init script, upstart job, or
    systemd unit as this could leave processes unconfined (Closes: #858768).
    Changes cherry-picked from Ubuntu's 2.11.0-2ubuntu3:
    - debian/apparmor.postinst, debian/apparmor.init, debian/apparmor.upstart:
      Remove calls to unload_obsolete_profiles()
    - debian/patches/utils-add-aa-remove-unknown.patch,
      debian/apparmor.install debian/apparmor.manpages: Include a new utility,
      aa-remove-unknown, which can be used to unload unknown profiles. Based
      on an upstream patch but adjusted to source the /lib/apparmor/functions
      shipped in Debian/Ubuntu.

 -- intrigeri <email address hidden>  Tue, 28 Mar 2017 10:29:15 +0000
Superseded in stretch-release on 2017-03-31
Superseded in sid-release on 2017-03-28
apparmor (2.11.0-2) unstable; urgency=medium

  * Drop the apparmor-docs package (Closes: #851118).

 -- intrigeri <email address hidden>  Sat, 21 Jan 2017 10:05:51 +0000
Superseded in stretch-release on 2017-02-01
Superseded in sid-release on 2017-01-22
apparmor (2.11.0-1) unstable; urgency=medium

  * Import upstream 2.11.0 release (Closes: #809649).
  * Don't try to install non-existing file
    to /etc/apparmor.d/abstractions/ubuntu-browsers.d/chromium-browser.
  * Drop all backported patches, that are now obsolete.
  * Drop aa-utils_are_bilingual.patch, that is obsolete since upstream
    switched to Python 3.
  * Refresh all remaining quilt patches.
  * debian/apparmor.manpages: follow upstream wrt. moving the manpages
    for aa-enabled and aa-exec to section 1.
  * Reintroduce building parser/techdoc.pdf from source while building
    the binary package.
  * Build PDFs from documentation/*, and include them in the apparmor-docs
    package. Accordingly add build-dependency on libreoffice-writer and unoconv.
  * README.source: document how to import a new upstream release from
    the tarball.

 -- intrigeri <email address hidden>  Mon, 09 Jan 2017 10:30:38 +0000
Superseded in stretch-release on 2017-01-20
Superseded in sid-release on 2017-01-22
apparmor (2.10.95-8) unstable; urgency=medium

  * Stop applying add-chromium-browser.patch: it's been broken for years
    on Debian, and nobody ever bothered to upstream this profile in a way
    that makes it work cross-distro (Closes: #742829).
  * r3441-sshd-blacklist.patch: new patch, cherry-picked from upstream
    (Closes: #821881).
  * new patch,
    cherry-picked from upstream.
  * r3600-usrmerge.patch: new patch, cherry-picked from upstream
    (resolves the parts of #843461 that can be handled in this package).

 -- intrigeri <email address hidden>  Sat, 17 Dec 2016 11:25:27 +0000
Superseded in stretch-release on 2016-12-28
Superseded in sid-release on 2016-12-17
apparmor (2.10.95-7) unstable; urgency=medium

  * r3582-build-with-recent-swig.patch: new patch, cherry-picked
    from upstream (Closes: #844929).
  * r3588-update-gnome-abstraction-with-versioned-gtk-paths.patch:
    new patch, cherry-picked from upstream (Closes: #845005).
  * r3590-add-more-wayland-paths.patch: new patch, cherry-picked from upstream.
  * r3591-yet-another-location-for-Xauthority.patch: new patch, cherry-picked
    from upstream (Closes: #845250).
  * Merge from Ubuntu citrain up to revision 1604.
  * Disable profiles-grant-access-to-systemd-resolved.patch: it's dangerous
    without fine-grained AppArmor mediation of D-Bus traffic.

 -- intrigeri <email address hidden>  Fri, 2 Dec 2016 11:00:00 +0000
Superseded in stretch-release on 2016-12-08
Superseded in sid-release on 2016-12-05
apparmor (2.10.95-6) unstable; urgency=medium

  * New patches, cherry-picked from upstream:
    - debian/patches/r3577-gnome-abstraction-gtk3-config.patch:
      gnome abstraction: grant read access to ~/.config/gtk-3.0/*.
    - debian/patches/r3578-dnsmasq-libvirt_leaseshelper.patch:
      dnsmasq: allow libvirt_leaseshelper "m" permission on itself.

 -- intrigeri <email address hidden>  Tue, 08 Nov 2016 13:05:14 +0000
Superseded in stretch-release on 2016-11-14
Superseded in sid-release on 2016-12-02
apparmor (2.10.95-5) unstable; urgency=medium

  * Merge from ubuntu-citrain up to revision 1600. Remaining Debian changes:
    - debian/apparmor.init: don't call handle_system_policy_package_updates.
  * r3566-wayland.patch: new patch, to support Wayland in at least Evince
    (Closes: #827335).
  * r3487-add-firefox-esr-to-ubuntu-browsers.patch: new patch, to support
    firefox-esr in abstractions/ubuntu-browsers (Closes: #821945).
  * Drop "Replaces: apparmor-parser": that package has never been part of
    Debian, and if has ever been included in Ubuntu, that must have been
    ages ago.
  * Drop Breaks: lxc (<< 1.1.0~alpha1-0ubuntu5~).
    - Wrt. Ubuntu: Xenial ships a newer lxc.
    - Wrt. Debian: this Breaks was added in Ubuntu in order to "restrict
      signal, ptrace and unix mediation to the container" (LP: #1373555).
      These features require third-party Linux kernel patches, that we
      haven't in Debian, so even though Jessie has lxc 1.0, we don't need
      this Breaks relationship.
  * Drop Breaks: lightdm (<< 1.11.8-0ubuntu2~).
    - Wrt. Debian: it was added in Ubuntu because lightdm 1.11.8-0ubuntu2
      brings "updates for unix socket mediation". But Unix socket mediation
      requires third-party Linux kernel patches, that we haven't in Debian.
    - Wrt. Ubuntu: even Vivid includes a newer lightdm.
  * Drop Breaks+Replaces on a version of debhelper older than the one included
    in Precise and Wheezy.
  * Drop Breaks+Replaces on versions of our own binary packages that are older
    than the ones included in Jessie and Xenial.
  * Drop Breaks: rsyslog (<< 7.4.4-1ubuntu9~). Bot Jessie and Xenial ship
    a newer one.
  * Drop Breaks: apparmor-easyprof-ubuntu (<< 1.2.22). Xenial ships
    a newer one.
  * Drop Breaks: libvirt-bin (<< 1.2.6-0ubuntu6~). Jessie and Xenial
    have a newer one.
  * Drop Breaks+Replaces: apparmor-utils << 2.8.0: Jessie and Trusty ship
    a newer one.
  * Drop Breaks+Replaces: libapache2-mod-apparmor (<< 2.5.1-0ubuntu3):
    Precise and Wheezy shipped with something newer.
  * Version dependency on lsb-base to >= 3.0-6, as advised by Lintian's
    init.d-script-needs-depends-on-lsb-base tag.

 -- intrigeri <email address hidden>  Sat, 15 Oct 2016 16:04:40 +0000
Superseded in stretch-release on 2016-10-21
Superseded in sid-release on 2016-10-16
apparmor (2.10.95-4) unstable; urgency=medium

  * debhelper/postinst-apparmor: re-add the "aa-status --enabled" -based code
    as a fallback, that is used when aa-enabled is not present. This
    facilitates upgrades from Jessie to Stretch, as well as partial
    testing/sid upgrades. (Closes: #829030)

 -- intrigeri <email address hidden>  Fri, 01 Jul 2016 12:50:58 +0000
Superseded in sid-release on 2016-07-02
apparmor (2.10.95-3) unstable; urgency=medium

  * debhelper/postinst-apparmor: re-add 2>/dev/null to aa-enabled invocation,
    to avoid misleading users into thinking the package is missing a dependency
    on apparmor. Thanks to Simon McVittie for the analysis! (Closes: #828795)

 -- intrigeri <email address hidden>  Wed, 29 Jun 2016 10:11:30 +0000
Superseded in sid-release on 2016-06-30
apparmor (2.10.95-2) unstable; urgency=medium

  * dh-apparmor: use aa-enabled instead of aa-status --enabled.
    (Closes: #822475)
  * Ship fake aa-enabled and aa-exec for non-Linux builds to fix FTBFS there
    (same "solution" as the one we've had for apparmor_parser for a while).

 -- intrigeri <email address hidden>  Fri, 24 Jun 2016 13:16:20 +0000
Superseded in sid-release on 2016-06-25
apparmor (2.10.95-1) unstable; urgency=medium

  * Merge from ubuntu-citrain up to revision 1590, that is changes brought
    by 2.10.95-0ubuntu1 to 2.10.95-0ubuntu2, including a new upstream
    release also known as AppArmor 2.11.beta1. (Closes: #810888)
    Remaining changes:
    - debian/apparmor.install: install tunables/home.d and tunables/multiarch.*,
      to make it easier to maintain site-specific configuration.
    - Don't ship empty /usr/bin and /usr/share/apparmor in apparmor-utils:
      I fail to see what good they can do.
    - Drop dependency from apparmor on initramfs-tools: the early modules
      loading code that needed it was removed a while ago.
    - apparmor-notify depends on libnotify-bin: the package's description
      is explicitly about desktop notifications, and we've had #746508,
      so let's stick to supporting the desktop use case as best as we can,
      and ignore the server use case for now.
    - debian/control: removed duplicated Section entry for apparmor-easyprof,
      it's the same as the source package's one.
    - Apply notify-group.patch.
    - The new packaging fixes and improvements documented below.
  * Remove Holger from Uploaders, at his request. (Closes: #824461)
  * dh-apparmor: fix enabling policy if it's the system's first.
    Thanks to Peter Palfrader <email address hidden> for the analysis and patch!
    (Closes: #822349)
  * Declare compliance with Standards-Version 3.9.8.
  * Fix typo in dh_apparmor(1) manpage.
  * Add Lintian overrides for the no-upstream-changelog check: upstream
    does not ship any changelog.
  * debian/README.source: document how we import new upstream releases
    from Ubuntu into Debian.
  * Add a systemd unit wrapping the init script. Thanks to Felipe Sateler
    for coming up with a patch, to the OpenSUSE folks for some inspiration,
    and to Felix Geyer for commenting on my own initial draft. (Closes: #796589)
    - Add a build-dependency on dh-systemd, and enable it in debian/rules.
    - Disable handle_system_policy_package_updates in the init script's
      start action: it is only useful for click, snappy and Ubuntu system
      images, i.e. not in Debian; and it reads and writes to /var, that can
      be remote-mounted, so it would prevent us from using
      (and thus, from confining early system services) without possibly
      introducing dependency loops.

 -- intrigeri <email address hidden>  Thu, 23 Jun 2016 18:25:09 +0000
Superseded in stretch-release on 2016-07-07
Superseded in sid-release on 2016-06-25
apparmor (2.10-4) unstable; urgency=medium

  * Team upload.
  * Backport latest nameservice abstraction. (Closes: #813835)
    - Allows reading resolv.conf from NetworkManager and systemd-networkd.
    - Add nameservice-abstraction.patch

 -- Felix Geyer <email address hidden>  Tue, 29 Mar 2016 22:30:30 +0200
Superseded in stretch-release on 2016-04-04
Superseded in sid-release on 2016-03-30
apparmor (2.10-3) unstable; urgency=medium

  * Team upload.

  [ intrigeri ]
  * Drop libapparmor-mention-dbus-method-in-getcon-man.patch (Closes: #800132)

  [ Felix Geyer ]
  * Update python abstraction for python 3.5.
    - Pull r3277-update-python-abstraction.patch from upstream

 -- Felix Geyer <email address hidden>  Mon, 25 Jan 2016 22:50:13 +0100
Superseded in stretch-release on 2016-01-31
Superseded in sid-release on 2016-01-26
apparmor (2.10-2) unstable; urgency=medium

  [ Felix Geyer ]
  * Apply aa-status-dont_require_python3-apparmor.patch, to keep
    the hard dependencies of the apparmor binary package minimal.
  * python{,3}-apparmor: require at least the same upstream version
    of python{,3}-libapparmor.
  [ intrigeri ]
  * Drop abstractions-ubuntu-browsers.patch: integrated upstream
    (in a slightly different way).
  * debian/control: don't start short description with capital letter.
    (Closes: #795434)
  * r3227-locale-indep-capabilities-sorting.patch: cherry-pick from upstream,
    to make (more of?) the build reproducible. (Closes: #797415)
  * Merge from ubuntu-citrain up to revision 1578, that is changes brought
    by 2.10-0ubuntu3 to 2.10-0ubuntu6.
  * Upload to unstable.

 -- intrigeri <email address hidden>  Tue, 18 Aug 2015 09:48:54 +0200
Deleted in experimental-release (Reason: None provided.)
apparmor (2.10-1) experimental; urgency=medium

  [ intrigeri ]
  * Merge ubuntu-citrain up to revision 1575, except:
    - previously documented changes
    - debian/patches/aa-status-dont_require_python3-apparmor.patch:
      don't apply, only relevant for Ubuntu Phone
  * debian/patches/r3209-dnsmasq-allow-dash: cherry-pick from upstream.
  * debian/patches/pass-compiler-flags.patch: refresh.
  * Update upstream signing key.
  * apparmor-utils: make the Depends on python3-apparmor versioned.
    (Closes: #785436)
  * Override the "apparmor source: usr-lib-perl5-mentioned rules" error.
    We replace usr/lib/perl5 with the corresponding multiarch path
    in debian/rules, as a consequence this file contains this string.
  * python-apparmor, python3-apparmor: add Lintian overrides for
    the extended-description-is-probably-too-short tag.
  * debian/control: stuff out a bit apparmor-utils' extended description.
  [ Felix Geyer ]
  * Add Brazilian Portuguese translation of debconf messages.
    Thanks to Adriano Rafael Gomes. (Closes: #788342)
  * Use dh_apparmor from this source package for apparmor-profiles.
    (Closes: #656451)
  * Make debian/rules safer:
    - Add set -e to loops.
    - Use "&&" when chaining shell commands.

 -- intrigeri <email address hidden>  Thu, 13 Aug 2015 23:42:10 +0200
Superseded in stretch-release on 2015-10-13
Superseded in sid-release on 2015-10-13
apparmor (2.9.2-3) unstable; urgency=medium

  * Mark reproducible-pdf.patch as forwarded upstream.
  * debian/rules: improve handling of the unversioned link in /usr to the
    shared library; the new implementation doesn't cause needless version
    churn in debian/rules when new releases that touch libapparmor are
    incorporated into the packaging. Thanks to Steve Beattie
    <email address hidden> for the patch!
  * Upload to unstable.

 -- intrigeri <email address hidden>  Fri, 08 May 2015 21:43:41 +0200
Deleted in experimental-release (Reason: None provided.)
apparmor (2.9.2-2) experimental; urgency=medium

  * libapache2-mod-apparmor.postrm: on package purge, delete
    /etc/apparmor.d/{,disable} if empty (Closes: #766750).
  * Add reproducible-pdf.patch: make techdoc.pdf reproducible even
    in face of timezone variations.

 -- intrigeri <email address hidden>  Sun, 03 May 2015 11:57:58 +0200
Superseded in experimental-release on 2015-05-04
apparmor (2.9.2-1) experimental; urgency=medium

  * Merge Ubuntu changes up to 2.9.1-0ubuntu9, including:
    - New upstream 2.9.1 release (Closes: #770788, #771400)
    - Replace unnecessary $remote_fs dependency with $local_fs
      (Closes: #782700)
  * Import new 2.9.2 upstream release (Closes: #670305, #777034).
  * Don't install the usr.sbin.cupsd example profile: it is shipped
    and enabled by the cups-daemon package already.
  * Install the /etc/apparmor.d/tunables/{home,multiarch}.d
    directories from upstream.
  * Install the sbin.dhclient-script and usr.lib.RealPlayer10.realplay
    example profiles in /usr/share/doc/apparmor-profiles/extras/.
  * debian/apparmor.install: sort entries in lexical order.
  * debian/rules: pass --no-start to dh_installinit since we're handling
    reloading profiles manually in the postinst scripts.
  * Drop patches applied upstream:
    - add-mir-abstraction-lp1422521.patch
    - systemd-dev-log-lp1413232.patch
    - parser-fix_modifier_compilation_+_tests.patch
    - tests-fix_systemd_breakage_in_pivot_root-lp1436109.patch
    - GDM_X_authority-lp1432126.patch
    - easyprof-framework-policy.patch.
  * debian/copyright: remove obsolete paragraph about
  * Override the init.d-script-missing-dependency-on-remote_fs Lintian
    warning for the apparmor binary package: the current theory is that
    only the click package bits need /usr upon startup.
  * Enable the bindnow hardening flag during build.
  * libapparmor-dev: install link in /usr/lib, not in /lib,
    as dictated in Debian Policy section 8.4 (Development files).

 -- intrigeri <email address hidden>  Thu, 30 Apr 2015 12:46:44 +0200
Deleted in experimental-release (Reason: None provided.)
apparmor (2.9.0-3+exp2) experimental; urgency=medium

  * Use Build-Depends-Package in the symbols file (Closes: #782575).
    Thanks to Michael Biebl <email address hidden> for the patch!

 -- intrigeri <email address hidden>  Wed, 15 Apr 2015 18:05:45 +0200
Superseded in experimental-release on 2015-04-16
apparmor (2.9.0-3+exp1) experimental; urgency=medium

  * dh_apparmor: remove /etc/apparmor.d/{disable,} on package purge
    (Closes: #773870).
  * Remove /var/lib/apparmor/profiles/.apparmor.md5sums and parent
    directories on package purge (Closes: #766751).
  * Drop dependency from apparmor on initramfs-tools: the early modules
    loading code that needed it was removed a while ago (Closes: #771240).
  * Ship libapparmor in /lib instead of /usr as we want to use it
    in systemd now. (Closes: #771667, LP: #1397960).
    Thanks to Martin Pitt <email address hidden> for the patch!

 -- intrigeri <email address hidden>  Wed, 24 Dec 2014 17:45:16 +0100
Superseded in stretch-release on 2015-05-16
Published in jessie-release on 2014-12-18
Superseded in sid-release on 2015-05-12
apparmor (2.9.0-3) unstable; urgency=medium

  * Add versionned Breaks/Replaces from libapparmor-dev to apparmor-docs
    (Closes: #772557). Some manpages were actually migrated from the
    latter package, and not from libapparmor1.

 -- intrigeri <email address hidden>  Fri, 12 Dec 2014 14:14:51 +0100
Superseded in jessie-release on 2014-12-18
Superseded in sid-release on 2014-12-13
apparmor (2.9.0-2) unstable; urgency=medium

  * Add versioned Breaks/Replaces from python-apparmor to apparmor-utils.
    We have the same in place already for python3-apparmor, that deals
    with the move of the Python 3 bits. This change does the same for
    the Python 2 bits (Closes: #768211).
  * Install all upstream Dovecot profiles: the usr.sbin.dovecot one,
    that we install already, needs them (Closes: #768357).
  * Install the upstream usr.sbin.smbldap-useradd profile: the usr.sbin.smbd
    one, that we install already, needs it. This prevents the same kind
    of bug as #768357 from occurring when one uses the smbd profile.

 -- intrigeri <email address hidden>  Fri, 07 Nov 2014 11:37:45 +0100
Superseded in jessie-release on 2014-11-13
Superseded in sid-release on 2014-11-07
apparmor (2.9.0-1) unstable; urgency=medium

  * Import new upstream release: 2.9.0.
  * Merge Ubuntu changes up to 2.8.98-0ubuntu2 (Closes: #761994).
    Remaining patches on top of Ubuntu's ones:
    - abstractions-ubuntu-browsers.patch
    - non-linux.patch
    - notify-group.patch
    - pass-compiler-flags.patch
    - raise-test-timeout.patch
  * Drop versioned Breaks on lxc and lightdm: as long as AppArmor is not
    enabled by default in Debian, this is too strong a statement.
  * Declare compliance with Standards-Version 3.9.6 (no change needed).
  * Don't ship empty /usr/share/apparmor in apparmor-utils.
  * Import fixed debian/watch from our 2.8 packaging branch.
  * Import upstream signing key, (at least) for uscan's consumption.
  * debian/watch: add support for verifying upstream cryptographic signatures.
  * Make the apparmor package Suggests: apparmor-profiles-extra, just like
    it does for apparmor-profiles already.

 -- intrigeri <email address hidden>  Sat, 18 Oct 2014 12:38:26 +0200
Deleted in experimental-release (Reason: None provided.)
apparmor (2.8.96~2652-1) experimental; urgency=medium

  * Merge Ubuntu changes up to 2.8.96~2652-0ubuntu5.
  * Drop patches taken upstream:
    - fix-font-abstractions.patch
  * Drop patches that were cherry-picked from upstream, and are now included
    in the upstream snapshot this package is based on:
    - r2107-debian761733-libtoolize.patch
    - r2079-add-pkg-config-support.patch
    - r2667-debian760378-fix-ftbfs-on-x32.patch
    - r2240-find-libs.patch
    - r2247-fix-bison3.patch
  * Drop obsolete aa-status-smarter.patch: the interface patch is now in recent
    Linux kernels.
  * Remaining patches on top of Ubuntu's ones:
    - abstractions-ubuntu-browsers.patch
    - non-linux.patch
    - notify-group.patch
    - pass-compiler-flags.patch
    - raise-test-timeout.patch
  * Adjust debian/copyright to match current state of upstream sources.
  * Refresh quilt patches.
  * Update debian/copyright, and add a lot of information to it.
  * Don't install empty /usr/bin in apparmor-utils.

 -- intrigeri <email address hidden>  Mon, 22 Sep 2014 23:02:48 -0700
Superseded in jessie-release on 2014-10-29
Superseded in sid-release on 2014-10-20
apparmor (2.8.0-8) unstable; urgency=medium

  * New patch, cherry-picked from upstream to add pkg-config support:
    r2079-add-pkg-config-support.patch (Closes: #762525)
  * Add packaging bits to support pkg-config:
    - debian/control: Add pkg-config as a Build-Depends
    - debian/libapparmor-dev.install: Install libapparmor pkg-config file

 -- intrigeri <email address hidden>  Mon, 22 Sep 2014 23:02:48 -0700
Superseded in sid-release on 2014-09-24
apparmor (2.8.0-7) unstable; urgency=medium

  * New patch: r2107-debian761733-libtoolize.patch, cherry-picked from
    upstream r2107 on their 2.8 branch (Closes: #761733).

 -- intrigeri <email address hidden>  Fri, 19 Sep 2014 09:41:31 -0700
Superseded in jessie-release on 2014-09-28
Superseded in sid-release on 2014-09-22
apparmor (2.8.0-6) unstable; urgency=medium

  * Put package under the Debian AppArmor Team's umbrella, and accordingly:
    - Add intrigeri and Holger as Uploaders.
    - Point Vcs-* control fields to our new shared repository on Alioth.
  * Cherry-pick upstream fix (r2667) to fix FTBFS on x32 (Closes: #760378).
  * Add Turkish translation of debconf messages (Closes: #757512).
    Thanks to Mert Dirik <email address hidden> for the patch!
  * Merge changes from 2.8.0-5.1 NMU.

 -- intrigeri <email address hidden>  Wed, 10 Sep 2014 11:55:18 -0700
Superseded in jessie-release on 2014-09-16
Superseded in sid-release on 2014-09-17
apparmor (2.8.0-5.1) unstable; urgency=medium

  * Non-maintainer upload.
  * control: make apparmor-notify depend on libnotify-bin (Closes: 746508).
  * watch: update to the version proposed on
    (Closes: 738531).
  * rules, libapparmor-perl.install: replace hardcoded usr/lib/perl5
    with the value of $Config{vendorarch} (Closes: 750128).
    Thanks to Damyan Ivanov <email address hidden> for the patch!

 -- intrigeri <email address hidden>  Mon, 02 Jun 2014 12:21:27 +0200
Superseded in jessie-release on 2014-06-11
Superseded in sid-release on 2014-06-06
apparmor (2.8.0-5) unstable; urgency=low

  * rules: drop --parallel, since it seems the upstream build is fragile
    when running in parallel mode. Thanks to intrigeri for tracking this
    down! (Closes: 732578)

 -- Kees Cook <email address hidden>  Fri, 03 Jan 2014 13:41:43 -0800
Superseded in sid-release on 2014-01-04
apparmor (2.8.0-4) unstable; urgency=low

  * control, {libapparmor1,apparmor-docs}.manpages: move man pages into
    apparmor-docs to avoid multi-arch duplication and hilarity with file
    dates vs buildd timezones (Closes: 731358).
  * patches/r2247-fix-bison3.patch: fix build for bison 3 (Closes: 732695).
  * control: bump standards version, no changes needed.

 -- Kees Cook <email address hidden>  Thu, 26 Dec 2013 14:42:03 -0800
Superseded in sid-release on 2013-12-27
apparmor (2.8.0-3) unstable; urgency=low

  * Rebuild with pristine tree to avoid date skew in generated
    manpages (Closes: 731358)

 -- Kees Cook <email address hidden>  Fri, 13 Dec 2013 11:14:54 -0800
Superseded in jessie-release on 2014-01-09
Superseded in sid-release on 2013-12-27
apparmor (2.8.0-2) unstable; urgency=low

  * Convert to dh(1) and Multi-Arch, thanks to Steve Langasek.
    - add r2240-find-libs.patch to find libraries during tests.

 -- Kees Cook <email address hidden>  Mon, 02 Dec 2013 10:13:34 -0800
Superseded in jessie-release on 2013-12-13
Superseded in sid-release on 2013-12-04
apparmor (2.8.0-1) unstable; urgency=low

  * Merge with Ubuntu changes.
    - update to 2.8.0 release (Closes: 712370).
    - handle Apache 2.4 transition (Closes: 666808).
    - drop debian/patches/abstractions-X.patch (taken upstream)
    - drop debian/patches/fix-network-rule-support.patch (taken upstream)
    - updated debian/patches/pass-compiler-flags.patch (partially upstream)
  * debian/control:
    - fix typo in long description (Closes: 711398).
    - removed duplicated Section entry for apparmor-easyprof.
    - add missing python Depends.
  * debian/rules:
    - dh_apache2 must execute before dh_strip and dh_fixperms.
    - improved repeat-build cleanup logic.
    - dh_python needs to be called on all packages installing scripts.
    - do not force python version 3.
  * Add debian/patches/fix-font-abstractions.patch (Closes: 714843).
  * Add debian/patches/raise-time-timeout.patch (Closes: 699774).
  * Drop debian/libapache2-mod-apparmor.lintian-overrides (not needed).
  * debian/*.manpages: move aa-exec.8 to apparmor from apparmor-utils.
  * debian/apparmor-utils.dirs: drop unused directories from aa-easyprof.

 -- Kees Cook <email address hidden>  Mon, 08 Jul 2013 17:51:40 -0700
Superseded in jessie-release on 2013-08-02
Published in wheezy-release on 2012-07-28
Superseded in sid-release on 2013-07-15
apparmor (2.7.103-4) unstable; urgency=low

  * debian/apparmor-profiles.dirs: add directories we might collide
    with apparmor on during purge.
  * debian/patches/fix-network-rule-support.patch: handle lack of
    networking features correctly (Closes: 679597).

 -- Kees Cook <email address hidden>  Mon, 16 Jul 2012 11:52:42 -0700
Superseded in wheezy-release on 2012-07-28
Superseded in sid-release on 2012-07-19
apparmor (2.7.103-3) unstable; urgency=low

  * debian/control: drop deprecated XS-Python-Version (Closes: 673062).
  * debian/debhelper/postinst-apparmor: remove bashism (Closes: 678526).
  * debian/patches/pass-compiler-flags.patch: add LDFLAGS where needed.
  * debian/libapache2-mod-apparmor.lintian-overrides: verified safe
    glibc function use at compile-time.
  * debian/rules: call dh_lintian.

 -- Kees Cook <email address hidden>  Thu, 28 Jun 2012 23:23:27 -0700
Deleted in experimental-release (Reason: None provided.)
apparmor (2.7.103-3~0apache24.1) experimental; urgency=low

  * Apache 2.4 transition.

 -- Kees Cook <email address hidden>  Sat, 05 May 2012 15:14:47 -0700
Superseded in wheezy-release on 2012-07-17
Superseded in sid-release on 2012-07-17
apparmor (2.7.103-2) unstable; urgency=low

  * debian/patches/non-linux.patch: fix up build failures on non-Linux
    systems (Closes: 671040).
  * debian/control: require apparmor for apparmor-profiles, since abstraction
    tree needs to be created already.
  * debian/lib/apparmor/functions: silently handle lack of interface compat
  * debian/apparmor-profiles.postrm: retain conffile list for purge logic
    (Closes: 656451).
  * debian/libapache2-mod-apparmor.{dirs,preinst}: add "disabled" directory
    to package file list correctly (Closes: 670431).
  * debian/control: bump standards version, no changes needed.

 -- Kees Cook <email address hidden>  Sat, 05 May 2012 09:57:10 -0700
Superseded in sid-release on 2012-05-08
apparmor (2.7.103-1) unstable; urgency=low

  * New upstream release, merge with Ubuntu, drop included patches:
    - 0005-clean-common-from-vim.patch
    - 0006-use-linux-capability-h.patch
    - 0008-apparmor-lp963756.patch
    - 0009-apparmor-lp959560-part1.patch
    - 0010-apparmor-lp959560-part2.patch
    - 0011-apparmor-lp872446.patch
    - 0012-apparmor-lp978584.patch
    - 0013-apparmor-lp800826.patch
    - 0014-apparmor-lp979095.patch
    - 0015-apparmor-lp963756.patch
    - 0016-apparmor-lp968956.patch
    - 0017-apparmor-lp979135.patch
    - Closes: 656451
  * debian/control: url.sty has moved, add texlive-latex-recommended
    Build-Dep (Closes: 669537).
  * debian/patches/notify-group.patch, debian/apparmor-notify.install,
    debian/notify/notify.conf: Remove custom notify.conf file, and modify
    the upstream one instead, adjusting the group to "adm", thanks to
    Intrigeri (Closes: 660078).
  * debian/patches/aa-status-smarter.patch: fix up the logic for
    determining the enabled state of AppArmor, based on patch from
    Intrigeri (Closes: 661153).
  * debian/debhelper/postinst-apparmor: do not fail if AppArmor is not
    installed, thanks to Intrigeri (Closes: 668010).
  * debian/patches/abstractions-X.patch: add missing gdm3 path to X
    abstraction, thanks to Intrigeri (Closes: 660079).
  * debian/patches/abstractions-ubuntu-browsers.patch: include iceweasl
    in browser abstraction, thanks to Intrigeri (Closes: 661176).
  * debian/rules, debian/compat, debian/patches/pass-compiler-flags.patch,
    debian/control: bump to compat 9, export build flags, and make get
    them passed into the build.

 -- Kees Cook <email address hidden>  Tue, 24 Apr 2012 17:20:41 -0700
Superseded in wheezy-release on 2012-05-16
Superseded in sid-release on 2012-05-07
apparmor (2.7.0-1) unstable; urgency=low

  * debian/po/pt.po add new Portuguese translation, thanks to Pedro Ribeiro,
    (Closes: 651434).
  * debian/control: do not require initramfs-tools on !linux-any
    (Closes: 651297).
  * debian/{control,rules,debhelper/*}: move dh_apparmor into separate
    binary package, out of debhelper (Closes: 649784).
  * debian/{control,rules}: fix up lack of real build-indep.
  * debian/patches/0036-fix-manpage-errors.patch: minor man page cleanups.
  * merge changes from Ubuntu (r1443).

 -- Kees Cook <email address hidden>  Thu, 09 Feb 2012 15:24:08 -0800
Superseded in sid-release on 2012-02-12
apparmor (2.7.0~beta1+bzr1774-1) unstable; urgency=low

  * New upstream devel snapshot:
    - drop 0002-lp750381.patch, taken upstream.
    - drop 0004-lp754889.patch, taken upstream.
    - drop 0005-lp761217.patch, taken upstream.
    - drop 0100-manpage-typo.patch, taken upstream.
    - drop 0101-declarations.patch, solved differently upstream.
    - drop 0102-manpage-release-name.patch, taken upstream.
    - drop 0103-kfreebsd-compile.patch, taken upstream.
    - drop define-path-max.patch, taken upstream.
    - drop indep-build.patch, taken upstream.
    - debian/libapparmor1.manpages: add new function man pages.
  * Merge with Ubuntu:
    - drop 0104-python-aa-status.patch, taken upstream.
    - drop 0105-lightdm.patch, taken upstream.
    - drop 0106-lp810270.patch, taken upstream.
    - drop 0107-lp767308.patch, taken upstream.
    - drop 0108-gnome-mimeinfo.patch, taken upstream.
    - drop 0109-add-profile-repo-info.patch, taken upstream.
  * Add af_names-generation.patch to allow arbitrary socket.h file location.

 -- Kees Cook <email address hidden>  Wed, 10 Aug 2011 18:12:34 -0700
Superseded in sid-release on 2011-09-20
apparmor (2.6.1-4) unstable; urgency=low
  * debian/po: add new translations:    - zh_CN.po: Simplified Chinese, thanks to Aron Xu (Closes: 624853).    - da.po: Danish, thanks to Joe Dalton (Closes: 625252).    - sv.po: Swedish, thanks to Martin Bagge (Closes: 625264).    - cs.po: Czech, thanks to Michal Šimůnek (Closes: 625465).    - de.po: German, thanks to Chris Leick (Closes: 625931).    - nl.po: Dutch, thanks to Jeroen Schot (Closes: 626269).    - ja.po: Japanese, thanks to Hideki Yamane (Closes: 626803).    - it.po: Italian, thanks to Dario Santamaria (Closes: 626836).    - fr.po: French, thanks to Julien Patriarca (Closes: 626903).    - es.po: Spanish, thanks to Francisco Javier Cuadrado (Closes: 627031).  * debian/patches/define-path-max.patch: fix Hurd FTBFS.  * debian/patches/indep-build.patch: allow split indep/arch builds.  * debian/{control,rules,non-linux}: add fake parser for non-Linux    builds so that apparmor-utils is installable (Closes: 625977). -- Kees Cook <email address hidden>  Fri, 27 May 2011 13:51:18 -0700
Superseded in sid-release on 2011-09-20
apparmor (2.6.1-3) unstable; urgency=low
  * debian/control: add sneaky missing Build-Dep on liblocale-gettext-perl    (fixes FTBFS on some extremely minimal chroots, Closes: 624566).  * debian/patches/0101-declarations.patch: add missing declarations needed    for sensitive compilers (fixes FTBFS on mips/mipsel).  * debian/patches/0102-manpage-release-name.patch: update manpage release    names to match others.  * debian/patches/0103-kfreebsd-compile.patch, debian/{control,rules}:    attempt to build as much as possible (no parser) on non-Linux systems.  * debian/po/ru.po: add translation, thanks to Yuri Kozlov (Closes: 624741). -- Kees Cook <email address hidden>  Sun, 01 May 2011 19:29:07 -0700
Superseded in sid-release on 2011-09-20
apparmor (2.6.1-2) unstable; urgency=low
  * debian/copyright: clarify for some full organization names. -- Kees Cook <email address hidden>  Wed, 27 Apr 2011 10:38:07 -0700
153 of 53 results