Change log for apparmor package in Debian

175 of 80 results
Published in buster-release on 2019-03-07
Published in sid-release on 2019-02-25
apparmor (2.13.2-9) unstable; urgency=medium

  * Revert "Add autopkgtest that checks if apparmor.service starts
    on package installation". It passes with the schroot and qemu
    backends locally but fails on

 -- intrigeri <email address hidden>  Mon, 25 Feb 2019 06:10:18 +0000
Superseded in sid-release on 2019-02-25
apparmor (2.13.2-8) unstable; urgency=medium

  * Cherry-pick 5 more commits from upstream apparmor-2.13 branch
    (Closes: #921866).
  * Cherry-pick upstream MR!344 (Closes: #920833, #921888).
  * Install the nvidia_modprobe named profile (Closes: #921875)
    and add it to the list of profiles whose syntax is checked
    via autopkgtests.
  * Patch usr.sbin.smdb to include snippet generated at runtime
    (part of the fix for #896080).
  * New autopkgtest: ensure apparmor.service starts on
    package installation.
  * Update salsa CI pipeline.

 -- intrigeri <email address hidden>  Sun, 24 Feb 2019 17:00:23 +0000
Superseded in buster-release on 2019-03-07
Superseded in sid-release on 2019-02-25
apparmor (2.13.2-7) unstable; urgency=medium

  * Stop shipping /var/cache/apparmor/CACHEDIR.TAG (Closes: #920682)
  * New patches, cherry-picked from upstream !320, so the "audio"
    abstraction grants read access to Alsa and libao config files
    (Closes: #920669, #920670).

 -- intrigeri <email address hidden>  Thu, 31 Jan 2019 09:51:59 +0000
Superseded in buster-release on 2019-02-02
Superseded in sid-release on 2019-02-01
apparmor (2.13.2-6) unstable; urgency=medium

  * initscript: implement missing aa_log_action_begin and
    aa_log_action_end functions (Closes: #917962).

 -- intrigeri <email address hidden>  Mon, 28 Jan 2019 18:11:53 +0000
Superseded in sid-release on 2019-01-29
apparmor (2.13.2-5) unstable; urgency=medium

  * Really move unversioned symlink to /lib/<triplet>
    (Closes: #919705).
  * Add Lintian override for dev-pkg-without-shlib-symlink: arguably
    a false positive (see #843932).
  * Add Lintian override for uses-dpkg-database-directly: false positive.
  * Declare compliance with Standards-Version 4.3.0.
  * autopkgtests:
    - Test compiling many more profiles:
      - all profiles that apparmor-profiles-extra ships in enforce mode
      - the profiles shipped by bind9, cups-browsed, haveged,
        libreoffice-common, man-db, ntp, onioncircuits, tcpdump, thunderbird,
        and tor
      - another profile shipped by libvirt-daemon-system
    - Declare that the compile-policy test is not superficial anymore.
    - Make the parser verbose in the compile-policy test.

 -- intrigeri <email address hidden>  Mon, 28 Jan 2019 08:29:19 +0000
Superseded in sid-release on 2019-01-29
apparmor (2.13.2-4) unstable; urgency=medium

  * Move unversioned symlink to /lib/<triplet> (Closes: #919705).
  * New patches, cherry-picked from upstream:
    - Make tunables/share play well with aliases.
    - Fix access to /usr/share/drirc.d.conf (Closes: #919775).
    - Fix access to the default paths used by dehydrated in Debian.
    - Support new font configuration paths.
    - Support libvirt named profile.
    - Fix access to /etc/alsa/conf.d/.
  * autopkgtests: test compiling more profiles shipped by other packages.
  * Patch the dnsmasq profile to fix ptrace and signal communication
    with libvirtd.

 -- intrigeri <email address hidden>  Sun, 27 Jan 2019 17:07:34 +0000
Superseded in buster-release on 2019-01-31
Superseded in sid-release on 2019-01-28
apparmor (2.13.2-3) unstable; urgency=medium

  * Update upstream MR!252 backport to fix initscript (Closes: #917874)

 -- intrigeri <email address hidden>  Tue, 01 Jan 2019 18:03:54 +0000
Superseded in sid-release on 2019-01-02
apparmor (2.13.2-2) unstable; urgency=medium

  * Patch rc.apparmor.functions to suit Debian/Ubuntu's needs.
  * Port initscript, systemd service, postinst and profile-load
    to use the upstream rc.apparmor.functions shell library.
    This way, the systemd service does not require the SysV initscript
    anymore (Closes: #870697).
  * Drop obsolete /etc/apparmor/subdomain.conf conffile.

 -- intrigeri <email address hidden>  Sat, 29 Dec 2018 17:50:23 +0000
Superseded in sid-release on 2018-12-30
apparmor (2.13.2-1) unstable; urgency=medium

  * Import new upstream release, drop backported patches that are now obsolete,
    refresh remaining patches.
  * autopkgtest: add dummy test so that changes to linux-image-amd64
    trigger our other tests on
  * Replace home-made GitLab CI with the standard Salsa pipeline
    (Closes: #912722).
  * Drop extra signatures from public upstream signing key.

 -- intrigeri <email address hidden>  Sat, 22 Dec 2018 13:26:14 +0000
Superseded in buster-release on 2019-01-07
Superseded in sid-release on 2018-12-29
apparmor (2.13.1-3) unstable; urgency=medium

  * GitLab CI/Lintian: install dpkg-dev, that ships dpkg-architecture,
    needed to run some Lintian checks.
  * Re-enable expression tree simplification and cherry-pick upstream patch
    that improves its performance.
  * Bump debhelper compatibility level to 11.
  * Patch apparmor.d(5) to document which features are not supported on Debian
    (Closes: #807369).
  * Patch apparmor(7) to document debugging options (Closes: #826218).

 -- intrigeri <email address hidden>  Tue, 30 Oct 2018 10:57:44 +0000
Superseded in sid-release on 2018-10-31
apparmor (2.13.1-2) unstable; urgency=medium

  * Deal with obsolete /etc/apparmor.d/abstractions/launchpad-integration
    conffile (Closes: #911745).
  * Declare autopkgtests as superficial (Closes: #911827).
    Adjust GitLab CI configuration to cope with exit code 8 accordingly.

 -- intrigeri <email address hidden>  Fri, 26 Oct 2018 12:08:26 +0000
Superseded in buster-release on 2018-11-03
Superseded in sid-release on 2018-10-27
apparmor (2.13.1-1) unstable; urgency=medium

  [ intrigeri ]
  * New upstream release (Closes: #901470, #871441).
  * Bump pinned feature set to linux-image-4.18.0-2-amd64, version 4.18.10-2.
  * Add Breaks: apparmor-profiles-extra (<< 1.21): the Pidgin profile up
    to 1.20 used the launchpad-integration abstraction, that was removed
    in AppArmor 2.13.1.
  * Drop backported patches that are now obsolete.
  * Refresh patches.
  * Add debian/.gitlab-ci.yml: build the package then run Lintian
    and autopkgtests on it.
  * upstream-commit-3bf11ce-Fix-syntax-error-in-rc.apparmor.functions.patch,
    upstream-commit-b77116e-Add-profile-names.patch: new patches to fix
    regressions introduced in 2.13.1.
  * Drop unused Lintian override.
  * Declare compliance with policy 4.2.1.
  * Update symbols list.
  * Honor nocheck in DEB_BUILD_OPTIONS.
  * Make /lib/apparmor/apparmor.systemd executable.

  [ Sven Joachim ]
  * Do not remove /var/cache/apparmor/CACHEDIR.TAG on upgrades
    (Closes: #910217).

  [ Helmut Grohne ]
  * Don't hard code the location of netinet/in.h (Closes: #909966).

 -- intrigeri <email address hidden>  Sun, 21 Oct 2018 08:32:47 +0000
Superseded in buster-release on 2018-10-23
Superseded in sid-release on 2018-10-22
apparmor (2.13-8) unstable; urgency=medium

  * Only fix permissions on /lib/apparmor/apparmor.systemd when building
    arch-dependent packages. Fixes FTBFS when building only
    arch:all packages.

 -- intrigeri <email address hidden>  Thu, 02 Aug 2018 06:12:18 +0000
Superseded in sid-release on 2018-08-02
apparmor (2.13-7) unstable; urgency=medium

  * Move the binary cache to /var/cache/apparmor (Closes: #904637).
    And then:
    - Delete obsolete cache files in /var/cache/apparmor on upgrade.
    - initscript: document the potential drawback of loading the policy
      before remote filesystems are mounted.
  * Turn off expression tree simplification, that makes performance
    much worse in some cases, and rarely much better.
  * Fix aa-teardown by installing /lib/apparmor/apparmor.systemd
    and making it executable.
  * Override a few Lintian false positives.

 -- intrigeri <email address hidden>  Thu, 02 Aug 2018 01:29:03 +0000
Superseded in buster-release on 2018-08-04
Superseded in sid-release on 2018-08-02
apparmor (2.13-6) unstable; urgency=low

  * Install new tunables/share, needed by tunables/global.
    Fixes regression introduced in 2.13-5 (Closes: #904970).
  * New autopkgtest: test that we can compile the Evince profile.
    Having this in place earlier would have avoided introducing #904970.

 -- intrigeri <email address hidden>  Mon, 30 Jul 2018 07:46:00 +0000
Superseded in sid-release on 2018-07-31
apparmor (2.13-5) unstable; urgency=low

  * abstraction: support directories exported by Flatpak apps,
    replacing former flatpak-exports.patch with the patchset that was merged
    upstream (Closes: #865206).

 -- intrigeri <email address hidden>  Mon, 30 Jul 2018 00:27:57 +0000
Superseded in sid-release on 2018-07-30
apparmor (2.13-4) unstable; urgency=medium

  * Stop building the Python 2 bindings packages: python-apparmor,
    python-libapparmor (Closes: #904599).
  * Mark libapparmor-perl Multi-Arch: same.
  * dh-apparmor's postinst snippet template: drop now useless backwards
    compatibility code; simplify.

 -- intrigeri <email address hidden>  Fri, 27 Jul 2018 12:00:18 +0000
Superseded in sid-release on 2018-07-30
apparmor (2.13-3) unstable; urgency=medium

  * Upload to unstable.
  * Set proper SELinux labels on files created during installation or upgrade.
    Thanks to Laurent Bigonville <email address hidden> for the bug report
    and the patch! (Closes: #903633)
  * Fix CACHEDIR.TAG installation path and let dpkg replace the CACHEDIR.TAG
    directory (erroneously created by 2.13-1 and 2.13-2) with a regular file.
    (Closes: #883584)
  * New patch: make aa-notify point to Debian documentation (Closes: #904436).
    Thanks to Clément Hermann <email address hidden> for the bug report.
  * Install Dovecot profiles in /usr/share/apparmor/extra-profiles/
    instead of /etc/apparmor.d/: the previous setup created lots of noise
    in the logs and gave no security benefit. Thanks to Jonas Smedegaard
    <email address hidden> for raising the issue.
  * Skip *.dpkg-(new|old|dist|bak|remove) when falling back to calling the
    parser on individual profiles. Fixes a regression introduced in 2.13-1
    and adds .dpkg-remove, that was missing in the exclusion list before.
  * Bump pinned feature set to linux-image-4.17.0-1-amd64, version 4.17.8-1.

 -- intrigeri <email address hidden>  Wed, 25 Jul 2018 13:28:53 +0000
Superseded in buster-release on 2018-08-01
Published in sid-release on 2018-07-08
apparmor (2.12-5) unstable; urgency=medium

  * upstream-commit-d9d3cae-adjust-python-abstraction-for-python-3.patch:
    new patch, to avoid breaking things with Python 3.7.

 -- intrigeri <email address hidden>  Sat, 07 Jul 2018 16:50:01 +0000
Deleted in experimental-release (Reason: None provided.)
apparmor (2.13-2) experimental; urgency=medium

  * Merge from sid:
    - upstream-commit-d9d3cae-adjust-python-abstraction-for-python-3.patch:
      new patch, to avoid breaking things with Python 3.7.
  * Regarding the "Don't invalidate the cache anymore […]" change inrtoduced
    in 2.13-1: one can manually do that with apparmor_parser --purge.

 -- intrigeri <email address hidden>  Sat, 07 Jul 2018 17:15:31 +0000
Superseded in experimental-release on 2018-07-08
apparmor (2.13-1) experimental; urgency=medium

  * New upstream release (Closes: #893974).
  * Drop backported and upstreamed patches that are now obsolete.
  * Refresh and export patches with gbp.
  * debian/libapparmor1.symbols: add newly introduced symbols.
  * upstream-commit-e83fa67-fix-test-failures.patch: new patch,
    cherry-picked from upstream, that fixes test suite failures.
  * Declare compatibility with Standards-Version 4.1.4.
  * debian/rules: drop deprecated get-orig-source target.
  * Merge 2.12-4ubuntu5 (dropping the Ubuntu delta):
     - Drop support for snap v1.
  * Add Lintian overrides for a few non-issues.
  * debian/apparmor.dirs, debian/lib/apparmor/functions:
    adjust for new (multi-)cache location.
  * Install /etc/apparmor.d/cache.d/CACHEDIR.TAG (Closes: #883584).
  * Install aa-teardown and its manpage.
  * initscript: drop sysvinit-specific "recache" and "teardown" commands.
  * Simplify foreach_configured_profile() thanks to recent parser features.
  * aa-remove-unknown: use upstream functions instead of custom ones,
    i.e. one step towards deprecating distro-specific /lib/apparmor/functions.
    To make this work:
     - install the upstream shell functions library
     - patch one upstream function to add support for the snap profile directory
       and to not depend on aa_log_*_msg()
  * Don't invalidate the cache anymore when stopping, reloading or restarting
    the service, nor when installing or upgrading the apparmor package:
    the parser now manages its caches itself.
  * debian/lib/apparmor/functions: drop a bunch of functions that are not
    used anymore, thanks to the aforementioned changes.
  * Make apparmor.service more similar to upstream's:
     - reorder directives
     - use the same Description as upstream
     - start After=systemd-journald-audit.socket
  * apparmor.service: point to current homepage.

 -- intrigeri <email address hidden>  Wed, 13 Jun 2018 09:15:02 +0000
Superseded in buster-release on 2018-07-10
Superseded in sid-release on 2018-07-10
apparmor (2.12-4) unstable; urgency=medium

  * Migrate patch handling to gbp-pq (Closes: #888244).
  * Merge 2.12-3ubuntu1 (dropping the Ubuntu delta):
    - upstream-commit-46f88f5-properly-identify-empty-ouid-fsuid-fields.patch:
      new patch, properly identify empty ouid/fsuid fields in logs.
    - upstream-commit-130958a-allow-shell-helper-read-locale.patch:
      new patch, allow the shell helper regression test program read
      the locale.

 -- intrigeri <email address hidden>  Sun, 18 Mar 2018 13:47:35 +0000
Published in stretch-release on 2018-03-10
apparmor (2.11.0-3+deb9u2) stretch; urgency=medium

  * Move the features file to /usr/share/apparmor-features;
    accordingly remove the old (now obsolete) '/etc/apparmor/features'
    conffile (Closes: #883682).
  * Configure gbp for DEP-14 and avoid gbp-pq prefixing patches
    with numbers.

 -- intrigeri <email address hidden>  Tue, 27 Feb 2018 10:59:06 +0000
Superseded in buster-release on 2018-03-24
Superseded in sid-release on 2018-03-18
apparmor (2.12-3) unstable; urgency=medium

  * dnsmasq-profile-allow-chown-capability.patch: new patch (Closes: #889806)
  * new patch,
    cherry-picked from upstream (solves a minor part of #887973).
  * libapparmor-perl: install example program.

 -- intrigeri <email address hidden>  Sun, 25 Feb 2018 18:23:21 +0000
Superseded in buster-release on 2018-03-03
Superseded in sid-release on 2018-02-28
apparmor (2.12-2) unstable; urgency=medium

  * This release is dedicated to the memory of Ursula K. Le Guin.

  * Install the "extra" profiles to the default upstream directory
    (Closes: #832984).
  * Cherry-pick policy improvements from upstream Git (Closes: #887591).
  * Stop recommending the apparmor-profile package to the general public:
    - apparmor: drop "Suggests: apparmor-profile".
    - apparmor-profile: make it clear in the package description that
      these profiles cannot be expected to work out-of-the-box.
  * Bump debhelper compatibility level to 10.
    - This reintroduces --parallel building, which was fixed upstream
      since we disabled it.
    - Don't manually enable the systemd debhelper sequence: now done
      by default.
    - Drop now useless build-dependency on autotools-dev.
  * Declare compliance with Standards-Version 4.1.3 (no change required).
  * debian/control: add Rules-Requires-Root: no.
    - Cherry-pick upstream fix to pam_apparmor's Makefile.
  * Packaging cleanup:
    - Remove Kees Cook <email address hidden> from the Uploaders control field.
      Thanks a lot for the inspiring work you've done on this package
      in the past!
    - Remove obsolete calls to rm_conffile.
    - debian/copyright: use canonical URL to copyright-format/1.0.
    - debian/copyright: sort licenses in lexical order.
    - Use canonical URL to Debian bug in patch header.
    - debian/*.install: remove duplicates.
    - Stop versioning dependencies that are satisfied on Debian Wheezy
      and Ubuntu Trusty.
    - Reformat debian/* with 'cme fix dpkg' + wrap-and-sort.

 -- intrigeri <email address hidden>  Wed, 24 Jan 2018 09:18:26 +0000
Superseded in buster-release on 2018-01-29
Superseded in sid-release on 2018-01-25
apparmor (2.12-1) unstable; urgency=medium

  * New upstream release (Closes: #885522, #882043, #884014, #886732,
    #875892, #882070, #874665, #884280, #881936, #882135).
    - Drop obsolete patches.
  * dh-apparmor postinst snippet: create empty files in
    /etc/apparmor.d/local/ instead of repeating boilerlate.
  * dh-apparmor postinst snippet: simplify local overrides directory
    creation code.
  * Migrate to Git:
    - Configure gbp for DEP-14
    - Configure gbp-pq to avoid prefixing patches with numbers
    - README.source: adjust to Git
    - Update Vcs-* control fields: migrate to Git
  * Move libpam to Section: admin

 -- intrigeri <email address hidden>  Sun, 14 Jan 2018 17:01:17 +0000
Superseded in buster-release on 2018-01-20
Superseded in sid-release on 2018-04-16
apparmor (2.11.1-4) unstable; urgency=medium

  * Bump pinned feature set to linux-image-4.14.0-1's, version 4.14.2-1
    - Pinning a feature set without "mount", as we did before this change,
      breaks mount operations due to a bug in the kernel (Closes: #883703).
      Thanks to Fabian Grünbichler and Felix Geyer for reporting this.
    - AppArmor maintainers in Debian have been testing 4.14 without pinning
      for a while and all the known issues were fixed; it's time to enable
      4.14's features so we can learn what parts of our policy still need
      updates (Closes: #880078, #877581).
  * Move features file to /usr/share/apparmor-features (Closes: #883682).
    Thanks to Fabian Grünbichler <email address hidden> for the patch.
  * Document in apparmor/README.Debian where online documentation wrt. AppArmor
    on Debian lives (Closes: #845232). Thanks to Wouter Verhelst and Jean-Michel
    Vourgère for the suggestion.
  * Improve usability of apparmor-notify:
    - notify.conf: unset use_group.
      aa-notify checks that it can read the selected log file — and aborts
      if it can't — before it checks group membership vs. use_group, so in
      practice setting use_group is only useful for users who are allowed
      to read logs but don't want to see notifications. This seems to be
      a corner case, easily addressed per-user (~/.apparmor/notify.conf)
      or system-wide (by deinstalling apparmor-notify).
      So let's instead optimize for a more common use case, i.e. users who can
      read logs and want to see the notifications. This change does not
      impact the most common use case, i.e. desktop users who are not allowed
      to read logs (Closes:  #880859).
    - Document in apparmor-notify/README.Debian that one must be in the "adm"
      group to use aa-notify.
    Thanks to Lisandro Damián Nicanor Pérez Meyer and Salvatore Bonaccorso
    whose combined bug reports lead to this solution.
  * /lib/apparmor/functions: don't delete /etc/apparmor.d/cache/CACHEDIR.TAG
    ourselves (necessary, but not sufficient, to fix #883584).
  * Declare compliance with Standards-Version 4.1.2.

 -- intrigeri <email address hidden>  Thu, 07 Dec 2017 07:32:02 +0000
Superseded in buster-release on 2017-12-13
Superseded in sid-release on 2017-12-08
apparmor (2.11.1-3) unstable; urgency=medium

  * upstream-commit-92752f5-support-Google-Chrome-beta.patch:
    new patch, backported from upstream (Closes: #880923).

 -- intrigeri <email address hidden>  Sun, 05 Nov 2017 19:26:47 +0000
Superseded in buster-release on 2017-11-11
Superseded in sid-release on 2017-11-08
apparmor (2.11.1-2) unstable; urgency=medium

  * apparmor: drop obsolete dependency on libapparmor-perl.
    This dependency was added in 2.8.0-0ubuntu15, when aa-exec (that was
    written in Perl back then) got moved to the apparmor package.
    Nowadays aa-exec is written in C and AFAICT there's nothing in the
    apparmor package that uses libapparmor-perl.
  * apparmor-utils: drop obsolete dependency on libapparmor-perl.
    All the programs shipped in this package were rewritten in Python.
  * Drop obsolete dependencies on python{,3}-pkg-resources.
    They were added to "fix autopkgtests in click-apparmor and
    apparmor-easyprof-ubuntu". We don't ship these packages in Debian,
    and I'm told they're going away in Ubuntu anyway.

 -- intrigeri <email address hidden>  Wed, 25 Oct 2017 13:58:08 +0000
Superseded in sid-release on 2017-11-01
apparmor (2.11.1-1) unstable; urgency=medium

  * Import upstream 2.11.1 release.
    Drop obsolete patches and refresh remaining ones as need.
  * pin-feature-set.patch: new patch, that pins the AppArmor feature set
    to Linux 4.13.4-2's (Closes: #879584).
    The AppArmor policy we ship is not fully ready for Linux 4.14 yet.
    Once our policy has been updated (#877581) we can bump the pinned
    feature set to Linux 4.14's.
    Note, however, that this is not fully effective in the specific case
    of 4.14-rcN up to 4.14-rc6 due to a kernel bug with pinned older
    feature sets, that will likely be fixed in Linux 4.14-rc7.
    For example, with Linux 4.14-rc5 some network (e.g. unix, inet, inet6)
    operations are denied despite the fact this pinned feature does not
    enable network mediation support. For details, see:
  * Disable parser-include-usr-share-apparmor.patch: it's not used on Debian
    and would be made fuzzy by pin-feature-set.patch, thus causing useless
    maintenance busywork.
  * Improve phrasing of long packages description, based on a patch
    by Vincas Dargis <email address hidden> (Closes: #795431).
  * Replace build-dependency on dh-systemd with a versioned one
    on debhelper, that now ships dh_systemd_*.
  * Set priority to "optional": "extra" is deprecated.
  * Bump Standards-Version to 4.1.1.
  * Drop "Testsuite: autopkgtest" control field: it is automatically added
    by dpkg-source(1) since dpkg 1.17.1 when a debian/tests/control file exists,
    which is the case here.
  * Move libapache2-mod-apparmor to Section "httpd", as suggested by Lintian.

 -- intrigeri <email address hidden>  Mon, 23 Oct 2017 14:19:33 +0000
Superseded in buster-release on 2017-10-31
Superseded in sid-release on 2017-10-24
apparmor (2.11.0-11) unstable; urgency=medium

  * Only use systemd-detect-virt when it's installed (Closes: #871953).
  * dh_apparmor: include the version of the package, so that one can find
    packages that were built with a particular version of dh_apparmor.
    (Closes: #872167).
  * Import patch submitted upstream to support Flatpak exports
    (Closes: #865206).
  * Revert "Build with GCC-6 on mips64el to workaround Debian#871538":
    that gcc-7 bug was fixed in 7.2.0-3 on 2017-09-02, presumably all buildd's
    chroot should have it by now.
  * Merge from Ubuntu citrain up to revision 1627, aka. 2.11.0-2ubuntu17.
    Applied all changes (filtering from that list what had already been
    done in Debian):
     - Remove apparmor system upstart job on upgrades.
     - r3631-apparmor-utils-python3.6-LOCALE.patch: fix utils to avoid
       breakage with python 3.6 (LP: #1661766).
     - nameservice-add-stub-resolv.patch: allow read access to systemd stub
       resolver configuration

 -- intrigeri <email address hidden>  Sun, 03 Sep 2017 09:05:00 +0000
Superseded in buster-release on 2017-09-26
Superseded in sid-release on 2017-09-21
apparmor (2.11.0-10) unstable; urgency=medium

  * Build with GCC-6 on mips64el to workaround #871538.

 -- intrigeri <email address hidden>  Wed, 09 Aug 2017 13:37:47 +0000
Superseded in sid-release on 2017-08-11
apparmor (2.11.0-9) unstable; urgency=medium

  * debian-chromium-paths.patch: new patch, fixes e.g. opening links
    (e.g. from Thunderbird) when Chromium is the default web browser
    (reported in #858911).

 -- intrigeri <email address hidden>  Mon, 07 Aug 2017 22:36:01 +0000
Superseded in sid-release on 2017-08-10
apparmor (2.11.0-7) unstable; urgency=medium

  * compare_and_save_debsums(): fix quieting of diff on initial installation
    (Closes: #870696).
  * Don't explicitly pass runlevel nor sequence number to update-rc.d
    via dh_installinit (Closes: #870695).
    Thanks to Michael Biebl for the hint!
  * wayland-cursor.patch: new patch, to allow wayland-cursor-shared-*
    (Closes: #870807).
  * Merge from Ubuntu citrain up to revision 1620, i.e. 2.11.0-2ubuntu11.
    Applied all changes:
     - fix-aa-status-pod.patch: updates aa-status for newer podchecker
       (LP: #1707614)
     - adjust-python-for-3.6.patch: update python abstraction for 3.6
     - adjust-nameservice-for-systemd-resolved.patch: grant access to
       systemd-resolved in the nameservice abstraction (LP: #1598759).
    … and then disabled adjust-nameservice-for-systemd-resolved.patch
    that's dangerous without fine-grained AppArmor mediation of
    D-Bus traffic.
  * Remove upstart configuration: Upstart was removed in Debian Stretch
    so this file is no longer useful.
  * Drop ubuntu-manpage-updates.patch, that was only relevant with Upstart.

 -- intrigeri <email address hidden>  Sat, 05 Aug 2017 14:21:08 +0000
Superseded in buster-release on 2017-08-15
Superseded in sid-release on 2017-08-07
apparmor (2.11.0-6) unstable; urgency=medium

  * libapparmor-dev: stop installing /lib/*/ (Closes: #866636).

 -- intrigeri <email address hidden>  Fri, 30 Jun 2017 17:20:45 +0000
Superseded in sid-release on 2017-07-01
apparmor (2.11.0-5) unstable; urgency=medium

  * pass-compiler-flags-binutils.patch: new patch, fixes missing
    hardening flags in aa-enabled and aa-exec.
  * Merge from Ubuntu citrain up to revision 1617, i.e. 2.11.0-2ubuntu8.

 -- intrigeri <email address hidden>  Sat, 24 Jun 2017 21:12:47 +0000
Superseded in sid-release on 2017-07-04
apparmor (2.11.0-4) unstable; urgency=medium

  * Run parts of the upstream test suite as autopkgtests.
  * Declare compliance with Standards-Version 4.0.0 (no change required).
  * Add mentions-deprecated-usr-lib-perl5-directory to Lintian overrides,
    since usr-lib-perl5-mentioned has been renamed.
  * libapparmor1.symbols: require 2.8.94 instead of 2.8.94-0ubuntu1.
  * debian/rules: use variables provided by dpkg/ instead
    of parsing the output of dpkg-parsechangelog.
  * Override mistaken apache2-module-depends-on-real-apache2-package
    Lintian check.
  * Merge from Ubuntu citrain up to revision 1616, i.e. 2.11.0-2ubuntu5
    (more recent changes, up to 2.11.0-2ubuntu8, have not been pushed
    to the citrain repo yet; they don't seen critical though).

 -- intrigeri <email address hidden>  Sat, 24 Jun 2017 15:15:09 +0000
Superseded in stretch-release on 2018-03-10
Superseded in sid-release on 2017-06-25
apparmor (2.11.0-3) unstable; urgency=medium

  * Fix CVE-2017-6507: don't unload unknown profiles during package
    configuration or when restarting the apparmor init script, upstart job, or
    systemd unit as this could leave processes unconfined (Closes: #858768).
    Changes cherry-picked from Ubuntu's 2.11.0-2ubuntu3:
    - debian/apparmor.postinst, debian/apparmor.init, debian/apparmor.upstart:
      Remove calls to unload_obsolete_profiles()
    - debian/patches/utils-add-aa-remove-unknown.patch,
      debian/apparmor.install debian/apparmor.manpages: Include a new utility,
      aa-remove-unknown, which can be used to unload unknown profiles. Based
      on an upstream patch but adjusted to source the /lib/apparmor/functions
      shipped in Debian/Ubuntu.

 -- intrigeri <email address hidden>  Tue, 28 Mar 2017 10:29:15 +0000

Available diffs

Superseded in stretch-release on 2017-03-31
Superseded in sid-release on 2017-03-28
apparmor (2.11.0-2) unstable; urgency=medium

  * Drop the apparmor-docs package (Closes: #851118).

 -- intrigeri <email address hidden>  Sat, 21 Jan 2017 10:05:51 +0000
Superseded in stretch-release on 2017-02-01
Superseded in sid-release on 2017-01-22
apparmor (2.11.0-1) unstable; urgency=medium

  * Import upstream 2.11.0 release (Closes: #809649).
  * Don't try to install non-existing file
    to /etc/apparmor.d/abstractions/ubuntu-browsers.d/chromium-browser.
  * Drop all backported patches, that are now obsolete.
  * Drop aa-utils_are_bilingual.patch, that is obsolete since upstream
    switched to Python 3.
  * Refresh all remaining quilt patches.
  * debian/apparmor.manpages: follow upstream wrt. moving the manpages
    for aa-enabled and aa-exec to section 1.
  * Reintroduce building parser/techdoc.pdf from source while building
    the binary package.
  * Build PDFs from documentation/*, and include them in the apparmor-docs
    package. Accordingly add build-dependency on libreoffice-writer and unoconv.
  * README.source: document how to import a new upstream release from
    the tarball.

 -- intrigeri <email address hidden>  Mon, 09 Jan 2017 10:30:38 +0000
Superseded in stretch-release on 2017-01-20
Superseded in sid-release on 2017-01-22
apparmor (2.10.95-8) unstable; urgency=medium

  * Stop applying add-chromium-browser.patch: it's been broken for years
    on Debian, and nobody ever bothered to upstream this profile in a way
    that makes it work cross-distro (Closes: #742829).
  * r3441-sshd-blacklist.patch: new patch, cherry-picked from upstream
    (Closes: #821881).
  * new patch,
    cherry-picked from upstream.
  * r3600-usrmerge.patch: new patch, cherry-picked from upstream
    (resolves the parts of #843461 that can be handled in this package).

 -- intrigeri <email address hidden>  Sat, 17 Dec 2016 11:25:27 +0000
Superseded in stretch-release on 2016-12-28
Superseded in sid-release on 2016-12-17
apparmor (2.10.95-7) unstable; urgency=medium

  * r3582-build-with-recent-swig.patch: new patch, cherry-picked
    from upstream (Closes: #844929).
  * r3588-update-gnome-abstraction-with-versioned-gtk-paths.patch:
    new patch, cherry-picked from upstream (Closes: #845005).
  * r3590-add-more-wayland-paths.patch: new patch, cherry-picked from upstream.
  * r3591-yet-another-location-for-Xauthority.patch: new patch, cherry-picked
    from upstream (Closes: #845250).
  * Merge from Ubuntu citrain up to revision 1604.
  * Disable profiles-grant-access-to-systemd-resolved.patch: it's dangerous
    without fine-grained AppArmor mediation of D-Bus traffic.

 -- intrigeri <email address hidden>  Fri, 2 Dec 2016 11:00:00 +0000
Superseded in stretch-release on 2016-12-08
Superseded in sid-release on 2016-12-05
apparmor (2.10.95-6) unstable; urgency=medium

  * New patches, cherry-picked from upstream:
    - debian/patches/r3577-gnome-abstraction-gtk3-config.patch:
      gnome abstraction: grant read access to ~/.config/gtk-3.0/*.
    - debian/patches/r3578-dnsmasq-libvirt_leaseshelper.patch:
      dnsmasq: allow libvirt_leaseshelper "m" permission on itself.

 -- intrigeri <email address hidden>  Tue, 08 Nov 2016 13:05:14 +0000
Superseded in stretch-release on 2016-11-14
Superseded in sid-release on 2016-12-02
apparmor (2.10.95-5) unstable; urgency=medium

  * Merge from ubuntu-citrain up to revision 1600. Remaining Debian changes:
    - debian/apparmor.init: don't call handle_system_policy_package_updates.
  * r3566-wayland.patch: new patch, to support Wayland in at least Evince
    (Closes: #827335).
  * r3487-add-firefox-esr-to-ubuntu-browsers.patch: new patch, to support
    firefox-esr in abstractions/ubuntu-browsers (Closes: #821945).
  * Drop "Replaces: apparmor-parser": that package has never been part of
    Debian, and if has ever been included in Ubuntu, that must have been
    ages ago.
  * Drop Breaks: lxc (<< 1.1.0~alpha1-0ubuntu5~).
    - Wrt. Ubuntu: Xenial ships a newer lxc.
    - Wrt. Debian: this Breaks was added in Ubuntu in order to "restrict
      signal, ptrace and unix mediation to the container" (LP: #1373555).
      These features require third-party Linux kernel patches, that we
      haven't in Debian, so even though Jessie has lxc 1.0, we don't need
      this Breaks relationship.
  * Drop Breaks: lightdm (<< 1.11.8-0ubuntu2~).
    - Wrt. Debian: it was added in Ubuntu because lightdm 1.11.8-0ubuntu2
      brings "updates for unix socket mediation". But Unix socket mediation
      requires third-party Linux kernel patches, that we haven't in Debian.
    - Wrt. Ubuntu: even Vivid includes a newer lightdm.
  * Drop Breaks+Replaces on a version of debhelper older than the one included
    in Precise and Wheezy.
  * Drop Breaks+Replaces on versions of our own binary packages that are older
    than the ones included in Jessie and Xenial.
  * Drop Breaks: rsyslog (<< 7.4.4-1ubuntu9~). Bot Jessie and Xenial ship
    a newer one.
  * Drop Breaks: apparmor-easyprof-ubuntu (<< 1.2.22). Xenial ships
    a newer one.
  * Drop Breaks: libvirt-bin (<< 1.2.6-0ubuntu6~). Jessie and Xenial
    have a newer one.
  * Drop Breaks+Replaces: apparmor-utils << 2.8.0: Jessie and Trusty ship
    a newer one.
  * Drop Breaks+Replaces: libapache2-mod-apparmor (<< 2.5.1-0ubuntu3):
    Precise and Wheezy shipped with something newer.
  * Version dependency on lsb-base to >= 3.0-6, as advised by Lintian's
    init.d-script-needs-depends-on-lsb-base tag.

 -- intrigeri <email address hidden>  Sat, 15 Oct 2016 16:04:40 +0000
Superseded in stretch-release on 2016-10-21
Superseded in sid-release on 2016-10-16
apparmor (2.10.95-4) unstable; urgency=medium

  * debhelper/postinst-apparmor: re-add the "aa-status --enabled" -based code
    as a fallback, that is used when aa-enabled is not present. This
    facilitates upgrades from Jessie to Stretch, as well as partial
    testing/sid upgrades. (Closes: #829030)

 -- intrigeri <email address hidden>  Fri, 01 Jul 2016 12:50:58 +0000
Superseded in sid-release on 2016-07-02
apparmor (2.10.95-3) unstable; urgency=medium

  * debhelper/postinst-apparmor: re-add 2>/dev/null to aa-enabled invocation,
    to avoid misleading users into thinking the package is missing a dependency
    on apparmor. Thanks to Simon McVittie for the analysis! (Closes: #828795)

 -- intrigeri <email address hidden>  Wed, 29 Jun 2016 10:11:30 +0000
Superseded in sid-release on 2016-06-30
apparmor (2.10.95-2) unstable; urgency=medium

  * dh-apparmor: use aa-enabled instead of aa-status --enabled.
    (Closes: #822475)
  * Ship fake aa-enabled and aa-exec for non-Linux builds to fix FTBFS there
    (same "solution" as the one we've had for apparmor_parser for a while).

 -- intrigeri <email address hidden>  Fri, 24 Jun 2016 13:16:20 +0000
Superseded in sid-release on 2016-06-25
apparmor (2.10.95-1) unstable; urgency=medium

  * Merge from ubuntu-citrain up to revision 1590, that is changes brought
    by 2.10.95-0ubuntu1 to 2.10.95-0ubuntu2, including a new upstream
    release also known as AppArmor 2.11.beta1. (Closes: #810888)
    Remaining changes:
    - debian/apparmor.install: install tunables/home.d and tunables/multiarch.*,
      to make it easier to maintain site-specific configuration.
    - Don't ship empty /usr/bin and /usr/share/apparmor in apparmor-utils:
      I fail to see what good they can do.
    - Drop dependency from apparmor on initramfs-tools: the early modules
      loading code that needed it was removed a while ago.
    - apparmor-notify depends on libnotify-bin: the package's description
      is explicitly about desktop notifications, and we've had #746508,
      so let's stick to supporting the desktop use case as best as we can,
      and ignore the server use case for now.
    - debian/control: removed duplicated Section entry for apparmor-easyprof,
      it's the same as the source package's one.
    - Apply notify-group.patch.
    - The new packaging fixes and improvements documented below.
  * Remove Holger from Uploaders, at his request. (Closes: #824461)
  * dh-apparmor: fix enabling policy if it's the system's first.
    Thanks to Peter Palfrader <email address hidden> for the analysis and patch!
    (Closes: #822349)
  * Declare compliance with Standards-Version 3.9.8.
  * Fix typo in dh_apparmor(1) manpage.
  * Add Lintian overrides for the no-upstream-changelog check: upstream
    does not ship any changelog.
  * debian/README.source: document how we import new upstream releases
    from Ubuntu into Debian.
  * Add a systemd unit wrapping the init script. Thanks to Felipe Sateler
    for coming up with a patch, to the OpenSUSE folks for some inspiration,
    and to Felix Geyer for commenting on my own initial draft. (Closes: #796589)
    - Add a build-dependency on dh-systemd, and enable it in debian/rules.
    - Disable handle_system_policy_package_updates in the init script's
      start action: it is only useful for click, snappy and Ubuntu system
      images, i.e. not in Debian; and it reads and writes to /var, that can
      be remote-mounted, so it would prevent us from using
      (and thus, from confining early system services) without possibly
      introducing dependency loops.

 -- intrigeri <email address hidden>  Thu, 23 Jun 2016 18:25:09 +0000
Superseded in stretch-release on 2016-07-07
Superseded in sid-release on 2016-06-25
apparmor (2.10-4) unstable; urgency=medium

  * Team upload.
  * Backport latest nameservice abstraction. (Closes: #813835)
    - Allows reading resolv.conf from NetworkManager and systemd-networkd.
    - Add nameservice-abstraction.patch

 -- Felix Geyer <email address hidden>  Tue, 29 Mar 2016 22:30:30 +0200
Superseded in stretch-release on 2016-04-04
Superseded in sid-release on 2016-03-30
apparmor (2.10-3) unstable; urgency=medium

  * Team upload.

  [ intrigeri ]
  * Drop libapparmor-mention-dbus-method-in-getcon-man.patch (Closes: #800132)

  [ Felix Geyer ]
  * Update python abstraction for python 3.5.
    - Pull r3277-update-python-abstraction.patch from upstream

 -- Felix Geyer <email address hidden>  Mon, 25 Jan 2016 22:50:13 +0100
Superseded in stretch-release on 2016-01-31
Superseded in sid-release on 2016-01-26
apparmor (2.10-2) unstable; urgency=medium

  [ Felix Geyer ]
  * Apply aa-status-dont_require_python3-apparmor.patch, to keep
    the hard dependencies of the apparmor binary package minimal.
  * python{,3}-apparmor: require at least the same upstream version
    of python{,3}-libapparmor.
  [ intrigeri ]
  * Drop abstractions-ubuntu-browsers.patch: integrated upstream
    (in a slightly different way).
  * debian/control: don't start short description with capital letter.
    (Closes: #795434)
  * r3227-locale-indep-capabilities-sorting.patch: cherry-pick from upstream,
    to make (more of?) the build reproducible. (Closes: #797415)
  * Merge from ubuntu-citrain up to revision 1578, that is changes brought
    by 2.10-0ubuntu3 to 2.10-0ubuntu6.
  * Upload to unstable.

 -- intrigeri <email address hidden>  Tue, 18 Aug 2015 09:48:54 +0200
Deleted in experimental-release (Reason: None provided.)
apparmor (2.10-1) experimental; urgency=medium

  [ intrigeri ]
  * Merge ubuntu-citrain up to revision 1575, except:
    - previously documented changes
    - debian/patches/aa-status-dont_require_python3-apparmor.patch:
      don't apply, only relevant for Ubuntu Phone
  * debian/patches/r3209-dnsmasq-allow-dash: cherry-pick from upstream.
  * debian/patches/pass-compiler-flags.patch: refresh.
  * Update upstream signing key.
  * apparmor-utils: make the Depends on python3-apparmor versioned.
    (Closes: #785436)
  * Override the "apparmor source: usr-lib-perl5-mentioned rules" error.
    We replace usr/lib/perl5 with the corresponding multiarch path
    in debian/rules, as a consequence this file contains this string.
  * python-apparmor, python3-apparmor: add Lintian overrides for
    the extended-description-is-probably-too-short tag.
  * debian/control: stuff out a bit apparmor-utils' extended description.
  [ Felix Geyer ]
  * Add Brazilian Portuguese translation of debconf messages.
    Thanks to Adriano Rafael Gomes. (Closes: #788342)
  * Use dh_apparmor from this source package for apparmor-profiles.
    (Closes: #656451)
  * Make debian/rules safer:
    - Add set -e to loops.
    - Use "&&" when chaining shell commands.

 -- intrigeri <email address hidden>  Thu, 13 Aug 2015 23:42:10 +0200
Superseded in stretch-release on 2015-10-13
Superseded in sid-release on 2015-10-13
apparmor (2.9.2-3) unstable; urgency=medium

  * Mark reproducible-pdf.patch as forwarded upstream.
  * debian/rules: improve handling of the unversioned link in /usr to the
    shared library; the new implementation doesn't cause needless version
    churn in debian/rules when new releases that touch libapparmor are
    incorporated into the packaging. Thanks to Steve Beattie
    <email address hidden> for the patch!
  * Upload to unstable.

 -- intrigeri <email address hidden>  Fri, 08 May 2015 21:43:41 +0200
Deleted in experimental-release (Reason: None provided.)
apparmor (2.9.2-2) experimental; urgency=medium

  * libapache2-mod-apparmor.postrm: on package purge, delete
    /etc/apparmor.d/{,disable} if empty (Closes: #766750).
  * Add reproducible-pdf.patch: make techdoc.pdf reproducible even
    in face of timezone variations.

 -- intrigeri <email address hidden>  Sun, 03 May 2015 11:57:58 +0200
Superseded in experimental-release on 2015-05-04
apparmor (2.9.2-1) experimental; urgency=medium

  * Merge Ubuntu changes up to 2.9.1-0ubuntu9, including:
    - New upstream 2.9.1 release (Closes: #770788, #771400)
    - Replace unnecessary $remote_fs dependency with $local_fs
      (Closes: #782700)
  * Import new 2.9.2 upstream release (Closes: #670305, #777034).
  * Don't install the usr.sbin.cupsd example profile: it is shipped
    and enabled by the cups-daemon package already.
  * Install the /etc/apparmor.d/tunables/{home,multiarch}.d
    directories from upstream.
  * Install the sbin.dhclient-script and usr.lib.RealPlayer10.realplay
    example profiles in /usr/share/doc/apparmor-profiles/extras/.
  * debian/apparmor.install: sort entries in lexical order.
  * debian/rules: pass --no-start to dh_installinit since we're handling
    reloading profiles manually in the postinst scripts.
  * Drop patches applied upstream:
    - add-mir-abstraction-lp1422521.patch
    - systemd-dev-log-lp1413232.patch
    - parser-fix_modifier_compilation_+_tests.patch
    - tests-fix_systemd_breakage_in_pivot_root-lp1436109.patch
    - GDM_X_authority-lp1432126.patch
    - easyprof-framework-policy.patch.
  * debian/copyright: remove obsolete paragraph about
  * Override the init.d-script-missing-dependency-on-remote_fs Lintian
    warning for the apparmor binary package: the current theory is that
    only the click package bits need /usr upon startup.
  * Enable the bindnow hardening flag during build.
  * libapparmor-dev: install link in /usr/lib, not in /lib,
    as dictated in Debian Policy section 8.4 (Development files).

 -- intrigeri <email address hidden>  Thu, 30 Apr 2015 12:46:44 +0200
Deleted in experimental-release (Reason: None provided.)
apparmor (2.9.0-3+exp2) experimental; urgency=medium

  * Use Build-Depends-Package in the symbols file (Closes: #782575).
    Thanks to Michael Biebl <email address hidden> for the patch!

 -- intrigeri <email address hidden>  Wed, 15 Apr 2015 18:05:45 +0200
Superseded in experimental-release on 2015-04-16
apparmor (2.9.0-3+exp1) experimental; urgency=medium

  * dh_apparmor: remove /etc/apparmor.d/{disable,} on package purge
    (Closes: #773870).
  * Remove /var/lib/apparmor/profiles/.apparmor.md5sums and parent
    directories on package purge (Closes: #766751).
  * Drop dependency from apparmor on initramfs-tools: the early modules
    loading code that needed it was removed a while ago (Closes: #771240).
  * Ship libapparmor in /lib instead of /usr as we want to use it
    in systemd now. (Closes: #771667, LP: #1397960).
    Thanks to Martin Pitt <email address hidden> for the patch!

 -- intrigeri <email address hidden>  Wed, 24 Dec 2014 17:45:16 +0100
Superseded in stretch-release on 2015-05-16
Published in jessie-release on 2014-12-18
Superseded in sid-release on 2015-05-12
apparmor (2.9.0-3) unstable; urgency=medium

  * Add versionned Breaks/Replaces from libapparmor-dev to apparmor-docs
    (Closes: #772557). Some manpages were actually migrated from the
    latter package, and not from libapparmor1.

 -- intrigeri <email address hidden>  Fri, 12 Dec 2014 14:14:51 +0100
Superseded in jessie-release on 2014-12-18
Superseded in sid-release on 2014-12-13
apparmor (2.9.0-2) unstable; urgency=medium

  * Add versioned Breaks/Replaces from python-apparmor to apparmor-utils.
    We have the same in place already for python3-apparmor, that deals
    with the move of the Python 3 bits. This change does the same for
    the Python 2 bits (Closes: #768211).
  * Install all upstream Dovecot profiles: the usr.sbin.dovecot one,
    that we install already, needs them (Closes: #768357).
  * Install the upstream usr.sbin.smbldap-useradd profile: the usr.sbin.smbd
    one, that we install already, needs it. This prevents the same kind
    of bug as #768357 from occurring when one uses the smbd profile.

 -- intrigeri <email address hidden>  Fri, 07 Nov 2014 11:37:45 +0100
Superseded in jessie-release on 2014-11-13
Superseded in sid-release on 2014-11-07
apparmor (2.9.0-1) unstable; urgency=medium

  * Import new upstream release: 2.9.0.
  * Merge Ubuntu changes up to 2.8.98-0ubuntu2 (Closes: #761994).
    Remaining patches on top of Ubuntu's ones:
    - abstractions-ubuntu-browsers.patch
    - non-linux.patch
    - notify-group.patch
    - pass-compiler-flags.patch
    - raise-test-timeout.patch
  * Drop versioned Breaks on lxc and lightdm: as long as AppArmor is not
    enabled by default in Debian, this is too strong a statement.
  * Declare compliance with Standards-Version 3.9.6 (no change needed).
  * Don't ship empty /usr/share/apparmor in apparmor-utils.
  * Import fixed debian/watch from our 2.8 packaging branch.
  * Import upstream signing key, (at least) for uscan's consumption.
  * debian/watch: add support for verifying upstream cryptographic signatures.
  * Make the apparmor package Suggests: apparmor-profiles-extra, just like
    it does for apparmor-profiles already.

 -- intrigeri <email address hidden>  Sat, 18 Oct 2014 12:38:26 +0200
Deleted in experimental-release (Reason: None provided.)
apparmor (2.8.96~2652-1) experimental; urgency=medium

  * Merge Ubuntu changes up to 2.8.96~2652-0ubuntu5.
  * Drop patches taken upstream:
    - fix-font-abstractions.patch
  * Drop patches that were cherry-picked from upstream, and are now included
    in the upstream snapshot this package is based on:
    - r2107-debian761733-libtoolize.patch
    - r2079-add-pkg-config-support.patch
    - r2667-debian760378-fix-ftbfs-on-x32.patch
    - r2240-find-libs.patch
    - r2247-fix-bison3.patch
  * Drop obsolete aa-status-smarter.patch: the interface patch is now in recent
    Linux kernels.
  * Remaining patches on top of Ubuntu's ones:
    - abstractions-ubuntu-browsers.patch
    - non-linux.patch
    - notify-group.patch
    - pass-compiler-flags.patch
    - raise-test-timeout.patch
  * Adjust debian/copyright to match current state of upstream sources.
  * Refresh quilt patches.
  * Update debian/copyright, and add a lot of information to it.
  * Don't install empty /usr/bin in apparmor-utils.

 -- intrigeri <email address hidden>  Mon, 22 Sep 2014 23:02:48 -0700
Superseded in jessie-release on 2014-10-29
Superseded in sid-release on 2014-10-20
apparmor (2.8.0-8) unstable; urgency=medium

  * New patch, cherry-picked from upstream to add pkg-config support:
    r2079-add-pkg-config-support.patch (Closes: #762525)
  * Add packaging bits to support pkg-config:
    - debian/control: Add pkg-config as a Build-Depends
    - debian/libapparmor-dev.install: Install libapparmor pkg-config file

 -- intrigeri <email address hidden>  Mon, 22 Sep 2014 23:02:48 -0700
Superseded in sid-release on 2014-09-24
apparmor (2.8.0-7) unstable; urgency=medium

  * New patch: r2107-debian761733-libtoolize.patch, cherry-picked from
    upstream r2107 on their 2.8 branch (Closes: #761733).

 -- intrigeri <email address hidden>  Fri, 19 Sep 2014 09:41:31 -0700
Superseded in jessie-release on 2014-09-28
Superseded in sid-release on 2014-09-22
apparmor (2.8.0-6) unstable; urgency=medium

  * Put package under the Debian AppArmor Team's umbrella, and accordingly:
    - Add intrigeri and Holger as Uploaders.
    - Point Vcs-* control fields to our new shared repository on Alioth.
  * Cherry-pick upstream fix (r2667) to fix FTBFS on x32 (Closes: #760378).
  * Add Turkish translation of debconf messages (Closes: #757512).
    Thanks to Mert Dirik <email address hidden> for the patch!
  * Merge changes from 2.8.0-5.1 NMU.

 -- intrigeri <email address hidden>  Wed, 10 Sep 2014 11:55:18 -0700
Superseded in jessie-release on 2014-09-16
Superseded in sid-release on 2014-09-17
apparmor (2.8.0-5.1) unstable; urgency=medium

  * Non-maintainer upload.
  * control: make apparmor-notify depend on libnotify-bin (Closes: 746508).
  * watch: update to the version proposed on
    (Closes: 738531).
  * rules, libapparmor-perl.install: replace hardcoded usr/lib/perl5
    with the value of $Config{vendorarch} (Closes: 750128).
    Thanks to Damyan Ivanov <email address hidden> for the patch!

 -- intrigeri <email address hidden>  Mon, 02 Jun 2014 12:21:27 +0200
Superseded in jessie-release on 2014-06-11
Superseded in sid-release on 2014-06-06
apparmor (2.8.0-5) unstable; urgency=low

  * rules: drop --parallel, since it seems the upstream build is fragile
    when running in parallel mode. Thanks to intrigeri for tracking this
    down! (Closes: 732578)

 -- Kees Cook <email address hidden>  Fri, 03 Jan 2014 13:41:43 -0800
Superseded in sid-release on 2014-01-04
apparmor (2.8.0-4) unstable; urgency=low

  * control, {libapparmor1,apparmor-docs}.manpages: move man pages into
    apparmor-docs to avoid multi-arch duplication and hilarity with file
    dates vs buildd timezones (Closes: 731358).
  * patches/r2247-fix-bison3.patch: fix build for bison 3 (Closes: 732695).
  * control: bump standards version, no changes needed.

 -- Kees Cook <email address hidden>  Thu, 26 Dec 2013 14:42:03 -0800
Superseded in sid-release on 2013-12-27
apparmor (2.8.0-3) unstable; urgency=low

  * Rebuild with pristine tree to avoid date skew in generated
    manpages (Closes: 731358)

 -- Kees Cook <email address hidden>  Fri, 13 Dec 2013 11:14:54 -0800
Superseded in jessie-release on 2014-01-09
Superseded in sid-release on 2013-12-27
apparmor (2.8.0-2) unstable; urgency=low

  * Convert to dh(1) and Multi-Arch, thanks to Steve Langasek.
    - add r2240-find-libs.patch to find libraries during tests.

 -- Kees Cook <email address hidden>  Mon, 02 Dec 2013 10:13:34 -0800
Superseded in jessie-release on 2013-12-13
Superseded in sid-release on 2013-12-04
apparmor (2.8.0-1) unstable; urgency=low

  * Merge with Ubuntu changes.
    - update to 2.8.0 release (Closes: 712370).
    - handle Apache 2.4 transition (Closes: 666808).
    - drop debian/patches/abstractions-X.patch (taken upstream)
    - drop debian/patches/fix-network-rule-support.patch (taken upstream)
    - updated debian/patches/pass-compiler-flags.patch (partially upstream)
  * debian/control:
    - fix typo in long description (Closes: 711398).
    - removed duplicated Section entry for apparmor-easyprof.
    - add missing python Depends.
  * debian/rules:
    - dh_apache2 must execute before dh_strip and dh_fixperms.
    - improved repeat-build cleanup logic.
    - dh_python needs to be called on all packages installing scripts.
    - do not force python version 3.
  * Add debian/patches/fix-font-abstractions.patch (Closes: 714843).
  * Add debian/patches/raise-time-timeout.patch (Closes: 699774).
  * Drop debian/libapache2-mod-apparmor.lintian-overrides (not needed).
  * debian/*.manpages: move aa-exec.8 to apparmor from apparmor-utils.
  * debian/apparmor-utils.dirs: drop unused directories from aa-easyprof.

 -- Kees Cook <email address hidden>  Mon, 08 Jul 2013 17:51:40 -0700
Superseded in jessie-release on 2013-08-02
Published in wheezy-release on 2012-07-28
Superseded in sid-release on 2013-07-15
apparmor (2.7.103-4) unstable; urgency=low

  * debian/apparmor-profiles.dirs: add directories we might collide
    with apparmor on during purge.
  * debian/patches/fix-network-rule-support.patch: handle lack of
    networking features correctly (Closes: 679597).

 -- Kees Cook <email address hidden>  Mon, 16 Jul 2012 11:52:42 -0700
Superseded in wheezy-release on 2012-07-28
Superseded in sid-release on 2012-07-19
apparmor (2.7.103-3) unstable; urgency=low

  * debian/control: drop deprecated XS-Python-Version (Closes: 673062).
  * debian/debhelper/postinst-apparmor: remove bashism (Closes: 678526).
  * debian/patches/pass-compiler-flags.patch: add LDFLAGS where needed.
  * debian/libapache2-mod-apparmor.lintian-overrides: verified safe
    glibc function use at compile-time.
  * debian/rules: call dh_lintian.

 -- Kees Cook <email address hidden>  Thu, 28 Jun 2012 23:23:27 -0700
Deleted in experimental-release (Reason: None provided.)
apparmor (2.7.103-3~0apache24.1) experimental; urgency=low

  * Apache 2.4 transition.

 -- Kees Cook <email address hidden>  Sat, 05 May 2012 15:14:47 -0700
Superseded in wheezy-release on 2012-07-17
Superseded in sid-release on 2012-07-17
apparmor (2.7.103-2) unstable; urgency=low

  * debian/patches/non-linux.patch: fix up build failures on non-Linux
    systems (Closes: 671040).
  * debian/control: require apparmor for apparmor-profiles, since abstraction
    tree needs to be created already.
  * debian/lib/apparmor/functions: silently handle lack of interface compat
  * debian/apparmor-profiles.postrm: retain conffile list for purge logic
    (Closes: 656451).
  * debian/libapache2-mod-apparmor.{dirs,preinst}: add "disabled" directory
    to package file list correctly (Closes: 670431).
  * debian/control: bump standards version, no changes needed.

 -- Kees Cook <email address hidden>  Sat, 05 May 2012 09:57:10 -0700
Superseded in sid-release on 2012-05-08
apparmor (2.7.103-1) unstable; urgency=low

  * New upstream release, merge with Ubuntu, drop included patches:
    - 0005-clean-common-from-vim.patch
    - 0006-use-linux-capability-h.patch
    - 0008-apparmor-lp963756.patch
    - 0009-apparmor-lp959560-part1.patch
    - 0010-apparmor-lp959560-part2.patch
    - 0011-apparmor-lp872446.patch
    - 0012-apparmor-lp978584.patch
    - 0013-apparmor-lp800826.patch
    - 0014-apparmor-lp979095.patch
    - 0015-apparmor-lp963756.patch
    - 0016-apparmor-lp968956.patch
    - 0017-apparmor-lp979135.patch
    - Closes: 656451
  * debian/control: url.sty has moved, add texlive-latex-recommended
    Build-Dep (Closes: 669537).
  * debian/patches/notify-group.patch, debian/apparmor-notify.install,
    debian/notify/notify.conf: Remove custom notify.conf file, and modify
    the upstream one instead, adjusting the group to "adm", thanks to
    Intrigeri (Closes: 660078).
  * debian/patches/aa-status-smarter.patch: fix up the logic for
    determining the enabled state of AppArmor, based on patch from
    Intrigeri (Closes: 661153).
  * debian/debhelper/postinst-apparmor: do not fail if AppArmor is not
    installed, thanks to Intrigeri (Closes: 668010).
  * debian/patches/abstractions-X.patch: add missing gdm3 path to X
    abstraction, thanks to Intrigeri (Closes: 660079).
  * debian/patches/abstractions-ubuntu-browsers.patch: include iceweasl
    in browser abstraction, thanks to Intrigeri (Closes: 661176).
  * debian/rules, debian/compat, debian/patches/pass-compiler-flags.patch,
    debian/control: bump to compat 9, export build flags, and make get
    them passed into the build.

 -- Kees Cook <email address hidden>  Tue, 24 Apr 2012 17:20:41 -0700
175 of 80 results