-
apparmor (3.0.13-2) unstable; urgency=medium
* Revert "Vcs-* control fields: track the debian/experimental branch"
* Revert "gbp.conf: set debian-branch to debian/experimental"
* Upload to unstable
-- intrigeri <email address hidden> Mon, 25 Mar 2024 10:52:20 +0000
-
apparmor (3.0.12-1) unstable; urgency=medium
* New upstream releases: 3.0.9, 3.0.10, 3.0.11, and 3.0.12
(Closes: #929990, #1037578, #1040481)
* Drop patches that are part of new upstream releases
* Adjust to profiles renamed upstream
* Refresh remaining patches
* Install new profiles
* Don't install new clamd profile: clamav-daemon ships one
* Adjust to profile renamed upstream
-- intrigeri <email address hidden> Sun, 16 Jul 2023 14:39:37 +0000
-
apparmor (3.0.8-3) unstable; urgency=medium
* Cherry-pick a few small, targeted fixes from upstream 3.0 branch
-- intrigeri <email address hidden> Tue, 14 Feb 2023 11:49:15 +0000
-
apparmor (3.0.8-2) unstable; urgency=medium
* Only pin the policy ABI, not the kernel ABI.
This brings back the desired behavior that we had on Bullseye.
Fixes regression introduced in 3.0.3-1.
* Drop obsolete dependency on lsb-base: it's transitional
and provided by sysvinit-utils, which is essential
-- intrigeri <email address hidden> Wed, 18 Jan 2023 11:10:22 +0000
-
apparmor (3.0.8-1) unstable; urgency=medium
* New upstream release
* debian/watch: only track the 3.0 series for now
* Add upstream patch to fix test suite
-- intrigeri <email address hidden> Sat, 10 Dec 2022 17:54:51 +0000
-
apparmor (3.0.7-1) unstable; urgency=medium
* New upstream release
-- intrigeri <email address hidden> Tue, 16 Aug 2022 14:09:22 +0000
-
apparmor (3.0.6-1) unstable; urgency=medium
* New upstream release (Closes: #1015354)
* Drop patch that was applied upstream
* Enable LTO
* Declare compliance with Policy 4.6.1
-- intrigeri <email address hidden> Tue, 02 Aug 2022 09:15:54 +0000
-
apparmor (3.0.5-1) unstable; urgency=medium
* New upstream release
* Drop patches that were applied upstream
* Drop profile-load script: part of upstream 3.0.5
* Install newly upstreamed aa-notify.desktop instead of the custom Debian one
* Rename debian/master branch to debian/unstable
* New patch, to fix new upstream "dirtest" test
* Install new samba-* profiles
-- intrigeri <email address hidden> Mon, 25 Jul 2022 13:46:44 +0000
-
apparmor (3.0.4-3) unstable; urgency=medium
* Cherry-pick 7 patches from upstream apparmor-3.0 branch (Closes: #1003153)
* Adjust overrides for recent Lintian
* Override Lintian false positives
-- intrigeri <email address hidden> Wed, 06 Jul 2022 07:48:25 +0000
-
apparmor (3.0.4-2) unstable; urgency=medium
* Add upstream commit that makes the test suite compatible with Python 3.10
-- intrigeri <email address hidden> Wed, 23 Feb 2022 09:48:59 +0000
-
apparmor (3.0.4-1) unstable; urgency=medium
* New upstream release
* apparmor-profiles: install new samba-bgqd profile
* Drop backported patches that are now obsolete
* debian/allow-access-to-ibus-socket.patch: drop support for pre-Bullseye
ibus path
* Declare compliance with Policy 4.6.0.1
* Drop XS- prefix for adopted Python-Version control field
* Add new symbols
-- intrigeri <email address hidden> Sat, 12 Feb 2022 12:34:23 +0000
-
apparmor (3.0.3-6) unstable; urgency=medium
* debian/rules: let "set -e" take effect (Closes: #998843)
* Add support for Python 3.10 (Closes: #998686):
- upstream-ab4cfb5e-replace-distutils-with-setuptools.patch: new patch,
edited to drop changes to upstream .gitignore.
- Add build-dependency on python3-setuptools
-- intrigeri <email address hidden> Thu, 18 Nov 2021 09:15:55 +0000
-
apparmor (3.0.3-5) unstable; urgency=medium
[ Debian Janitor ]
* Remove constraints unnecessary since stretch.
[ Helmut Grohne ]
* Make the package cross-buildable (Closes: #984582):
- Multiarchify python Build-Depends
- Let dh_auto_build pass cross tools to make
- Annotate perl build-dependency with !nocheck
[ intrigeri ]
* Remove obsolete libapparmor-perl on upgrade
-- intrigeri <email address hidden> Sat, 23 Oct 2021 10:22:04 +0000
-
apparmor (3.0.3-4) unstable; urgency=medium
* Merge apparmor-easyprof into apparmor-utils (Closes: #972880)
* Make apparmor-utils and python3-apparmor arch:all (Closes: #972881)
-- intrigeri <email address hidden> Sun, 17 Oct 2021 17:23:17 +0000
-
apparmor (3.0.3-3) unstable; urgency=medium
* Adjust gbp.conf and Vcs-* control fields for 3.0.x now being in sid.
* Stop building the libapparmor-perl binary package (Closes: #993565)
* Update Lintian overrides
* Add B-D on dh-sequence-python3, to workaround #996089 in Lintian
* B-D: python3-all → python3-all:any, to appease Lintian
-- intrigeri <email address hidden> Wed, 13 Oct 2021 05:56:16 +0000
-
apparmor (3.0.3-2) unstable; urgency=medium
* Upload to unstable
-- intrigeri <email address hidden> Fri, 03 Sep 2021 08:23:30 +0000
-
apparmor (2.13.6-10) unstable; urgency=medium
* autopkgtest: use hint-testsuite-triggers to ensure dummy test is not run
(Closes: #954655)
-- intrigeri <email address hidden> Sat, 03 Apr 2021 06:09:19 +0000
-
apparmor (2.13.6-9) unstable; urgency=medium
* usr.lib.dovecot.script-login: don't include non-existent local override file
(Closes: #982112)
* Declare compliance with Policy 4.5.1
-- intrigeri <email address hidden> Sat, 06 Feb 2021 17:07:35 +0000
-
apparmor (2.13.6-8) unstable; urgency=medium
* Backport patch from upstream 3.0 series, which ports aa-status to C
(upstream-commit-8f9046b-port-aa-status-to-c.patch), then
drop obsolete dependency from the apparmor binary package
on python3 (Closes: #981442)
* Annotate test dependencies <!nocheck> (Closes: #981205).
Thanks to Helmut Grohne <email address hidden> for the patch!
-- intrigeri <email address hidden> Fri, 05 Feb 2021 11:24:57 +0000
-
apparmor (2.13.6-7) unstable; urgency=medium
* Supersede failed dgit upload.
-- intrigeri <email address hidden> Fri, 15 Jan 2021 13:16:37 +0000
-
apparmor (2.13.6-3) unstable; urgency=medium
* Only pin the policy ABI, not the kernel ABI.
I hope this fixes the regressions, on older kernels, caused by pinning
the Linux 5.9 feature set, that I guess is the reason behind the
several autokpgtest regressions caused by 2.13.6-2 (debci runs
on Linux 4.19.x).
-- intrigeri <email address hidden> Mon, 28 Dec 2020 11:41:02 +0000
-
apparmor (2.13.6-2) unstable; urgency=medium
* Pin the Linux 5.9 feature set
-- intrigeri <email address hidden> Sun, 27 Dec 2020 10:24:57 +0000
-
apparmor (2.13.5-1) unstable; urgency=medium
* New upstream release (Closes: #868563, #934869, #969267)
* Drop patches now included upstream
* Refresh patches
* d/apparmor.install: Install new file 'tunables/run' under '/etc/apparmor.d'
* upstream-commit-145136f-fix-2.13-libapparmor-so-version.patch: new patch
* Stop building on non-Linux architectures (Closes: #972049).
Thanks to Laurent Bigonville <email address hidden> for the suggestion.
* Drop obsolete Lintian overrides
* Update Lintian override name
* Bump debhelper compat level to 13
* Update symbols list
* Install gettext translations
* apparmor-profiles: install a few more profiles (usr.bin.mlmmj-receive,
usr.lib.postfix.dnsblog, usr.lib.postfix.postscreen)
* debian/not-installed: list files not installed on purpose
* Adjust *.install source files to appease dh_missing
* autopkgtests: don't try to test disabled Thunderbird profile
* Merge ubuntu/2.13.3-7ubuntu6. Remaining included changes after resolving
conflicts and dropping patches included in 2.13.{4,5}:
- debian/control: add Breaks on snapd < 2.44.3+20.04~ since prior snapd
versions assume that apparmor will load the snapd policy on boot
-- intrigeri <email address hidden> Sat, 24 Oct 2020 17:15:28 +0000
-
apparmor (2.13.4-3) unstable; urgency=medium
* apparmor-profiles: provide (upstream) bug reporting instructions
* upstream-commit-1f319c3-systemd-userdbd-compat.patch: new patch
(Closes: #962405)
-- intrigeri <email address hidden> Tue, 16 Jun 2020 13:09:13 +0000
-
apparmor (2.13.4-2) unstable; urgency=medium
* apparmor-profiles: don't ship redundant freshclam profile (Closes: #959915)
* Apply upstream !465: fix the build with make 4.3
* Drop unused Lintian override
* GitLab CI:
- allow reprotest to fail without failing the whole pipeline
- enable diffoscope for reprotest
-- intrigeri <email address hidden> Mon, 25 May 2020 09:23:21 +0000
-
apparmor (2.13.4-1) unstable; urgency=medium
* New upstream release
* Switch to HTTPS for upstream homepage URL
* apparmor-profiles: install missing usr.lib.dovecot.stats profile
(Closes: #953268)
* Drop backported patches that are now obsolete.
* Cherry-picked from Ubuntu:
- Update ibus abstract path for ibus 1.5.22
- debian/control: drop Breaks that were only needed for upgrades to bionic
* Drop obsolete Lintian overrides
* Add python3-all to Build-Depends
* Override Lintian false positive
* Declare compliance with Policy 4.5.0
* Apply upstream !464: let Mesa check if the kernel supports
the i915 perf interface
-- intrigeri <email address hidden> Tue, 31 Mar 2020 08:45:58 +0000
-
apparmor (2.13.3-7) unstable; urgency=medium
* Add explicit build dependency on dh-python, so that this package
can built with python3-defaults 3.7.5-3.
-- intrigeri <email address hidden> Fri, 15 Nov 2019 10:37:05 +0000
-
apparmor (2.13.3-6) unstable; urgency=medium
[ Matthias Klose ]
* debian/rules: ensure "set -e" is honored (Closes: #943649).
* Add upstream-mr-430-Fix-a-Python-3.8-autoconf-check.patch (Closes: #943657).
-- intrigeri <email address hidden> Tue, 29 Oct 2019 18:57:51 +0000
-
apparmor (2.13.3-5) unstable; urgency=medium
* upstream-mr-419-Xwayland-vs-recent-mutter.patch: new patch (Closes: #935058)
-- intrigeri <email address hidden> Sun, 08 Sep 2019 08:00:56 +0000
-
apparmor (2.13.3-4) unstable; urgency=medium
* New patch, cherry-picked and adapted from Ubuntu: don't include local/
snippets in the Dovecot profiles. These inclusions of non-existing files
break aa-genprof (Closes: #928160).
* Merge ubuntu/2.13.2-9ubuntu7, which turns out to be a no-op, because
we essentially revert all changes brought by this merge:
- Drop lp1820068.patch, introduced in 2.13.2-9ubuntu7: it's included
in the 2.13.3 upstream release already.
- Don't enable ubuntu/parser-conf-no-expr-simplify.patch, that Ubuntu just
re-enabled: in Debian we don't disable expression tree simplification,
because we've cherry-picked an upstream patch that improves its
performance sufficiently.
-- intrigeri <email address hidden> Sat, 27 Jul 2019 17:18:43 +0000
-
apparmor (2.13.3-3) unstable; urgency=medium
[ Michael Biebl ]
* Move libraries back to /usr/lib
[ intrigeri ]
* Remove Lintian override made obsolete by the move to /usr/lib/apparmor/
* Avoid-blhc-CPPFLAGS-missing-false-positive.patch: new patch.
* Revert "debian/control: Breaks on snapd < 2.38~"
Jamie Strandboge explained in details on #932815 the rationale behind this
Breaks relationship. The user impact seems non-critical and the risk of the
problem happening in practice is very low, so for now let's remove this
Breaks, that prevents apparmor from migrating to testin (we don't have
snapd 2.38+ in Debian yet).
-- intrigeri <email address hidden> Tue, 23 Jul 2019 22:19:02 +0000
-
apparmor (2.13.3-2) unstable; urgency=medium
* Install the lsb_release profile.
-- intrigeri <email address hidden> Wed, 17 Jul 2019 19:41:32 +0000
-
apparmor (2.13.2-10) unstable; urgency=medium
* Don't load AppArmor policy when running in a Debian Live environment
that uses overlayfs (Closes: #922378).
Rationale: the storage stack set up by live-boot with overlayfs
is not supported by our AppArmor policy at the moment, resulting
in breakage of confined software such as Evince and LibreOffice.
* Ship nvidia_modprobe in enforce mode (Closes: #923273).
- Rationale: as explained by Seth Arnold <email address hidden>
on #923273#32, profiles in complain mode can chew up essentially
unlimited amounts of non-swappable kernel memory and huge amounts
of IO bandwidth logging ALLOWED messages, which can in turn
use large amounts of storage. This is why Ubuntu has applied this change
already for their upcoming release.
- Scope of this change: in Buster, this profile is used in one single place
— the usr.lib.libreoffice.program.soffice.bin profile — for which it was
developed and tested in the first place. So the risk and potential
problematic impact of this change seems pretty low.
* Cherry-pick the most important and non-invasive fixes
from the upstream apparmor-2.13 maintenance branch:
- base abstraction: allow mr on *.so* in common library paths,
i.e. don't assume all common libraries' name starts with "lib".
At the very least, this fixes Qt5 applications under some
VirtualBox graphics configuration, where otherwise they would
not start at all (Closes: Tails#16414).
Upstream commits: 8dff7dc, 08f9d16
- Fix 2 segfaults spotted upstream while writing automated tests
for the multicache support (upstream MR!348):
· in overlaydirat_for_each, segfault caused by repeatedly freeing
the same memory area;
· when loading policy cache files, due to incorrect size passed
to qsort().
Upstream commits: 5704fba, 01aec04
-- intrigeri <email address hidden> Sat, 30 Mar 2019 13:23:11 +0000
-
apparmor (2.13.2-9) unstable; urgency=medium
* Revert "Add autopkgtest that checks if apparmor.service starts
on package installation". It passes with the schroot and qemu
backends locally but fails on ci.debian.net.
-- intrigeri <email address hidden> Mon, 25 Feb 2019 06:10:18 +0000
-
apparmor (2.13.2-8) unstable; urgency=medium
* Cherry-pick 5 more commits from upstream apparmor-2.13 branch
(Closes: #921866).
* Cherry-pick upstream MR!344 (Closes: #920833, #921888).
* Install the nvidia_modprobe named profile (Closes: #921875)
and add it to the list of profiles whose syntax is checked
via autopkgtests.
* Patch usr.sbin.smdb to include snippet generated at runtime
(part of the fix for #896080).
* New autopkgtest: ensure apparmor.service starts on
package installation.
* Update salsa CI pipeline.
-- intrigeri <email address hidden> Sun, 24 Feb 2019 17:00:23 +0000
-
apparmor (2.13.2-7) unstable; urgency=medium
* Stop shipping /var/cache/apparmor/CACHEDIR.TAG (Closes: #920682)
* New patches, cherry-picked from upstream !320, so the "audio"
abstraction grants read access to Alsa and libao config files
(Closes: #920669, #920670).
-- intrigeri <email address hidden> Thu, 31 Jan 2019 09:51:59 +0000
-
apparmor (2.13.2-6) unstable; urgency=medium
* initscript: implement missing aa_log_action_begin and
aa_log_action_end functions (Closes: #917962).
-- intrigeri <email address hidden> Mon, 28 Jan 2019 18:11:53 +0000
-
apparmor (2.13.2-5) unstable; urgency=medium
* Really move libapparmor.so unversioned symlink to /lib/<triplet>
(Closes: #919705).
* Add Lintian override for dev-pkg-without-shlib-symlink: arguably
a false positive (see #843932).
* Add Lintian override for uses-dpkg-database-directly: false positive.
* Declare compliance with Standards-Version 4.3.0.
* autopkgtests:
- Test compiling many more profiles:
- all profiles that apparmor-profiles-extra ships in enforce mode
- the profiles shipped by bind9, cups-browsed, haveged,
libreoffice-common, man-db, ntp, onioncircuits, tcpdump, thunderbird,
and tor
- another profile shipped by libvirt-daemon-system
- Declare that the compile-policy test is not superficial anymore.
- Make the parser verbose in the compile-policy test.
-- intrigeri <email address hidden> Mon, 28 Jan 2019 08:29:19 +0000
-
apparmor (2.13.2-4) unstable; urgency=medium
* Move libapparmor.so unversioned symlink to /lib/<triplet> (Closes: #919705).
* New patches, cherry-picked from upstream:
- Make tunables/share play well with aliases.
- Fix access to /usr/share/drirc.d.conf (Closes: #919775).
- Fix access to the default paths used by dehydrated in Debian.
- Support new font configuration paths.
- Support libvirt named profile.
- Fix access to /etc/alsa/conf.d/.
* autopkgtests: test compiling more profiles shipped by other packages.
* Patch the dnsmasq profile to fix ptrace and signal communication
with libvirtd.
-- intrigeri <email address hidden> Sun, 27 Jan 2019 17:07:34 +0000
-
apparmor (2.13.2-3) unstable; urgency=medium
* Update upstream MR!252 backport to fix initscript (Closes: #917874)
-- intrigeri <email address hidden> Tue, 01 Jan 2019 18:03:54 +0000
-
apparmor (2.13.2-2) unstable; urgency=medium
* Patch rc.apparmor.functions to suit Debian/Ubuntu's needs.
* Port initscript, systemd service, postinst and profile-load
to use the upstream rc.apparmor.functions shell library.
This way, the systemd service does not require the SysV initscript
anymore (Closes: #870697).
* Drop obsolete /etc/apparmor/subdomain.conf conffile.
-- intrigeri <email address hidden> Sat, 29 Dec 2018 17:50:23 +0000
-
apparmor (2.13.2-1) unstable; urgency=medium
* Import new upstream release, drop backported patches that are now obsolete,
refresh remaining patches.
* autopkgtest: add dummy test so that changes to linux-image-amd64
trigger our other tests on ci.debian.net
* Replace home-made GitLab CI with the standard Salsa pipeline
(Closes: #912722).
* Drop extra signatures from public upstream signing key.
-- intrigeri <email address hidden> Sat, 22 Dec 2018 13:26:14 +0000
-
apparmor (2.13.1-3) unstable; urgency=medium
* GitLab CI/Lintian: install dpkg-dev, that ships dpkg-architecture,
needed to run some Lintian checks.
* Re-enable expression tree simplification and cherry-pick upstream patch
that improves its performance.
* Bump debhelper compatibility level to 11.
* Patch apparmor.d(5) to document which features are not supported on Debian
(Closes: #807369).
* Patch apparmor(7) to document debugging options (Closes: #826218).
-- intrigeri <email address hidden> Tue, 30 Oct 2018 10:57:44 +0000
-
apparmor (2.13.1-2) unstable; urgency=medium
* Deal with obsolete /etc/apparmor.d/abstractions/launchpad-integration
conffile (Closes: #911745).
* Declare autopkgtests as superficial (Closes: #911827).
Adjust GitLab CI configuration to cope with exit code 8 accordingly.
-- intrigeri <email address hidden> Fri, 26 Oct 2018 12:08:26 +0000
-
apparmor (2.13.1-1) unstable; urgency=medium
[ intrigeri ]
* New upstream release (Closes: #901470, #871441).
* Bump pinned feature set to linux-image-4.18.0-2-amd64, version 4.18.10-2.
* Add Breaks: apparmor-profiles-extra (<< 1.21): the Pidgin profile up
to 1.20 used the launchpad-integration abstraction, that was removed
in AppArmor 2.13.1.
* Drop backported patches that are now obsolete.
* Refresh patches.
* Add debian/.gitlab-ci.yml: build the package then run Lintian
and autopkgtests on it.
* upstream-commit-3bf11ce-Fix-syntax-error-in-rc.apparmor.functions.patch,
upstream-commit-b77116e-Add-profile-names.patch: new patches to fix
regressions introduced in 2.13.1.
* Drop unused Lintian override.
* Declare compliance with policy 4.2.1.
* Update symbols list.
* Honor nocheck in DEB_BUILD_OPTIONS.
* Make /lib/apparmor/apparmor.systemd executable.
[ Sven Joachim ]
* Do not remove /var/cache/apparmor/CACHEDIR.TAG on upgrades
(Closes: #910217).
[ Helmut Grohne ]
* Don't hard code the location of netinet/in.h (Closes: #909966).
-- intrigeri <email address hidden> Sun, 21 Oct 2018 08:32:47 +0000
-
apparmor (2.13-8) unstable; urgency=medium
* Only fix permissions on /lib/apparmor/apparmor.systemd when building
arch-dependent packages. Fixes FTBFS when building only
arch:all packages.
-- intrigeri <email address hidden> Thu, 02 Aug 2018 06:12:18 +0000
-
apparmor (2.13-7) unstable; urgency=medium
* Move the binary cache to /var/cache/apparmor (Closes: #904637).
And then:
- Delete obsolete cache files in /var/cache/apparmor on upgrade.
- initscript: document the potential drawback of loading the policy
before remote filesystems are mounted.
* Turn off expression tree simplification, that makes performance
much worse in some cases, and rarely much better.
* Fix aa-teardown by installing /lib/apparmor/apparmor.systemd
and making it executable.
* Override a few Lintian false positives.
-- intrigeri <email address hidden> Thu, 02 Aug 2018 01:29:03 +0000
-
apparmor (2.13-6) unstable; urgency=low
* Install new tunables/share, needed by tunables/global.
Fixes regression introduced in 2.13-5 (Closes: #904970).
* New autopkgtest: test that we can compile the Evince profile.
Having this in place earlier would have avoided introducing #904970.
-- intrigeri <email address hidden> Mon, 30 Jul 2018 07:46:00 +0000
-
apparmor (2.13-5) unstable; urgency=low
* freedesktop.org abstraction: support directories exported by Flatpak apps,
replacing former flatpak-exports.patch with the patchset that was merged
upstream (Closes: #865206).
-- intrigeri <email address hidden> Mon, 30 Jul 2018 00:27:57 +0000
-
apparmor (2.13-4) unstable; urgency=medium
* Stop building the Python 2 bindings packages: python-apparmor,
python-libapparmor (Closes: #904599).
* Mark libapparmor-perl Multi-Arch: same.
* dh-apparmor's postinst snippet template: drop now useless backwards
compatibility code; simplify.
-- intrigeri <email address hidden> Fri, 27 Jul 2018 12:00:18 +0000
-
apparmor (2.13-3) unstable; urgency=medium
* Upload to unstable.
* Set proper SELinux labels on files created during installation or upgrade.
Thanks to Laurent Bigonville <email address hidden> for the bug report
and the patch! (Closes: #903633)
* Fix CACHEDIR.TAG installation path and let dpkg replace the CACHEDIR.TAG
directory (erroneously created by 2.13-1 and 2.13-2) with a regular file.
(Closes: #883584)
* New patch: make aa-notify point to Debian documentation (Closes: #904436).
Thanks to Clément Hermann <email address hidden> for the bug report.
* Install Dovecot profiles in /usr/share/apparmor/extra-profiles/
instead of /etc/apparmor.d/: the previous setup created lots of noise
in the logs and gave no security benefit. Thanks to Jonas Smedegaard
<email address hidden> for raising the issue.
* Skip *.dpkg-(new|old|dist|bak|remove) when falling back to calling the
parser on individual profiles. Fixes a regression introduced in 2.13-1
and adds .dpkg-remove, that was missing in the exclusion list before.
* Bump pinned feature set to linux-image-4.17.0-1-amd64, version 4.17.8-1.
-- intrigeri <email address hidden> Wed, 25 Jul 2018 13:28:53 +0000
-
apparmor (2.12-5) unstable; urgency=medium
* upstream-commit-d9d3cae-adjust-python-abstraction-for-python-3.patch:
new patch, to avoid breaking things with Python 3.7.
-- intrigeri <email address hidden> Sat, 07 Jul 2018 16:50:01 +0000
-
apparmor (2.12-4) unstable; urgency=medium
* Migrate patch handling to gbp-pq (Closes: #888244).
* Merge 2.12-3ubuntu1 (dropping the Ubuntu delta):
- upstream-commit-46f88f5-properly-identify-empty-ouid-fsuid-fields.patch:
new patch, properly identify empty ouid/fsuid fields in logs.
- upstream-commit-130958a-allow-shell-helper-read-locale.patch:
new patch, allow the shell helper regression test program read
the locale.
-- intrigeri <email address hidden> Sun, 18 Mar 2018 13:47:35 +0000
-
apparmor (2.12-3) unstable; urgency=medium
* dnsmasq-profile-allow-chown-capability.patch: new patch (Closes: #889806)
* Update-base-abstraction-for-ld.so.conf-and-friends.patch: new patch,
cherry-picked from upstream (solves a minor part of #887973).
* libapparmor-perl: install example program.
-- intrigeri <email address hidden> Sun, 25 Feb 2018 18:23:21 +0000
-
apparmor (2.12-2) unstable; urgency=medium
* This release is dedicated to the memory of Ursula K. Le Guin.
* Install the "extra" profiles to the default upstream directory
(Closes: #832984).
* Cherry-pick policy improvements from upstream Git (Closes: #887591).
* Stop recommending the apparmor-profile package to the general public:
- apparmor: drop "Suggests: apparmor-profile".
- apparmor-profile: make it clear in the package description that
these profiles cannot be expected to work out-of-the-box.
* Bump debhelper compatibility level to 10.
- This reintroduces --parallel building, which was fixed upstream
since we disabled it.
- Don't manually enable the systemd debhelper sequence: now done
by default.
- Drop now useless build-dependency on autotools-dev.
* Declare compliance with Standards-Version 4.1.3 (no change required).
* debian/control: add Rules-Requires-Root: no.
- Cherry-pick upstream fix to pam_apparmor's Makefile.
* Packaging cleanup:
- Remove Kees Cook <email address hidden> from the Uploaders control field.
Thanks a lot for the inspiring work you've done on this package
in the past!
- Remove obsolete calls to rm_conffile.
- debian/copyright: use canonical URL to copyright-format/1.0.
- debian/copyright: sort licenses in lexical order.
- Use canonical URL to Debian bug in patch header.
- debian/*.install: remove duplicates.
- Stop versioning dependencies that are satisfied on Debian Wheezy
and Ubuntu Trusty.
- Reformat debian/* with 'cme fix dpkg' + wrap-and-sort.
-- intrigeri <email address hidden> Wed, 24 Jan 2018 09:18:26 +0000
-
apparmor (2.12-1) unstable; urgency=medium
* New upstream release (Closes: #885522, #882043, #884014, #886732,
#875892, #882070, #874665, #884280, #881936, #882135).
- Drop obsolete patches.
* dh-apparmor postinst snippet: create empty files in
/etc/apparmor.d/local/ instead of repeating boilerlate.
* dh-apparmor postinst snippet: simplify local overrides directory
creation code.
* Migrate to Git:
- Configure gbp for DEP-14
- Configure gbp-pq to avoid prefixing patches with numbers
- README.source: adjust to Git
- Update Vcs-* control fields: migrate to Git
* Move libpam to Section: admin
-- intrigeri <email address hidden> Sun, 14 Jan 2018 17:01:17 +0000
-
apparmor (2.11.1-4) unstable; urgency=medium
* Bump pinned feature set to linux-image-4.14.0-1's, version 4.14.2-1
- Pinning a feature set without "mount", as we did before this change,
breaks mount operations due to a bug in the kernel (Closes: #883703).
Thanks to Fabian Grünbichler and Felix Geyer for reporting this.
- AppArmor maintainers in Debian have been testing 4.14 without pinning
for a while and all the known issues were fixed; it's time to enable
4.14's features so we can learn what parts of our policy still need
updates (Closes: #880078, #877581).
* Move features file to /usr/share/apparmor-features (Closes: #883682).
Thanks to Fabian Grünbichler <email address hidden> for the patch.
* Document in apparmor/README.Debian where online documentation wrt. AppArmor
on Debian lives (Closes: #845232). Thanks to Wouter Verhelst and Jean-Michel
Vourgère for the suggestion.
* Improve usability of apparmor-notify:
- notify.conf: unset use_group.
aa-notify checks that it can read the selected log file — and aborts
if it can't — before it checks group membership vs. use_group, so in
practice setting use_group is only useful for users who are allowed
to read logs but don't want to see notifications. This seems to be
a corner case, easily addressed per-user (~/.apparmor/notify.conf)
or system-wide (by deinstalling apparmor-notify).
So let's instead optimize for a more common use case, i.e. users who can
read logs and want to see the notifications. This change does not
impact the most common use case, i.e. desktop users who are not allowed
to read logs (Closes: #880859).
- Document in apparmor-notify/README.Debian that one must be in the "adm"
group to use aa-notify.
Thanks to Lisandro Damián Nicanor Pérez Meyer and Salvatore Bonaccorso
whose combined bug reports lead to this solution.
* /lib/apparmor/functions: don't delete /etc/apparmor.d/cache/CACHEDIR.TAG
ourselves (necessary, but not sufficient, to fix #883584).
* Declare compliance with Standards-Version 4.1.2.
-- intrigeri <email address hidden> Thu, 07 Dec 2017 07:32:02 +0000
-
apparmor (2.11.1-3) unstable; urgency=medium
* upstream-commit-92752f5-support-Google-Chrome-beta.patch:
new patch, backported from upstream (Closes: #880923).
-- intrigeri <email address hidden> Sun, 05 Nov 2017 19:26:47 +0000
-
apparmor (2.11.1-2) unstable; urgency=medium
* apparmor: drop obsolete dependency on libapparmor-perl.
This dependency was added in 2.8.0-0ubuntu15, when aa-exec (that was
written in Perl back then) got moved to the apparmor package.
Nowadays aa-exec is written in C and AFAICT there's nothing in the
apparmor package that uses libapparmor-perl.
* apparmor-utils: drop obsolete dependency on libapparmor-perl.
All the programs shipped in this package were rewritten in Python.
* Drop obsolete dependencies on python{,3}-pkg-resources.
They were added to "fix autopkgtests in click-apparmor and
apparmor-easyprof-ubuntu". We don't ship these packages in Debian,
and I'm told they're going away in Ubuntu anyway.
-- intrigeri <email address hidden> Wed, 25 Oct 2017 13:58:08 +0000
-
apparmor (2.11.1-1) unstable; urgency=medium
* Import upstream 2.11.1 release.
Drop obsolete patches and refresh remaining ones as need.
* pin-feature-set.patch: new patch, that pins the AppArmor feature set
to Linux 4.13.4-2's (Closes: #879584).
The AppArmor policy we ship is not fully ready for Linux 4.14 yet.
Once our policy has been updated (#877581) we can bump the pinned
feature set to Linux 4.14's.
Note, however, that this is not fully effective in the specific case
of 4.14-rcN up to 4.14-rc6 due to a kernel bug with pinned older
feature sets, that will likely be fixed in Linux 4.14-rc7.
For example, with Linux 4.14-rc5 some network (e.g. unix, inet, inet6)
operations are denied despite the fact this pinned feature does not
enable network mediation support. For details, see:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1721278
* Disable parser-include-usr-share-apparmor.patch: it's not used on Debian
and would be made fuzzy by pin-feature-set.patch, thus causing useless
maintenance busywork.
* Improve phrasing of long packages description, based on a patch
by Vincas Dargis <email address hidden> (Closes: #795431).
* Replace build-dependency on dh-systemd with a versioned one
on debhelper, that now ships dh_systemd_*.
* Set priority to "optional": "extra" is deprecated.
* Bump Standards-Version to 4.1.1.
* Drop "Testsuite: autopkgtest" control field: it is automatically added
by dpkg-source(1) since dpkg 1.17.1 when a debian/tests/control file exists,
which is the case here.
* Move libapache2-mod-apparmor to Section "httpd", as suggested by Lintian.
-- intrigeri <email address hidden> Mon, 23 Oct 2017 14:19:33 +0000
-
apparmor (2.11.0-11) unstable; urgency=medium
* Only use systemd-detect-virt when it's installed (Closes: #871953).
* dh_apparmor: include the version of the package, so that one can find
packages that were built with a particular version of dh_apparmor.
(Closes: #872167).
* Import patch submitted upstream to support Flatpak exports
(Closes: #865206).
* Revert "Build with GCC-6 on mips64el to workaround Debian#871538":
that gcc-7 bug was fixed in 7.2.0-3 on 2017-09-02, presumably all buildd's
chroot should have it by now.
* Merge from Ubuntu citrain up to revision 1627, aka. 2.11.0-2ubuntu17.
Applied all changes (filtering from that list what had already been
done in Debian):
- Remove apparmor system upstart job on upgrades.
- r3631-apparmor-utils-python3.6-LOCALE.patch: fix utils to avoid
breakage with python 3.6 (LP: #1661766).
- nameservice-add-stub-resolv.patch: allow read access to systemd stub
resolver configuration
-- intrigeri <email address hidden> Sun, 03 Sep 2017 09:05:00 +0000
-
apparmor (2.11.0-10) unstable; urgency=medium
* Build with GCC-6 on mips64el to workaround #871538.
-- intrigeri <email address hidden> Wed, 09 Aug 2017 13:37:47 +0000
-
apparmor (2.11.0-9) unstable; urgency=medium
* debian-chromium-paths.patch: new patch, fixes e.g. opening links
(e.g. from Thunderbird) when Chromium is the default web browser
(reported in #858911).
-- intrigeri <email address hidden> Mon, 07 Aug 2017 22:36:01 +0000
-
apparmor (2.11.0-7) unstable; urgency=medium
* compare_and_save_debsums(): fix quieting of diff on initial installation
(Closes: #870696).
* Don't explicitly pass runlevel nor sequence number to update-rc.d
via dh_installinit (Closes: #870695).
Thanks to Michael Biebl for the hint!
* wayland-cursor.patch: new patch, to allow wayland-cursor-shared-*
(Closes: #870807).
* Merge from Ubuntu citrain up to revision 1620, i.e. 2.11.0-2ubuntu11.
Applied all changes:
- fix-aa-status-pod.patch: updates aa-status for newer podchecker
(LP: #1707614)
- adjust-python-for-3.6.patch: update python abstraction for 3.6
- adjust-nameservice-for-systemd-resolved.patch: grant access to
systemd-resolved in the nameservice abstraction (LP: #1598759).
… and then disabled adjust-nameservice-for-systemd-resolved.patch
that's dangerous without fine-grained AppArmor mediation of
D-Bus traffic.
* Remove upstart configuration: Upstart was removed in Debian Stretch
so this file is no longer useful.
* Drop ubuntu-manpage-updates.patch, that was only relevant with Upstart.
-- intrigeri <email address hidden> Sat, 05 Aug 2017 14:21:08 +0000
-
apparmor (2.11.0-6) unstable; urgency=medium
* libapparmor-dev: stop installing /lib/*/libapparmor.la (Closes: #866636).
-- intrigeri <email address hidden> Fri, 30 Jun 2017 17:20:45 +0000
-
apparmor (2.11.0-5) unstable; urgency=medium
* pass-compiler-flags-binutils.patch: new patch, fixes missing
hardening flags in aa-enabled and aa-exec.
* Merge from Ubuntu citrain up to revision 1617, i.e. 2.11.0-2ubuntu8.
-- intrigeri <email address hidden> Sat, 24 Jun 2017 21:12:47 +0000
-
apparmor (2.11.0-4) unstable; urgency=medium
* Run parts of the upstream test suite as autopkgtests.
* Declare compliance with Standards-Version 4.0.0 (no change required).
* Add mentions-deprecated-usr-lib-perl5-directory to Lintian overrides,
since usr-lib-perl5-mentioned has been renamed.
* libapparmor1.symbols: require 2.8.94 instead of 2.8.94-0ubuntu1.
* debian/rules: use variables provided by dpkg/pkg-info.mk instead
of parsing the output of dpkg-parsechangelog.
* Override mistaken apache2-module-depends-on-real-apache2-package
Lintian check.
* Merge from Ubuntu citrain up to revision 1616, i.e. 2.11.0-2ubuntu5
(more recent changes, up to 2.11.0-2ubuntu8, have not been pushed
to the citrain repo yet; they don't seen critical though).
-- intrigeri <email address hidden> Sat, 24 Jun 2017 15:15:09 +0000
-
apparmor (2.11.0-3) unstable; urgency=medium
* Fix CVE-2017-6507: don't unload unknown profiles during package
configuration or when restarting the apparmor init script, upstart job, or
systemd unit as this could leave processes unconfined (Closes: #858768).
Changes cherry-picked from Ubuntu's 2.11.0-2ubuntu3:
- debian/apparmor.postinst, debian/apparmor.init, debian/apparmor.upstart:
Remove calls to unload_obsolete_profiles()
- debian/patches/utils-add-aa-remove-unknown.patch,
debian/apparmor.install debian/apparmor.manpages: Include a new utility,
aa-remove-unknown, which can be used to unload unknown profiles. Based
on an upstream patch but adjusted to source the /lib/apparmor/functions
shipped in Debian/Ubuntu.
-- intrigeri <email address hidden> Tue, 28 Mar 2017 10:29:15 +0000
-
apparmor (2.11.0-2) unstable; urgency=medium
* Drop the apparmor-docs package (Closes: #851118).
-- intrigeri <email address hidden> Sat, 21 Jan 2017 10:05:51 +0000
-
apparmor (2.11.0-1) unstable; urgency=medium
* Import upstream 2.11.0 release (Closes: #809649).
* Don't try to install non-existing file
to /etc/apparmor.d/abstractions/ubuntu-browsers.d/chromium-browser.
* Drop all backported patches, that are now obsolete.
* Drop aa-utils_are_bilingual.patch, that is obsolete since upstream
switched to Python 3.
* Refresh all remaining quilt patches.
* debian/apparmor.manpages: follow upstream wrt. moving the manpages
for aa-enabled and aa-exec to section 1.
* Reintroduce building parser/techdoc.pdf from source while building
the binary package.
* Build PDFs from documentation/*, and include them in the apparmor-docs
package. Accordingly add build-dependency on libreoffice-writer and unoconv.
* README.source: document how to import a new upstream release from
the tarball.
-- intrigeri <email address hidden> Mon, 09 Jan 2017 10:30:38 +0000
-
apparmor (2.10.95-8) unstable; urgency=medium
* Stop applying add-chromium-browser.patch: it's been broken for years
on Debian, and nobody ever bothered to upstream this profile in a way
that makes it work cross-distro (Closes: #742829).
* r3441-sshd-blacklist.patch: new patch, cherry-picked from upstream
(Closes: #821881).
* r3497-add-ld.so.preload-to-abstractions-base.patch: new patch,
cherry-picked from upstream.
* r3600-usrmerge.patch: new patch, cherry-picked from upstream
(resolves the parts of #843461 that can be handled in this package).
-- intrigeri <email address hidden> Sat, 17 Dec 2016 11:25:27 +0000
-
apparmor (2.10.95-7) unstable; urgency=medium
* r3582-build-with-recent-swig.patch: new patch, cherry-picked
from upstream (Closes: #844929).
* r3588-update-gnome-abstraction-with-versioned-gtk-paths.patch:
new patch, cherry-picked from upstream (Closes: #845005).
* r3590-add-more-wayland-paths.patch: new patch, cherry-picked from upstream.
* r3591-yet-another-location-for-Xauthority.patch: new patch, cherry-picked
from upstream (Closes: #845250).
* Merge from Ubuntu citrain up to revision 1604.
* Disable profiles-grant-access-to-systemd-resolved.patch: it's dangerous
without fine-grained AppArmor mediation of D-Bus traffic.
-- intrigeri <email address hidden> Fri, 2 Dec 2016 11:00:00 +0000
-
apparmor (2.10.95-6) unstable; urgency=medium
* New patches, cherry-picked from upstream:
- debian/patches/r3577-gnome-abstraction-gtk3-config.patch:
gnome abstraction: grant read access to ~/.config/gtk-3.0/*.
- debian/patches/r3578-dnsmasq-libvirt_leaseshelper.patch:
dnsmasq: allow libvirt_leaseshelper "m" permission on itself.
-- intrigeri <email address hidden> Tue, 08 Nov 2016 13:05:14 +0000
-
apparmor (2.10.95-5) unstable; urgency=medium
* Merge from ubuntu-citrain up to revision 1600. Remaining Debian changes:
- debian/apparmor.init: don't call handle_system_policy_package_updates.
* r3566-wayland.patch: new patch, to support Wayland in at least Evince
(Closes: #827335).
* r3487-add-firefox-esr-to-ubuntu-browsers.patch: new patch, to support
firefox-esr in abstractions/ubuntu-browsers (Closes: #821945).
* Drop "Replaces: apparmor-parser": that package has never been part of
Debian, and if has ever been included in Ubuntu, that must have been
ages ago.
* Drop Breaks: lxc (<< 1.1.0~alpha1-0ubuntu5~).
- Wrt. Ubuntu: Xenial ships a newer lxc.
- Wrt. Debian: this Breaks was added in Ubuntu in order to "restrict
signal, ptrace and unix mediation to the container" (LP: #1373555).
These features require third-party Linux kernel patches, that we
haven't in Debian, so even though Jessie has lxc 1.0, we don't need
this Breaks relationship.
* Drop Breaks: lightdm (<< 1.11.8-0ubuntu2~).
- Wrt. Debian: it was added in Ubuntu because lightdm 1.11.8-0ubuntu2
brings "updates for unix socket mediation". But Unix socket mediation
requires third-party Linux kernel patches, that we haven't in Debian.
- Wrt. Ubuntu: even Vivid includes a newer lightdm.
* Drop Breaks+Replaces on a version of debhelper older than the one included
in Precise and Wheezy.
* Drop Breaks+Replaces on versions of our own binary packages that are older
than the ones included in Jessie and Xenial.
* Drop Breaks: rsyslog (<< 7.4.4-1ubuntu9~). Bot Jessie and Xenial ship
a newer one.
* Drop Breaks: apparmor-easyprof-ubuntu (<< 1.2.22). Xenial ships
a newer one.
* Drop Breaks: libvirt-bin (<< 1.2.6-0ubuntu6~). Jessie and Xenial
have a newer one.
* Drop Breaks+Replaces: apparmor-utils << 2.8.0: Jessie and Trusty ship
a newer one.
* Drop Breaks+Replaces: libapache2-mod-apparmor (<< 2.5.1-0ubuntu3):
Precise and Wheezy shipped with something newer.
* Version dependency on lsb-base to >= 3.0-6, as advised by Lintian's
init.d-script-needs-depends-on-lsb-base tag.
-- intrigeri <email address hidden> Sat, 15 Oct 2016 16:04:40 +0000
-
apparmor (2.10.95-4) unstable; urgency=medium
* debhelper/postinst-apparmor: re-add the "aa-status --enabled" -based code
as a fallback, that is used when aa-enabled is not present. This
facilitates upgrades from Jessie to Stretch, as well as partial
testing/sid upgrades. (Closes: #829030)
-- intrigeri <email address hidden> Fri, 01 Jul 2016 12:50:58 +0000
-
apparmor (2.10.95-3) unstable; urgency=medium
* debhelper/postinst-apparmor: re-add 2>/dev/null to aa-enabled invocation,
to avoid misleading users into thinking the package is missing a dependency
on apparmor. Thanks to Simon McVittie for the analysis! (Closes: #828795)
-- intrigeri <email address hidden> Wed, 29 Jun 2016 10:11:30 +0000
-
apparmor (2.10.95-2) unstable; urgency=medium
* dh-apparmor: use aa-enabled instead of aa-status --enabled.
(Closes: #822475)
* Ship fake aa-enabled and aa-exec for non-Linux builds to fix FTBFS there
(same "solution" as the one we've had for apparmor_parser for a while).
-- intrigeri <email address hidden> Fri, 24 Jun 2016 13:16:20 +0000
-
apparmor (2.10.95-1) unstable; urgency=medium
* Merge from ubuntu-citrain up to revision 1590, that is changes brought
by 2.10.95-0ubuntu1 to 2.10.95-0ubuntu2, including a new upstream
release also known as AppArmor 2.11.beta1. (Closes: #810888)
Remaining changes:
- debian/apparmor.install: install tunables/home.d and tunables/multiarch.*,
to make it easier to maintain site-specific configuration.
- Don't ship empty /usr/bin and /usr/share/apparmor in apparmor-utils:
I fail to see what good they can do.
- Drop dependency from apparmor on initramfs-tools: the early modules
loading code that needed it was removed a while ago.
- apparmor-notify depends on libnotify-bin: the package's description
is explicitly about desktop notifications, and we've had #746508,
so let's stick to supporting the desktop use case as best as we can,
and ignore the server use case for now.
- debian/control: removed duplicated Section entry for apparmor-easyprof,
it's the same as the source package's one.
- Apply notify-group.patch.
- The new packaging fixes and improvements documented below.
* Remove Holger from Uploaders, at his request. (Closes: #824461)
* dh-apparmor: fix enabling policy if it's the system's first.
Thanks to Peter Palfrader <email address hidden> for the analysis and patch!
(Closes: #822349)
* Declare compliance with Standards-Version 3.9.8.
* Fix typo in dh_apparmor(1) manpage.
* Add Lintian overrides for the no-upstream-changelog check: upstream
does not ship any changelog.
* debian/README.source: document how we import new upstream releases
from Ubuntu into Debian.
* Add a systemd unit wrapping the init script. Thanks to Felipe Sateler
for coming up with a patch, to the OpenSUSE folks for some inspiration,
and to Felix Geyer for commenting on my own initial draft. (Closes: #796589)
Accordingly:
- Add a build-dependency on dh-systemd, and enable it in debian/rules.
- Disable handle_system_policy_package_updates in the init script's
start action: it is only useful for click, snappy and Ubuntu system
images, i.e. not in Debian; and it reads and writes to /var, that can
be remote-mounted, so it would prevent us from using Before=sysinit.target
(and thus, from confining early system services) without possibly
introducing dependency loops.
-- intrigeri <email address hidden> Thu, 23 Jun 2016 18:25:09 +0000
-
apparmor (2.10-4) unstable; urgency=medium
* Team upload.
* Backport latest nameservice abstraction. (Closes: #813835)
- Allows reading resolv.conf from NetworkManager and systemd-networkd.
- Add nameservice-abstraction.patch
-- Felix Geyer <email address hidden> Tue, 29 Mar 2016 22:30:30 +0200
-
apparmor (2.10-3) unstable; urgency=medium
* Team upload.
[ intrigeri ]
* Drop libapparmor-mention-dbus-method-in-getcon-man.patch (Closes: #800132)
[ Felix Geyer ]
* Update python abstraction for python 3.5.
- Pull r3277-update-python-abstraction.patch from upstream
-- Felix Geyer <email address hidden> Mon, 25 Jan 2016 22:50:13 +0100
-
apparmor (2.10-2) unstable; urgency=medium
[ Felix Geyer ]
* Apply aa-status-dont_require_python3-apparmor.patch, to keep
the hard dependencies of the apparmor binary package minimal.
* python{,3}-apparmor: require at least the same upstream version
of python{,3}-libapparmor.
[ intrigeri ]
* Drop abstractions-ubuntu-browsers.patch: integrated upstream
(in a slightly different way).
* debian/control: don't start short description with capital letter.
(Closes: #795434)
* r3227-locale-indep-capabilities-sorting.patch: cherry-pick from upstream,
to make (more of?) the build reproducible. (Closes: #797415)
* Merge from ubuntu-citrain up to revision 1578, that is changes brought
by 2.10-0ubuntu3 to 2.10-0ubuntu6.
* Upload to unstable.
-- intrigeri <email address hidden> Tue, 18 Aug 2015 09:48:54 +0200
-
apparmor (2.9.2-3) unstable; urgency=medium
* Mark reproducible-pdf.patch as forwarded upstream.
* debian/rules: improve handling of the unversioned link in /usr to the
shared library; the new implementation doesn't cause needless version
churn in debian/rules when new releases that touch libapparmor are
incorporated into the packaging. Thanks to Steve Beattie
<email address hidden> for the patch!
* Upload to unstable.
-- intrigeri <email address hidden> Fri, 08 May 2015 21:43:41 +0200
-
apparmor (2.9.0-3) unstable; urgency=medium
* Add versionned Breaks/Replaces from libapparmor-dev to apparmor-docs
(Closes: #772557). Some manpages were actually migrated from the
latter package, and not from libapparmor1.
-- intrigeri <email address hidden> Fri, 12 Dec 2014 14:14:51 +0100
-
apparmor (2.9.0-2) unstable; urgency=medium
* Add versioned Breaks/Replaces from python-apparmor to apparmor-utils.
We have the same in place already for python3-apparmor, that deals
with the move of the Python 3 bits. This change does the same for
the Python 2 bits (Closes: #768211).
* Install all upstream Dovecot profiles: the usr.sbin.dovecot one,
that we install already, needs them (Closes: #768357).
* Install the upstream usr.sbin.smbldap-useradd profile: the usr.sbin.smbd
one, that we install already, needs it. This prevents the same kind
of bug as #768357 from occurring when one uses the smbd profile.
-- intrigeri <email address hidden> Fri, 07 Nov 2014 11:37:45 +0100
-
apparmor (2.9.0-1) unstable; urgency=medium
* Import new upstream release: 2.9.0.
* Merge Ubuntu changes up to 2.8.98-0ubuntu2 (Closes: #761994).
Remaining patches on top of Ubuntu's ones:
- abstractions-ubuntu-browsers.patch
- non-linux.patch
- notify-group.patch
- pass-compiler-flags.patch
- raise-test-timeout.patch
* Drop versioned Breaks on lxc and lightdm: as long as AppArmor is not
enabled by default in Debian, this is too strong a statement.
* Declare compliance with Standards-Version 3.9.6 (no change needed).
* Don't ship empty /usr/share/apparmor in apparmor-utils.
* Import fixed debian/watch from our 2.8 packaging branch.
* Import upstream signing key, (at least) for uscan's consumption.
* debian/watch: add support for verifying upstream cryptographic signatures.
* Make the apparmor package Suggests: apparmor-profiles-extra, just like
it does for apparmor-profiles already.
-- intrigeri <email address hidden> Sat, 18 Oct 2014 12:38:26 +0200
-
apparmor (2.8.0-8) unstable; urgency=medium
* New patch, cherry-picked from upstream to add pkg-config support:
r2079-add-pkg-config-support.patch (Closes: #762525)
* Add packaging bits to support pkg-config:
- debian/control: Add pkg-config as a Build-Depends
- debian/libapparmor-dev.install: Install libapparmor pkg-config file
-- intrigeri <email address hidden> Mon, 22 Sep 2014 23:02:48 -0700
-
apparmor (2.8.0-7) unstable; urgency=medium
* New patch: r2107-debian761733-libtoolize.patch, cherry-picked from
upstream r2107 on their 2.8 branch (Closes: #761733).
-- intrigeri <email address hidden> Fri, 19 Sep 2014 09:41:31 -0700
-
apparmor (2.8.0-6) unstable; urgency=medium
* Put package under the Debian AppArmor Team's umbrella, and accordingly:
- Add intrigeri and Holger as Uploaders.
- Point Vcs-* control fields to our new shared repository on Alioth.
* Cherry-pick upstream fix (r2667) to fix FTBFS on x32 (Closes: #760378).
* Add Turkish translation of debconf messages (Closes: #757512).
Thanks to Mert Dirik <email address hidden> for the patch!
* Merge changes from 2.8.0-5.1 NMU.
-- intrigeri <email address hidden> Wed, 10 Sep 2014 11:55:18 -0700
-
apparmor (2.8.0-5.1) unstable; urgency=medium
* Non-maintainer upload.
* control: make apparmor-notify depend on libnotify-bin (Closes: 746508).
* watch: update to the version proposed on
http://anonscm.debian.org/viewvc/sepwatch/trunk/watchfiles/apparmor_2.8.0-5.watch?view=markup
(Closes: 738531).
* rules, libapparmor-perl.install: replace hardcoded usr/lib/perl5
with the value of $Config{vendorarch} (Closes: 750128).
Thanks to Damyan Ivanov <email address hidden> for the patch!
-- intrigeri <email address hidden> Mon, 02 Jun 2014 12:21:27 +0200
-
apparmor (2.8.0-5) unstable; urgency=low
* rules: drop --parallel, since it seems the upstream build is fragile
when running in parallel mode. Thanks to intrigeri for tracking this
down! (Closes: 732578)
-- Kees Cook <email address hidden> Fri, 03 Jan 2014 13:41:43 -0800
-
apparmor (2.8.0-4) unstable; urgency=low
* control, {libapparmor1,apparmor-docs}.manpages: move man pages into
apparmor-docs to avoid multi-arch duplication and hilarity with file
dates vs buildd timezones (Closes: 731358).
* patches/r2247-fix-bison3.patch: fix build for bison 3 (Closes: 732695).
* control: bump standards version, no changes needed.
-- Kees Cook <email address hidden> Thu, 26 Dec 2013 14:42:03 -0800
-
apparmor (2.8.0-3) unstable; urgency=low
* Rebuild with pristine tree to avoid date skew in generated
manpages (Closes: 731358)
-- Kees Cook <email address hidden> Fri, 13 Dec 2013 11:14:54 -0800
-
apparmor (2.8.0-2) unstable; urgency=low
* Convert to dh(1) and Multi-Arch, thanks to Steve Langasek.
- add r2240-find-libs.patch to find libraries during tests.
-- Kees Cook <email address hidden> Mon, 02 Dec 2013 10:13:34 -0800
-
apparmor (2.8.0-1) unstable; urgency=low
* Merge with Ubuntu changes.
- update to 2.8.0 release (Closes: 712370).
- handle Apache 2.4 transition (Closes: 666808).
- drop debian/patches/abstractions-X.patch (taken upstream)
- drop debian/patches/fix-network-rule-support.patch (taken upstream)
- updated debian/patches/pass-compiler-flags.patch (partially upstream)
* debian/control:
- fix typo in long description (Closes: 711398).
- removed duplicated Section entry for apparmor-easyprof.
- add missing python Depends.
* debian/rules:
- dh_apache2 must execute before dh_strip and dh_fixperms.
- improved repeat-build cleanup logic.
- dh_python needs to be called on all packages installing scripts.
- do not force python version 3.
* Add debian/patches/fix-font-abstractions.patch (Closes: 714843).
* Add debian/patches/raise-time-timeout.patch (Closes: 699774).
* Drop debian/libapache2-mod-apparmor.lintian-overrides (not needed).
* debian/*.manpages: move aa-exec.8 to apparmor from apparmor-utils.
* debian/apparmor-utils.dirs: drop unused directories from aa-easyprof.
-- Kees Cook <email address hidden> Mon, 08 Jul 2013 17:51:40 -0700
-
apparmor (2.7.103-4) unstable; urgency=low
* debian/apparmor-profiles.dirs: add directories we might collide
with apparmor on during purge.
* debian/patches/fix-network-rule-support.patch: handle lack of
networking features correctly (Closes: 679597).
-- Kees Cook <email address hidden> Mon, 16 Jul 2012 11:52:42 -0700
-
apparmor (2.7.103-3) unstable; urgency=low
* debian/control: drop deprecated XS-Python-Version (Closes: 673062).
* debian/debhelper/postinst-apparmor: remove bashism (Closes: 678526).
* debian/patches/pass-compiler-flags.patch: add LDFLAGS where needed.
* debian/libapache2-mod-apparmor.lintian-overrides: verified safe
glibc function use at compile-time.
* debian/rules: call dh_lintian.
-- Kees Cook <email address hidden> Thu, 28 Jun 2012 23:23:27 -0700
-
apparmor (2.7.103-2) unstable; urgency=low
* debian/patches/non-linux.patch: fix up build failures on non-Linux
systems (Closes: 671040).
* debian/control: require apparmor for apparmor-profiles, since abstraction
tree needs to be created already.
* debian/lib/apparmor/functions: silently handle lack of interface compat
patch.
* debian/apparmor-profiles.postrm: retain conffile list for purge logic
(Closes: 656451).
* debian/libapache2-mod-apparmor.{dirs,preinst}: add "disabled" directory
to package file list correctly (Closes: 670431).
* debian/control: bump standards version, no changes needed.
-- Kees Cook <email address hidden> Sat, 05 May 2012 09:57:10 -0700
-
apparmor (2.7.103-1) unstable; urgency=low
* New upstream release, merge with Ubuntu, drop included patches:
- 0005-clean-common-from-vim.patch
- 0006-use-linux-capability-h.patch
- 0008-apparmor-lp963756.patch
- 0009-apparmor-lp959560-part1.patch
- 0010-apparmor-lp959560-part2.patch
- 0011-apparmor-lp872446.patch
- 0012-apparmor-lp978584.patch
- 0013-apparmor-lp800826.patch
- 0014-apparmor-lp979095.patch
- 0015-apparmor-lp963756.patch
- 0016-apparmor-lp968956.patch
- 0017-apparmor-lp979135.patch
- Closes: 656451
* debian/control: url.sty has moved, add texlive-latex-recommended
Build-Dep (Closes: 669537).
* debian/patches/notify-group.patch, debian/apparmor-notify.install,
debian/notify/notify.conf: Remove custom notify.conf file, and modify
the upstream one instead, adjusting the group to "adm", thanks to
Intrigeri (Closes: 660078).
* debian/patches/aa-status-smarter.patch: fix up the logic for
determining the enabled state of AppArmor, based on patch from
Intrigeri (Closes: 661153).
* debian/debhelper/postinst-apparmor: do not fail if AppArmor is not
installed, thanks to Intrigeri (Closes: 668010).
* debian/patches/abstractions-X.patch: add missing gdm3 path to X
abstraction, thanks to Intrigeri (Closes: 660079).
* debian/patches/abstractions-ubuntu-browsers.patch: include iceweasl
in browser abstraction, thanks to Intrigeri (Closes: 661176).
* debian/rules, debian/compat, debian/patches/pass-compiler-flags.patch,
debian/control: bump to compat 9, export build flags, and make get
them passed into the build.
-- Kees Cook <email address hidden> Tue, 24 Apr 2012 17:20:41 -0700
-
apparmor (2.7.0-1) unstable; urgency=low
* debian/po/pt.po add new Portuguese translation, thanks to Pedro Ribeiro,
(Closes: 651434).
* debian/control: do not require initramfs-tools on !linux-any
(Closes: 651297).
* debian/{control,rules,debhelper/*}: move dh_apparmor into separate
binary package, out of debhelper (Closes: 649784).
* debian/{control,rules}: fix up lack of real build-indep.
* debian/patches/0036-fix-manpage-errors.patch: minor man page cleanups.
* merge changes from Ubuntu (r1443).
-- Kees Cook <email address hidden> Thu, 09 Feb 2012 15:24:08 -0800
-
apparmor (2.7.0~beta1+bzr1774-1) unstable; urgency=low
* New upstream devel snapshot:
- drop 0002-lp750381.patch, taken upstream.
- drop 0004-lp754889.patch, taken upstream.
- drop 0005-lp761217.patch, taken upstream.
- drop 0100-manpage-typo.patch, taken upstream.
- drop 0101-declarations.patch, solved differently upstream.
- drop 0102-manpage-release-name.patch, taken upstream.
- drop 0103-kfreebsd-compile.patch, taken upstream.
- drop define-path-max.patch, taken upstream.
- drop indep-build.patch, taken upstream.
- debian/libapparmor1.manpages: add new function man pages.
* Merge with Ubuntu:
- drop 0104-python-aa-status.patch, taken upstream.
- drop 0105-lightdm.patch, taken upstream.
- drop 0106-lp810270.patch, taken upstream.
- drop 0107-lp767308.patch, taken upstream.
- drop 0108-gnome-mimeinfo.patch, taken upstream.
- drop 0109-add-profile-repo-info.patch, taken upstream.
* Add af_names-generation.patch to allow arbitrary socket.h file location.
-- Kees Cook <email address hidden> Wed, 10 Aug 2011 18:12:34 -0700
-
apparmor (2.6.1-4) unstable; urgency=low
* debian/po: add new translations: - zh_CN.po: Simplified Chinese, thanks to Aron Xu (Closes: 624853). - da.po: Danish, thanks to Joe Dalton (Closes: 625252). - sv.po: Swedish, thanks to Martin Bagge (Closes: 625264). - cs.po: Czech, thanks to Michal Šimůnek (Closes: 625465). - de.po: German, thanks to Chris Leick (Closes: 625931). - nl.po: Dutch, thanks to Jeroen Schot (Closes: 626269). - ja.po: Japanese, thanks to Hideki Yamane (Closes: 626803). - it.po: Italian, thanks to Dario Santamaria (Closes: 626836). - fr.po: French, thanks to Julien Patriarca (Closes: 626903). - es.po: Spanish, thanks to Francisco Javier Cuadrado (Closes: 627031). * debian/patches/define-path-max.patch: fix Hurd FTBFS. * debian/patches/indep-build.patch: allow split indep/arch builds. * debian/{control,rules,non-linux}: add fake parser for non-Linux builds so that apparmor-utils is installable (Closes: 625977). -- Kees Cook <email address hidden> Fri, 27 May 2011 13:51:18 -0700
-
apparmor (2.6.1-3) unstable; urgency=low
* debian/control: add sneaky missing Build-Dep on liblocale-gettext-perl (fixes FTBFS on some extremely minimal chroots, Closes: 624566). * debian/patches/0101-declarations.patch: add missing declarations needed for sensitive compilers (fixes FTBFS on mips/mipsel). * debian/patches/0102-manpage-release-name.patch: update manpage release names to match others. * debian/patches/0103-kfreebsd-compile.patch, debian/{control,rules}: attempt to build as much as possible (no parser) on non-Linux systems. * debian/po/ru.po: add translation, thanks to Yuri Kozlov (Closes: 624741). -- Kees Cook <email address hidden> Sun, 01 May 2011 19:29:07 -0700
-
apparmor (2.6.1-2) unstable; urgency=low
* debian/copyright: clarify for some full organization names. -- Kees Cook <email address hidden> Wed, 27 Apr 2011 10:38:07 -0700