Change log for apparmor package in Ubuntu

175 of 311 results
Published in cosmic-release on 2018-08-02
Deleted in cosmic-proposed (Reason: moved to release)
apparmor (2.12-4ubuntu7) cosmic; urgency=medium

  * Cherry-pick upstream patch for usr-merge for useradd profile.
  * Update chromium-browser profile with latest from profiles project.
  * Fixes LP: #1784023

 -- Dimitri John Ledkov <email address hidden>  Wed, 01 Aug 2018 15:20:51 +0100

Available diffs

Superseded in cosmic-release on 2018-08-02
Deleted in cosmic-proposed on 2018-08-03 (Reason: moved to release)
apparmor (2.12-4ubuntu6) cosmic; urgency=medium

  * No-change rebuild to build for python3.7.

 -- Matthias Klose <email address hidden>  Thu, 28 Jun 2018 06:52:52 +0000

Available diffs

Superseded in cosmic-release on 2018-07-30
Published in bionic-release on 2018-04-19
Deleted in bionic-proposed (Reason: moved to release)
apparmor (2.12-4ubuntu5) bionic; urgency=medium

  [ Didier Roche ]
  * debian/patches/ubuntu/communitheme-snap-support.patch:
    - support communitheme snap (LP: #1762983)

  [ Jamie Strandboge ]
  * debian/patches/ubuntu/add-chromium-browser.patch: adjust for newer
    chromium (LP: #1101298, LP: #1594589, LP: #1647142)
    - add attach_disconnected
    - allow reading /proc/vmstat
    - don't require owner match for /proc/pid/{stat,status} and task
      counterparts
    - adjust pci[0-9] to be pci[0-9a-f]
    - allow reading all uevents and /sys/devices/virtual/tty/tty0/active
    - allow ptracing xdgsettings and lsb-release
    - xdgsettings uses head and tr and looks at /usr/share/ubuntu/applications/
    - lsb-release uses python 3.6 and looks at apport, apt.conf, dpkg and
      distro-info
    - use 'm' on on sandbox
  * debian/patches/ubuntu/mimeinfo-snap-support.patch: allow reading
    /var/lib/snapd/desktop/applications *.desktop and mimeinfo.cache
    (LP: #1712039)

 -- Jamie Strandboge <email address hidden>  Tue, 17 Apr 2018 20:15:16 +0000

Available diffs

Superseded in bionic-release on 2018-04-19
Deleted in bionic-proposed on 2018-04-21 (Reason: moved to release)
apparmor (2.12-4ubuntu4) bionic; urgency=medium

  * Remove another Ubuntu Touch profile (LP: #1761176)
    - debian/control: Breaks on messaging-app
    - debian/postinst: on upgrade, remove profile for usr.bin.messaging-app

 -- Jamie Strandboge <email address hidden>  Wed, 04 Apr 2018 13:58:26 +0000

Available diffs

Superseded in bionic-release on 2018-04-06
Deleted in bionic-proposed on 2018-04-07 (Reason: moved to release)
apparmor (2.12-4ubuntu3) bionic; urgency=medium

  * Remove old Ubuntu Touch profiles for packages removed from the archive
    since they need apparmor-easyprof-ubuntu to compile, and it was also
    removed from the archive (LP: #1756800)
    - debian/control: Breaks on media-hub, mediascanner2.0 and webbrowser-app
    - debian/postinst: on upgrade, remove profiles for usr.bin.webbrowser-app,
      usr.bin.media-hub-server, usr.lib.mediascanner-2.0.mediascanner-extractor
      and usr.bin.mediascanner-service-2.0

 -- Jamie Strandboge <email address hidden>  Tue, 03 Apr 2018 13:12:46 +0000

Available diffs

Superseded in bionic-release on 2018-04-04
Deleted in bionic-proposed on 2018-04-05 (Reason: moved to release)
apparmor (2.12-4ubuntu2) bionic; urgency=medium

  * Remove old click and snapv1 support since those packages no longer exist
    in bionic
    - debian/apparmor.dirs: don't install /var/lib/apparmor/profiles
    - debian/apparmor.init: remove click and snapv1 additions
    - debian/apparmor.postinst: don't update the md5sums for click/snapv1
    - debian/apparmor.postrm: remove code for handling
      /var/lib/apparmor/profiles
    - debian/apparmor.preinst: remove md5sums files from
      /var/lib/apparmor/profiles
    - debian/lib/apparmor/functions: remove compare_and_save_debsums() and
      compare_previous_version() since nothing in the archive uses them any
      more. For now, leave snap v2 support, but eventually we'll want to move
      to the upstream init recommendations
  * profiles-grant-access-to-systemd-resolved.patch: fix typo in DEP-3 headers

 -- Jamie Strandboge <email address hidden>  Thu, 22 Mar 2018 19:27:44 +0000

Available diffs

Superseded in bionic-release on 2018-03-23
Deleted in bionic-proposed on 2018-03-24 (Reason: moved to release)
apparmor (2.12-4ubuntu1) bionic; urgency=medium

  [ Tyler Hicks ]
  * Merge from Debian to get gbp-pq related packaging improvements. Thanks to
    intrigeri for making those improvements! Remaining Ubuntu changes:
    - debian/gbp.conf: Use ubuntu/master as the debian-branch
    - Update package maintainer to be Ubuntu Developers in the control file
    - Call handle_system_policy_package_updates in apparmor.init.
      This is needed for snappy and system-images. Note that this prevents
      using a remove /var.
    - Apply Ubuntu-specific patches
      + parser-include-usr-share-apparmor.patch
      + profiles-grant-access-to-systemd-resolved.patch
      + add-chromium-browser.patch
    - Install Ubuntu chromium-browser profile and abstraction
    - Feature pinning is not used in Ubuntu

  [ intrigeri ]
  * Adjust the Vcs-{Browser,Git} control fields to reflect the branch where
    the Ubuntu packaging is maintained.

Superseded in bionic-proposed on 2018-03-19
apparmor (2.12-3ubuntu1) bionic; urgency=medium

  * New upstream bug fix release. Bugs fixed:
    - abstraction/nameservice should include allow access to
      /var/lib/sss/mc/initgroups (LP: #1751402)
    - Cannot Add Request Hat or Use Default Hat in aa-logprof and mod_apparmor
      (LP: #1752365)
    - python tools do not understand 'non-magic' include rules (LP: #1733700)
    - "Unable to open external link" in Evince when google-chrome-unstable is
      the default browser (LP: #1730536)
    - apparmor_parser is missing fix for rule down grades (LP: #1728120)
    - base abstraction missing glibc /proc/$pid/ things (LP: #1658239)
    - logparser.py parse_event_for_tree() doesn't care about owner vs. all in
      file events(LP: #1538340)
    - aa-decode can't decode the audit log which contains the proctitle string
      (LP: #1736841)
    - aa-logprof asks for "a" rule even if "deny w" is present (LP: #1385474)
  * Merge from Debian. Remaining Ubuntu changes:
    - debian/gbp.conf: Use ubuntu/master as the debian-branch
    - Update package maintainer to be Ubuntu Developers in the control file
    - Call handle_system_policy_package_updates in apparmor.init.
      This is needed for snappy and system-images. Note that this prevents
      using a remove /var.
    - Apply Ubuntu-specific patches
      + parser-include-usr-share-apparmor.patch
      + profiles-grant-access-to-systemd-resolved.patch
      + add-chromium-browser.patch
    - Install Ubuntu chromium-browser profile and abstraction
  * Dropped patches that were not merged upstream:
    - ubuntu-manpage-updates.patch: The changes were out of date because
      they only addressed upstart based systems
    - utils-keep-shebang.patch: A different solution was merged upstream
      so that the shebang lines aren't rewritten
  * Feature pinning is not used in Ubuntu
  * Properly identify empty ouid/fsuid fields in logs
  * Allow the shell helper regression test program read the locale

Available diffs

Published in xenial-updates on 2018-03-12
Deleted in xenial-proposed (Reason: moved to -updates)
apparmor (2.10.95-0ubuntu2.9) xenial; urgency=medium

  * debian/patches/base-journald-updates.patch: update base abstraction
    for additional journald sockets (LP: #1670408)
    Backport from 2.11.0-2ubuntu5 by Jamie Strandboge <email address hidden>

 -- Christian Ehrhardt <email address hidden>  Tue, 20 Feb 2018 16:04:02 +0100
Published in trusty-updates on 2018-02-12
Deleted in trusty-proposed (Reason: moved to -updates)
apparmor (2.10.95-0ubuntu2.6~14.04.3) trusty; urgency=medium

  * d/p/14.04-profiles-allow-seven-digit-pid-lp1717714.patch:
    - Renamed d/p/0001-Allow-seven-digit-pid.patch to mirror other
      profiles-14.04 patches naming pattern.
    - Modify the existing/renamed patch to use the dir that should be use to
      patch a profile. profiles-14.04/ should be use instead of profiles/
      which is not use. (LP: #1717714)

 -- Eric Desrochers <email address hidden>  Fri, 02 Feb 2018 10:19:38 -0500
Superseded in trusty-proposed on 2018-02-02
apparmor (2.10.95-0ubuntu2.6~14.04.2) trusty; urgency=medium

  * d/p/0001-Allow-seven-digit-pid.patch:
    On 64bit systems, /proc/sys/kernel/pid_max can be set to PID_MAX_LIMIT,
    (2^22), which results in seven digit pids. Adjust the @{PID} variable in
    tunables/global to accept this. (LP: #1717714)

 -- Seyeong Kim <email address hidden>  Mon, 08 Jan 2018 07:19:22 -0800
Superseded in xenial-updates on 2018-03-12
Deleted in xenial-proposed on 2018-03-13 (Reason: moved to -updates)
apparmor (2.10.95-0ubuntu2.8) xenial; urgency=medium

  * d/p/0001-Allow-seven-digit-pid.patch:
    On 64bit systems, /proc/sys/kernel/pid_max can be set to PID_MAX_LIMIT,
    (2^22), which results in seven digit pids. Adjust the @{PID} variable in
    tunables/global to accept this. (LP: #1717714)

 -- Seyeong Kim <email address hidden>  Mon, 08 Jan 2018 07:43:46 -0800
Published in artful-updates on 2018-02-08
Deleted in artful-proposed (Reason: moved to -updates)
apparmor (2.11.0-2ubuntu17.1) artful; urgency=medium

  * d/p/0001-Allow-seven-digit-pid.patch:
    On 64bit systems, /proc/sys/kernel/pid_max can be set to PID_MAX_LIMIT,
    (2^22), which results in seven digit pids. Adjust the @{PID} variable in
    tunables/global to accept this. (LP: #1717714)

 -- Seyeong Kim <email address hidden>  Mon, 08 Jan 2018 07:49:55 -0800
Superseded in bionic-release on 2018-03-20
Deleted in bionic-proposed on 2018-03-22 (Reason: moved to release)
apparmor (2.11.0-2ubuntu19) bionic; urgency=medium

  * d/p/0001-Allow-seven-digit-pid.patch:
    On 64bit systems, /proc/sys/kernel/pid_max can be set to PID_MAX_LIMIT,
    (2^22), which results in seven digit pids. Adjust the @{PID} variable in
    tunables/global to accept this. (LP: #1717714)

 -- Seyeong Kim <email address hidden>  Mon, 08 Jan 2018 07:52:32 -0800
Superseded in bionic-release on 2018-01-29
Deleted in bionic-proposed on 2018-01-30 (Reason: moved to release)
apparmor (2.11.0-2ubuntu18) bionic; urgency=medium

  * No-change rebuild against perlapi-5.26.1

 -- Steve Langasek <email address hidden>  Thu, 02 Nov 2017 05:31:55 +0000
Superseded in bionic-release on 2017-11-22
Published in artful-release on 2017-09-16
Deleted in artful-proposed (Reason: moved to release)
apparmor (2.11.0-2ubuntu17) artful; urgency=medium

  * nameservice-add-stub-resolv.patch: allow read access to systemd stub
    resolver configuration

 -- Jamie Strandboge <email address hidden>  Fri, 15 Sep 2017 12:52:05 +0000
Superseded in xenial-updates on 2018-02-08
Deleted in xenial-proposed on 2018-02-09 (Reason: moved to -updates)
apparmor (2.10.95-0ubuntu2.7) xenial; urgency=medium

  * Remove initramfs-tools from the dependencies; this isn't used and the
    dependency has been dropped in later releases.  LP: #1713169.

 -- Steve Langasek <email address hidden>  Fri, 25 Aug 2017 16:54:53 -0700
Superseded in artful-release on 2017-09-16
Deleted in artful-proposed on 2017-09-17 (Reason: moved to release)
apparmor (2.11.0-2ubuntu16) artful; urgency=medium

  * add wayland-cursor.patch (LP: #1710487)

 -- Jamie Strandboge <email address hidden>  Mon, 14 Aug 2017 19:36:26 +0000
Superseded in artful-release on 2017-08-15
Deleted in artful-proposed on 2017-08-16 (Reason: moved to release)
apparmor (2.11.0-2ubuntu15) artful; urgency=medium

  * Correctly remove system upstart job.

 -- Dimitri John Ledkov <email address hidden>  Mon, 07 Aug 2017 17:03:19 -0400
Superseded in artful-proposed on 2017-08-07
apparmor (2.11.0-2ubuntu14) artful; urgency=medium

  * drop adjust-nameservice-for-systemd-resolved.patch that was previously
    applied in profiles-grant-access-to-systemd-resolved.patch

Superseded in artful-proposed on 2017-08-07
apparmor (2.11.0-2ubuntu13) artful; urgency=medium

  * Stop installing apparmor system upstart job.
  * Remove apparmor system upstart job on upgrades.

 -- Dimitri John Ledkov <email address hidden>  Mon, 07 Aug 2017 12:15:53 -0400
Superseded in artful-proposed on 2017-08-07
apparmor (2.11.0-2ubuntu12) artful; urgency=medium

  * r3631-apparmor-utils-python3.6-LOCALE.patch: fix utils to avoid
    breakage with python 3.6 (LP: #1661766)

 -- Steve Beattie <email address hidden>  Wed, 02 Aug 2017 11:47:41 -0700
Superseded in artful-proposed on 2017-08-02
apparmor (2.11.0-2ubuntu11) artful; urgency=medium

  * fix-aa-status-pod.patch: updates aa-status for newer podchecker
    (LP: #1707614)

 -- Jamie Strandboge <email address hidden>  Mon, 31 Jul 2017 13:32:25 +0000
Superseded in artful-proposed on 2017-07-31
apparmor (2.11.0-2ubuntu10) artful; urgency=medium

  * No-change rebuild for perl 5.26.

 -- Matthias Klose <email address hidden>  Thu, 27 Jul 2017 09:29:54 +0200

Available diffs

Superseded in artful-proposed on 2017-07-27
apparmor (2.11.0-2ubuntu9) artful; urgency=medium

  * adjust-python-for-3.6.patch: update python abstraction for 3.6
  * adjust-nameservice-for-systemd-resolved.patch: grant access to
    systemd-resolved in the nameservice abstraction (LP: #1598759). Patch
    from Tyler Hicks

 -- Jamie Strandboge <email address hidden>  Wed, 26 Jul 2017 13:23:26 +0000
Superseded in artful-release on 2017-08-10
Deleted in artful-proposed on 2017-08-11 (Reason: moved to release)
apparmor (2.11.0-2ubuntu8) artful; urgency=medium

  * no-change rebuild to unblock build of snapd after armhf/arm64
    enabling PIE by default.

 -- Michael Vogt <email address hidden>  Tue, 06 Jun 2017 11:37:03 +0200
Superseded in artful-proposed on 2017-06-06
apparmor (2.11.0-2ubuntu7) artful; urgency=medium

  * utils-keep-shebang.patch: Stop inappropriately mangling script shebangs.
  * utils-logprof-python3.6.patch: Add python3.6 line to utils/logprof.conf.

 -- Adam Conrad <email address hidden>  Fri, 12 May 2017 06:26:16 -0600

Available diffs

Superseded in artful-proposed on 2017-05-12
apparmor (2.11.0-2ubuntu6) artful; urgency=medium

  * No change rebuild to add Python 3.6 support.

 -- Michael Hudson-Doyle <email address hidden>  Fri, 12 May 2017 11:38:00 +1200

Available diffs

Superseded in artful-release on 2017-06-07
Deleted in artful-proposed on 2017-06-09 (Reason: moved to release)
apparmor (2.11.0-2ubuntu5) artful; urgency=medium

  * debian/patches/base-journald-updates.patch: update base abstraction for
    additional journald sockets

 -- Jamie Strandboge <email address hidden>  Thu, 27 Apr 2017 16:09:50 +0000
Superseded in artful-release on 2017-05-02
Obsolete in zesty-release on 2018-06-22
Deleted in zesty-proposed on 2018-06-22 (Reason: moved to release)
apparmor (2.11.0-2ubuntu4) zesty; urgency=medium

  * debian/patches/aa-notify-urgency-normal.patch: adjust the notify-send
    urgency to 'normal' to accommodate gnome-shell (LP: #1681908)

 -- Jamie Strandboge <email address hidden>  Tue, 11 Apr 2017 18:34:18 +0000
Obsolete in yakkety-updates on 2018-01-23
Obsolete in yakkety-security on 2018-01-23
apparmor (2.10.95-4ubuntu5.3) yakkety-security; urgency=medium

  * SECURITY UPDATE: Don't unload unknown profiles during package
    configuration or when restarting the apparmor init script, upstart job, or
    systemd unit as this could leave processes unconfined (LP: #1668892)
    - debian/apparmor.postinst, debian/apparmor.init, debian/apparmor.upstart:
      Remove calls to unload_obsolete_profiles()
    - debian/patches/utils-add-aa-remove-unknown.patch,
      debian/apparmor.install debian/apparmor.manpages: Include a new utility,
      aa-remove-unknown, which can be used to unload unknown profiles
    - CVE-2017-6507

 -- Tyler Hicks <email address hidden>  Tue, 28 Mar 2017 15:51:36 +0000
Superseded in zesty-release on 2017-04-12
Deleted in zesty-proposed on 2017-04-13 (Reason: moved to release)
apparmor (2.11.0-2ubuntu3) zesty; urgency=medium

  * SECURITY UPDATE: Don't unload unknown profiles during package
    configuration or when restarting the apparmor init script, upstart job, or
    systemd unit as this could leave processes unconfined (LP: #1668892)
    - debian/apparmor.postinst, debian/apparmor.init, debian/apparmor.upstart:
      Remove calls to unload_obsolete_profiles()
    - debian/patches/utils-add-aa-remove-unknown.patch,
      debian/apparmor.install debian/apparmor.manpages: Include a new utility,
      aa-remove-unknown, which can be used to unload unknown profiles. Based
      on an upstream patch but adjusted to source the /lib/apparmor/functions
      shipped in Debian/Ubuntu.
    - CVE-2017-6507
  * debian/patches/r3645-profiles-update-nvidia-abstraction.patch: Update
    nvidia abstraction for newer nvidia drivers (LP: #1590561)

 -- Tyler Hicks <email address hidden>  Fri, 24 Mar 2017 05:26:28 +0000
Superseded in trusty-updates on 2018-02-12
Published in trusty-security on 2017-03-28
apparmor (2.10.95-0ubuntu2.6~14.04.1) trusty-security; urgency=medium

  * SECURITY UPDATE: Merge from xenial-security to get fix for CVE-2017-6507
  * debian/apparmor.postrm: Ensure that a purge of the apparmor package does
    not fail if the /var/lib/apparmor/profiles or /var/lib/apparmor
    directories do not exist. This purge operation should be considered
    successful in that situation. (LP: #1661406)

 -- Tyler Hicks <email address hidden>  Thu, 16 Mar 2017 01:20:13 +0000
Published in precise-updates on 2017-03-28
Published in precise-security on 2017-03-28
apparmor (2.7.102-0ubuntu3.11) precise-security; urgency=medium

  * SECURITY UPDATE: Don't unload unknown profiles during package
    configuration or when restarting the apparmor init script as this could
    leave processes unconfined (LP: #1668892)
    - debian/apparmor.init: Remove call to unload_obsolete_profiles()
    - debian/patches/0042-utils-add-aa-remove-unknown.patch,
      debian/apparmor.install debian/apparmor.manpages: Include a new utility,
      aa-remove-unknown, which can be used to unload unknown profiles
    - CVE-2017-6507

 -- Tyler Hicks <email address hidden>  Wed, 15 Mar 2017 22:07:05 +0000
Superseded in xenial-updates on 2017-09-12
Published in xenial-security on 2017-03-28
apparmor (2.10.95-0ubuntu2.6) xenial-security; urgency=medium

  * SECURITY UPDATE: Don't unload unknown profiles during package
    configuration or when restarting the apparmor init script or upstart job
    as this could leave processes unconfined (LP: #1668892)
    - debian/apparmor.postinst, debian/apparmor.init, debian/apparmor.upstart:
      Remove calls to unload_obsolete_profiles()
    - debian/patches/utils-add-aa-remove-unknown.patch,
      debian/apparmor.install debian/apparmor.manpages: Include a new utility,
      aa-remove-unknown, which can be used to unload unknown profiles
    - CVE-2017-6507

 -- Tyler Hicks <email address hidden>  Wed, 15 Mar 2017 22:07:02 +0000
Superseded in zesty-release on 2017-03-24
Deleted in zesty-proposed on 2017-04-07 (Reason: moved to release)
apparmor (2.11.0-2ubuntu2) zesty; urgency=medium

  * debian/apparmor.postrm: Ensure that a purge of the apparmor package does
    not fail if the /var/lib/apparmor/profiles or /var/lib/apparmor
    directories do not exist. This purge operation should be considered
    successful in that situation. (LP: #1661406)

 -- Tyler Hicks <email address hidden>  Thu, 02 Mar 2017 00:21:14 +0000

Available diffs

Superseded in zesty-release on 2017-03-10
Deleted in zesty-proposed on 2017-03-12 (Reason: moved to release)
apparmor (2.11.0-2ubuntu1) zesty; urgency=medium

  * Merge with Debian unstable. Remaining Ubuntu changes:
    - debian/apparmor.init: Call handle_system_policy_package_updates as we
      need it for Click, snappy, and system-images. Note that this prevents
      using a remote /var.
    - debian/patches/series: Apply
      profiles-grant-access-to-systemd-resolved.patch
    - debian/patches/series: Apply add-chromium-browser.patch
    - debian/apparmor-profiles.install, debian/apparmor-profiles.postinst:
      Install chromium-browser profile and abstraction
  * Drop the following change:
    - debian/rules: Create a new empty file, needed for the test added by this
      patch, since quilt is unable to do so.
      + This is no longer required since the empty file is now distributed as
        part of the upstream tar.
  * debian/patches/r3615-profiles-sshd-drop-local-include.patch: Drop the
    local includes in the sshd profile since it causes a parser error due to
    the missing includes file
  * debian/patches/utils-fix-failing-tests-in-aa-py.patch: Adjust expected
    output to account for the base abstraction changes to accommodate the /usr
    merge
  * debian/patches/utils-allow-unordered-dbus-attribs.patch: Don't
    unnecessarily enforce attribute ordering in D-Bus rules (LP: #1628286)

Superseded in trusty-updates on 2017-03-28
Deleted in trusty-proposed on 2017-03-29 (Reason: moved to -updates)
apparmor (2.10.95-0ubuntu2.5~14.04.1) trusty; urgency=medium

  * Bring apparmor 2.10.95-0ubuntu2.5, from Ubuntu 16.04, to Ubuntu 14.04.
    - This allows for proper snap confinement on Ubuntu 14.04 when using the
      hardware enablement kernel (LP: #1641243)
  * Changes made on top of 2.10.95-0ubuntu2.5:
    - debian/apparmor.upstart: Remove the upstart job and continue using the
      init script in 14.04
    - debian/apparmor.postinst, debian/apparmor-profiles.postinst,
      debian/apparmor-profiles.postrm, debian/rules: Revert to using
      invoke-rc.d to load the profiles, rather than reloading them directly,
      since 14.04 will continue using the init script rather than the upstart
      job.
    - debian/apparmor.init, debian/lib/apparmor/functions,
      debian/apparmor.postinst, debian/apparmor.postrm: Remove functionality
      dealing with AppArmor policy in system image based environments since
      this 14.04 package will not need to handle such environments. This
      removes the handle_system_policy_package_updates(),
      compare_previous_version(), compare_and_save_debsums() functions and
      their callers.
    - debian/apparmor.init: Continue using running-in-container since
      systemd-detect-virt doesn't exist on 14.04
    - debian/lib/apparmor/functions, debian/apparmor.init: Remove the
      is_container_with_internal_policy() function and adjust its call sites
      in apparmor.init so that AppArmor policy is not loaded inside of 14.04
      LXD containers (avoids bug #1641236)
    - debian/lib/apparmor/profile-load, debian/apparmor.install: Remove
      profile-load as upstart's apparmor-profile-load is used in 14.04
    - debian/patches/libapparmor-mention-dbus-method-in-getcon-man.patch:
      Continue applying this patch since the dbus version in 14.04 isn't new
      enough to support fetching the AppArmor context from
      org.freedesktop.DBus.GetConnectionCredentials().
    - debian/patches/libapparmor-force-libtoolize-replacement.patch: Force
      libtoolize to replace existing files to fix a libapparmor FTBFS issue on
      14.04.
    - debian/control: Retain the original 14.04 Breaks and ignore the new
      Breaks from 2.10.95-0ubuntu2.5 since they were put in place as part of
      the enablement of UNIX domain socket mediation. They're not needed in
      this upload since UNIX domain socket mediation is disabled by default so
      updates to the profiles included in those packages are not needed.
    - Preserve the profiles and abstractions from 14.04's
      2.8.95~2430-0ubuntu5.3 apparmor package by recreating them in the
      top-level profiles-14.04/ directory of the source. They'll be installed
      to debian/tmp/etc/apparmor.d/ during the build process and then to
      /etc/apparmor.d/ on package install so that there are no changes to the
      shipped profiles or abstractions. The abstractions from
      2.10.95-0ubuntu2.5 will be installed into
      debian/tmp/snap/etc/apparmor.d/ during the build process and then into
      /etc/apparmor.d/snap/abstractions/ on package install for use with snap
      confinement. Snap confinement profiles, which includes AppArmor profiles
      loaded by snapd and profiles loaded by snaps that are allowed to manage
      AppArmor policy, will use the snap abstractions. All other AppArmor
      profiles will continue to use the 14.04 abstractions.
      - debian/rules: Adjust for new profiles-14.04/ directory
      - debian/apparmor-profiles.install: Adjust to install the profiles that
        were installed in the 2.8.95~2430-0ubuntu5.3 package
      - debian/apparmor.install: Install the abstractions from the
        2.10.95-0ubuntu2.5 package into /etc/apparmor.d/snap/abstractions/
      - debian/patches/14.04-profiles.patch: Preserve the 14.04 profiles and
        abstractions from the 2.8.95~2430-0ubuntu5.3 apparmor package.
      - debian/patches/conditionalize-post-release-features.patch: Disable new
        mediation features, implemented after the Ubuntu 14.04 release, unless
        the profile is for snap confinement. If the profile is for snap
        confinement, the abstractions from /etc/apparmor.d/snap/abstractions
        will be used and all of the mediation features will be enabled.
    - 14.04-add-chromium-browser.patch,
      14.04-add-debian-integration-to-lighttpd.patch,
      14.04-etc-writable.patch,
      14.04-update-base-abstraction-for-signals-and-ptrace.patch,
      14.04-dnsmasq-libvirtd-signal-ptrace.patch,
      14.04-update-chromium-browser.patch,
      14.04-php5-Zend_semaphore-lp1401084.patch,
      14.04-dnsmasq-lxc_networking-lp1403468.patch,
      14.04-profiles-texlive_font_generation-lp1010909.patch,
      14.04-profiles-dovecot-updates-lp1296667.patch,
      14.04-profiles-adjust_X_for_lightdm-lp1339727.patch: Import all of the
      patches, from 14.04's 2.8.95~2430-0ubuntu5.3 apparmor package, which
      patched profiles/ and adjust them to patch profiles-14.04/ instead.
    - debian/patches/revert-r2550-and-r2551.patch: Revert two upstream changes
      to mod_apparmor which could potentially regress existing users of
      mod_apparmor in 14.04. These upstream changes are not appropriate for an
      SRU.

 -- Tyler Hicks <email address hidden>  Wed, 30 Nov 2016 16:36:02 +0000
Superseded in zesty-release on 2017-02-23
Deleted in zesty-proposed on 2017-02-25 (Reason: moved to release)
apparmor (2.10.95-4ubuntu5.2) zesty; urgency=medium

  * No-change rebuild for perl 5.24 transition

 -- Iain Lane <email address hidden>  Mon, 24 Oct 2016 10:07:02 +0100
Superseded in yakkety-updates on 2017-03-28
Superseded in zesty-release on 2016-11-01
Deleted in zesty-proposed on 2017-03-29 (Reason: moved to release)
Deleted in yakkety-proposed on 2017-03-29 (Reason: moved to -updates)
apparmor (2.10.95-4ubuntu5.1) yakkety; urgency=medium

  * debian/patches/profiles-grant-access-to-systemd-resolved.patch: AppArmor
    profiles that make use of the nameservice abstraction should be allowed to
    communicate with systemd-resolved over D-Bus. Ubuntu 16.10 systems are
    configured to use nss-resolve which then communicates with
    systemd-resolved's D-Bus API. (LP: #1598759)

 -- Tyler Hicks <email address hidden>  Wed, 12 Oct 2016 01:47:06 +0000
Superseded in xenial-updates on 2017-03-28
Deleted in xenial-proposed on 2017-03-29 (Reason: moved to -updates)
apparmor (2.10.95-0ubuntu2.5) xenial; urgency=medium

  * debian/lib/apparmor/functions, debian/apparmor.init,
    debian/apparmor.service, debian/apparmor.upstart,
    debian/lib/apparmor/profile-load: Adjust the checks that previously kept
    AppArmor policy from being loaded while booting a container. Now we
    attempt to load policy if we're in a LXD or LXC managed container that is
    using profile stacking inside of a policy namespace. (LP: #1628285)
  * Fix regression tests for stacking so that the kernel SRU process is not
    interrupted by failing tests whenever the AppArmor stacking features are
    backported from the 16.10 kernel or when the 16.04 LTS Enablement Stack
    receives a 4.8 or newer kernel
    - debian/patches/r3509-tests-fix-exec_stack-errors-1.patch: Fix the
      exec_stack.sh test when running on 4.8 or newer kernels (LP: #1628745)
    - debian/patches/r3558-tests-fix-exec_stack-errors-2.patch: Adjust the
      exec_stack.sh fix mentioned above to more accurately test kernels older
      than 4.8 (LP: #1630069)
    - debian/patches/allow-stacking-tests-to-use-system.patch: Apply this
      patch earlier in the series, as to match when it was committed upstream,
      so that the above two patches can be cherry-picked from lp:apparmor

 -- Tyler Hicks <email address hidden>  Fri, 07 Oct 2016 05:21:44 +0000
Superseded in zesty-release on 2016-10-20
Obsolete in yakkety-release on 2018-01-23
Deleted in yakkety-proposed on 2018-01-23 (Reason: moved to release)
apparmor (2.10.95-4ubuntu5) yakkety; urgency=medium

  * debian/lib/apparmor/functions, debian/apparmor.init,
    debian/apparmor.service, debian/apparmor.upstart,
    debian/lib/apparmor/profile-load: Adjust the checks that previously kept
    AppArmor policy from being loaded while booting a container. Now we
    attempt to load policy if we're in a LXD or LXC managed container that is
    using profile stacking inside of a policy namespace. (LP: #1628285)
  * Fix regression tests so that the kernel SRU process is not interrupted by
    failing tests
    - debian/patches/r3505-tests-fix-stacking-mode-checks.patch: Fix the
      stackonexec.sh and stackprofile.sh tests (LP: #1628295)
    - debian/patches/r3509-tests-fix-exec_stack-errors.patch: Fix the
      exec_stack.sh test (LP: #1628745)

 -- Tyler Hicks <email address hidden>  Thu, 29 Sep 2016 00:38:47 -0500
Superseded in xenial-proposed on 2016-10-13
apparmor (2.10.95-0ubuntu2.4) xenial; urgency=medium

  * debian/patches/r3505-tests-fix-stacking-mode-checks.patch: Fix failing
    regression tests so that the kernel SRU process is not interrupted by
    failing stackonexec.sh and stackprofile.sh tests (LP: #1628295)

 -- Tyler Hicks <email address hidden>  Wed, 28 Sep 2016 15:33:53 -0500
Superseded in xenial-proposed on 2016-09-28
apparmor (2.10.95-0ubuntu2.3) xenial; urgency=medium

  * debian/patches/allow-access-to-ibus-socket.patch: Adjust the ibus
    abstraction to allow access to the abstract UNIX domain socket location
    used in Ubuntu. (LP: #1580463)
  * debian/lib/apparmor/functions: Quiet the "Files ... and ... differ"
    output, during the update process, which was printed by diff. This message
    left users concerned since it mentioned md5sums files without being clear
    about what was happening. (LP: #1614215)

 -- Tyler Hicks <email address hidden>  Fri, 26 Aug 2016 18:30:32 -0500
Superseded in yakkety-release on 2016-10-02
Deleted in yakkety-proposed on 2016-10-03 (Reason: moved to release)
apparmor (2.10.95-4ubuntu4) yakkety; urgency=medium

  * debian/patches/allow-access-to-ibus-socket.patch: Adjust the ibus
    abstraction to allow access to the abstract UNIX domain socket location
    used in Ubuntu. (LP: #1580463)
  * debian/lib/apparmor/functions: Quiet the "Files ... and ... differ"
    output, during the update process, which was printed by diff. This message
    left users concerned since it mentioned md5sums files without being clear
    about what was happening. (LP: #1614215)

 -- Tyler Hicks <email address hidden>  Fri, 26 Aug 2016 13:33:46 -0500
Superseded in xenial-updates on 2016-10-27
Deleted in xenial-proposed on 2016-11-01 (Reason: moved to -updates)
apparmor (2.10.95-0ubuntu2.2) xenial; urgency=medium

  * r3498-r3499-ignore-net-events-that-look-like-file-events.patch: Prevent an
    aa-logprof crash by ignoring file events that contains send *and* receive
    in the request mask. This is an improvement to the previous fix that only
    addressed events that contained send *or* receive.
    (LP: #1577051, LP: #1582374)
    - debian/rules: Create a new empty file, needed for the test added by this
      patch, since quilt is unable to do so.

 -- Tyler Hicks <email address hidden>  Mon, 01 Aug 2016 18:03:36 -0500
Superseded in yakkety-release on 2016-08-28
Deleted in yakkety-proposed on 2016-08-30 (Reason: moved to release)
apparmor (2.10.95-4ubuntu3) yakkety; urgency=medium

  * r3498-r3499-ignore-net-events-that-look-like-file-events.patch: Prevent an
    aa-logprof crash by ignoring file events that contains send *and* receive
    in the request mask. This is an improvement to the previous fix that only
    addressed events that contained send *or* receive.
    (LP: #1577051, LP: #1582374)
    - debian/rules: Create a new empty file, needed for the test added by this
      patch, since quilt is unable to do so.

 -- Tyler Hicks <email address hidden>  Mon, 01 Aug 2016 18:03:36 -0500
Superseded in xenial-proposed on 2016-08-02
apparmor (2.10.95-0ubuntu2.1) xenial; urgency=medium

  * debian/patches/r3460-ignore-file-events-with-send-or-receive-request.patch:
    Prevent an aa-logprof crash by ignoring file events that contains
    send or receive in the request mask. (LP: #1577051, LP: #1582374)
  * debian/patches/r3463-r3475-change-profile-exec-modes.patch: Allow policy
    authors to specify if the environment should scrubbed during exec
    transitions allowed by a change_profile rule. (LP: #1584069)
  * debian/patches/r3478-make-overlapping-safe-and-unsafe-rules-conflict.patch:
    Make sure that multiple change_profile rules with overlapping safe and
    unsafe exec modes conflict when they share the same exec conditional
    (LP: #1588069)
  * debian/patches/r3488-r3489-fix-racy-onexec-test.patch: Fix racy regression
    test so that the kernel SRU process is not interrupted by the onexec.sh
    periodically failing. (LP: #1528230)
  * debian/patches/r3490-utils-handle-change-profile-exec-modes.patch: Update
    the Python utilities to handle the new exec mode keywords in
    change_profile rules. (LP: #1584069)
  * debian/patches/r3492-allow-dbus-user-session-path.patch: Allow read/write
    access to the dbus-user-session socket file in profiles that include the
    dbus-session-strict abstraction. (LP: #1604872)

 -- Tyler Hicks <email address hidden>  Thu, 28 Jul 2016 11:02:11 -0500
Superseded in yakkety-release on 2016-08-15
Deleted in yakkety-proposed on 2016-08-16 (Reason: moved to release)
apparmor (2.10.95-4ubuntu2) yakkety; urgency=medium

  * Drop the following change now that click-apparmor has been updated:
    - Continue installing aa-exec into /usr/sbin/ for now since
      click-apparmor's aa-exec-click autopkgtest expects it to be there
  * debian/patches/allow-stacking-tests-to-use-system.patch,
    debian/patches/r3430-allow-stacking-tests-to-use-system.patch: Replace
    patch with the final version that landed upstream and annotate the patch
    headers accordingly
  * debian/patches/r3460-ignore-file-events-with-send-or-receive-request.patch:
    Prevent an aa-logprof crash by ignoring file events that contains
    send or receive in the request mask. (LP: #1577051, LP: #1582374)
  * debian/patches/r3463-r3475-change-profile-exec-modes.patch: Allow policy
    authors to specify if the environment should scrubbed during exec
    transitions allowed by a change_profile rule. (LP: #1584069)
  * debian/patches/r3478-make-overlapping-safe-and-unsafe-rules-conflict.patch:
    Make sure that multiple change_profile rules with overlapping safe and
    unsafe exec modes conflict when they share the same exec conditional
    (LP: #1588069)
  * debian/patches/r3479-create-fcitx-abstractions.patch: Include fcitx and
    fcitx-strict abstractions that fcitx client profiles can reuse.
  * debian/control: Do a conffile move of /etc/apparmor.d/abstractions/fcitx
    from the fcitx-data to apparmor by setting up the correct Breaks and
    Replaces.
  * debian/patches/r3480-create-mozc-abstraction.patch: Include a mozc
    abstraction that mozc client profiles can reuse.
  * debian/patches/r3488-r3489-fix-racy-onexec-test.patch: Fix racy regression
    test so that the kernel SRU process is not interrupted by the onexec.sh
    periodically failing
  * debian/patches/r3490-utils-handle-change-profile-exec-modes.patch: Update
    the Python utilities to handle the new exec mode keywords in
    change_profile rules. (LP: #1584069)
  * debian/patches/r3492-allow-dbus-user-session-path.patch: Allow read/write
    access to the dbus-user-session socket file. (LP: #1604872)

 -- Tyler Hicks <email address hidden>  Tue, 26 Jul 2016 23:03:05 -0500
Superseded in yakkety-release on 2016-07-28
Deleted in yakkety-proposed on 2016-07-29 (Reason: moved to release)
apparmor (2.10.95-4ubuntu1) yakkety; urgency=medium

  * Merge with Debian unstable. Remaining Ubuntu changes:
   - debian/apparmor.init: Call handle_system_policy_package_updates as we
     need it for Click, snappy, and system-images. Note that this prevents
     using a remote /var.

Superseded in yakkety-release on 2016-07-27
Published in xenial-release on 2016-04-13
Deleted in xenial-proposed (Reason: moved to release)
apparmor (2.10.95-0ubuntu2) xenial; urgency=medium

  * debian/patches/r3435-allow-dnsmasq-access-to-lxd-bridge.patch: Grant
    access to the new default bridge configuration in LXD 2.0.0 (LP: #1566944)
  * debian/patches/r3437-add-attach-disconnected-to-dnsmasq.patch: Add the
    attach_disconnected flag to the dnsmasq profile in order to prevent a
    disconnected path denial triggered by the latest network-manager upload
    (LP: #1569316)
  * debian/lib/apparmor/functions: Reference the new path used for snapd
    AppArmor profiles to fix a bug which left those profiles unloaded after
    booting (LP: #1569573)

 -- Tyler Hicks <email address hidden>  Tue, 12 Apr 2016 16:59:46 -0500
Superseded in xenial-release on 2016-04-13
Deleted in xenial-proposed on 2016-04-14 (Reason: moved to release)
apparmor (2.10.95-0ubuntu1) xenial; urgency=medium

  * Update to apparmor 2.10.95 (2.11 Beta 1) (LP: #1561762)
    - Allow Apache prefork profile to chown(2) files (LP: #1210514)
    - Allow deluge-gtk and deluge-console to handle torrents opened in
      browsers (LP: #1501913)
    - Allow file accesses needed by some programs using libnl-3-200
      (Closes: #810888)
    - Allow file accesses needed on systems that use NetworkManager without
      resolvconf (Closes: #813835)
    - Adjust aa-status(8) to work without python3-apparmor (LP: #1480492)
    - Fix aa-logprof(8) crash when operating on files containing multiple
      profiles with certain rules (LP: #1528139)
    - Fix log parsing crashes, in the Python utilities, caused by certain file
      related events (LP: #1525119, LP: #1540562)
    - Fix log parsing crasher, in the Python utilities, caused by certain
      change_hat events (LP: #1523297)
    - Improve Python 2 support of the utils by fixing an aa-logprof(8) crasher
      when Python 3 is not available (LP: #1513880)
    - Send aa-easyprof(8) error messages to stderr instead of stdout
      (LP: #1521400)
    - Fix aa-autodep(8) failure when the shebang line of a script contained
      parameters (LP: #1505775)
    - Don't depend on the system logprof.conf when running utils/ build tests
      (LP: #1393979)
    - Fix apparmor_parser(8) bugs when parsing profiles that use policy
      namespaces in the profile declaration or profile transition targets
      (LP: #1540666, LP: #1544387)
    - Regression fix for apparmor_parser(8) bug that resulted in the
      --namespace-string commandline option being ignored causing profiles to
      be loaded into the root policy namespace (LP: #1526085)
    - Fix crasher regression in apparmor_parser(8) when the parser was asked
      to process a directory (LP: #1534405)
    - Fix bug in apparmor_parser(8) to honor the specified bind flags remount
      rules (LP: #1272028)
    - Support tarball generation for Coverity scans and fix a number of issues
      discovered by Coverity
    - Fix regression test failures on s390x systems (LP: #1531325)
    - Adjust expected errno values in changeprofile regression test
      (LP: #1559705)
    - The Python utils gained support for ptrace and signal rules
    - aa-exec(8) received a rewrite in C
    - apparmor_parser(8) gained support for stacking multiple profiles, as
      supported by the Xenial kernel (LP: #1379535)
    - libapparmor gained new public interfaces, aa_stack_profile(2) and
      aa_stack_onexec(2), allowing applications to utilize the new kernel
      stacking support (LP: #1379535)
  * Drop the following patches since they've been incorporated upstream:
    - aa-status-dont_require_python3-apparmor.patch
    - r3209-dnsmasq-allow-dash
    - r3227-locale-indep-capabilities-sorting.patch
    - r3277-update-python-abstraction.patch
    - r3366-networkd.patch,
    - tests-fix_sysctl_test.patch
    - parser-fix-cache-file-mtime-regression.patch
    - parser-verify-cache-file-mtime.patch
    - parser-run-caching-tests-without-apparmorfs.patch
    - parser-do-cleanup-when-test-was-skipped.patch
    - parser-allow-unspec-in-network-rules.patch
  * debian/rules, debian/apparmor.install, debian/apparmor.manpages: Update
    for new upstream binutils directory and aa-enabled binary
    - Continue installing aa-exec into /usr/sbin/ for now since
      click-apparmor's aa-exec-click autopkgtest expects it to be there
  * debian/libapparmor-dev.manpages: Include the new aa_stack_profile.2 man
    page
  * debian/patches/r3424-nscd-profile-allow-paranoia-mode.patch: Allow file
    access needed for nscd's paranoia mode
  * debian/patches/r3425-adjust-stacking-tests-version-check.patch: Adjust the
    regression test build time checks, for libapparmor stacking support, to
    look for the 2.10.95 versioning rather than 2.11
  * debian/patches/r3426-allow-debugedit-to-work-on-apparmor-parser.patch:
    Remove extra slash in the parser Makefile so that debugedit(8) can work on
    apparmor_parser(8) (LP: #1561939)
  * debian/patches/allow-stacking-tests-to-use-system.patch: Adjust the file
    rules of the new stacking tests so that the generated profiles allow the
    system binaries and libraries to be tested
  * debian/libapparmor1.symbols: update symbols file for added symbols
    in libapparmor

 -- Tyler Hicks <email address hidden>  Sat, 09 Apr 2016 01:35:25 -0500

Available diffs

Superseded in xenial-release on 2016-04-11
Deleted in xenial-proposed on 2016-04-12 (Reason: moved to release)
apparmor (2.10-3ubuntu2) xenial; urgency=medium

  * debian/patches/parser-allow-unspec-in-network-rules.patch: Allow
    apparmor_parser to support rules that use 'unspec' as the network protocol
    family. (LP: #1546455)

 -- Tyler Hicks <email address hidden>  Thu, 18 Feb 2016 12:48:17 -0600

Available diffs

Superseded in xenial-release on 2016-02-23
Deleted in xenial-proposed on 2016-02-25 (Reason: moved to release)
apparmor (2.10-3ubuntu1) xenial; urgency=medium

  * Merge from Debian unstable. Remaining changes:
    -  debian/apparmor.init,apparmor.upstart,debian/lib/apparmor/functions:
       clear only the system cache if apparmor version has changed on snappy
       flavors since snappy will handle the app's cache itself
    - debian/apparmor.install: install tunables/home.d and
      tunables/multiarch.d
    - debian/apparmor-utils.dirs: install usr/bin and usr/share/apparmor
    - debian/control:
      + make libnotify-bin a Suggests rather than a Recommends since it is
        assumed to already be installed on the desktop and so server
        environments don't have to pull in a lot of X dependencies
        (LP: #1061879)
      + apparmor-easyprof in section 'admin'
      + apparmor Depends on initramfs-tools | linux-initramfs-tool [linux-any]
      + apparmor Breaks on lightdm (<< 1.11.8-0ubuntu2~),
        lxc (<< 1.1.0~alpha1-0ubuntu5~)
    - drop debian/patches/reproducible-pdf.patch (not applied in series)
  * drop debian/patches/fix-abstraction-for-python3.5.patch in favor of
    Debian's
  * debian/patches/series: comment out notify-group.patch
  * debian/patches/non-linux.patch: refresh
  * debian/patches/r3366-networkd.patch: use this instead of dropped Ubuntu
    lp1529074.patch for NetworkManager and networkd support

Available diffs

Superseded in xenial-release on 2016-02-16
Deleted in xenial-proposed on 2016-02-18 (Reason: moved to release)
apparmor (2.10-0ubuntu12) xenial; urgency=medium

  * Call systemd-detect-virt instead of the Ubuntu specific
    running-in-container wrapper. (LP: #1539016)

 -- Martin Pitt <email address hidden>  Thu, 28 Jan 2016 13:33:28 +0100

Available diffs

Superseded in xenial-release on 2016-02-01
Deleted in xenial-proposed on 2016-02-02 (Reason: moved to release)
apparmor (2.10-0ubuntu11) xenial; urgency=medium

  * No-change rebuild to drop python3.4 support.

 -- Matthias Klose <email address hidden>  Mon, 18 Jan 2016 19:38:38 +0000

Available diffs

Superseded in xenial-release on 2016-01-20
Deleted in xenial-proposed on 2016-01-21 (Reason: moved to release)
apparmor (2.10-0ubuntu10) xenial; urgency=medium

  * debian/patches/lp1529074.patch: for systems using networkd, add read on
    /run/systemd/resolve/resolv.conf (LP: #1529074)

 -- Jamie Strandboge <email address hidden>  Tue, 05 Jan 2016 10:00:20 -0600
Superseded in xenial-proposed on 2016-01-05
apparmor (2.10-0ubuntu9) xenial; urgency=medium

  * No change rebuild for perl 5.22

 -- Jamie Strandboge <email address hidden>  Thu, 17 Dec 2015 12:14:10 -0600

Available diffs

Superseded in xenial-release on 2016-01-06
Deleted in xenial-proposed on 2016-01-08 (Reason: moved to release)
apparmor (2.10-0ubuntu8) xenial; urgency=medium

  * debian/patches/fix-abstraction-for-python3.5.patch: adjust python
    abstraction for python 3.5

 -- Jamie Strandboge <email address hidden>  Wed, 18 Nov 2015 16:01:47 -0600

Available diffs

Superseded in xenial-release on 2015-11-20
Deleted in xenial-proposed on 2015-11-21 (Reason: moved to release)
apparmor (2.10-0ubuntu7) xenial; urgency=medium

  * debian/apparmor.init,apparmor.upstart: clear only the system cache if
    apparmor version has changed on snappy flavors since snappy will handle
    the app's cache itself
  * debian/lib/apparmor/functions:
    - compile /var/lib/snappy/apparmor/profiles policy
    - add compare_previous_version()
    - refactor clear_cache()
    - compare_and_save_debsums() checks if $PROFILES_VAR exists

 -- Jamie Strandboge <email address hidden>  Tue, 10 Nov 2015 15:34:20 -0600

Available diffs

Superseded in xenial-release on 2015-11-12
Obsolete in wily-release on 2018-01-22
Deleted in wily-proposed on 2018-01-22 (Reason: moved to release)
apparmor (2.10-0ubuntu6) wily; urgency=medium

  * debian/libapparmor-dev.manpages: add 5 missing libapparmor manpages
    (LP: #1491147, LP: #1384431)

 -- Steve Beattie <email address hidden>  Tue, 01 Sep 2015 14:17:16 -0700

Available diffs

Superseded in wily-release on 2015-09-04
Deleted in wily-proposed on 2015-09-05 (Reason: moved to release)
apparmor (2.10-0ubuntu4) wily; urgency=medium

  * Rebuild against python3.5.

 -- Dimitri John Ledkov <email address hidden>  Sat, 15 Aug 2015 22:12:50 +0100
Superseded in wily-release on 2015-08-15
Deleted in wily-proposed on 2015-08-17 (Reason: moved to release)
apparmor (2.10-0ubuntu3) wily; urgency=medium

  * debian/patches/parser-fix-cache-file-mtime-regression.patch: Fix a bug
    that resulted in the mtime of generate policy cache files to be set
    incorrectly. The mtime of cache files should be the newest mtime detected
    on the profile and abstraction files used to generate the policy cache
    file. However, the bug caused the mtime of the policy cache file to either
    not be updated or to be updated to an incorrect time. (LP: #1484178)
  * debian/patches/parser-verify-cache-file-mtime.patch: Add tests to verify
    that the policy cache file's mtime is being set correctly and that cache
    handling is correct when the profile or abstraction files are newer than
    the policy cache file.
  * debian/patches/parser-run-caching-tests-without-apparmorfs.patch,
    debian/patches/parser-do-cleanup-when-test-was-skipped.patch: Enable the
    caching tests to run on the buildds even though apparmorfs isn't mounted.

 -- Tyler Hicks <email address hidden>  Wed, 12 Aug 2015 13:01:56 -0500
Superseded in wily-release on 2015-08-14
Deleted in wily-proposed on 2015-08-16 (Reason: moved to release)
apparmor (2.10-0ubuntu2) wily; urgency=medium

  * debian/patches/aa-status-dont_require_python3-apparmor.patch:
    make aa-status(8) work even when python3-apparmor is not installed,
    otherwise dh_apparmor postinst snippets can fail (LP: #1480492)
  * debian/control: make apparmor-utils depend on the same package
    version of python3-apparmor

 -- Steve Beattie <email address hidden>  Fri, 31 Jul 2015 16:35:03 -0700
Superseded in wily-proposed on 2015-08-03
apparmor (2.10-0ubuntu1) wily; urgency=medium

  * Update to apparmor 2.10
    - libapparmor added functions to ease loading profile cache files to
      help support systemd on-demand load of policy (LP: #1385414)
    - apparmor parser: fixed policy generation to allow matching
      embedded NULs in abstract unix socket names (LP: #1413410)
    - aa-status: don't traceback when not permitted to read current
      set of apparmor policy (LP: #1466768)
    - aa-logprof: don't crash on policies that have an #include of a
      directory (LP: #1471425)
    - aa-logprof: fix crash when network rejections occur when file
      operations are performed on network sockets (LP: #1466812)
  * dropped reproducible-pdf.patch, incorporated upstream
  * debian/patches/tests-fix_sysctl_test.patch: fix sysctl test failure
    with 4.1 kernel and newer.
  * debian/control: add alternate dependency on linux-initramfs-tool
    (LP: #1109029)
  * debian/libapparmor1.symbols: update symbols file for added symbols
    in libapparmor

 -- Steve Beattie <email address hidden>  Thu, 23 Jul 2015 01:57:43 -0700
Superseded in wily-release on 2015-08-04
Deleted in wily-proposed on 2015-08-05 (Reason: moved to release)
apparmor (2.9.2-0ubuntu2) wily; urgency=medium

  * No-change rebuild for python3.5 transition

 -- Steve Langasek <email address hidden>  Wed, 22 Jul 2015 04:07:28 +0000
Superseded in trusty-updates on 2017-01-18
Deleted in trusty-proposed on 2017-01-19 (Reason: moved to -updates)
apparmor (2.8.95~2430-0ubuntu5.3) trusty-proposed; urgency=medium

  * debian/apparmor-profiles.install: add missing dovecot profiles
    (LP: #1296667)

 -- Steve Beattie <email address hidden>  Fri, 12 Jun 2015 23:21:58 -0700
Superseded in wily-release on 2015-07-29
Deleted in wily-proposed on 2015-07-30 (Reason: moved to release)
apparmor (2.9.2-0ubuntu1) wily; urgency=medium

  * Update to apparmor 2.9.2
    - Fix minitools to work with multiple profiles at once (LP: #1378095)
    - Parse mounts that have non-ascii UTF-8 chars (LP: #1310598)
    - Update dovecot profiles (LP: #1296667)
    - Allow ubuntu-helpers to build texlive fonts (LP: #1010909)
  * dropped patches incorporated upstream:
    add-mir-abstraction-lp1422521.patch, systemd-dev-log-lp1413232.patch
    parser-fix_modifier_compilation_+_tests.patch,
    tests-fix_systemd_breakage_in_pivot_root-lp1436109.patch,
    GDM_X_authority-lp1432126.patch, and
    debian/patches/easyprof-framework-policy.patch
  * Partial merge with debian apparmor package:
    - debian/rules: enable the bindnow hardening flag during build.
    - debian/upstream/signing-key.asc: add new upstream public
      signing key
    - debian/watch: fix watch file, add gpg signature checking
    - install libapparmor.so dev symlink under /usr not /lib
    - debian/patches/reproducible-pdf.patch: make techdoc.pdf
      reproducible even in face of timezone variations.
    - debian/control: sync fields
    - debian/debhelper/postrm-apparmor: remove
      /etc/apparmor.d/{disable,} on package purge
    - debian/libapache2-mod-apparmor.postrm: on package purge, delete
      /etc/apparmor.d/{,disable} if empty
    - debian/libapparmor1.symbols: Use Build-Depends-Package in the
      symbols file.
    - debian/copyright: sync

 -- Steve Beattie <email address hidden>  Mon, 11 May 2015 22:03:04 -0700
Superseded in trusty-updates on 2015-08-11
Deleted in trusty-proposed on 2015-08-13 (Reason: moved to -updates)
apparmor (2.8.95~2430-0ubuntu5.2) trusty-proposed; urgency=medium

  * debian/patches/php5-Zend_semaphore-lp1401084.patch: allow php5
    abstraction access to Zend opcache files (LP: #1401084)
  * debian/patches/dnsmasq-lxc_networking-lp1403468.patch: update
    profile for lxc support (LP: #1403468)
  * debian/patches/profiles-texlive_font_generation-lp1010909.patch:
    allow generation of texlive fonts by sanitized-helpers
    (LP: #1010909)
  * debian/apport/source_apparmor.py: fix the apparmor apport hook
    so it does not raise an exception if a non-unicode character is
    found in /var/log/kern.log or in /var/log/syslog. This should
    work under python3 or python2.7 (LP: #1304447)
  * debian/patches/profiles-dovecot-updates-lp1296667.patch: update
    dovecot profiles to address several missing permissions.
    (LP: #1296667)
  * debian/patches/profiles-adjust_X_for_lightdm-lp1339727.patch:
    adjust X abstraction for LightDM xauthority location (LP: #1339727)
  * debian/patches/libapparmor-fix_memory_leaks-lp1340927.patch; fix
    memory leaks in log parsing component of libapparmor (LP: #1340927)
  * debian/patches/libapparmor-another_audit_format-lp1399027.patch:
    add support for another log format style (LP: #1399027)
  * debian/patches/tests-workaround_for_unix_socket_change-lp1425398.patch:
    work around apparmor kernel behavioral change in regression tests
    (LP: #1425398)
  * debian/control: add breaks on python3-apparmor against older
    apparmor-utils that used to be where python bits lived
    (LP: #1373259)
  * debian/patches/utils-update_to_2.9.2.patch: update the python
    utilities to the upstream 2.9.2 (LP: #1449769, incorporating a
    large number of fixes and improvements, including:
    - fix aa-genprof traceback with apparmor 2.8.95 (LP: #1294797)
    - fix aa-genprof crashing when selecting scan on Ubuntu 14.04 server
      (LP: #1319829)
    - make aa-logprof read profile instead of program binary
      (LP: #1317176, LP: #1324154)
    - aa-complain: don't traceback when marking multiple profiles
      (LP: #1378095)
    - make python tools able to parse mounts with UTF-8 non-ascii
      characters (LP: #1310598)

 -- Steve Beattie <email address hidden>  Thu, 30 Apr 2015 12:18:08 -0700
Superseded in wily-release on 2015-05-20
Obsolete in vivid-release on 2018-01-18
Deleted in vivid-proposed on 2018-01-19 (Reason: moved to release)
apparmor (2.9.1-0ubuntu9) vivid; urgency=medium

  * Make debian/lib/apparmor/profile-load executable.
 -- Serge Hallyn <email address hidden>   Thu, 02 Apr 2015 13:00:35 -0500
Superseded in vivid-release on 2015-04-03
Deleted in vivid-proposed on 2015-04-04 (Reason: moved to release)
apparmor (2.9.1-0ubuntu8) vivid; urgency=medium

  [ Steve Beattie ]
  * debian/rules: run make check on the libapparmor library
  * add-chromium-browser.patch: add support for chromium policies
    (LP: #1419294)
  * debian/apparmor.{init,upstart}: add support for triggering
    aa-profile-hook runs when packages are updated via snappy system
    image updates (LP: #1434143)
  * parser-fix_modifier_compilation_+_tests.patch: fix compilation
    of audit modifiers for exec and pivot_root and deny modifiers on
    link rules as well as significantly expand related tests
    (LP: #1431717, LP: #1432045, LP: #1433829)
  * tests-fix_systemd_breakage_in_pivot_root-lp1436109.patch: work
    around pivot_root test failures due to init=systemd (LP: #1436109)
  * GDM_X_authority-lp1432126.patch: add location GDM creates Xauthority
    file to X abstraction (LP: #1432126)

  [ Jamie Strandboge ]
  * easyprof-framework-policy.patch: add --include-templates-dir and
    --include-policy-groups-dir options to easyprof to support framework
    policy on snappy

  [ Robie Basak ]
  * Add /lib/apparmor/profile-load; moved from
    /lib/init/apparmor-profile-load from the upstart package. A wrapper at
    the original path is now provided by init-system-helpers. (LP: #1432683)
 -- Jamie Strandboge <email address hidden>   Sat, 28 Mar 2015 07:22:30 -0500
Superseded in vivid-release on 2015-03-30
Deleted in vivid-proposed on 2015-04-01 (Reason: moved to release)
apparmor (2.9.1-0ubuntu7) vivid; urgency=medium

  * systemd-dev-log-lp1413232.patch: Allow writes to the systemd journal
    socket /{,var}/run/systemd/journal/dev-log. This can be dropped with
    with AppArmor 2.9.2. (LP: #1413232)
 -- Jamie Strandboge <email address hidden>   Fri, 06 Mar 2015 06:22:34 -0600
Superseded in vivid-release on 2015-03-06
Deleted in vivid-proposed on 2015-03-07 (Reason: moved to release)
apparmor (2.9.1-0ubuntu6) vivid; urgency=medium

  * add-mir-abstractions-lp1422521.patch: add correct location of
    mir specific libraries and mir unprivileged client socket
    to mir abstraction (LP: #1422521)
 -- Steve Beattie <email address hidden>   Tue, 03 Mar 2015 10:42:24 -0800
Superseded in vivid-release on 2015-03-05
Deleted in vivid-proposed on 2015-03-06 (Reason: moved to release)
apparmor (2.9.1-0ubuntu5) vivid; urgency=medium

  * debian/apparmor.init: Replace unnecessary $remote_fs dependency with
    $local_fs. This is sufficient as during boot we don't use anything from
    /usr. It's also necessary to avoid dependency cycles when using NFS (as
    its dependencies should be covered by AppArmor). (LP: #1312976)
 -- Martin Pitt <email address hidden>   Tue, 03 Mar 2015 08:54:33 +0100
Superseded in vivid-release on 2015-03-03
Deleted in vivid-proposed on 2015-03-04 (Reason: moved to release)
apparmor (2.9.1-0ubuntu4) vivid; urgency=medium

  * Update to apparmor 2.9.1
    - make parser mount rule options consistent with documentation
      (LP: #1401619)
    - make parser fail if unknown mount options are encountered
      (LP: #1401621)
    - stop aa-logprof from asking about already allowed network rules
      (LP: #1380367)
    - make utils offer abstractions for network rules (LP: #1380367)
    - make libapparmor understand logs generated by syslog-ng
      (LP: #1399027)
    - stop python utilities from adding duplicate quotes (LP: #1328707)
    - work around aa-cleanprof crashes (LP: #1382236)
    - other bug fixes, performance improvements, and testcases added to
      the python utils.
    - policy updates for dnsmasq, nscd, and others
    - translation updates
  * Partial sync with debian apparmor package:
    - debian/apparmor-profiles.install: add additional dovecot and
      smbldap-useradd profiles
    - debian/control: fix typo in apparmor-docs description, fix file
      overwrite issues with python-apparmor, apparmor-docs
    - debian/rules: improved repeat-build cleanup logic.
    - Add Turkish translation of debconf messages. Thanks to
      Mert Dirik <email address hidden> for the patch!
    - debian/apparmor.postrm: Remove
      /var/lib/apparmor/profiles/.apparmor.md5sums and parent
      directories on package purge.
  * add-mir-abstractions-lp1422521.patch: add mir abstraction to cover
    mir specific libraries (LP: #1422521)
  * debian/rules: remove no longer needed references to PERLDIR when
    installing from utils/
 -- Steve Beattie <email address hidden>   Tue, 17 Feb 2015 16:31:25 -0800
175 of 311 results