Change log for apparmor package in Ubuntu

76150 of 317 results
Superseded in wily-release on 2015-05-20
Obsolete in vivid-release on 2018-01-18
Deleted in vivid-proposed on 2018-01-19 (Reason: moved to release)
apparmor (2.9.1-0ubuntu9) vivid; urgency=medium

  * Make debian/lib/apparmor/profile-load executable.
 -- Serge Hallyn <email address hidden>   Thu, 02 Apr 2015 13:00:35 -0500
Superseded in vivid-release on 2015-04-03
Deleted in vivid-proposed on 2015-04-04 (Reason: moved to release)
apparmor (2.9.1-0ubuntu8) vivid; urgency=medium

  [ Steve Beattie ]
  * debian/rules: run make check on the libapparmor library
  * add-chromium-browser.patch: add support for chromium policies
    (LP: #1419294)
  * debian/apparmor.{init,upstart}: add support for triggering
    aa-profile-hook runs when packages are updated via snappy system
    image updates (LP: #1434143)
  * parser-fix_modifier_compilation_+_tests.patch: fix compilation
    of audit modifiers for exec and pivot_root and deny modifiers on
    link rules as well as significantly expand related tests
    (LP: #1431717, LP: #1432045, LP: #1433829)
  * tests-fix_systemd_breakage_in_pivot_root-lp1436109.patch: work
    around pivot_root test failures due to init=systemd (LP: #1436109)
  * GDM_X_authority-lp1432126.patch: add location GDM creates Xauthority
    file to X abstraction (LP: #1432126)

  [ Jamie Strandboge ]
  * easyprof-framework-policy.patch: add --include-templates-dir and
    --include-policy-groups-dir options to easyprof to support framework
    policy on snappy

  [ Robie Basak ]
  * Add /lib/apparmor/profile-load; moved from
    /lib/init/apparmor-profile-load from the upstart package. A wrapper at
    the original path is now provided by init-system-helpers. (LP: #1432683)
 -- Jamie Strandboge <email address hidden>   Sat, 28 Mar 2015 07:22:30 -0500
Superseded in vivid-release on 2015-03-30
Deleted in vivid-proposed on 2015-04-01 (Reason: moved to release)
apparmor (2.9.1-0ubuntu7) vivid; urgency=medium

  * systemd-dev-log-lp1413232.patch: Allow writes to the systemd journal
    socket /{,var}/run/systemd/journal/dev-log. This can be dropped with
    with AppArmor 2.9.2. (LP: #1413232)
 -- Jamie Strandboge <email address hidden>   Fri, 06 Mar 2015 06:22:34 -0600
Superseded in vivid-release on 2015-03-06
Deleted in vivid-proposed on 2015-03-07 (Reason: moved to release)
apparmor (2.9.1-0ubuntu6) vivid; urgency=medium

  * add-mir-abstractions-lp1422521.patch: add correct location of
    mir specific libraries and mir unprivileged client socket
    to mir abstraction (LP: #1422521)
 -- Steve Beattie <email address hidden>   Tue, 03 Mar 2015 10:42:24 -0800
Superseded in vivid-release on 2015-03-05
Deleted in vivid-proposed on 2015-03-06 (Reason: moved to release)
apparmor (2.9.1-0ubuntu5) vivid; urgency=medium

  * debian/apparmor.init: Replace unnecessary $remote_fs dependency with
    $local_fs. This is sufficient as during boot we don't use anything from
    /usr. It's also necessary to avoid dependency cycles when using NFS (as
    its dependencies should be covered by AppArmor). (LP: #1312976)
 -- Martin Pitt <email address hidden>   Tue, 03 Mar 2015 08:54:33 +0100
Superseded in vivid-release on 2015-03-03
Deleted in vivid-proposed on 2015-03-04 (Reason: moved to release)
apparmor (2.9.1-0ubuntu4) vivid; urgency=medium

  * Update to apparmor 2.9.1
    - make parser mount rule options consistent with documentation
      (LP: #1401619)
    - make parser fail if unknown mount options are encountered
      (LP: #1401621)
    - stop aa-logprof from asking about already allowed network rules
      (LP: #1380367)
    - make utils offer abstractions for network rules (LP: #1380367)
    - make libapparmor understand logs generated by syslog-ng
      (LP: #1399027)
    - stop python utilities from adding duplicate quotes (LP: #1328707)
    - work around aa-cleanprof crashes (LP: #1382236)
    - other bug fixes, performance improvements, and testcases added to
      the python utils.
    - policy updates for dnsmasq, nscd, and others
    - translation updates
  * Partial sync with debian apparmor package:
    - debian/apparmor-profiles.install: add additional dovecot and
      smbldap-useradd profiles
    - debian/control: fix typo in apparmor-docs description, fix file
      overwrite issues with python-apparmor, apparmor-docs
    - debian/rules: improved repeat-build cleanup logic.
    - Add Turkish translation of debconf messages. Thanks to
      Mert Dirik <email address hidden> for the patch!
    - debian/apparmor.postrm: Remove
      /var/lib/apparmor/profiles/.apparmor.md5sums and parent
      directories on package purge.
  * add-mir-abstractions-lp1422521.patch: add mir abstraction to cover
    mir specific libraries (LP: #1422521)
  * debian/rules: remove no longer needed references to PERLDIR when
    installing from utils/
 -- Steve Beattie <email address hidden>   Tue, 17 Feb 2015 16:31:25 -0800
Superseded in vivid-release on 2015-02-26
Deleted in vivid-proposed on 2015-02-27 (Reason: moved to release)
apparmor (2.8.98-0ubuntu4) vivid; urgency=medium

  * Ship libapparmor in /lib instead of /usr as we want to use it in systemd
    now. (LP: #1397960)
 -- Martin Pitt <email address hidden>   Mon, 01 Dec 2014 15:37:32 +0100

Available diffs

Superseded in trusty-updates on 2015-06-15
Superseded in trusty-security on 2017-03-28
apparmor (2.8.95~2430-0ubuntu5.1) trusty-security; urgency=medium

  * SECURITY UPDATE: An AppArmor profile compilation bug may result in
    applications being confined in a way that is inconsistent with the profile
    author's intent. The compilation bug is specific to certain combinations
    of AppArmor rule types and conditionals of those rule types.
    (LP: #1390592)
    - debian/patches/fix-esc-seq-interp.patch: Fix the profile compilation bug
      by limiting the number of bytes that are consumed when interpreting
      hexadecimal, octal, and decimal escape sequences
    - debian/patches/tests-allow-arbitrary-profile-names.patch,
      debian/patches/tests-add-ptrace-tests-for-lp1390592.patch: Add
      regression tests for the profile compilation bug
    - CVE-2014-1424
 -- Tyler Hicks <email address hidden>   Fri, 14 Nov 2014 13:46:22 -0600
Superseded in vivid-release on 2014-12-01
Deleted in vivid-proposed on 2014-12-02 (Reason: moved to release)
apparmor (2.8.98-0ubuntu3) vivid; urgency=medium

  * debian/lib/apparmor/functions: disable expr tree simplification for
    /var/lib/apparmor/profiles (LP: #1383858)
  * parser-dont-skip-read-cache-with-optimizations.patch: don't skip read
    cache when specifying '-O' (LP: #1385947)
 -- Jamie Strandboge <email address hidden>   Tue, 28 Oct 2014 17:41:08 -0500
Superseded in vivid-release on 2014-10-29
Obsolete in utopic-release on 2016-11-03
Deleted in utopic-proposed on 2016-11-03 (Reason: moved to release)
apparmor (2.8.98-0ubuntu2) utopic; urgency=medium

  * Updated to apparmor 2.9.beta4 (aka apparmor 2.8.98)
    - fix logparsing memory leak (LP: #1340927)
    - incorporate fixes to regression testsuite to compensate for
      af_unix mediation, as well as extend test coverage
      (LP: #1375403, LP: #1375516)
    - fix libapparmor's log parsing code to accept additional rejection
      types (LP: #1375413)
    - fix X abstraction for changed lightdm xauthority file locations
      (LP: #1339727)
    - parser: disable downgrade and not enforced rule messages
      by default
    - fix error when using regex profile names in IPC rules
      (LP: #1373085)
    - updates and fixes to the python utilities
    - translation updates

  [ Steve Beattie ]
  * Removed upstreamed patches:
    drop-peer_addr-with-local-addr-in-base.patch,
    update_socketpair_tests_for_af_unix.patch,
    fix_socketpair_tests.patch, sanitized-helpers-updates.patch,
    01-tests-unix_socket_lists.patch,
    02-tests-accept_unix_rules_in_mkprofile.patch,
    03-tests-unix_sockets_v7_pathnames.patch,
    04-tests-migrate_from_poll_to_sockio_timeout.patch,
    05-tests-add_abstract_socket_tests.patch,
    06-tests-use_socketpair_and_none.patch,
    07-parser-fix_local_perms.patch,
    08-phpsysinfo-policy-updates.patch,
    09-apache2-policy-instructions.patch,
    10-lp1371771.patch, 11-lp1371765.patch,
    lp1169881.patch
  * refreshed etc-writable.patch and libapparmor-layout-deb.patch
  * debian/control: add breaks on python3-apparmor against older
    apparmor-utils that used to be where python bits lived
    (LP: #1373259)
  * debian/apport/source_apparmor.py:
   - fixes the apparmor apport hook so it does not raise an exception if
     a non-unicode character is found in /var/log/kern.log or in
     /var/log/syslog. This should work under python3 or python2.7
     (LP: #1304447)
   - adjusts the add_info() function to take the expected additional ui
     argument, though it has no need for it.
   - converts the log parsing code to use with statements so as not to
     leak open file descriptors
   - updates the set of packages to query to see if installed and if so,
     report the version of.
   - adjust import to make pyflakes job easier
   - minor pep8 cleanups

  [ Jamie Strandboge ]
  * add-chromium-browser.patch: don't allow writing to the oom score and
    adjust files since this allows chromium to change the values for any
    process matching our UID
  * debian/apparmor.upstart: check if click-apparmor md5sums changed so we
    regenerate the policy if it changes too (LP: #1371574)
  * debian/apparmor.init: make corresponding upstart change to initscript
  * debian/lib/apparmor/functions: fall back to using -n1 if the parser failed
    to load a profile set. This should be removed when the parser properly
    handles profile sets with corrupted profiles (LP: 1377338)
  * debian/control: fix typo (LP: #1187447)
 -- Steve Beattie <email address hidden>   Thu, 09 Oct 2014 22:39:32 -0700
Superseded in utopic-release on 2014-10-15
Deleted in utopic-proposed on 2014-10-16 (Reason: moved to release)
apparmor (2.8.96~2652-0ubuntu7) utopic; urgency=medium

  * add-chromium-browser.patch: user addr=none instead of peer=(addr=none)
    (LP: #1374363)
 -- Jamie Strandboge <email address hidden>   Sat, 27 Sep 2014 07:41:07 -0500
Superseded in utopic-release on 2014-09-29
Deleted in utopic-proposed on 2014-09-30 (Reason: moved to release)
apparmor (2.8.96~2652-0ubuntu6) utopic; urgency=medium

  * lp1169881.patch: add /usr/bin/gnome-gmail to ubuntu-email (LP: #1169881)
  * debian/control: update Breaks on lxc 1.1.0~alpha1-0ubuntu5~ (LP: #1373555)
 -- Jamie Strandboge <email address hidden>   Thu, 25 Sep 2014 09:03:06 -0500
Superseded in utopic-release on 2014-09-26
Deleted in utopic-proposed on 2014-09-28 (Reason: moved to release)
apparmor (2.8.96~2652-0ubuntu5) utopic; urgency=medium

  [ Jamie Strandboge ]
  * sanitized-helpers-updates.patch: update ubuntu-helpers for unix mediation
  * 10-lp1371771.patch: don't exit prematurely and fail to load remaining
    policy if encounter a corrupt cache file (LP: #1371771)
  * 11-lp1371765.patch: if a cache load fails, attempt to rebuild and load it
    (LP: #1371765)
  * debian/lib/apparmor/functions:
    - don't return 0 on parsing failure. Patch thanks to Felix Geyer
      (LP: #1370228)
    - use xargs -n1 when we don't have cache files, but omit it when we do.
      This allows taking full advantage of xargs -P when we need it most,
      without the cost when we don't.

  [ Steve Beattie ]
  * update_socketpair_tests_for_af_unix.patch,
    fix_socketpair_tests.patch: update socketpair regression tests for
    af_unix socket mediation
 -- Jamie Strandboge <email address hidden>   Mon, 22 Sep 2014 09:39:10 -0500
Superseded in utopic-release on 2014-09-22
Deleted in utopic-proposed on 2014-09-24 (Reason: moved to release)
apparmor (2.8.96~2652-0ubuntu4) utopic; urgency=medium

  * debian/apparmor.{upstart,init}: make sure we always update the .md5sums
    for apparmor-easyprof-ubuntu even when apparmor is updated (before if both
    were updated, aa-clickhook -f would be run on the 1st and 2nd boot rather
    than just the 1st)
  * debian/apparmor.postinst: update the cached .md5sums file on upgrade to
    avoid running on install and then again on first boot after upgrade. This
    change only affects apt upgrades and not system-image upgrades since
    system-image upgrades always use the existing .md5sums if they exist (see
    /etc/system-image/writable-paths).
  * ubuntu-manpage-updates.patch: adjust for move to upstart job and click
    policy
  * debian/lib/apparmor/functions: don't pass costly '-n1' to xargs in
    foreach_configured_profile() when loading valid cache files. This used to
    be needed when apparmor_parser would generate different binary caches when
    compiling policy one profile at a time and all at once. That bug is long
    fixed and removing -n1 gives a significant performance improvement for
    boots with valid cache files (~65% on armhf)
 -- Jamie Strandboge <email address hidden>   Fri, 12 Sep 2014 13:45:35 -0500
Superseded in utopic-release on 2014-09-12
Deleted in utopic-proposed on 2014-09-14 (Reason: moved to release)
apparmor (2.8.96~2652-0ubuntu3) utopic; urgency=medium

  * 08-phpsysinfo-policy-updates.patch: update for new phpsysinfo on Ubuntu
    14.10
  * 09-apache2-policy-instructions.patch: update for recent Debian/Ubuntu
    packaging
  * debian/control: update Breaks for apparmor-easyprof-ubuntu, libvirt-bin,
    and lightdm. Add Breaks on rsyslog.

Superseded in utopic-release on 2014-09-09
Deleted in utopic-proposed on 2014-09-10 (Reason: moved to release)
apparmor (2.8.96~2541-0ubuntu3.1) utopic; urgency=medium

  * Updates for perl 5.20 multiarch transition
    - debian/libapparmor-perl.install: don't hardcode usr/lib/perl5 but
      instead use $Config{vendorarch} in an executable install file. Make it
      executable
    - debian/control: Build-Depends on debhelper (>= 9) (9 is needed to use
      an executable install file)
    - debian/patches/perl-multiarch.patch:
      + add @{multiarch} paths to perl abstraction
      + update logprof.conf, severity.db and corresponding tests for updated
        perl path
 -- Jamie Strandboge <email address hidden>   Tue, 19 Aug 2014 14:33:02 -0500
Superseded in precise-updates on 2017-03-28
Superseded in precise-security on 2017-03-28
apparmor (2.7.102-0ubuntu3.10) precise-security; urgency=medium

  * No change rebuild in the security pocket to ensure compatibility
    with the linux-lts-trusty kernel.
 -- Marc Deslauriers <email address hidden>   Mon, 11 Aug 2014 10:16:11 -0400
Superseded in utopic-release on 2014-08-27
Deleted in utopic-proposed on 2014-08-28 (Reason: moved to release)
apparmor (2.8.96~2541-0ubuntu2) utopic; urgency=medium

  * update-nameservice-abstraction-for-extrausers.patch: update nameservice
    abstraction to allow passwd and group when using libnss-extrausers
 -- Jamie Strandboge <email address hidden>   Mon, 28 Jul 2014 08:16:39 -0500
Superseded in utopic-release on 2014-07-28
Deleted in utopic-proposed on 2014-07-29 (Reason: moved to release)
apparmor (2.8.96~2541-0ubuntu1) utopic; urgency=medium

  * Updated to r2541 snapshot of 2.8.96:
    - removed upstreamed patches: convert-to-rules.patch, list-fns.patch,
      parse-mode.patch, add-decimal-interp.patch, policy_mediates.patch,
      fix-failpath.patch, feature_file.patch, fix-network.patch,
      aare-to-class.patch, add-mediation-unix.patch, parser_version.patch,
      caching.patch, label-class.patch, fix-lexer-debug.patch,
      use-diff-encode.patch, fix-serialize.patch,
      fix-ppc-endian-ftbfs.patch, opt_arg.patch, tests-cond-dbus.patch,
      initialize-mount-flags.patch, fix-typo-in-dbus_write.patch,
      limited-mount-rule-support.patch, bare-capability-rule-support.patch,
      check-config-for-sysctl.patch, increase-swap-size.patch,
      test-v6-policy.patch, test-mount-mediation.patch,
      mediate-signals.patch, change-signal-syntax.patch,
      mediate-ptrace.patch, change-ptrace-syntax.patch,
      test-signal-rules.patch, test-ptrace-rules.patch,
      update-tests-for-new-semantics.patch,
      fix-garbage-in-preprocessor-output.patch,
      fix-double-comma-in-preprocessor-output.patch,
      symtab-tests-and-seenlist-bug.patch, add-profile-name-variable.patch,
      fix-names-treated-as-condlistid.patch, manpage-signal-ptrace.patch,
      python-utils-file-support.patch, python-utils-signal-support.patch,
      python-utils-ptrace-support.patch,
      python-utils-pivot_root-support.patch.
  * Added upstart job (LP: #1305108)
    - debian/apparmor.upstart: new upstart job.
    - debian/apparmor.init: added click handling, move some code to
      unload_obsolete_profiles().
    - debian/lib/apparmor/functions: add unload_obsolete_profiles().
    - debian/apparmor.postinst, debian/apparmor-profiles.postinst: reload
      profiles directly since invoke-rc.d won't allow to do this easily
      with upstart and systemd jobs.
    - debian/rules: pass --no-start to dh_installinit since we're handling
      reloading profiles manually in the postinst scripts.
    - debian/control: add a versioned apparmor Depends to the
      apparmor-profiles package to make sure the required tools are
      installed for the postinst script.
 -- Marc Deslauriers <email address hidden>   Fri, 20 Jun 2014 07:20:34 -0400
Superseded in utopic-release on 2014-06-23
Published in trusty-release on 2014-04-04
Deleted in trusty-proposed (Reason: moved to release)
apparmor (2.8.95~2430-0ubuntu5) trusty; urgency=medium

  * debian/control: add versioned Breaks to apparmor for lxc, libvirt-bin,
    lightdm and apparmor-easyprof-ubuntu

Superseded in trusty-release on 2014-04-04
Deleted in trusty-proposed on 2014-04-05 (Reason: moved to release)
apparmor (2.8.95~2430-0ubuntu3) trusty; urgency=medium

  [ Jamie Strandboge ]
  * debian/lib/apparmor/functions: properly calculate number of profiles in
    /var/lib/apparmor/profiles (LP: #1295816)
  * autostart aa-notify via /etc/xdg/autostart instead of /etc/X11/Xsession.d
    (LP: #1288241)
    - remove debian/notify/90apparmor-notify
    - add debian/notify/apparmor-notify.desktop
    - debian/apparmor-notify.install: adjust for the above
    - add debian/apparmor-notify.maintscript to remove 90apparmor-notify
  * debian/notify/notify.conf: use_group should be set to "sudo" instead of
    "admin" (LP: #1009666)

  [ Tyler Hicks ]
  * debian/patches/initialize-mount-flags.patch: Initialize the variables
    containing mount rule flags to zero. Otherwise, the parser may set
    unexpected bits in the mount flags field for rules that do not specify
    mount flags. The uninitialized mount flag variables may have caused
    unexpected AppArmor denials during mount mediation. (LP: #1296459)
  * debian/patches/fix-typo-in-dbus_write.patch: Fix a bug in the
    apparmor/aa.py module that caused the utilities in the apparmor-utils
    package to write out network rules instead of dbus rules
  * debian/patches/limited-mount-rule-support.patch: Fix a bug in the
    apparmor/aa.py module that caused the utilities in the apparmor-utils
    package to traceback when encountering a mount rule (LP: #1294825)
  * debian/patches/bare-capability-rule-support.patch: Fix a bug in the
    apparmor/aa.py module that caused the utilities in the apparmor-utils
    package to traceback when encountering a bare capability rule
    (LP: #1294819)
  * debian/patches/check-config-for-sysctl.patch,
    debian/patches/increase-swap-size.patch: Fix bugs in the regression test
    suite that caused errors when running on ppc64el
  * debian/patches/test-v6-policy.patch,
    debian/patches/test-mount-mediation.patch: Improve the regression tests
    by increasing the mount rule test coverage
 -- Tyler Hicks <email address hidden>   Thu, 27 Mar 2014 14:12:29 -0500
Superseded in trusty-release on 2014-03-28
Deleted in trusty-proposed on 2014-03-29 (Reason: moved to release)
apparmor (2.8.95~2430-0ubuntu2) trusty; urgency=medium

  * debian/control: Depends on python-pkg-resources for python-apparmor and
    python3-pkg-resources for python3-apparmor to fix autopkgtests in
    click-apparmor and apparmor-easyprof-ubuntu
 -- Jamie Strandboge <email address hidden>   Thu, 20 Mar 2014 19:33:51 -0500
Superseded in trusty-release on 2014-03-21
Deleted in trusty-proposed on 2014-03-22 (Reason: moved to release)
apparmor (2.8.95~2430-0ubuntu1) trusty; urgency=low

  [ Jamie Strandboge ]

   * debian/debhelper/dh_apparmor: exit with error if aa-easyprof does not
     exist
   * debian/control: drop Depends on apparmor-easyprof to Suggests for
     dh-apparmor

  [ Seth Arnold, Jamie Strandboge, Steve Beattie, John Johansen, Tyler Hicks ]

  * New upstream snapshot (LP: #1278702, #1061693, #1285653) dropping very
    large Ubuntu delta and fixing the following bugs:
    - Adjust fonts abstraction for libthai (LP: #1278702)
    - Support translated XDG user directories (LP: #1061693)
    - Adjust abstractions/web-data to include /var/www/html (LP: #1285653)
      Refresh 0002-add-debian-integration-to-lighttpd.patch to include
      /etc/lighttpd/conf-available/*.conf
    - Adjust debian/libapparmor1.symbols to reflect new upstream versioning
      for the aa_query_label() function
    - Raise exceptions in Python bindings when something fails
  * ship new Python replacements for previous Perl-based tools
    - debian/apparmor-utils.install: remove usr/share/perl5/Immunix/*.pm and
      add usr/sbin/aa-autodep, usr/sbin/aa-cleanprof and usr/sbin/aa-mergeprof
    - debian/control:
      + remove various Perl dependencies
      + add python-apparmor and python3-apparmor
      + python3-apparmor Breaks: apparmor-easyprof to move the file since it
        ships dist-packages/apparmor/__init__.py now
    - debian/apparmor-utils.manpages: ship new manpages for aa-cleanprof and
      aa-mergeprof
    - debian/rules: build and install Python tools
  * debian/apparmor.install:
    - install apparmorfs, dovecot, kernelvars, securityfs, sys,
      and xdg-user-dirs tunables and xdg-user-dirs.d directory
  * debian/apparmor.dirs:
    - install /etc/apparmor.d/tunables/xdg-user-dirs.d
  * debian/rules: delete upstream-provided xdg-user-dirs.d/site.local
  * debian/apparmor.postinst: create xdg-user-dirs.d/site.local
  * debian/apparmor.postrm: remove xdg-user-dirs.d
  * Remaining patches:
    - add-chromium-browser.patch
    - add-debian-integration-to-lighttpd.patch
    - ubuntu-manpage-updates.patch
    - libapparmor-layout-deb.patch
    - libapparmor-mention-dbus-method-in-getcon-man.patch
    - etc-writable.patch
    - aa-utils_are_bilingual.patch
  * New patches:
    - convert-to-rules.patch
    - list-fns.patch
    - parse-mode.patch
    - add-decimal-interp.patch
    - policy_mediates.patch
    - fix-failpath.patch
    - feature_file.patch
    - fix-network.patch
    - aare-to-class.patch
    - add-mediation-unix.patch
    - parser_version.patch
    - caching.patch
    - label-class.patch
    - fix-lexer-debug.patch
    - use-diff-encode.patch
    - fix-serialize.patch
    - fix-ppc-endian-ftbfs.patch
    - opt_arg.patch
    - tests-cond-dbus.patch
  * Move manpages from libapparmor1 to libapparmor-dev
    - debian/libapparmor-dev.manpages: install aa_change_hat.2,
      aa_change_profile.2, aa_find_mountpoint.2, aa_getcon.2
    - debian/control: libapparmor-dev Replaces: and Breaks: libapparmor1
  * Move /usr/lib/python3/dist-packages/apparmor/__init__.py from
    apparmor-easyprof to python3-apparmor
    - debian/control: python3-apparmor Breaks: apparmor-easyprof
    - debian/apparmor-easyprof.install: remove
      usr/lib/python*.*/site-packages/apparmor*
  * New profiles and abstractions:
    - debian/apparmor.install: tunables/dovecot, tunables/kernelvars,
      tunables/xdg-user-dirs, tunables/xdg-user-dirs.d

Superseded in trusty-release on 2014-03-20
Deleted in trusty-proposed on 2014-03-22 (Reason: moved to release)
apparmor (2.8.0-0ubuntu38) trusty; urgency=low

  [ Tyler Hicks ]
  * 0084-parser-add-dbus-eavesdrop-perm.patch: Add an eavesdrop permission to
    the dbus rule type, allowing confined applications to eavesdrop. The only
    valid conditional for eavesdrop rules is 'bus'. See the apparmor.d(5) man
    page for more information. (LP: #1262440)

  [ Steve Beattie ]
  * 0085-push-normalize-tree-ops-into-expr-tree-classes.patch: Improve
    parser performance in some cases

  [ John Johansen ]
  * 0086-add-diff-state-compression-to-dfa.patch: Implement differential
    state compression in the parser
  * 0087-fix-dfa-minimization.patch: Fix a parser bug that caused some DFAs to
    not be fully minimized (LP: #1262938)
  * 0088-fix-pol-generation-for-small-dfas.patch: Fixes bugs in the parser
    when generating policy for some small DFAs
 -- Tyler Hicks <email address hidden>   Mon, 13 Jan 2014 11:17:42 -0600
Superseded in trusty-release on 2014-01-17
Deleted in trusty-proposed on 2014-01-18 (Reason: moved to release)
apparmor (2.8.0-0ubuntu37) trusty; urgency=low

  [ Jan Rękorajski ]
  * 0082-parser-fix-FTBFS-with-bison-3.patch: Fix parser FTBFS with bison 3

  [ Steve Beattie ]
  * 0083-libapparmor-require-libtoolize.patch: Fix FTBFS by switching
    the autogen.sh script to use libtoolize instead of libtool
 -- Tyler Hicks <email address hidden>   Fri, 10 Jan 2014 13:48:43 -0600
Superseded in trusty-proposed on 2014-01-10
apparmor (2.8.0-0ubuntu36) trusty; urgency=medium

  * Rebuild for python3.4 as a supported python version.
 -- Matthias Klose <email address hidden>   Sat, 04 Jan 2014 18:30:59 +0000

Available diffs

Superseded in trusty-release on 2014-01-10
Deleted in trusty-proposed on 2014-01-12 (Reason: moved to release)
apparmor (2.8.0-0ubuntu35) trusty; urgency=low

  * abstractions/nameservice: Also allow access to the sssd nss pipe.
 -- Stephane Graber <email address hidden>   Fri, 29 Nov 2013 13:44:49 -0500
Superseded in trusty-release on 2013-11-29
Deleted in trusty-proposed on 2013-12-01 (Reason: moved to release)
apparmor (2.8.0-0ubuntu34) trusty; urgency=low

  [ Tyler Hicks ]
  * 0078-parser-check-for-dbus-kernel-support.patch: The parser should not
    include D-Bus rules in the binary policy that it loads into the kernel if
    the kernel does not support D-Bus rules (LP: #1231778)
  * 0079-utils-ignore-unsupported-log-events.patch: aa-logprof should ignore
    audit events that it does not yet support instead of treating them as
    errors (LP: #1243932)
  * 0080-tests-use-ldconfig-for-library-detection.patch: Fix libapparmor
    detection in regression tests after the multiarch changes

  [ Jamie Strandboge ]
  * 0081-python-abstraction-updates.patch: Add rules in support of Python 3.3

  [ Chad Miller ]
  * debian/patches/0001-add-chromium-browser.patch: Follow new chromium-browser
    sandbox name.  Keep old name for now to allow transition. LP: #1247269
 -- Tyler Hicks <email address hidden>   Mon, 04 Nov 2013 15:57:30 -0800
Obsolete in saucy-updates on 2015-04-24
Deleted in saucy-proposed on 2015-04-28 (Reason: moved to -updates)
apparmor (2.8.0-0ubuntu31.1) saucy-proposed; urgency=low

  * 0078-parser-check-for-dbus-kernel-support.patch: The parser should not
    include D-Bus rules in the binary policy that it loads into the kernel if
    the kernel does not support D-Bus rules (LP: #1231778)
  * 0079-utils-ignore-unsupported-log-events.patch: aa-logprof should ignore
    audit events that it does not yet support instead of treating them as
    errors (LP: #1243932)
 -- Tyler Hicks <email address hidden>   Mon, 04 Nov 2013 13:22:22 -0800
Superseded in trusty-release on 2013-11-08
Deleted in trusty-proposed on 2013-11-10 (Reason: moved to release)
apparmor (2.8.0-0ubuntu33) trusty; urgency=low

  * Convert to dh.
  * Bump to debhelper compat level 9 for multiarch support.
  * Mark libapparmor1, libapparmor-dev Multi-Arch: same.  LP: #1246067.
 -- Steve Langasek <email address hidden>   Thu, 31 Oct 2013 13:23:57 -0700
Superseded in trusty-release on 2013-10-31
Deleted in trusty-proposed on 2013-11-02 (Reason: moved to release)
apparmor (2.8.0-0ubuntu32) trusty; urgency=low

  * no change rebuild for perl 5.18
 -- Jamie Strandboge <email address hidden>   Mon, 21 Oct 2013 13:28:26 -0500

Available diffs

Superseded in trusty-release on 2013-10-24
Obsolete in saucy-release on 2015-04-24
Deleted in saucy-proposed on 2015-04-28 (Reason: moved to release)
apparmor (2.8.0-0ubuntu31) saucy; urgency=low

  * 0077_aa-status-is-bilingual.patch: aa-status was written to work with
    python 2 or 3. Upstream is still using 2, so adjust ours to use
    /usr/bin/python3 to avoid pulling python 2 back to the desktop images
 -- Jamie Strandboge <email address hidden>   Fri, 11 Oct 2013 15:35:03 -0500

Available diffs

Superseded in saucy-release on 2013-10-11
Deleted in saucy-proposed on 2013-10-13 (Reason: moved to release)
apparmor (2.8.0-0ubuntu30) saucy; urgency=low

  [ Tyler Hicks ]
  * debian/patches/0059-dbus-rules-for-dbus-abstractions.patch: Add an
    abstraction for the accessibility bus. It is currently very permissive,
    like the dbus and dbus-session abstractions, and grants all permissions on
    the accessibility bus. (LP: #1226141)
  * debian/patches/0071-lp1226356.patch: Fix issues in parsing D-Bus and mount
    rules. Both rule classes suffered from unexpected auditing behavior when
    using the 'deny' and 'audit deny' rule modifiers. The 'deny' modifier
    resulting in accesses being audited and the 'audit deny' modifier
    resulting in accesses not being audited. (LP: #1226356)
  * debian/patches/0072-lp1229393.patch: Fix cache location for .features
    file, which was not being written to the proper location if the parameter
    --cache-loc= is passed to apparmor_parser. This bug resulted in using the
    .features file from /etc/apparmor.d/cache or always recompiling policy.
    Patch thanks to John Johansen. (LP: #1229393)
  * debian/patches/0073-lp1208988.patch: Update AppArmor file rules of UNIX
    domain sockets to include read and write permissions. Both permissions are
    required when a process connects to a UNIX domain socket. Also include new
    tests for mediation of UNIX domain sockets. Thanks to Jamie Strandboge for
    helping with the policy updates and testing. (LP: #1208988)
  * debian/patches/0075-lp1211380.patch: Adjust the audio abstraction to only
    grant access to specific pulseaudio files in the pulse runtime directory
    to remove access to potentially dangerous files (LP: #1211380)

  [ Jamie Strandboge ]
  * debian/patches/0074-lp1228882.patch: typo in ubuntu-browsers.d/multimedia
    (LP: #1228882)
  * 0076_sanitized_helper_dbus_access.patch: allow applications run under
    sanitized_helper to connect to DBus
 -- Tyler Hicks <email address hidden>   Fri, 04 Oct 2013 17:29:52 -0700
Superseded in saucy-release on 2013-10-08
Deleted in saucy-proposed on 2013-10-10 (Reason: moved to release)
apparmor (2.8.0-0ubuntu29) saucy; urgency=low

  * Add 0070-etc-writable.patch: Allow reading time configuration from
    /etc/writable, as we have it on the phone. (LP: #1227520)
 -- Martin Pitt <email address hidden>   Tue, 01 Oct 2013 09:55:15 +0200
Superseded in saucy-release on 2013-10-01
Deleted in saucy-proposed on 2013-10-02 (Reason: moved to release)
apparmor (2.8.0-0ubuntu28) saucy; urgency=low

  [ Tyler Hicks ]
  * Move the aa-exec man page out of apparmor-utils into apparmor, since
    aa-exec is now in apparmor
    - debian/control: adjust Breaks/Replaces to use apparmor-utils
      (<< 2.8.0-0ubuntu28)
    - debian/apparmor.manpages: install the aa-exec man page
    - debian/apparmor-utils.manpages: don't install the aa-exec man page
  * debian/patches/0065-lp1220861.patch: Always NUL-terminate confinement
    context strings returned from libapparmor (LP: #1220861)
  * debian/patches/0066-lp1196880.patch: Don't assign mode pointer in
    aa_getprocattr() if caller passed in NULL (LP: #1196880)
  * debian/patches/0067-libapparmor-mode-strings-are-not-to-be-freed.patch:
    Update man page and code comments to make it clear that freeing the *con
    string returned from libapparmor's getcon functions also frees the *mode
    string
  * debian/patches/0068-libapparmor-mention-dbus-method-in-getcon-man.patch:
    Document the D-Bus method, in the aa_getcon man page, that returns the
    AppArmor task confinement string of a D-Bus connection

  [ Jamie Strandboge ]
  * debian/patches/0069-p11kit-abstraction.patch: p11-kit needs access to
    /usr/share/p11-kit/modules
 -- Jamie Strandboge <email address hidden>   Tue, 10 Sep 2013 12:06:06 -0500
Superseded in saucy-release on 2013-09-10
Deleted in saucy-proposed on 2013-09-12 (Reason: moved to release)
apparmor (2.8.0-0ubuntu27) saucy; urgency=low

  * debian/apport/source_apparmor.py: AppArmor logs DBus messages to syslog,
    adjust apport hook to also search there for denials
 -- Jamie Strandboge <email address hidden>   Tue, 03 Sep 2013 10:25:45 -0500
Superseded in saucy-release on 2013-09-05
Deleted in saucy-proposed on 2013-09-06 (Reason: moved to release)
apparmor (2.8.0-0ubuntu26) saucy; urgency=low

  * debian/patches/0064-lp1218099.patch: add support for variable expansion in
    dbus rules (LP: #1218099)
 -- Jamie Strandboge <email address hidden>   Thu, 29 Aug 2013 16:28:36 -0500
Superseded in saucy-release on 2013-08-30
Deleted in saucy-proposed on 2013-08-31 (Reason: moved to release)
apparmor (2.8.0-0ubuntu25) saucy; urgency=low

  [ Tyler Hicks ]
  * Add support for mediation of D-Bus messages and services. AppArmor D-Bus
    rules are described in the apparmor.d(5) man page. dbus-daemon will use
    libapparmor to perform queries against the AppArmor policies to determine
    if a connection should be able to send messages to another connection, if
    a connection should be able to receive messages from another connection,
    and if a connection should be able to bind to a well-known name.
    - 0042-Fix-mount-rule-preprocessor-output.patch,
      0043-libapparmor-Safeguard-aa_getpeercon-buffer-reallocat.patch,
      0044-libapparmor-fix-return-value-of-aa_getpeercon_raw.patch,
      0045-libapparmor-Move-mode-parsing-into-separate-function.patch,
      0046-libapparmor-Parse-mode-from-confinement-string-in-ge.patch,
      0047-libapparmor-Make-aa_getpeercon_raw-similar-to-aa_get.patch,
      0048-libapparmor-Update-aa_getcon-man-page-to-reflect-get.patch:
      Backport parser and libapparmor pre-requisites for D-Bus mediation
    - 0049-parser-Update-man-page-for-DBus-rules.patch: Update apparmor.d man
      page
    - 0050-parser-Add-support-for-DBus-rules.patch,
      0051-parser-Regression-tests-for-DBus-rules.patch,
      0052-parser-Binary-profile-equality-tests-for-DBus-rules.patch: Add
      apparmor_parser support for D-Bus mediation rules
    - 0053-libapparmor-Export-a-label-based-query-interface.patch,
      debian/libapparmor1.symbols: Provide the libapparmor interface necessary
      for trusted helpers to make security decisions based upon AppArmor
      policy
    - 0054-libaalogparse-Parse-dbus-daemon-audit-messages.patch,
      0055-libaalogparse-Regression-tests-for-dbus-daemon-audit.patch: Allow
      applications to parse denials, generated by dbus-daemon, using
      libaalogparse and add a set of regression tests
    - 0056-tests-Add-an-optional-final-check-to-checktestfg.patch,
      0057-tests-Add-required-features-check.patch,
      0058-tests-Add-regression-tests-for-dbus.patch: Add regression tests
      which start their own dbus-daemon, load profiles containing D-Bus rules,
      and confine simple D-Bus service and client applications
    - 0059-dbus-rules-for-dbus-abstractions.patch: Add bus-specific, but
      otherwise permissive, D-Bus rules to the dbus and dbus-session
      abstractions. Confined applications that use D-Bus should already be
      including these abstractions in their profiles so this should be a
      seamless transition for those profiles.
  * 0060-utils-make_clean_fixup.patch: Clean up the Python cache in the
    AppArmor tests directory
  * 0061-profiles-dnsmasq-needs-dbus-abstraction.patch: Dnsmasq uses the
    system D-Bus when it is started with --enable-dbus, so its AppArmor
    profile needs to include the system bus abstraction
  * 0062-fix-clone-test-on-arm.patch: Fix compiler error when building
    regression tests on ARM
  * 0063-utils-ignore-unsupported-rules.patch: Utilities that use the
    Immunix::AppArmor perl module, such as aa-logprof and aa-genprof, error
    out when they encounter rules unsupported by the perl module. This patch
    ignores unsupported rules.

  [ Jamie Strandboge ]
  * debian/control: don't have easyprof Depends on apparmor-easyprof-ubuntu
 -- Tyler Hicks <email address hidden>   Mon, 26 Aug 2013 15:32:12 -0700
Superseded in precise-updates on 2014-08-11
Deleted in precise-proposed on 2014-08-13 (Reason: moved to -updates)
apparmor (2.7.102-0ubuntu3.9) precise-proposed; urgency=low

  * 0041-parser-fix-flags.patch: increase the size of the fixed 'features'
    buffer to support newer kernels with more apparmor features (LP: #1214979)
 -- Seth Arnold <email address hidden>   Mon, 26 Aug 2013 11:31:51 -0700
Superseded in saucy-release on 2013-08-27
Deleted in saucy-proposed on 2013-08-29 (Reason: moved to release)
apparmor (2.8.0-0ubuntu24) saucy; urgency=low

  * 0040-libapparmor-support-pkg-config.patch: Make it easier for other
    sources to build against libapparmor with pkg-config
    - debian/control: Add pkg-config as a Build-Depends
    - debian/libapparmor-dev.install: Install libapparmor pkg-config file
  * 0041-parser-fix-flags.patch: Minimal fix for cache failures when the
    feature file is larger than the feature buffer used for cache version
    comparison
 -- Tyler Hicks <email address hidden>   Thu, 15 Aug 2013 16:34:53 -0700
Superseded in saucy-release on 2013-08-16
Deleted in saucy-proposed on 2013-08-17 (Reason: moved to release)
apparmor (2.8.0-0ubuntu23) saucy; urgency=low

  * debian/patches/0038-lp1200392.patch: allow mmap of fglrx dri libraries
    (LP: #1200392)
  * debian/patches/0039-fix-parser-cache-loc.patch: fix apparmor cache
    tempfile location to use passed arg
  * debian/lib/apparmor/functions: update to also load from
    /var/lib/apparmor/profiles and write cache to /var/cache/apparmor
  * debian/apparmor.dirs: create /var/cache/apparmor and
    /var/lib/apparmor/profiles
 -- Jamie Strandboge <email address hidden>   Tue, 23 Jul 2013 21:36:40 -0500
Superseded in saucy-release on 2013-07-18
apparmor (2.8.0-0ubuntu19.1) saucy; urgency=low

  * Refresh easyprof
    - drop 0034-easyprof-dont-add-vendor-dir.patch
  * debian/patches/0037-easyprof-sdk-pt2.patch: update easyprof for the
    following:
    - don't add vendor directory to self.templates and self.policy_groups
    - utils/aa-easyprof: adjust error message for manifest read failure
    - utils/aa-easyprof: adjust to use EnvironmentError on failed read of the
      manifest
    - utils/apparmor/easyprof.py: clean up set_template()
    - utils/apparmor/easyprof.py: read_paths should use 'rk'
    - utils/test/test-aa-easyprof.py: adjust tests for above
    - utils/apparmor/easyprof.py
      + valid_path should verify os.path.normpath(path) == (path)
      + adjust valid_profile_name() to start with alpha-numeric and allow
        Debian source package names and version, plus '_'
      + adjust tests for above
    - update valid_variable() to check for valid_path if '/' is in the value
    - adjust valid_path() to have a relative_ok flag (default to False)
    - adjust valid_path() to verify path is same as normalized path
    - add some valid_path() test cases
    - adjust to always quote template vars in policy output
    - add a couple tests that have spaces in the binary and template var
    - update manifest JSON structure to use
      m['security']['profiles']['profile_name'] instead of
      m['security']['profile_name']
  * remove debian/patches/0033-add-ubuntu-sdk-abstractions.patch. We will
    for now ship policy groups instead of abstractions like this
  * debian/apparmor.maintscript: rm_conffile on ubuntu-sdk-base
 -- Jamie Strandboge <email address hidden>   Wed, 03 Jul 2013 17:29:57 -0500
Superseded in saucy-release on 2013-07-25
Deleted in saucy-proposed on 2013-07-26 (Reason: moved to release)
apparmor (2.8.0-0ubuntu22) saucy; urgency=low

  * Refresh easyprof
    - drop 0034-easyprof-dont-add-vendor-dir.patch
    - drop 0035-easyprof-update-manpage-for-sdk-base.patch
  * debian/patches/0037-easyprof-sdk-pt2.patch: update easyprof for the
    following:
    - don't add vendor directory to self.templates and self.policy_groups
    - utils/aa-easyprof: adjust error message for manifest read failure
    - utils/aa-easyprof: adjust to use EnvironmentError on failed read of the
      manifest
    - utils/apparmor/easyprof.py: clean up set_template()
    - utils/apparmor/easyprof.py: read_paths should use 'rk'
    - utils/test/test-aa-easyprof.py: adjust tests for above
    - utils/apparmor/easyprof.py
      + valid_path should verify os.path.normpath(path) == (path)
      + adjust valid_profile_name() to start with alpha-numeric and allow
        Debian source package names and version, plus '_'
      + adjust tests for above
    - update valid_variable() to check for valid_path if '/' is in the value
    - adjust valid_path() to have a relative_ok flag (default to False)
    - adjust valid_path() to verify path is same as normalized path
    - add some valid_path() test cases
    - adjust to always quote template vars in policy output
    - add a couple tests that have spaces in the binary and template var
    - update manifest JSON structure to use
      m['security']['profiles']['profile_name'] instead of
      m['security']['profile_name']
 -- Jamie Strandboge <email address hidden>   Sun, 07 Jul 2013 19:37:56 -0500
Superseded in saucy-proposed on 2013-07-08
apparmor (2.8.0-0ubuntu21) saucy; urgency=low

  * Apache 2.4 transition (LP: #1197617, Closes: 666808). Based on patch from
    intrigeri
    - debian/control:
      + Build-Depends on apache2-dev and dh-apache2 instead of
        apache2-prefork-dev
      + adjust libapache2-mod-apparmor to not Depends on apache2.2-common
      + adjust libapache2-mod-apparmor to Pre-Depends: ${misc:Pre-Depends}
    - create debian/libapache2-mod-apparmor.apache2
    - debian/rules: adjust to use dh_apache2 --noenable
    - debian/libapache2-mod-apparmor.maintscript: remove old prefork profile
    - debian/libapache2-mod-apparmor.install: install new usr.sbin.apache2
      profile
    - debian/libapache2-mod-apparmor.{preinst,postinst,postrm}: update to use
      usr.sbin.apache2
    - debian/libapache2-mod-apparmor.postinst: remove the disable symlink for
      old prefork profile
    - debian/patches/0036-libapache2-mod-apparmor-profile-2.4.patch: update
      mod_apparmor man page to mention loading mpm_prefork, add new
      usr.sbin.apache2 profile and remove old prefork profile
  * debian/rules: honor DEB_BUILD_OPTIONS=nocheck

Superseded in saucy-proposed on 2013-07-04
apparmor (2.8.0-0ubuntu20) saucy; urgency=low

  * remove debian/patches/0033-add-ubuntu-sdk-abstractions.patch. We will
    for now ship policy groups instead of abstractions like this
  * debian/apparmor.maintscript: rm_conffile on ubuntu-sdk-base
  * debian/patches/0035-easyprof-update-manpage-for-sdk-base.patch: add
    sdk-base as a typical policy group
 -- Jamie Strandboge <email address hidden>   Wed, 03 Jul 2013 17:29:57 -0500
Superseded in saucy-release on 2013-07-08
Deleted in saucy-proposed on 2013-07-09 (Reason: moved to release)
apparmor (2.8.0-0ubuntu19) saucy; urgency=low

  * debian/patches/0034-easyprof-dont-add-vendor-dir.patch: don't add vendor
    directory to self.templates and self.policy_groups
  * debian/patches/0030-easyprof-sdk.patch: mentioned patch has been forwarded
    upstream
 -- Jamie Strandboge <email address hidden>   Tue, 02 Jul 2013 09:24:23 -0500
Superseded in saucy-release on 2013-07-02
Deleted in saucy-proposed on 2013-07-03 (Reason: moved to release)
apparmor (2.8.0-0ubuntu18) saucy; urgency=low

  * debian/patches/0030-easyprof-sdk.patch: refreshed for the following:
    - man page updates
    - add --output-format=json option
    - add --verify-manifest
    - add --policy-version and --policy-vendor which to better work with
      vendor templates (ie, with apparmor-easyprof-ubuntu)
    - restructed JSON format (should be final version now). This converts
      abstractions and policy_groups to proper JSON lists and allows for
      multiple profiles in the JSON file, keyed off of the profile name
    - add --output-directory option as an alternative to stdout (particularly
      useful when using multiple profiles in a JSON file)
    - also remove ubuntu-sdk-base abstraction. This may move out but for now
      put it in a different patch
    - add verify_options() and some utility functions for input validation
    - unconditionally quote profile name and binary
    - remove Ubuntu-specific checks in verify_manifest and check profile_name
      with binary harder
  * debian/patches/0033-add-ubuntu-sdk-abstractions.patch: add ubuntu-sdk-base
    abstraction
 -- Jamie Strandboge <email address hidden>   Mon, 01 Jul 2013 17:20:33 -0500
Superseded in saucy-release on 2013-07-02
Deleted in saucy-proposed on 2013-07-03 (Reason: moved to release)
apparmor (2.8.0-0ubuntu17) saucy; urgency=low

  * debian/patches/0032-lp1195362.patch: don't pull in unused perl modules
    (LP: #1195362)
  * debian/rules: use dh_perl -d with libapparmor-perl to Depends on perl-base
    instead of perl
  * debian/patches/0030-easyprof-sdk.patch: update to remove the ubuntu
    specific templates and policy groups. These will be shipped in
    apparmor-easyprof-ubuntu
  * debian/control: have apparmor-easyprof Depends on apparmor-easyprof-ubuntu
 -- Jamie Strandboge <email address hidden>   Fri, 28 Jun 2013 12:01:06 -0500
Superseded in saucy-release on 2013-06-28
Deleted in saucy-proposed on 2013-06-30 (Reason: moved to release)
apparmor (2.8.0-0ubuntu16) saucy; urgency=low

  * debian/patches/0030-easyprof-sdk.patch: update to have
    - /usr/share/icons/gnome/index.theme should have 'rk' added to qmlscene
      policy group
    - add ubuntu-sdk-html5 template
    - add qmlscene-webview policygroup
  * debian/patches/0031-move-poppler-cmap-to-fonts.patch: more than just
    gnome applications access /usr/share/poppler/cMap/**
 -- Jamie Strandboge <email address hidden>   Tue, 25 Jun 2013 15:58:33 -0500
Superseded in saucy-proposed on 2013-06-25
apparmor (2.8.0-0ubuntu15) saucy; urgency=low

  * move aa-exec out of apparmor-utils into apparmor, since we want it in the
    default install
    - debian/control: adjust Breaks/Replaces to use apparmor-utils
      <<2.8.0-0ubuntu15) and have apparmor Depends on libapparmor-perl
    - debian/apparmor.install: install aa-exec
    - debian/apparmor-utils.install: don't install aa-exec
 -- Jamie Strandboge <email address hidden>   Tue, 25 Jun 2013 11:48:25 -0500

Available diffs

Superseded in saucy-proposed on 2013-06-25
apparmor (2.8.0-0ubuntu14) saucy-proposed; urgency=low

  * debian/patches/0029-easyprof-update-for-aa-sandbox.patch: add aa-sandbox
    utility to source, but don't install yet. This includes code refactoring
    for easyprof, which is required for the next patch
  * debian/patches/0030-easyprof-sdk.patch: add SDK support to easyprof (don't
    include DBus includes yet)
  * create apparmor-easyprof package
    - adjust debian/control for new packages and Breaks/Replaces on
      apparmor-utils 2.8.0-0ubuntu14
    - create debian/apparmor-easyprof.install
    - debian/apparmor-utils.install: don't install easyprof. python libraries
      moved to easyprof for now since it is the only consumer
    - debian/apparmor-utils.manpages: move easyprof manpage to
      debian/apparmor-easyprof.manpages
    - debian/rules: dh_python3 should also run on apparmor-easyprof
  * debian/control: dh-apparmor should Depends on apparmor-easyprof
  * debian/debhelper/dh_apparmor: update to support --manifest argument
 -- Jamie Strandboge <email address hidden>   Mon, 24 Jun 2013 09:49:44 -0500
Superseded in saucy-release on 2013-06-27
Deleted in saucy-proposed on 2013-06-29 (Reason: moved to release)
apparmor (2.8.0-0ubuntu13) saucy-proposed; urgency=low

  * 0021-webapps_abstraction.patch: update to allow 'w' access to
    ~/.local/share/unity-webapps/availableapps*.db and 'rk' access to
    ~/.config/libaccounts-glib/accounts.db (LP: #1169633)
 -- Jamie Strandboge <email address hidden>   Mon, 10 Jun 2013 10:49:46 -0500

Available diffs

Superseded in saucy-release on 2013-06-10
Deleted in saucy-proposed on 2013-06-11 (Reason: moved to release)
apparmor (2.8.0-0ubuntu12) saucy; urgency=low

  * 0027-add-gnome-keyring-to-strict.patch: add @{HOME}/.gnome2/keyrings/** to
    abstractions/private-files-strict
  * 0028-add-upstart-to-private.patch: deny writes to upstart user sessions
    jobs in abstractions/private-files
 -- Jamie Strandboge <email address hidden>   Mon, 13 May 2013 13:04:54 -0500

Available diffs

Superseded in saucy-release on 2013-05-13
Obsolete in raring-release on 2015-04-24
Deleted in raring-proposed on 2015-04-27 (Reason: moved to release)
apparmor (2.8.0-0ubuntu11) raring; urgency=low

  * 0025-update-pulseaudio-paths.patch: update path for pulseaudio directory
    and cookie files
  * 0026-add-vm_overcommit_memory.patch: add read access to
    @{PROC}/sys/vm/overcommit_memory
  * update 0001-add-chromium-browser.patch:
    - additional accesses required by newer chromium-browser. Patch based on
      work by Simon Deziel (LP: #1154164)
    - don't include abstractions already included via gnome abstraction
    - allow access to dconf/gsettings, required now
 -- Jamie Strandboge <email address hidden>   Mon, 08 Apr 2013 14:57:14 -0500
Superseded in precise-updates on 2013-09-04
Superseded in precise-proposed on 2013-08-27
apparmor (2.7.102-0ubuntu3.8) precise-proposed; urgency=low

  * 0022-aa-logprof-PUx_rewrite_fix-lp982619.patch: fix aa-logprof
    rewrite of PUx modes (LP: #982619)
  * 0023-lp1091642-parser-reset_matchflags.patch: prevent reuse of
    matchflags in parser dfa backend and add testcase demonstrating
    the problem (LP: #1091642)
  * 0024-profiles-allow_exo-open-lp987578.patch: allow exo-open to work
    within ubuntu-integration (LP: #987578)
 -- Steve Beattie <email address hidden>   Thu, 24 Jan 2013 11:40:48 -0800
Obsolete in quantal-updates on 2015-04-24
Deleted in quantal-proposed on 2015-05-01 (Reason: moved to -updates)
apparmor (2.8.0-0ubuntu5.1) quantal-proposed; urgency=low

  [ Steve Beattie ]
  * 0023-lp1091642-parser-reset_matchflags.patch: prevent reuse of
    matchflags in parser dfa backend and add testcase demonstrating the
    problem (LP: #1091642)

  [ Jamie Strandboge ]
  * debian/patches/0001-add-chromium-browser.patch: add accesses for chromium
    23 (LP: #1091862)
  * debian/patches/0024-fix-racy-onexec-test.patch: fix race in onexec.sh
    kernel regression test
 -- Steve Beattie <email address hidden>   Tue, 18 Dec 2012 05:42:58 -0800
Superseded in precise-updates on 2013-08-27
Superseded in precise-security on 2014-08-11
apparmor (2.7.102-0ubuntu3.7) precise-security; urgency=low

  * debian/patches/0001-add-chromium-browser.patch:
    - add access for newer versions of chromium (LP: #1091862)
    - add a child profile for xdgsettings (LP: #1045986)
  * debian/patches/0021-fix-racy-onexec-test.patch: fix race in onexec.sh
    kernel regression test
 -- Jamie Strandboge <email address hidden>   Wed, 19 Dec 2012 07:51:38 -0600
Obsolete in oneiric-updates on 2015-04-24
Obsolete in oneiric-security on 2015-04-24
apparmor (2.7.0~beta1+bzr1774-1ubuntu2.2) oneiric-security; urgency=low

  * debian/patches/0001-add-chromium-browser.patch:
    - add various accesses for newer chromium versions (LP: #1091862)
    - add a child profile for xdgsettings (LP: #1045986)
  * debian/put-all-profiles-in-complain-mode.sh: deal with existing flags
 -- Jamie Strandboge <email address hidden>   Tue, 18 Dec 2012 11:53:38 -0600
Superseded in raring-release on 2013-04-10
Deleted in raring-proposed on 2013-04-11 (Reason: moved to release)
apparmor (2.8.0-0ubuntu10) raring; urgency=low

  * debian/patches/0001-add-chromium-browser.patch: add accesses for chromium
    23 (LP: #1091862)
 -- Jamie Strandboge <email address hidden>   Tue, 18 Dec 2012 15:20:05 -0600

Available diffs

Superseded in raring-release on 2012-12-18
Deleted in raring-proposed on 2012-12-20 (Reason: moved to release)
apparmor (2.8.0-0ubuntu9) raring; urgency=low

  * debian/control: make libnotify-bin a Suggests rather than a Recommends
    since it is assumed to already be installed on the desktop and so server
    environments don't have to pull in a lot of X dependencies (LP: #1061879)

Superseded in raring-proposed on 2012-12-18
apparmor (2.8.0-0ubuntu8) raring; urgency=low

  [ Steve Beattie ]
  * 0024-lp1091642-parser-reset_matchflags.patch: prevent reuse of
    matchflags in parser dfa backend and add testcase demonstrating the
    problem (LP: #1091642)

  [ Jamie Strandboge ]
  * debian/debhelper/postinst-apparmor: quote all occurences of #PROFILE#.
 -- Steve Beattie <email address hidden>   Tue, 18 Dec 2012 04:53:28 -0800

Available diffs

Superseded in precise-updates on 2012-12-19
Deleted in precise-proposed on 2012-12-21 (Reason: moved to -updates)
apparmor (2.7.102-0ubuntu3.5) precise-proposed; urgency=low

  * Allow reading of /etc/vdpau_wrapper.cfg in multimedia abstraction
    (LP: #967091)
    - add debian/patches/0020-vdpau_wrapper.patch
    - update debian/patches/series
 -- Micah Gersten <email address hidden>   Thu, 29 Nov 2012 19:50:01 -0600
Superseded in raring-release on 2012-12-18
Deleted in raring-proposed on 2012-12-20 (Reason: moved to release)
apparmor (2.8.0-0ubuntu7) raring; urgency=low

  * Rebuild to drop python3.2 extension.
 -- Matthias Klose <email address hidden>   Thu, 08 Nov 2012 11:15:26 +0000

Available diffs

Superseded in raring-release on 2012-11-08
Deleted in raring-proposed on 2012-11-09 (Reason: moved to release)
apparmor (2.8.0-0ubuntu6) raring-proposed; urgency=low

  * Build python swig modules for all supported pythons.
  * Use dh_python2 instead of obsolete dh_python.
  * Remove duplicate chrpath from control.
  * Remove unneeded quilt dependency.
  * Bump standards version to 3.9.4, no changes needed.
 -- Dmitrijs Ledkovs <email address hidden>   Tue, 23 Oct 2012 12:37:39 +0100

Available diffs

Superseded in precise-updates on 2012-11-30
Superseded in precise-security on 2012-12-19
apparmor (2.7.102-0ubuntu3.4) precise-security; urgency=low

  * debian/debhelper/postrm.apparmor: do not delete local files if main
    conffile still exists since it probably means it is owned by a
    new/different package. (LP: #986892)
 -- Marc Deslauriers <email address hidden>   Sat, 20 Oct 2012 16:55:18 -0400
Superseded in raring-release on 2012-10-23
Obsolete in quantal-release on 2015-04-24
apparmor (2.8.0-0ubuntu5) quantal; urgency=low

  [ Micah Gersten ]
  * Allow /etc/vdpau_wrapper.cfg r and /var/lib/xine/gxine.desktop r
    in the multimedia browser abstraction (LP: #1057642)
    - update profiles/apparmor.d/abstractions/ubuntu-browsers.d/multimedia

  [ Steve Beattie ]
  * debian/control: make libnotify-bin a Recommends rather than a
    Depends for use in server environments (LP: #1061879)
  * debian/patches/0020-coredump_tests.patch: fix coredump regression
    tests (LP: #1050430)
  * debian/patches/0021-webapps_abstraction.patch: add a few items
    triggered by using and installing webapps in firefox (LP: #1056418)
  * debian/patches/0022-aa-decode-stdin.patch: fix aa-decode to process
    stdin correctly and decode encoded profiles names
 -- Steve Beattie <email address hidden>   Tue, 09 Oct 2012 12:44:56 -0700

Available diffs

Superseded in precise-updates on 2012-10-26
Deleted in precise-proposed on 2012-10-27 (Reason: moved to -updates)
apparmor (2.7.102-0ubuntu3.2) precise-proposed; urgency=low

  * Allow /var/lib/sss/mc/{group|passwd} for systems using sssd.
    (LP: #1056391)
 -- Stephane Graber <email address hidden>   Tue, 25 Sep 2012 15:26:11 -0400
Superseded in quantal-release on 2012-10-09
apparmor (2.8.0-0ubuntu4) quantal; urgency=low

  * Allow /var/lib/sss/mc/{group|passwd} for systems using sssd.
    (LP: #1056391)
 -- Stephane Graber <email address hidden>   Tue, 25 Sep 2012 14:59:57 -0400

Available diffs

Superseded in quantal-release on 2012-09-27
apparmor (2.8.0-0ubuntu3) quantal; urgency=low

  * remove 0010-lp972367.patch and 0012-lp964510.patch which should have been
    dropped in 2.8.0-0ubuntu1 since they are included upstream
  * debian/patches/0001-add-chromium-browser.patch:
    - add a couple of small accesses
    - add a child profile for xdgsettings (LP: #1045986)
 -- Jamie Strandboge <email address hidden>   Mon, 17 Sep 2012 08:26:46 -0500

Available diffs

Superseded in quantal-release on 2012-09-17
apparmor (2.8.0-0ubuntu2) quantal; urgency=low

  * 0015-fontconfig.patch: update fonts abstraction for new fontconfig paths
  * 0016-cap-block-suspend.patch: add CAP_BLOCK_SUSPEND to severity.db. In
    the next version of AppArmor, this will replace 0006-cap-epollwakeup.patch
  * 0017-gnome-poppler-data.patch: update gnome abstraction for poppler cMap
    tables
 -- Jamie Strandboge <email address hidden>   Tue, 14 Aug 2012 11:27:15 -0500

Available diffs

Superseded in quantal-release on 2012-08-14
apparmor (2.8.0-0ubuntu1) quantal; urgency=low

  * New upstream release
    - Drop the following patches, now included upstream:
      0003-add-aa-easyprof.patch
      0005-clean-common-from-vim.patch
      0006-use-linux-capability-h.patch
      0008-apparmor-lp963756.patch
      0009-apparmor-lp959560-part1.patch
      0010-apparmor-lp959560-part2.patch
      0011-apparmor-lp872446.patch
      0012-apparmor-lp978584.patch
      0013-apparmor-lp800826.patch
      0014-apparmor-lp979095.patch
      0015-apparmor-lp963756.patch
      0016-apparmor-lp968956.patch
      0017-apparmor-lp979135.patch
      0018-lp990931.patch
  * Rename 0007-ubuntu-manpage-updates.patch to 0003
  * debian/patches/0005-lp1019274.patch: add python3 support. Patch based
    on work from Dmitrijs Ledkovs. (LP: #1019274)
  * debian/patches/0006-cap-epollwakeup.patch: adjust severity.db for
    CAP_EPOLLWAKEUP
  * debian/patches/0007-setuptools-python3.patch: adjust setuptools-python3 to
    adjust scripts to use PYTHON if it is defined
  * debian/patches/0008-libapparmor-layout-deb.patch: use --install-layout=deb
    when calling setup.py
  * enable python3 in the build:
    - debian/rules:
      + use python3 as default PYTHON
      + build libapparmor with both python2 and python3
    - debian/control:
      + Build-Depends on python3-all-dev and python3
      + adjust apparmor to Depends on ${python3:Depends}
      + adjust apparmor-utils to Depends on ${python3:Depends}
      + add python3-libapparmor package
    - add debian/python3-libapparmor.install
    - debian/python-libapparmor.install: adjust to use python2 and
      dist-packages
  * debian/patches/0009-lp1003856.patch: update ubuntu-browsers.d/java for
    IcedTea 7 (LP: #1003856)
  * debian/patches/0010-lp972367.patch: allow software center to work again
    from browsers (LP: #972367)
  * debian/patches/0011-lp1013887.patch: let sanitized helper work with
    /usr/local. Patch based on work by Reuben Thomas. (LP: #1013887)
  * debian/patches/0012-lp964510.patch: allow Google Chrome and
    chromium-browser to work under sanitized helper (LP: #964510)
  * debian/patches/0013-lp987578.patch: ubuntu-integration does not work
    properly with exo-open. Fix thanks to Mark Ramsell (LP: #987578)
  * debian/patches/0014-lp933440.patch: update skype example profile to work
    with latest skype. Based on work by Ivan Frederiks (LP: #933440)
 -- Jamie Strandboge <email address hidden>   Thu, 05 Jul 2012 10:53:17 -0500
Superseded in quantal-release on 2012-07-05
apparmor (2.7.102-0ubuntu5) quantal; urgency=low

  * debian/debhelper/postrm.apparmor: do not delete local files if main
    conffile still exists since it probably means it is owned by a
    new/different package.  (LP: #986892)
 -- Clint Byrum <email address hidden>   Mon, 11 Jun 2012 21:40:33 -0700
Superseded in precise-updates on 2012-10-20
Superseded in precise-security on 2012-10-26
apparmor (2.7.102-0ubuntu3.1) precise-security; urgency=low

  * fix LP: #990931 - Thunderbird is being blocked by apparmor from Firefox;
    This was a regression from the Thunderbird path changing to a non-versioned
    path in the Thunderbird 12 packaging
    - add debian/patches/0015-lp990931.patch
    - update debian/patches/series
 -- Micah Gersten <email address hidden>   Tue, 05 Jun 2012 02:11:28 -0500
Superseded in oneiric-updates on 2012-12-19
Superseded in oneiric-security on 2012-12-19
apparmor (2.7.0~beta1+bzr1774-1ubuntu2.1) oneiric-security; urgency=low

  * fix LP: #989184 - Firefox 12's launcher script is not allowed in
    abstractions/ubuntu-browsers; This was a regression from the firefox
    path changing to a non-versioned path in the Firefox 12 packaging
    - add debian/patches/0016-lp989184.patch
    - update debian/patches/series
  * fix LP: #990931 - Thunderbird is being blocked by apparmor from Firefox;
    This was a regression from the Thunderbird path changing to a non-versioned
    path in the Thunderbird 12 packaging
    - add debian/patches/0015-lp990931.patch
    - update debian/patches/series
 -- Micah Gersten <email address hidden>   Tue, 05 Jun 2012 02:01:04 -0500
Obsolete in natty-updates on 2013-06-04
Obsolete in natty-security on 2013-06-04
apparmor (2.6.1-0ubuntu3.1) natty-security; urgency=low

  * fix LP: #989184 - Firefox 12's launcher script is not allowed in
    abstractions/ubuntu-browsers; This was a regression from the firefox
    path changing to a non-versioned path in the Firefox 12 packaging
    - add debian/patches/0016-lp989184.patch
    - update debian/patches/series
  * fix LP: #990931 - Thunderbird is being blocked by apparmor from Firefox;
    This was a regression from the Thunderbird path changing to a non-versioned
    path in the Thunderbird 12 packaging
    - add debian/patches/0015-lp990931.patch
    - update debian/patches/series
 -- Micah Gersten <email address hidden>   Tue, 05 Jun 2012 01:54:14 -0500
76150 of 317 results