-
apparmor (4.0.0-beta3-0ubuntu3) noble; urgency=medium
* No-change rebuild for CVE-2024-3094
-- Steve Langasek <email address hidden> Sun, 31 Mar 2024 07:27:03 +0000
-
apparmor (4.0.0-beta3-0ubuntu2) noble; urgency=medium
* d/apparmor.install
- install new profiles
- geary
- goldendict
- kchmviewer
- loupe
- notepadqq
- pageedit
- privacybrowser
- qmapshack
- qutebrowser
- rssguard
- scide
- tuxedo-control-center
- unix-chkpwd
apparmor (4.0.0-beta3-0ubuntu1) noble; urgency=medium
* New upstream release.
(LP: #2058329, LP: #2056747, LP: #2056739, LP: #2046844)
* Refresh patches
- d/p/u/samba-systemd-interaction.patch
- d/p/u/parser-add-support-for-prompting.patch
* Drop patches which have now been applied upstream
- ubuntu/parser-support-uin128_t-key-as-a-pair-of-uint64_t-nu.patch
- ubuntu/Minor-improvements-for-MountRule.patch
* Add patches from upstream that are post Beta3 and will be in Beta4
- d/p/u/parser-fix-issues-appointed-by-coverity.patch
- d/p/u/profiles-add-unconfined-profile-for-tuxedo-control-c.patch
(LP: #2046844)
-- John Johansen <email address hidden> Mon, 18 Mar 2024 18:34:14 -0700
-
apparmor (4.0.0~beta2-0ubuntu3) noble; urgency=medium
* Add fix for failing mount rule tests
- d/p/u/Minor-improvements-for-MountRule.patch
apparmor (4.0.0~beta2-0ubuntu2) noble; urgency=medium
* No-change update .changes file to include everything from 4.0.0~alpha4-0ubuntu1
apparmor (4.0.0~beta2-0ubuntu1) noble; urgency=medium
* New upstream release.
* Refresh patches
- d/p/u/parser-add-support-for-prompting.patch
apparmor (4.0.0~beta1-0ubuntu4) noble; urgency=medium
* Add fix for 32 bit architectures
- d/p/u/parser-support-uin128_t-key-as-a-pair-of-uint64_t-nu.patch
apparmor (4.0.0~beta1-0ubuntu3) noble; urgency=medium
* Update uint128_t define
- d/p/u/parser-add-support-for-prompting.patch
apparmor (4.0.0~beta1-0ubuntu2) noble; urgency=medium
* Add feature support patches for prompt
- d/p/u/parser-add-support-for-prompting.patch
apparmor (4.0.0~beta1-0ubuntu1) noble; urgency=medium
* New upstream release.
* Drop patches which have now been applied upstream
- d/p/u/add-keybase-unconfined-profile.patch
- d/p/u/add-more-unconfined-profiles.patch
- d/p/u/tests-fix-usr-merge-failures-on-exec-and-regex-tests.patch
- d/p/u/tests-handle-unprivileged_userns-transition-in-usern.patch
* Refresh patches
- d/p/u/samba-systemd-interaction.patch
* d/apparmor.install
- install new profiles
- nautilus
- element-desktop
* d/control: add build-dependency on autoconf-archive
-- John Johansen <email address hidden> Thu, 07 Mar 2024 11:32:22 -0800
-
apparmor (4.0.0~alpha4-0ubuntu1) noble; urgency=medium
[Georgia Garcia]
* New upstream release.
* Add unconfined profiles to support the use unprivileged user namespace
(LP: #2052297, LP: #2046844)
- d/p/u/add-keybase-unconfined-profile.patch
- d/p/u/add-more-unconfined-profiles.patch
* Fix regression tests failures on regex.sh, exec.sh and userns.sh
- d/p/u/tests-fix-usr-merge-failures-on-exec-and-regex-tests.patch
- d/p/u/tests-handle-unprivileged_userns-transition-in-usern.patch
* Drop patches which have now been applied upstream
- d/p/u/userns-unconfined-profiles.patch
- d/p/u/tests-fix-userns-setns-opening-pipe-order.patch
- d/p/u/tests-replace-individual-socket-permissions.patch
- d/p/u/tests-fix-test-specifying-path-on-attach-disconnected.patch
- d/p/u/binutils-aa_status.c-quiet-verbose-outputs-when-json.patch
- d/p/u/oot-unconfined-profiles.patch
* Refresh patches
- d/p/d/etc-writable.patch
- d/p/u/profiles-grant-access-to-systemd-resolved.patch
- d/p/u/userns-runtime-disable.patch
* d/apparmor.install
- install new profiles
- plasmashell
- surfshark
- unprivileged_userns
- keybase
- devhelp
- epiphany
- evolution
- opam
- renamed profiles
- ch-checkns
- ch-run
- crun
- flatpak
- linux-sandbox
- busybox
- buildah
- cam
- ipa_verify
- lc-compliance
- libcamerify
- qcam
- podman
- lxc-attach
- lxc-create
- lxc-destroy
- lxc-execute
- lxc-stop
- lxc-unshare
- lxc-usernsexec
- mmdebstrap
- vpnns
- QtWebEngineProcess
- systemd-coredump
- rootlesskit
- rpm
- runc
- virtiofsd
- sbuild
- sbuild-abort
- sbuild-adduser
- sbuild-apt
- sbuild-checkpackages
- sbuild-clean
- sbuild-createchroot
- sbuild-destroychroot
- sbuild-distupgrade
- sbuild-hold
- sbuild-shell
- sbuild-unhold
- sbuild-update
- sbuild-upgrade
- slirp4netns
- stress-ng
- thunderbird
- toybox
- trinity
- tup
- userbindmount
- uwsgi-core
- vdens
- chrome
- msedge
- brave
- vivaldi-bin
* d/apparmor.maintscript
- add renamed profiles so they are removed on upgrade
* d/libapache2-mod-apparmor.install
- remove etc/apparmor.d/local/usr.sbin.apache2, no longer needed
[John Johansen]
* debian/rules:
- don't run debian/put-all-profiles-in-complain-mode.sh on install
[Alex Murray]
* debian/apparmor.lintian-overrides:
- suppress false-positive warning about needing a Depends: on adduser
for the apparmor binary package
-- Georgia Garcia <email address hidden> Fri, 02 Feb 2024 16:12:21 -0300
-
apparmor (4.0.0~alpha2-0ubuntu8) noble; urgency=medium
* Add unconfined userns profile for systemd-coredump
-- Nick Rosbrook <email address hidden> Wed, 10 Jan 2024 09:55:51 -0500
-
apparmor (4.0.0~alpha2-0ubuntu7) noble; urgency=medium
[Alex Murray]
* Enable user namespace restrictions by default (LP: #2046477)
- d/p/u/userns-runtime-disable.patch: add logic to disable user
namespace restrictions if kernel lacks support
- debian/usr/lib/sysctl.d/10-apparmor.conf: set sysctl value to 1 and
update comment to match
- debian/apparmor.service: run After systemd-sysctl.service
[John Johansen]
* Add additional AppArmor profiles to support third-party applications
that use unprivileged user namespace
- add d/p/u/oot-unconfined-profiles.patch
- add profiles to debian/apparmor.install
- /etc/apparmor.d/1password
- /etc/apparmor.d/Discord
- /etc/apparmor.d/MongoDB_Compass
- /etc/apparmor.d/code
- /etc/apparmor.d/firefox
- /etc/apparmor.d/github-desktop
- /etc/apparmor.d/obsidian
- /etc/apparmor.d/opera
- /etc/apparmor.d/polypane
- /etc/apparmor.d/signal-desktop
- /etc/apparmor.d/slack
- /etc/apparmor.d/steam
[Alex Murray]
* Drop duplicate profiles for usr.share.code.bin.code and
* usr.lib.multiarch.opera.opera since they are now also in
d/p/u/oot-unconfined-profiles.patch
- modified d/p/u/userns-unconfined-profiles.patch to remove them
- removed from debian/apparmor.install
- added to debian/apparmor.maintscript to ensure they are removed on
upgrade
-- John Johansen <email address hidden> Wed, 13 Dec 2023 20:38:45 -0800
-
apparmor (4.0.0~alpha2-0ubuntu6) noble; urgency=medium
* No-change rebuild with Python 3.12 as supported version
-- Graham Inggs <email address hidden> Tue, 31 Oct 2023 16:45:44 +0000
-
apparmor (4.0.0~alpha2-0ubuntu5) mantic; urgency=medium
* Add additional AppArmor profiles to support third-party applications
that use unprivileged user namespace restrictions (LP: #2036698)
- Refreshed d/p/u/userns-unconfined-profiles.patch to add additional
profiles and added to debian/apparmor.install
- usr.share.code.bin.code
- opt.microsoft.msedge.msedge
- usr.lib.multiarch.opera.opera
- opt.brave.com.brave.brave
- opt.vivaldi.vivaldi-bin
* Clarify comment in sysctl.d conf file that this feature is not
enabled by default but can be overridden by the user if desired.
-- Alex Murray <email address hidden> Fri, 22 Sep 2023 16:50:22 +0930
