Change log for apparmor package in Ubuntu
1 → 50 of 387 results | First • Previous • Next • Last |
apparmor (4.0.0~alpha2-0ubuntu5) mantic; urgency=medium * Add additional AppArmor profiles to support third-party applications that use unprivileged user namespace restrictions (LP: #2036698) - Refreshed d/p/u/userns-unconfined-profiles.patch to add additional profiles and added to debian/apparmor.install - usr.share.code.bin.code - opt.microsoft.msedge.msedge - usr.lib.multiarch.opera.opera - opt.brave.com.brave.brave - opt.vivaldi.vivaldi-bin * Clarify comment in sysctl.d conf file that this feature is not enabled by default but can be overridden by the user if desired. -- Alex Murray <email address hidden> Fri, 22 Sep 2023 16:50:22 +0930
Available diffs
apparmor (4.0.0~alpha2-0ubuntu4) mantic; urgency=medium * Remove conflicting profile for usr.bin.lxc-start (LP: #2036302) - d/p/u/userns-unconfined-profiles.patch: Don't ship a profile for usr.bin.lxc-start as this is already shipped in liblxc-common - debian/apparmor.install: Remove usr.bin.lxc-start profile -- Alex Murray <email address hidden> Mon, 18 Sep 2023 10:59:37 +0930
Available diffs
apparmor (4.0.0~alpha2-0ubuntu3) mantic; urgency=medium * Add remaining AppArmor profiles to support unprivileged user namespace restrictions (LP: #2035315) - Refreshed d/p/u/userns-unconfined-profiles.patch to add remaining profiles and added to debian/apparmor.install - usr.libexec.multiarch.bazel.linux-sandbox - usr.bin.busybox - usr.bin.buildah - usr.bin.cam - usr.bin.ipa_verify - usr.bin.lc-compliance - usr.bin.libcamerify - usr.bin.qcam - usr.bin.podman - usr.bin.lxc-attach - usr.bin.lxc-create - usr.bin.lxc-destroy - usr.bin.lxc-execute - usr.bin.lxc-start - usr.bin.lxc-stop - usr.bin.lxc-unshare - usr.bin.lxc-usernsexec - usr.bin.mmdebstrap - usr.bin.vpnns - usr.lib.qt6.libexec.QtWebEngineProcess - usr.lib.multiarch.qt5.libexec.QtWebEngineProcess - usr.bin.rootlesskit - usr.bin.rpm - usr.sbin.runc - usr.libexec.virtiofsd - usr.bin.sbuild - usr.bin.sbuild-abort - usr.bin.sbuild-apt - usr.bin.sbuild-checkpackages - usr.bin.sbuild-clean - usr.bin.sbuild-createchroot - usr.bin.sbuild-distupgrade - usr.bin.sbuild-hold - usr.bin.sbuild-shell - usr.bin.sbuild-unhold - usr.bin.sbuild-update - usr.bin.sbuild-upgrade - usr.sbin.sbuild-adduser - usr.sbin.sbuild-destroychroot - usr.bin.slirp4netns - usr.bin.stress-ng - usr.bin.thunderbird - bin.toybox - usr.bin.trinity - usr.bin.tup - usr.bin.userbindmount - usr.bin.uwsgi-core - usr.bin.vdens - opt.google.chrome.chrome -- Alex Murray <email address hidden> Thu, 14 Sep 2023 15:58:40 +0930
Available diffs
apparmor (4.0.0~alpha2-0ubuntu2) mantic; urgency=medium * Fix invalid JSON output from aa-status --json via upstream patch (LP: #2032994) - d/p/u/binutils-aa_status.c-quiet-verbose-outputs-when-json.patch -- Alex Murray <email address hidden> Fri, 25 Aug 2023 09:48:24 +0930
Available diffs
Superseded in mantic-proposed |
apparmor (4.0.0~alpha2-0ubuntu1) mantic; urgency=medium [ John Johansen ] * New upstream release 4.0-alpha2 [ Alex Murray ] * Infrastructure to enable AppArmor userns restrictions (LP: #2030353, LP: #2032602) - debian/usr/lib/sysctl.d/10-apparmor.conf: disable userns restrictions for now until we have a complete set of profiles for the whole Ubuntu archive - debian/apparmor.install: ship sysctl.d file in the apparmor binary package - d/p/u/userns-unconfined.patch: add some additional profiles that specify the userns permission with the unconfined flag for a currently incomplete list of applications within the Ubuntu archive that use unprivileged user namespaces - usr.bin.ch-checkns - usr.bin.ch-run - usr.bin.crun - usr.bin.flatpak - debian/put-all-profiles-in-complain-mode.sh: don't put unconfined profiles in complain mode * Add patches from upstream to fix test failures - d/p/u/tests-fix-userns-setns-opening-pipe-order.patch - d/p/u/tests-replace-individual-socket-permissions.patch - d/p/u/tests-fix-test-specifying-path-on-attach-disconnected.patch * Add new symbols
Available diffs
apparmor (3.0.8-1ubuntu4) mantic; urgency=medium * Backport 4.0 ABI from upstream (LP: #2026227) - d/p/u/add-4.0-abi.patch -- Alex Murray <email address hidden> Thu, 06 Jul 2023 12:14:15 +0930
Available diffs
apparmor (2.12-4ubuntu5.3) bionic-security; urgency=medium * debian/lib/apparmor/functions: remove support for loading snapd generated profiles in /var/lib/snapd/apparmor/profiles as these are handled by snapd.apparmor.service (LP: #2024637) -- Alex Murray <email address hidden> Wed, 21 Jun 2023 09:21:13 +0930
Available diffs
- diff from 2.12-4ubuntu5.1 (in ~ubuntu-security/ubuntu/ppa) to 2.12-4ubuntu5.3 (988 bytes)
- diff from 2.12-4ubuntu5.2 to 2.12-4ubuntu5.3 (pending)
apparmor (2.10.95-0ubuntu2.12) xenial-security; urgency=medium * debian/lib/apparmor/functions: remove support for loading snapd generated profiles in /var/lib/snapd/apparmor/profiles as these are handled by snapd.apparmor.service (LP: #2024637) -- Alex Murray <email address hidden> Thu, 22 Jun 2023 16:58:05 +0930
Available diffs
apparmor (3.0.8-1ubuntu2.1) lunar; urgency=medium * Update abstractions/snap-browsers to include lock permissions (LP: #1794064) - d/p/u/update-snap-browsers-permissions-lp1794064.patch -- Georgia Garcia <email address hidden> Tue, 06 Jun 2023 08:49:17 -0300
Available diffs
Published in jammy-proposed |
apparmor (3.0.4-2ubuntu2.3) jammy; urgency=medium * Add support for applications like evince opening browsers distributed as snaps (LP: #1794064) - d/p/u/add-snap-browsers-profile-lp1794064.patch: add a snap-browsers abstraction profile to let applications like evince spawn browsers distributed as snaps - d/p/u/update-snap-browsers-permissions-lp1794064.patch: update snap-browsers abstraction with missing permissions -- Georgia Garcia <email address hidden> Mon, 05 Jun 2023 15:58:43 -0300
Available diffs
apparmor (3.0.8-1ubuntu3) mantic; urgency=medium * Update abstractions/snap-browsers to include lock permissions (LP: #1794064) - d/p/u/update-snap-browsers-permissions-lp1794064.patch -- Georgia Garcia <email address hidden> Tue, 06 Jun 2023 08:52:13 -0300
Available diffs
Superseded in mantic-release |
Published in lunar-release |
Deleted in lunar-proposed (Reason: Moved to lunar) |
apparmor (3.0.8-1ubuntu2) lunar; urgency=medium * Rebuild to drop Python 3.10 extension -- Jeremy Bicha <email address hidden> Tue, 28 Feb 2023 17:18:12 -0500
Available diffs
- diff from 3.0.8-1ubuntu1 to 3.0.8-1ubuntu2 (328 bytes)
apparmor (3.0.8-1ubuntu1) lunar; urgency=medium * Merge from Debian unstable; remaining changes: - Enable Ubuntu specific patches: - d/p/u/communitheme-snap-support.patch - d/p/u/mimeinfo-snap-support.patch - d/p/u/profiles-grant-access-to-systemd-resolved.patch - d/p/u/enable-pinning-of-pre-AppArmor-3.x-poli.patch - d/p/u/regression-tests-fix-aa_policy_cache-when-using-syst.patch - d/p/u/samba-systemd-interaction.patch - d/p/u/add-mqueue-support.patch - d/p/u/add-userns-support.patch - Disable Debian specific patches: - d/p/d-o/pin-feature-set.patch - d/p/d-o/aa-notify-point-to-Debian-documentation.patch - d/p/d-o/Document-which-AppArmor-features-are-not-supported-on-Deb.patch - d/{control,gbp.conf}: - Update Vcs / git branch for ubuntu - d/apparmor.install: - Disable debian feature pinning - d/rules: - Create empty files of expected mqueue testcase err output added in d/p/u/add-mqueue-support.patch since quilt does not support creating new empty files * Dropped Ubuntu specific changes which have now been applied upstream - d/p/u/lp1990692-update-samba-profile.patch - d/p/u/samba-rpcd-spoolss.patch
Available diffs
- diff from 3.0.7-1ubuntu4 to 3.0.8-1ubuntu1 (12.4 KiB)
Published in kinetic-proposed |
apparmor (3.0.7-1ubuntu2.1) kinetic; urgency=medium * d/p/u/samba-rpcd-spoolss.patch: fix samba-rpcd-spoolss apparmor profile (LP: #1993572) -- Andreas Hasenack <email address hidden> Wed, 23 Nov 2022 14:55:15 -0300
Available diffs
- diff from 3.0.7-1ubuntu2 to 3.0.7-1ubuntu2.1 (937 bytes)
apparmor (3.0.7-1ubuntu4) lunar; urgency=medium * d/p/u/samba-rpcd-spoolss.patch: fix samba-rpcd-spoolss apparmor profile (LP: #1993572) -- Andreas Hasenack <email address hidden> Wed, 23 Nov 2022 14:47:14 -0300
Available diffs
- diff from 3.0.7-1ubuntu2 to 3.0.7-1ubuntu4 (1004 bytes)
- diff from 3.0.7-1ubuntu3 to 3.0.7-1ubuntu4 (952 bytes)
Superseded in lunar-proposed |
apparmor (3.0.7-1ubuntu3) lunar; urgency=medium * No-change rebuild with Python 3.11 as supported -- Graham Inggs <email address hidden> Wed, 02 Nov 2022 10:11:19 +0000
Available diffs
- diff from 3.0.7-1ubuntu2 to 3.0.7-1ubuntu3 (342 bytes)
apparmor (3.0.4-2ubuntu2.2) jammy; urgency=medium * Add mqueue patches. LP: #1993353 - u/mqueue1-parser-add-parser-support-for-message-queue-mediatio.patch: add parser support for mqueue mediation - u/mqueue2-tests-add-posix-message-queue-regression-tests.patch: add posix mqueue regression tests - u/mqueue3-utils-add-message-queue-rules-parsing-in-python-tool.patch: add support in python tools to parse mqueue rules - u/mqueue4-parser-add-parser-simple-tests-for-mqueue-rules.patch: add parser simple tests for mqueue - u/mqueue5-parser-Add-a-set-of-debug-flags-that-can-be-passed-t.patch: add debug flags that can be passed to the kernel - u/mqueue6-parser-Set-the-DEBUG1-flag-on-profiles-that-use-mque.patch: set DEBUG1 on mqueue rules - u/mqueue7-parser-place-perm-on-name-as-well-as-name-label-comb.patch: add permissions on name and also on name + label - u/mqueue8-libapparmor-add-support-for-requested-and-denied-on-.patch: add parsing support for "denied" and "requested" from audit logs - u/mqueue9-libapparmor-add-support-for-class-in-logparsing.patch: add parsing support for "class" from audit logs - u/mqueue10-utils-add-logparser-support-for-mqueue.patch: add logparser support for mqueue rules - u/mqueue11-tests-add-sysv-message-queue-regression-tests.patch: add sysv mqueue regression tests - debian/rules: create mqueue testcase empty files for libapparmor tests. * Closes LP: #1994146 -- Georgia Garcia <email address hidden> Wed, 19 Oct 2022 11:52:00 -0300
Available diffs
apparmor (2.13.3-7ubuntu5.2) focal; urgency=medium * Add capability upstream patches to fix LP: #1964636 - u/cap1-Generate-CAPABILITIES-in-a-script-due-to-make-4.3.patch: move code that generates a list of capabilities to a script in common/ - u/cap2-parser-Move-to-a-pre-generated-cap_names.h.patch: use a pre-generated list of capabilities so that all capabilities are supported even when building against older kernels. - u/cap3-parser-cleanup-capability_table-generation-by-droppi.patch: drop sys_log static declaration because it's already in the generated list. - u/cap4-parser-unify-capability-name-handling.patch: drop internal hardcoded capability table. - u/cap5-parser-Makefile-use-LC_ALL-C-when-invoking-sed.patch: use LC_ALL=C when invoking sed. - u/cap6-parser-Add-warning-to-capability_table-about-the-nee.patch: add warning to capability_table about the need to update the Makefile. - u/cap7-Add-CAP_BPF-and-CAP_PERFMON-to-severity.db.patch: add support for cap_bpf and cap_perfmon - u/cap8-parser-Makefile-fix-generated-cap-comparison-against.patch: fix generated cap comparison against known list * Add upstream patches for abi support. LP: #1728130 - u/abi1-parser-feature-abi-setup-parser-to-intersect-policy-.patch: add the ability to intersect parser and kernel features in the parser. - u/abi2-parser-add-basic-support-for-feature-abis.patch: add support to specify a feature abi. - u/abi3-pin-abi-2.13.patch: add and pin a policy abi for 2.13 - u/abi4-parser-fix-abi-rule-and-pinned-feature-file-interact.patch: fix abi rule and pinned feature file interaction - apparmor.install: add 2.13 abi file to be installed in /etc/apparmor.d/abi/ * Add mqueue patches. LP: #1993353 - u/mqueue1-parser-add-parser-support-for-message-queue-mediatio.patch: add parser support for mqueue mediation - u/mqueue2-tests-add-posix-message-queue-regression-tests.patch: add posix mqueue regression tests - u/mqueue3-utils-add-message-queue-rules-parsing-in-python-tool.patch: add support in python tools to parse mqueue rules - u/mqueue4-parser-add-parser-simple-tests-for-mqueue-rules.patch: add parser simple tests for mqueue - u/mqueue5-parser-place-perm-on-name-as-well-as-name-label-comb.patch: add permissions on name and also on name + label - u/mqueue6-libapparmor-add-support-for-requested-and-denied-on-.patch: add parsing support for "denied" and "requested" from audit logs - u/mqueue7-libapparmor-add-support-for-class-in-logparsing.patch: add parsing support for "class" from audit logs - u/mqueue8-utils-add-logparser-support-for-mqueue.patch: add logparser support for mqueue rules - u/mqueue9-tests-add-sysv-message-queue-regression-tests.patch: add sysv mqueue regression tests - u/mqueue10-parser-enable-mqueue-rules-when-abi-is-not-set.patch: override pinned features for mqueue rules when abi is not set in policy. - debian/rules: create mqueue testcase empty files for libapparmor tests. * Closes LP: #1994146 -- Georgia Garcia <email address hidden> Mon, 10 Oct 2022 17:52:45 -0300
Available diffs
Superseded in lunar-release |
Published in kinetic-release |
Deleted in kinetic-proposed (Reason: Moved to kinetic) |
apparmor (3.0.7-1ubuntu2) kinetic; urgency=medium * ubuntu/add-mqueue-support.patch: add message queue IPC support to parser, python tools, and regression tests. * ubuntu/add-userns-support.patch: add user namespace support to parser. * ubuntu/lp1990692-update-samba-profile.patch: update samba policy to enable the printing subsystem to work (LP: #1990692) -- Georgia Garcia <email address hidden> Fri, 23 Sep 2022 18:21:44 -0300
Available diffs
- diff from 3.0.7-1ubuntu1 to 3.0.7-1ubuntu2 (33.0 KiB)
apparmor (3.0.7-1ubuntu1) kinetic; urgency=medium * Merge from Debian unstable; remaining changes: - Enable Ubuntu specific patches: - d/p/u/communitheme-snap-support.patch - d/p/u/mimeinfo-snap-support.patch - d/p/u/profiles-grant-access-to-systemd-resolved.patch - d/p/u/enable-pinning-of-pre-AppArmor-3.x-poli.patch - Add additional Ubuntu specific patches: - d/p/u/regression-tests-fix-aa_policy_cache-when-using-syst.patch - d/p/u/samba-systemd-interaction.patch - Disable Debian specific patches: - d/p/d-o/pin-feature-set.patch - d/p/d-o/aa-notify-point-to-Debian-documentation.patch - d/p/d-o/Document-which-AppArmor-features-are-not-supported-on-Deb.patch - d/{control,gbp.conf}: - Update Vcs / git branch for ubuntu - d/apparmor.install: - Disable debian feature pinning * Dropped Ubuntu specific changes which have now been applied upstream - d/p/u/abstraction-exo-open-Remove-dbus-deny-rule.patch
Available diffs
- diff from 3.0.4-3ubuntu1 to 3.0.7-1ubuntu1 (390.5 KiB)
apparmor (3.0.4-3ubuntu1) kinetic; urgency=medium * Merge from Debian unstable; remaining changes: - Ubuntu specific changes: - d/p/u/communitheme-snap-support.patch - d/p/u/mimeinfo-snap-support.patch - d/p/u/profiles-grant-access-to-systemd-resolved.patch - d/p/u/enable-pinning-of-pre-AppArmor-3.x-poli.patch - d/p/u/regression-tests-fix-aa_policy_cache-when-using-syst.patch - d/p/u/samba-systemd-interaction.patch - d/p/u/abstraction-exo-open-Remove-dbus-deny-rule.patch - d/{control,gbp.conf}: - Update Vcs / git branch for ubuntu - d/apparmor.install: - Disable debian feature pinning - d/rules: - Disable lto builds * Dropped Ubuntu specific changes which have now been added by Debian: - d/p/u/abstractions-nss-systemd-Allow-access-for-systemd-ma.patch * Drop unnecessary libnss-systemd patch as this is already present in the nss-systemd abstraction - d/p/u/libnss-systemd.patch
Available diffs
apparmor (3.0.4-2ubuntu2.1) jammy; urgency=medium * Add upstream commit to remove dbus deny rule from exo-open abstraction to fix evince startup (LP: #1969896) - d/p/u/abstraction-exo-open-Remove-dbus-deny-rule.patch -- Alex Murray <email address hidden> Tue, 21 Jun 2022 14:16:01 +0930
Available diffs
apparmor (3.0.4-2ubuntu3) kinetic; urgency=medium * Add upstream commit to remove dbus deny rule from exo-open abstraction to fix evince startup (LP: #1969896) - d/p/u/abstraction-exo-open-Remove-dbus-deny-rule.patch -- Alex Murray <email address hidden> Fri, 17 Jun 2022 20:34:25 +0930
Available diffs
Superseded in kinetic-release |
Published in jammy-release |
Deleted in jammy-proposed (Reason: Moved to jammy) |
apparmor (3.0.4-2ubuntu2) jammy; urgency=medium * Update abstractions/nss-systemd to add support for systemd-machined (LP: #1964325) - d/p/u/ubuntu/abstractions-nss-systemd-Allow-access-for-systemd-ma.patch * Drop unnecessary libnss-systemd patch as this is already present in the nss-systemd abstraction - d/p/u/libnss-systemd.patch (dropped) -- Alex Murray <email address hidden> Thu, 10 Mar 2022 12:05:06 +1030
Available diffs
apparmor (3.0.4-2ubuntu1) jammy; urgency=medium * Merge from Debian unstable; remaining changes: - Ubuntu specific changes: - d/p/u/communitheme-snap-support.patch - d/p/u/enable-pinning-of-pre-AppArmor-3.x-poli.patch - d/p/u/libnss-systemd.patch - d/p/u/mimeinfo-snap-support.patch - d/p/u/profiles-grant-access-to-systemd-resolved.patch - d/p/u/regression-tests-fix-aa_policy_cache-when-using-syst.patch - d/p/u/samba-systemd-interaction.patch - d/{control,gbp.conf}: - Update Vcs / git branch for ubuntu - d/apparmor.install: - Disable debian feature pinning - d/rules: - Disable lto builds * Dropped changes: - d/p/ubuntu/fix-test-aa-notify.patch
Available diffs
apparmor (3.0.4-1ubuntu1) jammy; urgency=medium * Merge from Debian unstable; remaining changes: - Drop the following patches that have been included in the upstream release or which Debian has also included: - d/p/ubuntu/adjust-for-ibus-1.5.22.patch - d/p/ubuntu/0011-add-mctp-network-protocol.patch - Refresh d/p/regression-tests-fix-aa_policy_cache-when-using-syst.patch to the official version from upstream - d/p/u/samba-systemd-interaction.patch: allow smbd to interact with systemd - d/p/u/libnss-systemd.patch: allow accessing the libnss-systemd VarLink sockets and DBus APIs - Disable lto builds - Fix autotest test-aa-notify.py - d/p/ubuntu/fix-test-aa-notify.patch - Drop outdated lintian-overrides
Available diffs
Superseded in jammy-proposed |
apparmor (3.0.3-0ubuntu9) jammy; urgency=medium * fix test-aa-notify.py and test-network.py autotests (LP: #1961196): - debian/patches/ubuntu/0010-fix-test-aa-notify-help-check.patch - debian/patches/ubuntu/0011-add-mctp-network-protocol.patch -- Andrea Righi <email address hidden> Thu, 17 Feb 2022 12:18:31 +0000
Available diffs
Superseded in jammy-proposed |
apparmor (3.0.3-0ubuntu8) jammy; urgency=medium * fix test-aa-notify.py and test-network.py autotests (LP: #1961196): - debian/patches/ubuntu/0010-fix-test-aa-notify-help-check.patch - debian/patches/ubuntu/0011-add-mctp-network-protocol.patch -- Andrea Righi <email address hidden> Thu, 17 Feb 2022 12:18:31 +0000
Available diffs
Superseded in jammy-proposed |
apparmor (3.0.3-0ubuntu7) jammy; urgency=medium * No-change rebuild to update maintainer scripts, see LP: 1959054 -- Dave Jones <email address hidden> Wed, 16 Feb 2022 16:44:45 +0000
Available diffs
- diff from 3.0.3-0ubuntu6 to 3.0.3-0ubuntu7 (327 bytes)
Superseded in jammy-proposed |
apparmor (3.0.3-0ubuntu6) jammy; urgency=medium * No-change rebuild for the perl update. -- Matthias Klose <email address hidden> Sun, 06 Feb 2022 13:39:44 +0100
Available diffs
- diff from 3.0.3-0ubuntu5 to 3.0.3-0ubuntu6 (310 bytes)
apparmor (3.0.3-0ubuntu5) jammy; urgency=medium [ intrigeri ] * upstream-6cfc6eee-python-3.10.patch: new patch, for compatibility with Python 3.10 * debian/rules: let "set -e" take effect (Closes: #998843) * Add support for Python 3.10 (Closes: #998686): - upstream-ab4cfb5e-replace-distutils-with-setuptools.patch: new patch, edited to drop changes to upstream .gitignore. - Add build-dependency on python3-setuptools -- Graham Inggs <email address hidden> Fri, 10 Dec 2021 12:32:27 +0000
Available diffs
apparmor (3.0.3-0ubuntu4) jammy; urgency=medium * d/p/u/samba-systemd-interaction.patch: allow smbd to interact with systemd (LP: #1952242): - allow notify access - allow specific /proc access - allow ptrace read -- Andreas Hasenack <email address hidden> Mon, 29 Nov 2021 14:43:28 +0000
Available diffs
apparmor (3.0.3-0ubuntu3) jammy; urgency=medium * No-change rebuild with fixed py3versions -- Graham Inggs <email address hidden> Sat, 06 Nov 2021 08:23:55 +0000
Available diffs
- diff from 3.0.3-0ubuntu2 to 3.0.3-0ubuntu3 (310 bytes)
apparmor (3.0.3-0ubuntu2) jammy; urgency=medium * No-change rebuild to add python3.10. -- Matthias Klose <email address hidden> Sat, 16 Oct 2021 09:34:02 +0200
Available diffs
Superseded in jammy-release |
Obsolete in impish-release |
Deleted in impish-proposed (Reason: Moved to impish) |
apparmor (3.0.3-0ubuntu1) impish; urgency=medium * New upstream release 3.0.3 - Fix regression tests when using system installed parser + d/p/ubuntu/regression-tests-fix-aa_policy_cache-when-using-syst.patch - Drop the following patches that have been included in the upstream release: + d/p/ubuntu/lp1891338.patch + d/p/ubuntu/lp1889699.patch + d/p/ubuntu/lp1881357.patch + d/p/ubuntu/parser-Fix-warning-message-when-complain-mode-is-for.patch + d/p/ubuntu/parser-Add-support-for-cap-checkpoint-restore.patch + d/p/ubuntu/Add-CAP_CHECKPOINT_RESTORE-to-severity.db.patch + d/p/ubuntu/lp1934005.patch + d/p/ubuntu/lp1932331.patch -- Alex Murray <email address hidden> Mon, 09 Aug 2021 15:53:39 +0930
Available diffs
apparmor (3.0.0-0ubuntu7.1) hirsute; urgency=medium * Make X11 socket writable again (LP: #1934005): - d/p/ubuntu/lp1934005.patch * Fix i18n.sh regression test on arm64 (LP: #1932331): - d/p/ubuntu/lp1932331.patc Thanks to Georgia Garcia for the patch. -- Thomas Ward <email address hidden> Wed, 30 Jun 2021 17:42:41 -0400
Available diffs
apparmor (3.0.0-0ubuntu8) impish; urgency=medium [ Andrea Righi ] * add support for CAP_CHECKPOINT_RESTORE in /etc/apparmor/severity.db (LP: #1923432): - d/p/ubuntu/Add-CAP_CHECKPOINT_RESTORE-to-severity.db.patch [ Steve Beattie ] * fix adt compile-test to handle the changed name of the tcpdump apparmor profile (LP: #1925411) - d/t/compile-test: test against usr.bin.tcpdump -- Andrea Righi <email address hidden> Mon, 12 Apr 2021 15:51:45 +0000
Available diffs
Superseded in impish-release |
Obsolete in hirsute-release |
Deleted in hirsute-proposed (Reason: Moved to hirsute) |
apparmor (3.0.0-0ubuntu7) hirsute; urgency=medium * Disable lto builds, not yet ready upstream. -- Matthias Klose <email address hidden> Tue, 23 Mar 2021 12:42:52 +0100
Available diffs
- diff from 3.0.0-0ubuntu6 to 3.0.0-0ubuntu7 (530 bytes)
apparmor (3.0.0-0ubuntu6) hirsute; urgency=medium * Backport upstream patch to support CAP_CHECKPOINT_RESTORE to fix failing autopkgtests - d/p/ubuntu/parser-Add-support-for-cap-checkpoint-restore.patch -- Alex Murray <email address hidden> Wed, 24 Feb 2021 21:33:07 +1030
Available diffs
apparmor (3.0.0-0ubuntu5) hirsute; urgency=medium * No-change rebuild to drop python3.8 extensions. -- Matthias Klose <email address hidden> Mon, 07 Dec 2020 18:39:21 +0100
Available diffs
- diff from 3.0.0-0ubuntu4 to 3.0.0-0ubuntu5 (352 bytes)
apparmor (3.0.0-0ubuntu4) hirsute; urgency=medium * Remove kopanocore dependencies from the testsuite-triggers, to be removed. -- Matthias Klose <email address hidden> Wed, 11 Nov 2020 12:32:09 +0100
Available diffs
- diff from 3.0.0-0ubuntu2 to 3.0.0-0ubuntu4 (699 bytes)
- diff from 3.0.0-0ubuntu3 to 3.0.0-0ubuntu4 (653 bytes)
Superseded in hirsute-proposed |
apparmor (3.0.0-0ubuntu3) hirsute; urgency=medium * No-change rebuild for the perl update. -- Matthias Klose <email address hidden> Mon, 09 Nov 2020 12:40:54 +0100
Available diffs
- diff from 3.0.0-0ubuntu2 to 3.0.0-0ubuntu3 (321 bytes)
apparmor (3.0.0-0ubuntu2) hirsute; urgency=medium * No-change rebuild to build with python3.9 as supported. -- Matthias Klose <email address hidden> Sat, 24 Oct 2020 10:51:45 +0200
Available diffs
- diff from 3.0.0-0ubuntu1 to 3.0.0-0ubuntu2 (326 bytes)
Superseded in hirsute-release |
Obsolete in groovy-release |
Deleted in groovy-proposed (Reason: moved to Release) |
apparmor (3.0.0-0ubuntu1) groovy; urgency=medium [ Alex Murray ] * Update to the final AppArmor 3.0 upstream release - d/apparmor.install: + install new aa-features-abi binary to /usr/bin - d/apparmor.manpages: + install new aa-features-abi.1 man page - d/apparmor-profiles.install: + install new usr.lib.dovecot.script-login + adjust for renamed postfix profiles - d/tests/test-installed: + include libraries/ in workdir so tests have access to private headers - Drop the following patches that were originally backported from upstream but are now incorporated in the final release: + d/p/parser-fix_cap_match.patch + d/p/policy-provide-example-and-base-abi-to-pin-pre-3.0-p.patch + d/p/parser-add-abi-warning-flags.patch + d/p/fix-tests-regression-apparmor-prologue-inc-settest.patch + d/p/fix-automatic-adding-of-rule-for-change-hat-iface.patch + d/p/fix-parser-to-emit-proc-attr-access-for-all-situations.patch + d/p/fix-change-profile-stack-abstraction.patch + d/p/ubuntu/stop-loading-snapd-profiles.patch [ Emilia Torino ] * d/control: adjust apparmor-notify to depends on python3-psutil and python3-apparmor (LP: #1899046) [ Steve Beattie ] * d/p/u/parser-Fix-warning-message-when-complain-mode-is-for.patch: Provide better message about caching not happening due to a profile being in force-complain mode. (LP: #1899218) -- Alex Murray <email address hidden> Sun, 11 Oct 2020 16:26:32 -0700
Available diffs
apparmor (3.0.0~beta1-0ubuntu6) groovy; urgency=medium * Drop d/p/lp1824812.patch: this patch was only needed with 2.13 and not 3.0. With AppArmor 3, the patch ends up setting SFS_MOUNTPOINT to the wrong directory in is_container_with_internal_policy(), which causes policy to always fail to load in containers. Thanks to Christian Ehrhardt for the analysis. (LP: #1895967)
Available diffs
Superseded in groovy-proposed |
apparmor (3.0.0~beta1-0ubuntu5) groovy; urgency=medium [ John Johansen ] * d/p/fix-parser-to-emit-proc-attr-access-for-all-situations.patch: fix-automatic-adding-of-rule-for-change-hat-iface.patch fixed the parser to emit rules needed for change_hat in the hat profiles but broke the rule being emitted for the parent profile, this fixes it for both so that it is emitted for any profile that is a hat or that contains a hat. * d/p/fix-change-profile-stack-abstraction.patch: fix the change_profile abstraction so that it allows access to the apparmor attribute paths under LSM stacking.
Available diffs
Deleted in groovy-proposed (Reason: copied without FFe approval (talk to jdstrand)) |
apparmor (3.0.0~beta1-0ubuntu4) groovy; urgency=medium [ Jamie Strandboge ] * no change rebuild for FFe approval (LP: #1895060)
Available diffs
Deleted in groovy-proposed (Reason: copied without FFe approval (talk to jdstrand)) |
apparmor (3.0.0~beta1-0ubuntu3) groovy; urgency=medium [ John Johansen ] * d/p/fix-parser-to-emit-proc-attr-access-for-all-situations.patch: fix-automatic-adding-of-rule-for-change-hat-iface.patch fixed the parser to emit rules needed for change_hat in the hat profiles but broke the rule being emitted for the parent profile, this fixes it for both so that it is emitted for any profile that is a hat or that contains a hat. * d/p/fix-change-profile-stack-abstraction.patch: fix the change_profile abstraction so that it allows access to the apparmor attribute paths under LSM stacking.
Available diffs
Deleted in groovy-proposed (Reason: copied without FFe approval (talk to jdstrand)) |
apparmor (3.0.0~beta1-0ubuntu1) groovy; urgency=medium [ John Johansen ] * New upstream release (LP: #1895060, LP: #1887577, LP: #1880841) * Drop all patches backported from upstream: applied in 3.0 * d/p/policy-provide-example-and-base-abi-to-pin-pre-3.0-p.patch: provide example and base abi to pin pre 3.0 policy * d/p/ubuntu/enable-pinning-of-pre-AppArmor-3.x-poli.patch: enable pinning of pre AppArmor 3.x policy * drop d/p/debian/dont-include-site-local-with-dovecot.patch: no longer needed with upstream 'include if exists' [ Steve Beattie ] * d/p/parser-fix_cap_match.patch: fix cap match to work correctly, important now that groovy has a 5.8 kernel. * d/apparmor-profiles.install: + adjust for renamed postfix profiles + add usr.bin.dumpcap and usr.bin.mlmmj-receive to extra-profiles + remove usr.sbin.nmbd and usr.sbin.smbd from extra-profiles (already in apparmor-profiles) * d/apparmor.install: include abi/ directory and tunables/etc. * d/apparmor.manpages: add apparmor_xattrs.7 manpage * d/control: + apparmor-utils: no more shipped perl tools, drop perl dependency + apparmor-notify: aa-notify was converted to python3 from perl; adjust -notify dependencies to compensate * d/p/fix-tests-regression-apparmor-prologue-inc-settest.patch: fix sed expression in settest() [ Emilia Torino ] * Removing Ubuntu specific chromium-browser profile. This is safe to do since groovy's chromium-browser deb installs the snap. If apparmor3 is backported to 18.04 or earlier, the profile will need to be taken into consideration - d/profiles/chromium-browser: remove chromium-browser profile - d/apparmor-profiles.postinst: remove postinst script as it only contains chromium-browser related functionallity. - d/apparmor-profiles.postrm: remove postrm script as it only contains chromium-browser related functionallity. - d/apparmor-profiles.install: remove ubuntu-specific chromium-browser abstraction and profile - d/apparmor-profiles.lintian-overrides: remove chromium-browser profile lintian overrides - d/p/ubuntu/add-chromium-browser.patch: remove patch which added chrome-browser [ Alex Murray ] * d/p/policy-provide-example-and-base-abi-to-pin-pre-3.0-p.patch: refresh this patch with the official upstream version * d/p/ubuntu/enable-pinning-of-pre-AppArmor-3.x-poli.patch: refresh this patch to match the above * d/p/parser-add-abi-warning-flags.patch: enable parser warnings to be silenced or to be treated as errors [ Jamie Strandboge ] * d/p/adjust-for-ibus-1.5.22.patch: update ibus abstract path for ibus 1.5.22. This can be dropped with AppArmor 3.0 final. * d/p/parser-add-abi-warning-flags.patch: refresh to avoid lintian warnings * d/p/ubuntu/lp1891338.patch: adjust ubuntu-integration to use abstractions/exo-open (LP: #1891338) * d/p/ubuntu/lp1889699.patch: adjust to support brave in ubuntu abstractions. Patch thanks to François Marier (LP: #1889699) * d/p/ubuntu/lp1881357.patch: adjust for new ICEauthority path in /run (LP: #1881357) -- Jamie Strandboge <email address hidden> Wed, 09 Sep 2020 21:48:17 +0000
Available diffs
1 → 50 of 387 results | First • Previous • Next • Last |