apparmor 2.12-3ubuntu1 source package in Ubuntu

Changelog

apparmor (2.12-3ubuntu1) bionic; urgency=medium

  * New upstream bug fix release. Bugs fixed:
    - abstraction/nameservice should include allow access to
      /var/lib/sss/mc/initgroups (LP: #1751402)
    - Cannot Add Request Hat or Use Default Hat in aa-logprof and mod_apparmor
      (LP: #1752365)
    - python tools do not understand 'non-magic' include rules (LP: #1733700)
    - "Unable to open external link" in Evince when google-chrome-unstable is
      the default browser (LP: #1730536)
    - apparmor_parser is missing fix for rule down grades (LP: #1728120)
    - base abstraction missing glibc /proc/$pid/ things (LP: #1658239)
    - logparser.py parse_event_for_tree() doesn't care about owner vs. all in
      file events(LP: #1538340)
    - aa-decode can't decode the audit log which contains the proctitle string
      (LP: #1736841)
    - aa-logprof asks for "a" rule even if "deny w" is present (LP: #1385474)
  * Merge from Debian. Remaining Ubuntu changes:
    - debian/gbp.conf: Use ubuntu/master as the debian-branch
    - Update package maintainer to be Ubuntu Developers in the control file
    - Call handle_system_policy_package_updates in apparmor.init.
      This is needed for snappy and system-images. Note that this prevents
      using a remove /var.
    - Apply Ubuntu-specific patches
      + parser-include-usr-share-apparmor.patch
      + profiles-grant-access-to-systemd-resolved.patch
      + add-chromium-browser.patch
    - Install Ubuntu chromium-browser profile and abstraction
  * Dropped patches that were not merged upstream:
    - ubuntu-manpage-updates.patch: The changes were out of date because
      they only addressed upstart based systems
    - utils-keep-shebang.patch: A different solution was merged upstream
      so that the shebang lines aren't rewritten
  * Feature pinning is not used in Ubuntu
  * Properly identify empty ouid/fsuid fields in logs
  * Allow the shell helper regression test program read the locale

apparmor (2.12-3) unstable; urgency=medium

  * dnsmasq-profile-allow-chown-capability.patch: new patch (Closes: #889806)
  * Update-base-abstraction-for-ld.so.conf-and-friends.patch: new patch,
    cherry-picked from upstream (solves a minor part of #887973).
  * libapparmor-perl: install example program.

apparmor (2.12-2) unstable; urgency=medium

  * This release is dedicated to the memory of Ursula K. Le Guin.

  * Install the "extra" profiles to the default upstream directory
    (Closes: #832984).
  * Cherry-pick policy improvements from upstream Git (Closes: #887591).
  * Stop recommending the apparmor-profile package to the general public:
    - apparmor: drop "Suggests: apparmor-profile".
    - apparmor-profile: make it clear in the package description that
      these profiles cannot be expected to work out-of-the-box.
  * Bump debhelper compatibility level to 10.
    - This reintroduces --parallel building, which was fixed upstream
      since we disabled it.
    - Don't manually enable the systemd debhelper sequence: now done
      by default.
    - Drop now useless build-dependency on autotools-dev.
  * Declare compliance with Standards-Version 4.1.3 (no change required).
  * debian/control: add Rules-Requires-Root: no.
    - Cherry-pick upstream fix to pam_apparmor's Makefile.
  * Packaging cleanup:
    - Remove Kees Cook <email address hidden> from the Uploaders control field.
      Thanks a lot for the inspiring work you've done on this package
      in the past!
    - Remove obsolete calls to rm_conffile.
    - debian/copyright: use canonical URL to copyright-format/1.0.
    - debian/copyright: sort licenses in lexical order.
    - Use canonical URL to Debian bug in patch header.
    - debian/*.install: remove duplicates.
    - Stop versioning dependencies that are satisfied on Debian Wheezy
      and Ubuntu Trusty.
    - Reformat debian/* with 'cme fix dpkg' + wrap-and-sort.

apparmor (2.12-1) unstable; urgency=medium

  * New upstream release (Closes: #885522, #882043, #884014, #886732,
    #875892, #882070, #874665, #884280, #881936, #882135).
    - Drop obsolete patches.
  * dh-apparmor postinst snippet: create empty files in
    /etc/apparmor.d/local/ instead of repeating boilerlate.
  * dh-apparmor postinst snippet: simplify local overrides directory
    creation code.
  * Migrate to Git:
    - Configure gbp for DEP-14
    - Configure gbp-pq to avoid prefixing patches with numbers
    - README.source: adjust to Git
    - Update Vcs-* control fields: migrate to Git
  * Move libpam to Section: admin

apparmor (2.11.1-4) unstable; urgency=medium

  * Bump pinned feature set to linux-image-4.14.0-1's, version 4.14.2-1
    - Pinning a feature set without "mount", as we did before this change,
      breaks mount operations due to a bug in the kernel (Closes: #883703).
      Thanks to Fabian Grünbichler and Felix Geyer for reporting this.
    - AppArmor maintainers in Debian have been testing 4.14 without pinning
      for a while and all the known issues were fixed; it's time to enable
      4.14's features so we can learn what parts of our policy still need
      updates (Closes: #880078, #877581).
  * Move features file to /usr/share/apparmor-features (Closes: #883682).
    Thanks to Fabian Grünbichler <email address hidden> for the patch.
  * Document in apparmor/README.Debian where online documentation wrt. AppArmor
    on Debian lives (Closes: #845232). Thanks to Wouter Verhelst and Jean-Michel
    Vourgère for the suggestion.
  * Improve usability of apparmor-notify:
    - notify.conf: unset use_group.
      aa-notify checks that it can read the selected log file — and aborts
      if it can't — before it checks group membership vs. use_group, so in
      practice setting use_group is only useful for users who are allowed
      to read logs but don't want to see notifications. This seems to be
      a corner case, easily addressed per-user (~/.apparmor/notify.conf)
      or system-wide (by deinstalling apparmor-notify).
      So let's instead optimize for a more common use case, i.e. users who can
      read logs and want to see the notifications. This change does not
      impact the most common use case, i.e. desktop users who are not allowed
      to read logs (Closes:  #880859).
    - Document in apparmor-notify/README.Debian that one must be in the "adm"
      group to use aa-notify.
    Thanks to Lisandro Damián Nicanor Pérez Meyer and Salvatore Bonaccorso
    whose combined bug reports lead to this solution.
  * /lib/apparmor/functions: don't delete /etc/apparmor.d/cache/CACHEDIR.TAG
    ourselves (necessary, but not sufficient, to fix #883584).
  * Declare compliance with Standards-Version 4.1.2.

apparmor (2.11.1-3) unstable; urgency=medium

  * upstream-commit-92752f5-support-Google-Chrome-beta.patch:
    new patch, backported from upstream (Closes: #880923).

apparmor (2.11.1-2) unstable; urgency=medium

  * apparmor: drop obsolete dependency on libapparmor-perl.
    This dependency was added in 2.8.0-0ubuntu15, when aa-exec (that was
    written in Perl back then) got moved to the apparmor package.
    Nowadays aa-exec is written in C and AFAICT there's nothing in the
    apparmor package that uses libapparmor-perl.
  * apparmor-utils: drop obsolete dependency on libapparmor-perl.
    All the programs shipped in this package were rewritten in Python.
  * Drop obsolete dependencies on python{,3}-pkg-resources.
    They were added to "fix autopkgtests in click-apparmor and
    apparmor-easyprof-ubuntu". We don't ship these packages in Debian,
    and I'm told they're going away in Ubuntu anyway.

apparmor (2.11.1-1) unstable; urgency=medium

  * Import upstream 2.11.1 release.
    Drop obsolete patches and refresh remaining ones as need.
  * pin-feature-set.patch: new patch, that pins the AppArmor feature set
    to Linux 4.13.4-2's (Closes: #879584).
    The AppArmor policy we ship is not fully ready for Linux 4.14 yet.
    Once our policy has been updated (#877581) we can bump the pinned
    feature set to Linux 4.14's.
    Note, however, that this is not fully effective in the specific case
    of 4.14-rcN up to 4.14-rc6 due to a kernel bug with pinned older
    feature sets, that will likely be fixed in Linux 4.14-rc7.
    For example, with Linux 4.14-rc5 some network (e.g. unix, inet, inet6)
    operations are denied despite the fact this pinned feature does not
    enable network mediation support. For details, see:
    https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1721278
  * Disable parser-include-usr-share-apparmor.patch: it's not used on Debian
    and would be made fuzzy by pin-feature-set.patch, thus causing useless
    maintenance busywork.
  * Improve phrasing of long packages description, based on a patch
    by Vincas Dargis <email address hidden> (Closes: #795431).
  * Replace build-dependency on dh-systemd with a versioned one
    on debhelper, that now ships dh_systemd_*.
  * Set priority to "optional": "extra" is deprecated.
  * Bump Standards-Version to 4.1.1.
  * Drop "Testsuite: autopkgtest" control field: it is automatically added
    by dpkg-source(1) since dpkg 1.17.1 when a debian/tests/control file exists,
    which is the case here.
  * Move libapache2-mod-apparmor to Section "httpd", as suggested by Lintian.

apparmor (2.11.0-11) unstable; urgency=medium

  * Only use systemd-detect-virt when it's installed (Closes: #871953).
  * dh_apparmor: include the version of the package, so that one can find
    packages that were built with a particular version of dh_apparmor.
    (Closes: #872167).
  * Import patch submitted upstream to support Flatpak exports
    (Closes: #865206).
  * Revert "Build with GCC-6 on mips64el to workaround Debian#871538":
    that gcc-7 bug was fixed in 7.2.0-3 on 2017-09-02, presumably all buildd's
    chroot should have it by now.
  * Merge from Ubuntu citrain up to revision 1627, aka. 2.11.0-2ubuntu17.
    Applied all changes (filtering from that list what had already been
    done in Debian):
     - Remove apparmor system upstart job on upgrades.
     - r3631-apparmor-utils-python3.6-LOCALE.patch: fix utils to avoid
       breakage with python 3.6 (LP: #1661766).
     - nameservice-add-stub-resolv.patch: allow read access to systemd stub
       resolver configuration

apparmor (2.11.0-10) unstable; urgency=medium

  * Build with GCC-6 on mips64el to workaround #871538.

apparmor (2.11.0-9) unstable; urgency=medium

  * debian-chromium-paths.patch: new patch, fixes e.g. opening links
    (e.g. from Thunderbird) when Chromium is the default web browser
    (reported in #858911).

apparmor (2.11.0-8) unstable; urgency=medium

  * firefox-non-esr.patch: new patch, fixes e.g. opening links from
    Thunderbird when Firefox non-ESR is the default web browser
    (Closes: #858911).
  * Adjust metadata for wayland-cursor.patch: applied upstream.

apparmor (2.11.0-7) unstable; urgency=medium

  * compare_and_save_debsums(): fix quieting of diff on initial installation
    (Closes: #870696).
  * Don't explicitly pass runlevel nor sequence number to update-rc.d
    via dh_installinit (Closes: #870695).
    Thanks to Michael Biebl for the hint!
  * wayland-cursor.patch: new patch, to allow wayland-cursor-shared-*
    (Closes: #870807).
  * Merge from Ubuntu citrain up to revision 1620, i.e. 2.11.0-2ubuntu11.
    Applied all changes:
     - fix-aa-status-pod.patch: updates aa-status for newer podchecker
       (LP: #1707614)
     - adjust-python-for-3.6.patch: update python abstraction for 3.6
     - adjust-nameservice-for-systemd-resolved.patch: grant access to
       systemd-resolved in the nameservice abstraction (LP: #1598759).
    … and then disabled adjust-nameservice-for-systemd-resolved.patch
    that's dangerous without fine-grained AppArmor mediation of
    D-Bus traffic.
  * Remove upstart configuration: Upstart was removed in Debian Stretch
    so this file is no longer useful.
  * Drop ubuntu-manpage-updates.patch, that was only relevant with Upstart.

apparmor (2.11.0-6) unstable; urgency=medium

  * libapparmor-dev: stop installing /lib/*/libapparmor.la (Closes: #866636).

apparmor (2.11.0-5) unstable; urgency=medium

  * pass-compiler-flags-binutils.patch: new patch, fixes missing
    hardening flags in aa-enabled and aa-exec.
  * Merge from Ubuntu citrain up to revision 1617, i.e. 2.11.0-2ubuntu8.

apparmor (2.11.0-4) unstable; urgency=medium

  * Run parts of the upstream test suite as autopkgtests.
  * Declare compliance with Standards-Version 4.0.0 (no change required).
  * Add mentions-deprecated-usr-lib-perl5-directory to Lintian overrides,
    since usr-lib-perl5-mentioned has been renamed.
  * libapparmor1.symbols: require 2.8.94 instead of 2.8.94-0ubuntu1.
  * debian/rules: use variables provided by dpkg/pkg-info.mk instead
    of parsing the output of dpkg-parsechangelog.
  * Override mistaken apache2-module-depends-on-real-apache2-package
    Lintian check.
  * Merge from Ubuntu citrain up to revision 1616, i.e. 2.11.0-2ubuntu5
    (more recent changes, up to 2.11.0-2ubuntu8, have not been pushed
    to the citrain repo yet; they don't seen critical though).

apparmor (2.11.0-3) unstable; urgency=medium

  * Fix CVE-2017-6507: don't unload unknown profiles during package
    configuration or when restarting the apparmor init script, upstart job, or
    systemd unit as this could leave processes unconfined (Closes: #858768).
    Changes cherry-picked from Ubuntu's 2.11.0-2ubuntu3:
    - debian/apparmor.postinst, debian/apparmor.init, debian/apparmor.upstart:
      Remove calls to unload_obsolete_profiles()
    - debian/patches/utils-add-aa-remove-unknown.patch,
      debian/apparmor.install debian/apparmor.manpages: Include a new utility,
      aa-remove-unknown, which can be used to unload unknown profiles. Based
      on an upstream patch but adjusted to source the /lib/apparmor/functions
      shipped in Debian/Ubuntu.

 -- Tyler Hicks <email address hidden>  Thu, 15 Mar 2018 15:39:10 +0000