-
apparmor (2.9.1-0ubuntu9) vivid; urgency=medium
* Make debian/lib/apparmor/profile-load executable.
-- Serge Hallyn <email address hidden> Thu, 02 Apr 2015 13:00:35 -0500
-
apparmor (2.9.1-0ubuntu8) vivid; urgency=medium
[ Steve Beattie ]
* debian/rules: run make check on the libapparmor library
* add-chromium-browser.patch: add support for chromium policies
(LP: #1419294)
* debian/apparmor.{init,upstart}: add support for triggering
aa-profile-hook runs when packages are updated via snappy system
image updates (LP: #1434143)
* parser-fix_modifier_compilation_+_tests.patch: fix compilation
of audit modifiers for exec and pivot_root and deny modifiers on
link rules as well as significantly expand related tests
(LP: #1431717, LP: #1432045, LP: #1433829)
* tests-fix_systemd_breakage_in_pivot_root-lp1436109.patch: work
around pivot_root test failures due to init=systemd (LP: #1436109)
* GDM_X_authority-lp1432126.patch: add location GDM creates Xauthority
file to X abstraction (LP: #1432126)
[ Jamie Strandboge ]
* easyprof-framework-policy.patch: add --include-templates-dir and
--include-policy-groups-dir options to easyprof to support framework
policy on snappy
[ Robie Basak ]
* Add /lib/apparmor/profile-load; moved from
/lib/init/apparmor-profile-load from the upstart package. A wrapper at
the original path is now provided by init-system-helpers. (LP: #1432683)
-- Jamie Strandboge <email address hidden> Sat, 28 Mar 2015 07:22:30 -0500
-
apparmor (2.9.1-0ubuntu7) vivid; urgency=medium
* systemd-dev-log-lp1413232.patch: Allow writes to the systemd journal
socket /{,var}/run/systemd/journal/dev-log. This can be dropped with
with AppArmor 2.9.2. (LP: #1413232)
-- Jamie Strandboge <email address hidden> Fri, 06 Mar 2015 06:22:34 -0600
-
apparmor (2.9.1-0ubuntu6) vivid; urgency=medium
* add-mir-abstractions-lp1422521.patch: add correct location of
mir specific libraries and mir unprivileged client socket
to mir abstraction (LP: #1422521)
-- Steve Beattie <email address hidden> Tue, 03 Mar 2015 10:42:24 -0800
-
apparmor (2.9.1-0ubuntu5) vivid; urgency=medium
* debian/apparmor.init: Replace unnecessary $remote_fs dependency with
$local_fs. This is sufficient as during boot we don't use anything from
/usr. It's also necessary to avoid dependency cycles when using NFS (as
its dependencies should be covered by AppArmor). (LP: #1312976)
-- Martin Pitt <email address hidden> Tue, 03 Mar 2015 08:54:33 +0100
-
apparmor (2.9.1-0ubuntu4) vivid; urgency=medium
* Update to apparmor 2.9.1
- make parser mount rule options consistent with documentation
(LP: #1401619)
- make parser fail if unknown mount options are encountered
(LP: #1401621)
- stop aa-logprof from asking about already allowed network rules
(LP: #1380367)
- make utils offer abstractions for network rules (LP: #1380367)
- make libapparmor understand logs generated by syslog-ng
(LP: #1399027)
- stop python utilities from adding duplicate quotes (LP: #1328707)
- work around aa-cleanprof crashes (LP: #1382236)
- other bug fixes, performance improvements, and testcases added to
the python utils.
- policy updates for dnsmasq, nscd, and others
- translation updates
* Partial sync with debian apparmor package:
- debian/apparmor-profiles.install: add additional dovecot and
smbldap-useradd profiles
- debian/control: fix typo in apparmor-docs description, fix file
overwrite issues with python-apparmor, apparmor-docs
- debian/rules: improved repeat-build cleanup logic.
- Add Turkish translation of debconf messages. Thanks to
Mert Dirik <email address hidden> for the patch!
- debian/apparmor.postrm: Remove
/var/lib/apparmor/profiles/.apparmor.md5sums and parent
directories on package purge.
* add-mir-abstractions-lp1422521.patch: add mir abstraction to cover
mir specific libraries (LP: #1422521)
* debian/rules: remove no longer needed references to PERLDIR when
installing from utils/
-- Steve Beattie <email address hidden> Tue, 17 Feb 2015 16:31:25 -0800
-
apparmor (2.8.98-0ubuntu4) vivid; urgency=medium
* Ship libapparmor in /lib instead of /usr as we want to use it in systemd
now. (LP: #1397960)
-- Martin Pitt <email address hidden> Mon, 01 Dec 2014 15:37:32 +0100
-
apparmor (2.8.98-0ubuntu3) vivid; urgency=medium
* debian/lib/apparmor/functions: disable expr tree simplification for
/var/lib/apparmor/profiles (LP: #1383858)
* parser-dont-skip-read-cache-with-optimizations.patch: don't skip read
cache when specifying '-O' (LP: #1385947)
-- Jamie Strandboge <email address hidden> Tue, 28 Oct 2014 17:41:08 -0500
-
apparmor (2.8.98-0ubuntu2) utopic; urgency=medium
* Updated to apparmor 2.9.beta4 (aka apparmor 2.8.98)
- fix logparsing memory leak (LP: #1340927)
- incorporate fixes to regression testsuite to compensate for
af_unix mediation, as well as extend test coverage
(LP: #1375403, LP: #1375516)
- fix libapparmor's log parsing code to accept additional rejection
types (LP: #1375413)
- fix X abstraction for changed lightdm xauthority file locations
(LP: #1339727)
- parser: disable downgrade and not enforced rule messages
by default
- fix error when using regex profile names in IPC rules
(LP: #1373085)
- updates and fixes to the python utilities
- translation updates
[ Steve Beattie ]
* Removed upstreamed patches:
drop-peer_addr-with-local-addr-in-base.patch,
update_socketpair_tests_for_af_unix.patch,
fix_socketpair_tests.patch, sanitized-helpers-updates.patch,
01-tests-unix_socket_lists.patch,
02-tests-accept_unix_rules_in_mkprofile.patch,
03-tests-unix_sockets_v7_pathnames.patch,
04-tests-migrate_from_poll_to_sockio_timeout.patch,
05-tests-add_abstract_socket_tests.patch,
06-tests-use_socketpair_and_none.patch,
07-parser-fix_local_perms.patch,
08-phpsysinfo-policy-updates.patch,
09-apache2-policy-instructions.patch,
10-lp1371771.patch, 11-lp1371765.patch,
lp1169881.patch
* refreshed etc-writable.patch and libapparmor-layout-deb.patch
* debian/control: add breaks on python3-apparmor against older
apparmor-utils that used to be where python bits lived
(LP: #1373259)
* debian/apport/source_apparmor.py:
- fixes the apparmor apport hook so it does not raise an exception if
a non-unicode character is found in /var/log/kern.log or in
/var/log/syslog. This should work under python3 or python2.7
(LP: #1304447)
- adjusts the add_info() function to take the expected additional ui
argument, though it has no need for it.
- converts the log parsing code to use with statements so as not to
leak open file descriptors
- updates the set of packages to query to see if installed and if so,
report the version of.
- adjust import to make pyflakes job easier
- minor pep8 cleanups
[ Jamie Strandboge ]
* add-chromium-browser.patch: don't allow writing to the oom score and
adjust files since this allows chromium to change the values for any
process matching our UID
* debian/apparmor.upstart: check if click-apparmor md5sums changed so we
regenerate the policy if it changes too (LP: #1371574)
* debian/apparmor.init: make corresponding upstart change to initscript
* debian/lib/apparmor/functions: fall back to using -n1 if the parser failed
to load a profile set. This should be removed when the parser properly
handles profile sets with corrupted profiles (LP: 1377338)
* debian/control: fix typo (LP: #1187447)
-- Steve Beattie <email address hidden> Thu, 09 Oct 2014 22:39:32 -0700
