-
apparmor (2.7.102-0ubuntu3.11) precise-security; urgency=medium
* SECURITY UPDATE: Don't unload unknown profiles during package
configuration or when restarting the apparmor init script as this could
leave processes unconfined (LP: #1668892)
- debian/apparmor.init: Remove call to unload_obsolete_profiles()
- debian/patches/0042-utils-add-aa-remove-unknown.patch,
debian/apparmor.install debian/apparmor.manpages: Include a new utility,
aa-remove-unknown, which can be used to unload unknown profiles
- CVE-2017-6507
-- Tyler Hicks <email address hidden> Wed, 15 Mar 2017 22:07:05 +0000
-
apparmor (2.7.102-0ubuntu3.10) precise-security; urgency=medium
* No change rebuild in the security pocket to ensure compatibility
with the linux-lts-trusty kernel.
-- Marc Deslauriers <email address hidden> Mon, 11 Aug 2014 10:16:11 -0400
-
apparmor (2.7.102-0ubuntu3.9) precise-proposed; urgency=low
* 0041-parser-fix-flags.patch: increase the size of the fixed 'features'
buffer to support newer kernels with more apparmor features (LP: #1214979)
-- Seth Arnold <email address hidden> Mon, 26 Aug 2013 11:31:51 -0700
-
apparmor (2.7.102-0ubuntu3.8) precise-proposed; urgency=low
* 0022-aa-logprof-PUx_rewrite_fix-lp982619.patch: fix aa-logprof
rewrite of PUx modes (LP: #982619)
* 0023-lp1091642-parser-reset_matchflags.patch: prevent reuse of
matchflags in parser dfa backend and add testcase demonstrating
the problem (LP: #1091642)
* 0024-profiles-allow_exo-open-lp987578.patch: allow exo-open to work
within ubuntu-integration (LP: #987578)
-- Steve Beattie <email address hidden> Thu, 24 Jan 2013 11:40:48 -0800
-
apparmor (2.7.102-0ubuntu3.7) precise-security; urgency=low
* debian/patches/0001-add-chromium-browser.patch:
- add access for newer versions of chromium (LP: #1091862)
- add a child profile for xdgsettings (LP: #1045986)
* debian/patches/0021-fix-racy-onexec-test.patch: fix race in onexec.sh
kernel regression test
-- Jamie Strandboge <email address hidden> Wed, 19 Dec 2012 07:51:38 -0600
-
apparmor (2.7.102-0ubuntu3.5) precise-proposed; urgency=low
* Allow reading of /etc/vdpau_wrapper.cfg in multimedia abstraction
(LP: #967091)
- add debian/patches/0020-vdpau_wrapper.patch
- update debian/patches/series
-- Micah Gersten <email address hidden> Thu, 29 Nov 2012 19:50:01 -0600
-
apparmor (2.7.102-0ubuntu3.4) precise-security; urgency=low
* debian/debhelper/postrm.apparmor: do not delete local files if main
conffile still exists since it probably means it is owned by a
new/different package. (LP: #986892)
-- Marc Deslauriers <email address hidden> Sat, 20 Oct 2012 16:55:18 -0400
-
apparmor (2.7.102-0ubuntu3.2) precise-proposed; urgency=low
* Allow /var/lib/sss/mc/{group|passwd} for systems using sssd.
(LP: #1056391)
-- Stephane Graber <email address hidden> Tue, 25 Sep 2012 15:26:11 -0400
-
apparmor (2.7.102-0ubuntu3.1) precise-security; urgency=low
* fix LP: #990931 - Thunderbird is being blocked by apparmor from Firefox;
This was a regression from the Thunderbird path changing to a non-versioned
path in the Thunderbird 12 packaging
- add debian/patches/0015-lp990931.patch
- update debian/patches/series
-- Micah Gersten <email address hidden> Tue, 05 Jun 2012 02:11:28 -0500
-
apparmor (2.7.102-0ubuntu3) precise; urgency=low
[ Jamie Strandboge ]
* debian/patches/0007-ubuntu-manpage-updates.patch: update apparmor(5)
to describe Ubuntu's two-stage policy load and how to add utilize it
when developing policy (LP: #974089)
[ Serge Hallyn ]
* debian/apparmor.init: do nothing in a container. This can be
removed once stacked profiles are supported and used by lxc.
(LP: #978297)
[ Steve Beattie ]
* debian/patches/0008-apparmor-lp963756.patch: Fix permission mapping
for change_profile onexec (LP: #963756)
* debian/patches/0009-apparmor-lp959560-part1.patch,
debian/patches/0010-apparmor-lp959560-part2.patch: Update the parser
to support the 'in' keyword for value lists, and make mount
operations aware of 'in' keyword so they can affect the flags build
list (LP: #959560)
* debian/patches/0011-apparmor-lp872446.patch: fix logprof missing
exec events in complain mode (LP: #872446)
* debian/patches/0012-apparmor-lp978584.patch: allow inet6 access in
dovecot imap-login profile (LP: #978584)
* debian/patches/0013-apparmor-lp800826.patch: fix libapparmor
log parsing library from dropping apparmor network events that
contain ip addresses or ports in them (LP: #800826)
* debian/patches/0014-apparmor-lp979095.patch: document new mount rule
syntax and usage in apparmor.d(5) manpage (LP: #979095)
* debian/patches/0015-apparmor-lp963756.patch: Fix change_onexec
for profiles without attachment specification (LP: #963756,
LP: #978038)
* debian/patches/0016-apparmor-lp968956.patch: Fix protocol error when
loading policy to kernels without compat patches (LP: #968956)
* debian/patches/0017-apparmor-lp979135.patch: Fix change_profile to
grant access to /proc/attr api (LP: #979135)
-- Steve Beattie <email address hidden> Thu, 12 Apr 2012 06:17:42 -0500
-
apparmor (2.7.102-0ubuntu2) precise; urgency=low
* debian/control: Make dh-apparmor Multi-Arch: foreign, so that it can
satisfy cross-build-dependencies.
-- Colin Watson <email address hidden> Sat, 31 Mar 2012 02:28:05 +0100
-
apparmor (2.7.102-0ubuntu1) precise; urgency=low
* New upstream release. Fixes the following issues in support of LXC
AppArmor support for beta-2:
- Fix the return size of aa_getprocattr (LP: #962521)
- Fix mnt_flags passed for remount
- Fix dfa minimization around the nonmatching state
- Factor all the permissions dump code into a single perms method
* debian/apparmor-utils.install:
- AppArmor now installs apparmor.vim. Move it into place
- install aa-exec
* debian/apparmor-utils.manpages: install aa-exec man page
* debian/patches/0003-add-aa-easyprof.patch: refresh for Makefile changes
* debian/patches/0005-clean-common-from-vim.patch: clean up 'common'
symlink
* 0006-use-linux-capability-h.patch: Use linux/capability.h instead of
sys/capability.h
-- Jamie Strandboge <email address hidden> Thu, 22 Mar 2012 15:39:56 -0500
-
apparmor (2.7.101-0ubuntu1) precise; urgency=low
* New upstream release. Fixes: LP: #948147
* debian/lib/apparmor/functions: Update to support the feature directory so
that caching will work on kernels that support the feature dir. Patch
based on work from John Johansen. LP: #954469
-- Jamie Strandboge <email address hidden> Thu, 15 Mar 2012 15:57:02 -0500
-
apparmor (2.7.100-0ubuntu1) precise; urgency=low
* New upstream bug fix release which fixes (in addition to other bugs):
- LP: #940362
- LP: #947617
- LP: #949891
* Drop the following patches, included upstream:
- 0004-lp918879.patch
- 0007-lp941506.patch
- 0008-lp941503.patch
- 0009-lp943161.patch
* Drop the following patch, no longer required:
- 0005-disable-minimization.patch
* Rename 0006-lp941808.patch 0004-lp941808.patch
* debian/patches/0001-add-chromium-browser.patch: update for additional
denials with newer chromium-browser. (LP: #937723)
* debian/put-all-profiles-in-complain-mode.sh: deal with existing flags
-- Jamie Strandboge <email address hidden> Fri, 09 Mar 2012 06:56:48 -0600
-
apparmor (2.7.99-0ubuntu4) precise; urgency=low
* Restore dpkg-maintscript-helper changes from 2.7.0-0ubuntu6, lost in
2.7.99-0ubuntu1.
-- Colin Watson <email address hidden> Mon, 05 Mar 2012 16:11:01 +0000
-
apparmor (2.7.99-0ubuntu3) precise; urgency=low
* debian/patches/0009-lp943161.patch: update to not fail when
default-jre-headless is installed (LP: #945019)
-- Jamie Strandboge <email address hidden> Fri, 02 Mar 2012 12:47:03 -0600
-
apparmor (2.7.99-0ubuntu2) precise; urgency=low
* debian/control: dh-apparmor should Breaks/Replaces on debhelper
9.20120115ubuntu3, not 9.20120115ubuntu2
* debian/patches/0006-lp941808.patch: allow writes to
/{,var/}run/sendsigs.omit.d/*dnsmasq.pid for network manager integration
(LP: #941808)
* debian/patches/0007-lp941506.patch: allow reads to ~/.drirc in the X
abstraction (LP: #941506)
* debian/patches/0008-lp941503.patch: allow read access to
/usr/share/texmf/fonts in fonts abstraction (LP: #941503)
* debian/patches/0009-lp943161.patch: fix path to java in
ubuntu-browsers.d/java (LP: #943161)
-- Jamie Strandboge <email address hidden> Fri, 02 Mar 2012 07:50:50 -0600
-
apparmor (2.7.99-0ubuntu1) precise; urgency=low
* New upstream release which also pulls in 2.7.0-1 changes from Debian.
For the sake of simplicity, I have added the 2.7.0-1 changelog entry after
2.7.0-0ubuntu7 even though chronologically it appeared in Debian between
2.7.0-0ubuntu4 and 2.7.0-0ubuntu5.
- LP: #940422 (FFe)
* Drop the following patches, included upstream:
- 0003-commits-through-r1882.patch
- 0004-lp887992.patch
- 0005-lp884748.patch
- 0006-lp870992.patch
- 0007-lp860856.patch
- 0008-lp852062.patch
- 0009-lp851977.patch
- 0010-lp890894.patch
- 0011-lp817956.patch
- 0012-lp458922.patch
- 0013-lp769148.patch
- 0014-lp904548.patch
- 0015-lp712584.patch
- 0016-lp562831.patch
- 0017-lp662906.patch
- 0018-deny-home-pki-so.patch
- 0019-lp899963.patch
- 0020-lp912754a.patch
- 0021-lp912754b.patch
- 0022-workaround-lp851986.patch
- 0023-syslog-ng-needs-dac-read-search.patch
- 0024-fix-python-and-ruby-autogeneration.patch
- 0025-lp914184.patch
- 0026-lp914190.patch
- 0027-lp914386.patch
- 0028-testsuite-fixes.patch
- 0029-lp917628.patch
- 0030-lp916285.patch
- 0031-lp917639.patch
- 0032-lp917641.patch
- 0033-add-ubuntu-helpers-to-plugins-common.patch
- 0034-lp917859.patch
- 0035-kde-should-use-kde4.patch
- 0036-lp929531.patch
- 0036-fix-manpage-errors.patch
* Rename 0037-add-aa-easyprof.patch 0003-add-aa-easyprof.patch
* debian/apparmor-profiles.postrm: clean out autogenerated files created by
apparmor-profiles.postinst (Closes: 656451)
* debian/patches/0004-lp918879.patch: allow /etc/drirc in the X abstraction
(LP: #918879)
* debian/patches/0005-disable-minimization.patch: do to LP: 940362,
minimization is not working correctly. Disable it for now.
apparmor (2.7.0-1) unstable; urgency=low
* debian/po/pt.po add new Portuguese translation, thanks to Pedro Ribeiro,
(Closes: 651434).
* debian/control: do not require initramfs-tools on !linux-any
(Closes: 651297).
* debian/{control,rules,debhelper/*}: move dh_apparmor into separate
binary package, out of debhelper (Closes: 649784).
* debian/{control,rules}: fix up lack of real build-indep.
* debian/patches/0036-fix-manpage-errors.patch: minor man page cleanups.
* merge changes from Ubuntu (r1443).
-- Jamie Strandboge <email address hidden> Fri, 24 Feb 2012 09:04:45 -0600
-
apparmor (2.7.0-0ubuntu7) precise; urgency=low
* debian/patches/0037-add-aa-easyprof.patch: add the aa-easyprof tool
* apparmor-utils.dirs, apparmor-utils.install, apparmor-utils.manpages:
install aa-easyprof and supporting files
* python-libapparmor.install: only install LibAppArmor*
* debian/rules: use dh_python2 with apparmor-utils
* debian/control: apparmor-utils should Depends on ${python:Depends}
-- Jamie Strandboge <email address hidden> Wed, 15 Feb 2012 07:40:38 -0600
-
apparmor (2.7.0-0ubuntu6) precise; urgency=low
* debian/apparmor.{preinst,postinst,postrm,maintscript}, debian/control:
Use maintscript support in dh_installdeb rather than writing out
dpkg-maintscript-helper commands by hand. We now simply Pre-Depend on a
new enough version of dpkg rather than using 'dpkg-maintscript-helper
supports' guards, leading to more predictable behaviour on upgrades.
-- Colin Watson <email address hidden> Sat, 11 Feb 2012 15:11:01 +0000
-
apparmor (2.7.0-0ubuntu5) precise; urgency=low
* debian/patches/0036-lp929531.patch: adjust base abstraction to allow read
access to /sys/devices/system/cpu/online (LP: #929531)
-- Jamie Strandboge <email address hidden> Thu, 09 Feb 2012 08:04:13 -0600
-
apparmor (2.7.0-0ubuntu4) precise; urgency=low
* debian/patches/0034-lp917859.patch: adjust aspell abstraction for user
customizable dictionaries (LP: #917859)
* debian/patches/0035-kde-should-use-kde4.patch: adjust abstractions to
use kde{,4} instead of kde
* debian/control: update Vcs-Bzr
-- Jamie Strandboge <email address hidden> Wed, 18 Jan 2012 16:27:30 -0600
-
apparmor (2.7.0-0ubuntu3) precise; urgency=low
* debian/patches/0029-lp917628.patch: Adjust dnsmasq profile for
NetworkManager integration (LP: #917628)
* debian/patches/0030-lp916285.patch: update ubuntu-browsers.d/text-editors
to work with emacs2[2-9] (LP: #916285)
* debian/patches/0031-lp917639.patch: update p11-kit to allow mmap of
libraries in pkcs directories (LP: #917639)
* debian/patches/0032-lp917641.patch: ubuntu-integration abstraction for
multiarch with gst-plugin-scanner (LP: #917641)
* debian/patches/0033-add-ubuntu-helpers-to-plugins-common.patch: include
ubuntu-helpers in the plugins-common abstraction
-- Jamie Strandboge <email address hidden> Tue, 17 Jan 2012 07:18:34 -0600
-
apparmor (2.7.0-0ubuntu2) precise; urgency=low
* debian/patches/0022-workaround-lp851986.patch: update sanitized_helper
to include inet6
-- Jamie Strandboge <email address hidden> Fri, 13 Jan 2012 11:21:30 +0100
-
apparmor (2.7.0-0ubuntu1) precise; urgency=low
* New upstream release. Fixes the following:
- LP: #794974
- LP: #815883
- LP: #840973
* Drop the following patches, included upstream:
- af_names-generation.patch
- 0004-adjust-logprof-log-search-order.patch
- 0005-lp826914.patch
- 0006-lp838275.patch
- 0007-fix-introspection-tests.patch
* Rename 0003-add-debian-integration-to-lighttpd.patch to 0002
* debian/patches/0003-commits-through-r1882.patch: several bug,
documentation and performance fixes on our road to AppArmor 2.8
(LP: #840734, LP: #905412)
* debian/patches/0004-lp887992.patch: cups-client abstraction should allow
owner read of @{HOME}/.cups/client.conf and @{HOME}/.cups/lpoptions
(LP: #887992)
* update debian/patches/0001-add-chromium-browser.patch for deeper
directories of /sys/devices/pci (LP: #885833)
* debian/patches/0005-lp884748.patch: allow kate as text editor in the
browsers abstraction (LP: #884748)
* debian/patches/0006-lp870992.patch: abstractions/fonts should allow access
to ~/.fonts.conf.d (LP: #870992)
* debian/patches/0007-lp860856.patch: allow read access to sitecustomize.py
in the python abstraction, which is needed for apport hooks to work in
python applications (LP: #860856)
* debian/patches/0008-lp852062.patch: update binaries for transmission
clients (LP: #852062)
* debian/patches/0009-lp851977.patch: allow ixr access to exo-open for
Xubuntu and friends (LP: #851977)
* debian/patches/0010-lp890894.patch: allow access to Thunar as well as
thunar in ubuntu-integration abstraction (LP: #890894)
* debian/patches/0011-lp817956.patch: update usr.sbin.sshd example profile
(LP: #817956)
* debian/patches/0012-lp458922.patch: update dovecot deliver profile to
access various .conf files for dovecot (LP: #458922)
* debian/patches/0013-lp769148.patch: allow avahi to do dbus introspection
(LP: #769148)
* debian/patches/0014-lp904548.patch: fix typo for multiarch line for gconv
(LP: #904548)
* debian/patches/0015-lp712584.patch: Nvidia users need access to
/dev/nvidia* files for various plugins to work right. Since these are all
focused around multimedia, add the acceses to the multimedia abstraction.
(LP: #712584)
* debian/patches/0016-lp562831.patch: allow fireclam plugin to work
(LP: #562831)
* debian/patches/0017-lp662906.patch: allow software-center in the ubuntu
integration browser abstraction (LP: #662906)
* debian/patches/0018-deny-home-pki-so.patch: update private-files
abstraction to deny write and link to ~/.pki/nssdb/*so files (LP: #911847)
* debian/patches/0019-lp899963.patch: add audacity to the
ubuntu-media-players abstraction (LP: #899963)
* debian/patches/0020-lp912754a.patch,0021-lp912754b.patch: add p11-kit
abstraction and add it to the authentication abstraction (LP: #912754)
* debian/patches/0022-workaround-lp851986.patch: instead of using Ux
in the ubuntu and launchpad abstractions, use a helper child profile.
This will help work around the lack of environment filtering
(LP: #851986)
* debian/patches/0023-syslog-ng-needs-dac-read-search.patch: adjust syslog-ng
profile for dac_read_search
* debian/patches/0024-fix-python-and-ruby-autogeneration.patch: fix python
and ruby autogeneration when using aa-autodep and aa-genprof
* debian/patches/0025-lp914184.patch: allow the creation of enchant .config
directory in the enchant abstraction (LP: #914184)
* debian/patches/0026-lp914190.patch: block write access to ~/.kde/env
because KDE automatically sources scripts in that folder on startup
(LP: #914190)
* debian/pathes/0027-lp914386.patch: add xdg-desktop abstraction and
adjust gnome and kde abstractions to use it (LP: #914386)
* debian/patches/0028-testsuite-fixes.patch: testsuite fixes in the kernel
regression tests
-- Jamie Strandboge <email address hidden> Thu, 12 Jan 2012 12:55:17 +0100
-
apparmor (2.7.0~beta1+bzr1774-1ubuntu3) precise; urgency=low
* Rebuild for Perl 5.14.
-- Colin Watson <email address hidden> Tue, 15 Nov 2011 22:10:05 +0000
-
apparmor (2.7.0~beta1+bzr1774-1ubuntu2) oneiric; urgency=low
* 0007-fix-introspection-tests.patch: Add missing introspection regression
test that should have been checked in with the introspection patches.
-- Jamie Strandboge <email address hidden> Tue, 04 Oct 2011 13:13:05 -0500
