Author: Ubuntu Git Importer
Author Date: 2019-04-26 12:32:29 UTC

DSC file for 2.13.2-9ubuntu6

Author: Jamie Strandboge
Author Date: 2019-04-15 15:59:54 UTC

Import patches-applied version 2.13.2-9ubuntu6 to applied/ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: 47ae479dec83ee7206f67640e4e0c446432d90c6
Unapplied parent: 5f8edf6d3c9ccef8f5397e23746bea7b0d8ba1a8

New changelog entries:
  * lp1824812.patch: set SFS_MOUNTPOINT in is_container_with_internal_policy()
    since it is sometimes called independently of is_apparmor_loaded()
    - LP: #1824812

Author: Jamie Strandboge
Author Date: 2019-04-15 15:59:54 UTC

Import patches-unapplied version 2.13.2-9ubuntu6 to ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: 3d828be0225850ec5c3dd1f01fa8657c937ac8ea

New changelog entries:
  * lp1824812.patch: set SFS_MOUNTPOINT in is_container_with_internal_policy()
    since it is sometimes called independently of is_apparmor_loaded()
    - LP: #1824812

Author: Jamie Strandboge
Author Date: 2019-04-15 15:59:54 UTC

Import patches-unapplied version 2.13.2-9ubuntu6 to ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: 3d828be0225850ec5c3dd1f01fa8657c937ac8ea

New changelog entries:
  * lp1824812.patch: set SFS_MOUNTPOINT in is_container_with_internal_policy()
    since it is sometimes called independently of is_apparmor_loaded()
    - LP: #1824812

Author: Jamie Strandboge
Author Date: 2019-04-15 15:59:54 UTC

Import patches-applied version 2.13.2-9ubuntu6 to applied/ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: 47ae479dec83ee7206f67640e4e0c446432d90c6
Unapplied parent: 5f8edf6d3c9ccef8f5397e23746bea7b0d8ba1a8

New changelog entries:
  * lp1824812.patch: set SFS_MOUNTPOINT in is_container_with_internal_policy()
    since it is sometimes called independently of is_apparmor_loaded()
    - LP: #1824812

Author: Jamie Strandboge
Author Date: 2019-04-15 15:59:54 UTC

Import patches-unapplied version 2.13.2-9ubuntu6 to ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: 3d828be0225850ec5c3dd1f01fa8657c937ac8ea

New changelog entries:
  * lp1824812.patch: set SFS_MOUNTPOINT in is_container_with_internal_policy()
    since it is sometimes called independently of is_apparmor_loaded()
    - LP: #1824812

Author: Jamie Strandboge
Author Date: 2019-04-15 15:59:54 UTC

Import patches-unapplied version 2.13.2-9ubuntu6 to ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: 3d828be0225850ec5c3dd1f01fa8657c937ac8ea

New changelog entries:
  * lp1824812.patch: set SFS_MOUNTPOINT in is_container_with_internal_policy()
    since it is sometimes called independently of is_apparmor_loaded()
    - LP: #1824812

Author: Jamie Strandboge
Author Date: 2019-04-15 15:59:54 UTC

Import patches-applied version 2.13.2-9ubuntu6 to applied/ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: 47ae479dec83ee7206f67640e4e0c446432d90c6
Unapplied parent: 5f8edf6d3c9ccef8f5397e23746bea7b0d8ba1a8

New changelog entries:
  * lp1824812.patch: set SFS_MOUNTPOINT in is_container_with_internal_policy()
    since it is sometimes called independently of is_apparmor_loaded()
    - LP: #1824812

Author: Jamie Strandboge
Author Date: 2019-04-15 15:59:54 UTC

Import patches-applied version 2.13.2-9ubuntu6 to applied/ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: 47ae479dec83ee7206f67640e4e0c446432d90c6
Unapplied parent: 5f8edf6d3c9ccef8f5397e23746bea7b0d8ba1a8

New changelog entries:
  * lp1824812.patch: set SFS_MOUNTPOINT in is_container_with_internal_policy()
    since it is sometimes called independently of is_apparmor_loaded()
    - LP: #1824812

Author: Jamie Strandboge
Author Date: 2019-04-15 15:59:54 UTC

Import patches-unapplied version 2.13.2-9ubuntu6 to ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: 3d828be0225850ec5c3dd1f01fa8657c937ac8ea

New changelog entries:
  * lp1824812.patch: set SFS_MOUNTPOINT in is_container_with_internal_policy()
    since it is sometimes called independently of is_apparmor_loaded()
    - LP: #1824812

Author: Jamie Strandboge
Author Date: 2019-04-15 15:59:54 UTC

Import patches-applied version 2.13.2-9ubuntu6 to applied/ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: 47ae479dec83ee7206f67640e4e0c446432d90c6
Unapplied parent: 5f8edf6d3c9ccef8f5397e23746bea7b0d8ba1a8

New changelog entries:
  * lp1824812.patch: set SFS_MOUNTPOINT in is_container_with_internal_policy()
    since it is sometimes called independently of is_apparmor_loaded()
    - LP: #1824812

Author: Jamie Strandboge
Author Date: 2019-04-15 15:59:54 UTC

Import patches-unapplied version 2.13.2-9ubuntu6 to ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: 3d828be0225850ec5c3dd1f01fa8657c937ac8ea

New changelog entries:
  * lp1824812.patch: set SFS_MOUNTPOINT in is_container_with_internal_policy()
    since it is sometimes called independently of is_apparmor_loaded()
    - LP: #1824812

Author: Jamie Strandboge
Author Date: 2019-04-15 15:59:54 UTC

Import patches-applied version 2.13.2-9ubuntu6 to applied/ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: 47ae479dec83ee7206f67640e4e0c446432d90c6
Unapplied parent: 5f8edf6d3c9ccef8f5397e23746bea7b0d8ba1a8

New changelog entries:
  * lp1824812.patch: set SFS_MOUNTPOINT in is_container_with_internal_policy()
    since it is sometimes called independently of is_apparmor_loaded()
    - LP: #1824812

Author: Ubuntu Git Importer
Author Date: 2019-03-30 22:43:19 UTC

DSC file for 2.13.2-10

Author: intrigeri
Author Date: 2019-03-30 13:23:11 UTC

Import patches-applied version 2.13.2-10 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 3233979f66895177a3badf2730c6ed42a364900b
Unapplied parent: 1b50bbccdb1429e2f81ca4824959cda231deda1b

New changelog entries:
  * Don't load AppArmor policy when running in a Debian Live environment
    that uses overlayfs (Closes: #922378).
    Rationale: the storage stack set up by live-boot with overlayfs
    is not supported by our AppArmor policy at the moment, resulting
    in breakage of confined software such as Evince and LibreOffice.
  * Ship nvidia_modprobe in enforce mode (Closes: #923273).
    - Rationale: as explained by Seth Arnold <seth.arnold@canonical.com>
      on #923273#32, profiles in complain mode can chew up essentially
      unlimited amounts of non-swappable kernel memory and huge amounts
      of IO bandwidth logging ALLOWED messages, which can in turn
      use large amounts of storage. This is why Ubuntu has applied this change
      already for their upcoming release.
    - Scope of this change: in Buster, this profile is used in one single place
      — the usr.lib.libreoffice.program.soffice.bin profile — for which it was
      developed and tested in the first place. So the risk and potential
      problematic impact of this change seems pretty low.
  * Cherry-pick the most important and non-invasive fixes
    from the upstream apparmor-2.13 maintenance branch:
    - base abstraction: allow mr on *.so* in common library paths,
      i.e. don't assume all common libraries' name starts with "lib".
      At the very least, this fixes Qt5 applications under some
      VirtualBox graphics configuration, where otherwise they would
      not start at all (Closes: Tails#16414).
      Upstream commits: 8dff7dc, 08f9d16
    - Fix 2 segfaults spotted upstream while writing automated tests
      for the multicache support (upstream MR!348):
       · in overlaydirat_for_each, segfault caused by repeatedly freeing
         the same memory area;
       · when loading policy cache files, due to incorrect size passed
         to qsort().
      Upstream commits: 5704fba, 01aec04

Author: intrigeri
Author Date: 2019-03-30 13:23:11 UTC

Import patches-unapplied version 2.13.2-10 to debian/sid

Imported using git-ubuntu import.

Changelog parent: d0c45f18ae693c81f66d7538868da270bd77c650

New changelog entries:
  * Don't load AppArmor policy when running in a Debian Live environment
    that uses overlayfs (Closes: #922378).
    Rationale: the storage stack set up by live-boot with overlayfs
    is not supported by our AppArmor policy at the moment, resulting
    in breakage of confined software such as Evince and LibreOffice.
  * Ship nvidia_modprobe in enforce mode (Closes: #923273).
    - Rationale: as explained by Seth Arnold <seth.arnold@canonical.com>
      on #923273#32, profiles in complain mode can chew up essentially
      unlimited amounts of non-swappable kernel memory and huge amounts
      of IO bandwidth logging ALLOWED messages, which can in turn
      use large amounts of storage. This is why Ubuntu has applied this change
      already for their upcoming release.
    - Scope of this change: in Buster, this profile is used in one single place
      — the usr.lib.libreoffice.program.soffice.bin profile — for which it was
      developed and tested in the first place. So the risk and potential
      problematic impact of this change seems pretty low.
  * Cherry-pick the most important and non-invasive fixes
    from the upstream apparmor-2.13 maintenance branch:
    - base abstraction: allow mr on *.so* in common library paths,
      i.e. don't assume all common libraries' name starts with "lib".
      At the very least, this fixes Qt5 applications under some
      VirtualBox graphics configuration, where otherwise they would
      not start at all (Closes: Tails#16414).
      Upstream commits: 8dff7dc, 08f9d16
    - Fix 2 segfaults spotted upstream while writing automated tests
      for the multicache support (upstream MR!348):
       · in overlaydirat_for_each, segfault caused by repeatedly freeing
         the same memory area;
       · when loading policy cache files, due to incorrect size passed
         to qsort().
      Upstream commits: 5704fba, 01aec04

Author: intrigeri
Author Date: 2019-03-30 13:23:11 UTC

Import patches-unapplied version 2.13.2-10 to debian/sid

Imported using git-ubuntu import.

Changelog parent: d0c45f18ae693c81f66d7538868da270bd77c650

New changelog entries:
  * Don't load AppArmor policy when running in a Debian Live environment
    that uses overlayfs (Closes: #922378).
    Rationale: the storage stack set up by live-boot with overlayfs
    is not supported by our AppArmor policy at the moment, resulting
    in breakage of confined software such as Evince and LibreOffice.
  * Ship nvidia_modprobe in enforce mode (Closes: #923273).
    - Rationale: as explained by Seth Arnold <seth.arnold@canonical.com>
      on #923273#32, profiles in complain mode can chew up essentially
      unlimited amounts of non-swappable kernel memory and huge amounts
      of IO bandwidth logging ALLOWED messages, which can in turn
      use large amounts of storage. This is why Ubuntu has applied this change
      already for their upcoming release.
    - Scope of this change: in Buster, this profile is used in one single place
      — the usr.lib.libreoffice.program.soffice.bin profile — for which it was
      developed and tested in the first place. So the risk and potential
      problematic impact of this change seems pretty low.
  * Cherry-pick the most important and non-invasive fixes
    from the upstream apparmor-2.13 maintenance branch:
    - base abstraction: allow mr on *.so* in common library paths,
      i.e. don't assume all common libraries' name starts with "lib".
      At the very least, this fixes Qt5 applications under some
      VirtualBox graphics configuration, where otherwise they would
      not start at all (Closes: Tails#16414).
      Upstream commits: 8dff7dc, 08f9d16
    - Fix 2 segfaults spotted upstream while writing automated tests
      for the multicache support (upstream MR!348):
       · in overlaydirat_for_each, segfault caused by repeatedly freeing
         the same memory area;
       · when loading policy cache files, due to incorrect size passed
         to qsort().
      Upstream commits: 5704fba, 01aec04

Author: intrigeri
Author Date: 2019-03-30 13:23:11 UTC

Import patches-applied version 2.13.2-10 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 3233979f66895177a3badf2730c6ed42a364900b
Unapplied parent: 1b50bbccdb1429e2f81ca4824959cda231deda1b

New changelog entries:
  * Don't load AppArmor policy when running in a Debian Live environment
    that uses overlayfs (Closes: #922378).
    Rationale: the storage stack set up by live-boot with overlayfs
    is not supported by our AppArmor policy at the moment, resulting
    in breakage of confined software such as Evince and LibreOffice.
  * Ship nvidia_modprobe in enforce mode (Closes: #923273).
    - Rationale: as explained by Seth Arnold <seth.arnold@canonical.com>
      on #923273#32, profiles in complain mode can chew up essentially
      unlimited amounts of non-swappable kernel memory and huge amounts
      of IO bandwidth logging ALLOWED messages, which can in turn
      use large amounts of storage. This is why Ubuntu has applied this change
      already for their upcoming release.
    - Scope of this change: in Buster, this profile is used in one single place
      — the usr.lib.libreoffice.program.soffice.bin profile — for which it was
      developed and tested in the first place. So the risk and potential
      problematic impact of this change seems pretty low.
  * Cherry-pick the most important and non-invasive fixes
    from the upstream apparmor-2.13 maintenance branch:
    - base abstraction: allow mr on *.so* in common library paths,
      i.e. don't assume all common libraries' name starts with "lib".
      At the very least, this fixes Qt5 applications under some
      VirtualBox graphics configuration, where otherwise they would
      not start at all (Closes: Tails#16414).
      Upstream commits: 8dff7dc, 08f9d16
    - Fix 2 segfaults spotted upstream while writing automated tests
      for the multicache support (upstream MR!348):
       · in overlaydirat_for_each, segfault caused by repeatedly freeing
         the same memory area;
       · when loading policy cache files, due to incorrect size passed
         to qsort().
      Upstream commits: 5704fba, 01aec04

Author: Jamie Strandboge
Author Date: 2018-09-27 18:20:54 UTC

Import patches-applied version 2.12-4ubuntu5.1 to applied/ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 9d19d1e5200cf96e815d9925f96f8738c46b6b29
Unapplied parent: 0a02f0a804e5e1aa584a1d0c220d87c3f06cf2f7

New changelog entries:
  * lp1788929+1794848.patch:
    - disallow writes to thumbnailer dir (LP: #1788929)
    - disallow access to the dirs of private files (LP: #1794848)

Author: Jamie Strandboge
Author Date: 2018-09-27 18:20:54 UTC

Import patches-applied version 2.12-4ubuntu5.1 to applied/ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 9d19d1e5200cf96e815d9925f96f8738c46b6b29
Unapplied parent: 0a02f0a804e5e1aa584a1d0c220d87c3f06cf2f7

New changelog entries:
  * lp1788929+1794848.patch:
    - disallow writes to thumbnailer dir (LP: #1788929)
    - disallow access to the dirs of private files (LP: #1794848)

Author: Jamie Strandboge
Author Date: 2018-09-27 18:38:50 UTC

Import patches-unapplied version 2.10.95-0ubuntu2.6~14.04.4 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 1a09a8d1146540e4c5507667eae390f05f354428

New changelog entries:
  * {,14.04-}lp1788929+1794848.patch:
    - disallow writes to thumbnailer dir (LP: #1788929)
    - disallow access to the dirs of private files (LP: #1794848)

Author: Jamie Strandboge
Author Date: 2018-09-27 18:20:54 UTC

Import patches-unapplied version 2.12-4ubuntu5.1 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 19209d8fffd07cda1e32abec2ff356ac90c791d9

New changelog entries:
  * lp1788929+1794848.patch:
    - disallow writes to thumbnailer dir (LP: #1788929)
    - disallow access to the dirs of private files (LP: #1794848)

Author: Jamie Strandboge
Author Date: 2018-09-27 18:20:54 UTC

Import patches-unapplied version 2.12-4ubuntu5.1 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 19209d8fffd07cda1e32abec2ff356ac90c791d9

New changelog entries:
  * lp1788929+1794848.patch:
    - disallow writes to thumbnailer dir (LP: #1788929)
    - disallow access to the dirs of private files (LP: #1794848)

Author: Jamie Strandboge
Author Date: 2018-09-27 18:20:54 UTC

Import patches-applied version 2.12-4ubuntu5.1 to applied/ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 9d19d1e5200cf96e815d9925f96f8738c46b6b29
Unapplied parent: 0a02f0a804e5e1aa584a1d0c220d87c3f06cf2f7

New changelog entries:
  * lp1788929+1794848.patch:
    - disallow writes to thumbnailer dir (LP: #1788929)
    - disallow access to the dirs of private files (LP: #1794848)

Author: Jamie Strandboge
Author Date: 2018-09-27 18:20:54 UTC

Import patches-unapplied version 2.12-4ubuntu5.1 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 19209d8fffd07cda1e32abec2ff356ac90c791d9

New changelog entries:
  * lp1788929+1794848.patch:
    - disallow writes to thumbnailer dir (LP: #1788929)
    - disallow access to the dirs of private files (LP: #1794848)

Author: Jamie Strandboge
Author Date: 2018-09-27 18:38:50 UTC

Import patches-applied version 2.10.95-0ubuntu2.6~14.04.4 to applied/ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 2885880de35a4ae4c1ecdb7d37cba65b1a802da1
Unapplied parent: a27193d1fac0e2517e0306456978fd1193d2744a

New changelog entries:
  * {,14.04-}lp1788929+1794848.patch:
    - disallow writes to thumbnailer dir (LP: #1788929)
    - disallow access to the dirs of private files (LP: #1794848)

Author: Jamie Strandboge
Author Date: 2018-09-27 18:38:50 UTC

Import patches-applied version 2.10.95-0ubuntu2.6~14.04.4 to applied/ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 2885880de35a4ae4c1ecdb7d37cba65b1a802da1
Unapplied parent: a27193d1fac0e2517e0306456978fd1193d2744a

New changelog entries:
  * {,14.04-}lp1788929+1794848.patch:
    - disallow writes to thumbnailer dir (LP: #1788929)
    - disallow access to the dirs of private files (LP: #1794848)

Author: Jamie Strandboge
Author Date: 2018-09-27 18:38:50 UTC

Import patches-applied version 2.10.95-0ubuntu2.6~14.04.4 to applied/ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 2885880de35a4ae4c1ecdb7d37cba65b1a802da1
Unapplied parent: a27193d1fac0e2517e0306456978fd1193d2744a

New changelog entries:
  * {,14.04-}lp1788929+1794848.patch:
    - disallow writes to thumbnailer dir (LP: #1788929)
    - disallow access to the dirs of private files (LP: #1794848)

Author: Jamie Strandboge
Author Date: 2018-09-27 18:38:50 UTC

Import patches-unapplied version 2.10.95-0ubuntu2.6~14.04.4 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 1a09a8d1146540e4c5507667eae390f05f354428

New changelog entries:
  * {,14.04-}lp1788929+1794848.patch:
    - disallow writes to thumbnailer dir (LP: #1788929)
    - disallow access to the dirs of private files (LP: #1794848)

Author: Jamie Strandboge
Author Date: 2018-09-27 18:38:50 UTC

Import patches-unapplied version 2.10.95-0ubuntu2.6~14.04.4 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 1a09a8d1146540e4c5507667eae390f05f354428

New changelog entries:
  * {,14.04-}lp1788929+1794848.patch:
    - disallow writes to thumbnailer dir (LP: #1788929)
    - disallow access to the dirs of private files (LP: #1794848)

Author: Jamie Strandboge
Author Date: 2018-09-27 17:25:04 UTC

Import patches-unapplied version 2.12-4ubuntu8 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: 6cba87070dbe6721130a1ee500282d503a671cf9

New changelog entries:
  * lp1788929+1794848.patch:
    - disallow writes to thumbnailer dir (LP: #1788929)
    - disallow access to the dirs of private files (LP: #1794848)

Author: Jamie Strandboge
Author Date: 2018-09-27 17:25:04 UTC

Import patches-applied version 2.12-4ubuntu8 to applied/ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: 78763385cb87264d6867d2793e21f03a8c99625d
Unapplied parent: 781528fe7cd4e279d1d88febb514043f0d136d1c

New changelog entries:
  * lp1788929+1794848.patch:
    - disallow writes to thumbnailer dir (LP: #1788929)
    - disallow access to the dirs of private files (LP: #1794848)

Author: Jamie Strandboge
Author Date: 2018-09-27 17:25:04 UTC

Import patches-unapplied version 2.12-4ubuntu8 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: 6cba87070dbe6721130a1ee500282d503a671cf9

New changelog entries:
  * lp1788929+1794848.patch:
    - disallow writes to thumbnailer dir (LP: #1788929)
    - disallow access to the dirs of private files (LP: #1794848)

Author: Jamie Strandboge
Author Date: 2018-09-27 17:25:04 UTC

Import patches-unapplied version 2.12-4ubuntu8 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: 6cba87070dbe6721130a1ee500282d503a671cf9

New changelog entries:
  * lp1788929+1794848.patch:
    - disallow writes to thumbnailer dir (LP: #1788929)
    - disallow access to the dirs of private files (LP: #1794848)

Author: Jamie Strandboge
Author Date: 2018-09-27 17:25:04 UTC

Import patches-applied version 2.12-4ubuntu8 to applied/ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: 78763385cb87264d6867d2793e21f03a8c99625d
Unapplied parent: 781528fe7cd4e279d1d88febb514043f0d136d1c

New changelog entries:
  * lp1788929+1794848.patch:
    - disallow writes to thumbnailer dir (LP: #1788929)
    - disallow access to the dirs of private files (LP: #1794848)

Author: Jamie Strandboge
Author Date: 2018-09-27 17:25:04 UTC

Import patches-applied version 2.12-4ubuntu8 to applied/ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: 78763385cb87264d6867d2793e21f03a8c99625d
Unapplied parent: 781528fe7cd4e279d1d88febb514043f0d136d1c

New changelog entries:
  * lp1788929+1794848.patch:
    - disallow writes to thumbnailer dir (LP: #1788929)
    - disallow access to the dirs of private files (LP: #1794848)

Author: Jamie Strandboge
Author Date: 2018-09-27 18:23:46 UTC

Import patches-unapplied version 2.10.95-0ubuntu2.10 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 2591c629771d688d36594c44f30fa4573451c05d

New changelog entries:
  * lp1788929+1794848.patch:
    - disallow writes to thumbnailer dir (LP: #1788929)
    - disallow access to the dirs of private files (LP: #1794848)

Author: Jamie Strandboge
Author Date: 2018-09-27 18:23:46 UTC

Import patches-unapplied version 2.10.95-0ubuntu2.10 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 2591c629771d688d36594c44f30fa4573451c05d

New changelog entries:
  * lp1788929+1794848.patch:
    - disallow writes to thumbnailer dir (LP: #1788929)
    - disallow access to the dirs of private files (LP: #1794848)

Author: Jamie Strandboge
Author Date: 2018-09-27 18:23:46 UTC

Import patches-applied version 2.10.95-0ubuntu2.10 to applied/ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 53ba6533e3b761830e19f78eeb20ccdbfce96b15
Unapplied parent: 5b70d6b669af37c22151338573156274dc02dfb7

New changelog entries:
  * lp1788929+1794848.patch:
    - disallow writes to thumbnailer dir (LP: #1788929)
    - disallow access to the dirs of private files (LP: #1794848)

Author: Jamie Strandboge
Author Date: 2018-09-27 18:23:46 UTC

Import patches-applied version 2.10.95-0ubuntu2.10 to applied/ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 53ba6533e3b761830e19f78eeb20ccdbfce96b15
Unapplied parent: 5b70d6b669af37c22151338573156274dc02dfb7

New changelog entries:
  * lp1788929+1794848.patch:
    - disallow writes to thumbnailer dir (LP: #1788929)
    - disallow access to the dirs of private files (LP: #1794848)

Author: Jamie Strandboge
Author Date: 2018-09-27 18:23:46 UTC

Import patches-unapplied version 2.10.95-0ubuntu2.10 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 2591c629771d688d36594c44f30fa4573451c05d

New changelog entries:
  * lp1788929+1794848.patch:
    - disallow writes to thumbnailer dir (LP: #1788929)
    - disallow access to the dirs of private files (LP: #1794848)

Author: Jamie Strandboge
Author Date: 2018-09-27 18:23:46 UTC

Import patches-applied version 2.10.95-0ubuntu2.10 to applied/ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 53ba6533e3b761830e19f78eeb20ccdbfce96b15
Unapplied parent: 5b70d6b669af37c22151338573156274dc02dfb7

New changelog entries:
  * lp1788929+1794848.patch:
    - disallow writes to thumbnailer dir (LP: #1788929)
    - disallow access to the dirs of private files (LP: #1794848)

Author: intrigeri
Author Date: 2018-07-07 17:15:31 UTC

Import patches-unapplied version 2.13-2 to debian/experimental

Imported using git-ubuntu import.

Changelog parent: cbb9de0a8fd70270d6951d59acb2a2636a5a8252

New changelog entries:
  * Merge from sid:
    - upstream-commit-d9d3cae-adjust-python-abstraction-for-python-3.patch:
      new patch, to avoid breaking things with Python 3.7.
  * Regarding the "Don't invalidate the cache anymore […]" change inrtoduced
    in 2.13-1: one can manually do that with apparmor_parser --purge.

Author: intrigeri
Author Date: 2018-07-07 17:15:31 UTC

Import patches-applied version 2.13-2 to applied/debian/experimental

Imported using git-ubuntu import.

Changelog parent: 5630e4318724e858c93346983d0632be9825633d
Unapplied parent: d1e4a96937b6cac318a040276793c04fb140e19d

New changelog entries:
  * Merge from sid:
    - upstream-commit-d9d3cae-adjust-python-abstraction-for-python-3.patch:
      new patch, to avoid breaking things with Python 3.7.
  * Regarding the "Don't invalidate the cache anymore […]" change inrtoduced
    in 2.13-1: one can manually do that with apparmor_parser --purge.

Author: Jamie Strandboge
Author Date: 2018-04-17 20:15:16 UTC

Import patches-unapplied version 2.12-4ubuntu5 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: a5c9eb590c7032d78ae8580605c464c4c30259df

New changelog entries:
  [ Didier Roche ]
  * debian/patches/ubuntu/communitheme-snap-support.patch:
    - support communitheme snap (LP: #1762983)
  [ Jamie Strandboge ]
  * debian/patches/ubuntu/add-chromium-browser.patch: adjust for newer
    chromium (LP: #1101298, LP: #1594589, LP: #1647142)
    - add attach_disconnected
    - allow reading /proc/vmstat
    - don't require owner match for /proc/pid/{stat,status} and task
      counterparts
    - adjust pci[0-9] to be pci[0-9a-f]
    - allow reading all uevents and /sys/devices/virtual/tty/tty0/active
    - allow ptracing xdgsettings and lsb-release
    - xdgsettings uses head and tr and looks at /usr/share/ubuntu/applications/
    - lsb-release uses python 3.6 and looks at apport, apt.conf, dpkg and
      distro-info
    - use 'm' on on sandbox
  * debian/patches/ubuntu/mimeinfo-snap-support.patch: allow reading
    /var/lib/snapd/desktop/applications *.desktop and mimeinfo.cache
    (LP: #1712039)

Author: Jamie Strandboge
Author Date: 2018-04-17 20:15:16 UTC

Import patches-applied version 2.12-4ubuntu5 to applied/ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: c50fc60ffc59ca3cc9a56e3f1fb3294376ca5669
Unapplied parent: f01d3e58f1dc079d20ab673bdb4997c80461aaf1

New changelog entries:
  [ Didier Roche ]
  * debian/patches/ubuntu/communitheme-snap-support.patch:
    - support communitheme snap (LP: #1762983)
  [ Jamie Strandboge ]
  * debian/patches/ubuntu/add-chromium-browser.patch: adjust for newer
    chromium (LP: #1101298, LP: #1594589, LP: #1647142)
    - add attach_disconnected
    - allow reading /proc/vmstat
    - don't require owner match for /proc/pid/{stat,status} and task
      counterparts
    - adjust pci[0-9] to be pci[0-9a-f]
    - allow reading all uevents and /sys/devices/virtual/tty/tty0/active
    - allow ptracing xdgsettings and lsb-release
    - xdgsettings uses head and tr and looks at /usr/share/ubuntu/applications/
    - lsb-release uses python 3.6 and looks at apport, apt.conf, dpkg and
      distro-info
    - use 'm' on on sandbox
  * debian/patches/ubuntu/mimeinfo-snap-support.patch: allow reading
    /var/lib/snapd/desktop/applications *.desktop and mimeinfo.cache
    (LP: #1712039)

Author: Jamie Strandboge
Author Date: 2018-04-17 20:15:16 UTC

Import patches-applied version 2.12-4ubuntu5 to applied/ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: c50fc60ffc59ca3cc9a56e3f1fb3294376ca5669
Unapplied parent: f01d3e58f1dc079d20ab673bdb4997c80461aaf1

New changelog entries:
  [ Didier Roche ]
  * debian/patches/ubuntu/communitheme-snap-support.patch:
    - support communitheme snap (LP: #1762983)
  [ Jamie Strandboge ]
  * debian/patches/ubuntu/add-chromium-browser.patch: adjust for newer
    chromium (LP: #1101298, LP: #1594589, LP: #1647142)
    - add attach_disconnected
    - allow reading /proc/vmstat
    - don't require owner match for /proc/pid/{stat,status} and task
      counterparts
    - adjust pci[0-9] to be pci[0-9a-f]
    - allow reading all uevents and /sys/devices/virtual/tty/tty0/active
    - allow ptracing xdgsettings and lsb-release
    - xdgsettings uses head and tr and looks at /usr/share/ubuntu/applications/
    - lsb-release uses python 3.6 and looks at apport, apt.conf, dpkg and
      distro-info
    - use 'm' on on sandbox
  * debian/patches/ubuntu/mimeinfo-snap-support.patch: allow reading
    /var/lib/snapd/desktop/applications *.desktop and mimeinfo.cache
    (LP: #1712039)

Author: Jamie Strandboge
Author Date: 2018-04-17 20:15:16 UTC

Import patches-unapplied version 2.12-4ubuntu5 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: a5c9eb590c7032d78ae8580605c464c4c30259df

New changelog entries:
  [ Didier Roche ]
  * debian/patches/ubuntu/communitheme-snap-support.patch:
    - support communitheme snap (LP: #1762983)
  [ Jamie Strandboge ]
  * debian/patches/ubuntu/add-chromium-browser.patch: adjust for newer
    chromium (LP: #1101298, LP: #1594589, LP: #1647142)
    - add attach_disconnected
    - allow reading /proc/vmstat
    - don't require owner match for /proc/pid/{stat,status} and task
      counterparts
    - adjust pci[0-9] to be pci[0-9a-f]
    - allow reading all uevents and /sys/devices/virtual/tty/tty0/active
    - allow ptracing xdgsettings and lsb-release
    - xdgsettings uses head and tr and looks at /usr/share/ubuntu/applications/
    - lsb-release uses python 3.6 and looks at apport, apt.conf, dpkg and
      distro-info
    - use 'm' on on sandbox
  * debian/patches/ubuntu/mimeinfo-snap-support.patch: allow reading
    /var/lib/snapd/desktop/applications *.desktop and mimeinfo.cache
    (LP: #1712039)

Author: Ubuntu Git Importer
Author Date: 2018-03-15 17:50:27 UTC

pristine-tar data for apparmor_2.12.orig.tar.gz

Author: intrigeri
Author Date: 2018-02-27 10:59:06 UTC

Import patches-applied version 2.11.0-3+deb9u2 to applied/debian/stretch

Imported using git-ubuntu import.

Changelog parent: bab628b49faddbc35b55aea2d7ca9e876eea7aca
Unapplied parent: 7a89aacaec36f4ab1748529e011da92980e91ed3

New changelog entries:
  * Move the features file to /usr/share/apparmor-features;
    accordingly remove the old (now obsolete) '/etc/apparmor/features'
    conffile (Closes: #883682).
  * Configure gbp for DEP-14 and avoid gbp-pq prefixing patches
    with numbers.
  * Pin the AppArmor feature set to Stretch's kernel (Closes: #879585).
    This ensures Stretch systems, even when running a newer kernel (e.g.
    from backports), have their AppArmor feature set pinned to the one
    supported by the AppArmor policy shipped in Stretch. Otherwise they
    would experience breakage due to new AppArmor mediation features
    introduced in recent kernels.

Author: intrigeri
Author Date: 2018-02-27 10:59:06 UTC

Import patches-unapplied version 2.11.0-3+deb9u2 to debian/stretch

Imported using git-ubuntu import.

Changelog parent: 75908290953622a01b0ca853537e7dbc5824a913

New changelog entries:
  * Move the features file to /usr/share/apparmor-features;
    accordingly remove the old (now obsolete) '/etc/apparmor/features'
    conffile (Closes: #883682).
  * Configure gbp for DEP-14 and avoid gbp-pq prefixing patches
    with numbers.
  * Pin the AppArmor feature set to Stretch's kernel (Closes: #879585).
    This ensures Stretch systems, even when running a newer kernel (e.g.
    from backports), have their AppArmor feature set pinned to the one
    supported by the AppArmor policy shipped in Stretch. Otherwise they
    would experience breakage due to new AppArmor mediation features
    introduced in recent kernels.

Author: Ubuntu Git Importer
Author Date: 2018-03-08 02:06:45 UTC

pristine-tar data for apparmor_2.12.orig.tar.gz

Author: Christian Ehrhardt 
Author Date: 2018-02-20 15:04:02 UTC

Import patches-unapplied version 2.10.95-0ubuntu2.9 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: a983c53cb5b63b027147378e177ed365223615ea

New changelog entries:
  * debian/patches/base-journald-updates.patch: update base abstraction
    for additional journald sockets (LP: #1670408)
    Backport from 2.11.0-2ubuntu5 by Jamie Strandboge <jamie@ubuntu.com>

Author: Christian Ehrhardt 
Author Date: 2018-02-20 15:04:02 UTC

Import patches-applied version 2.10.95-0ubuntu2.9 to applied/ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 1bebe3a2d3284e2dd23d89e7a65f746f3f659a0d
Unapplied parent: e84ac68db9311a7dc72bbb1f93da686f208a3174

New changelog entries:
  * debian/patches/base-journald-updates.patch: update base abstraction
    for additional journald sockets (LP: #1670408)
    Backport from 2.11.0-2ubuntu5 by Jamie Strandboge <jamie@ubuntu.com>

Author: Eric Desrochers
Author Date: 2018-02-02 15:19:38 UTC

Import patches-applied version 2.10.95-0ubuntu2.6~14.04.3 to applied/ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: f785424df2b4ec61079ed0151cecb4ff7ae8ca4d
Unapplied parent: 116fc7fb73974eec2335d846b2c32f6b9099af7f

New changelog entries:
  * d/p/14.04-profiles-allow-seven-digit-pid-lp1717714.patch:
    - Renamed d/p/0001-Allow-seven-digit-pid.patch to mirror other
      profiles-14.04 patches naming pattern.
    - Modify the existing/renamed patch to use the dir that should be use to
      patch a profile. profiles-14.04/ should be use instead of profiles/
      which is not use. (LP: #1717714)

Author: Eric Desrochers
Author Date: 2018-02-02 15:19:38 UTC

Import patches-unapplied version 2.10.95-0ubuntu2.6~14.04.3 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: 748e40e53baddd9a9e1896e4eef8384c029f2394

New changelog entries:
  * d/p/14.04-profiles-allow-seven-digit-pid-lp1717714.patch:
    - Renamed d/p/0001-Allow-seven-digit-pid.patch to mirror other
      profiles-14.04 patches naming pattern.
    - Modify the existing/renamed patch to use the dir that should be use to
      patch a profile. profiles-14.04/ should be use instead of profiles/
      which is not use. (LP: #1717714)

Author: Seyeong Kim
Author Date: 2018-01-08 15:49:55 UTC

Import patches-unapplied version 2.11.0-2ubuntu17.1 to ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: 0695953b3aef86e3b772ee0c35398c4456c8be9a

New changelog entries:
  * d/p/0001-Allow-seven-digit-pid.patch:
    On 64bit systems, /proc/sys/kernel/pid_max can be set to PID_MAX_LIMIT,
    (2^22), which results in seven digit pids. Adjust the @{PID} variable in
    tunables/global to accept this. (LP: #1717714)

Author: Seyeong Kim
Author Date: 2018-01-08 15:49:55 UTC

Import patches-unapplied version 2.11.0-2ubuntu17.1 to ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: 0695953b3aef86e3b772ee0c35398c4456c8be9a

New changelog entries:
  * d/p/0001-Allow-seven-digit-pid.patch:
    On 64bit systems, /proc/sys/kernel/pid_max can be set to PID_MAX_LIMIT,
    (2^22), which results in seven digit pids. Adjust the @{PID} variable in
    tunables/global to accept this. (LP: #1717714)

Author: Seyeong Kim
Author Date: 2018-01-08 15:49:55 UTC

Import patches-applied version 2.11.0-2ubuntu17.1 to applied/ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: 827803b98b3e754e6b6d5b475cc05c635304decd
Unapplied parent: 2b1157cf23ea81e562212dd1b51087cf58432937

New changelog entries:
  * d/p/0001-Allow-seven-digit-pid.patch:
    On 64bit systems, /proc/sys/kernel/pid_max can be set to PID_MAX_LIMIT,
    (2^22), which results in seven digit pids. Adjust the @{PID} variable in
    tunables/global to accept this. (LP: #1717714)

Author: Seyeong Kim
Author Date: 2018-01-08 15:49:55 UTC

Import patches-unapplied version 2.11.0-2ubuntu17.1 to ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: 0695953b3aef86e3b772ee0c35398c4456c8be9a

New changelog entries:
  * d/p/0001-Allow-seven-digit-pid.patch:
    On 64bit systems, /proc/sys/kernel/pid_max can be set to PID_MAX_LIMIT,
    (2^22), which results in seven digit pids. Adjust the @{PID} variable in
    tunables/global to accept this. (LP: #1717714)

Author: Seyeong Kim
Author Date: 2018-01-08 15:49:55 UTC

Import patches-applied version 2.11.0-2ubuntu17.1 to applied/ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: 827803b98b3e754e6b6d5b475cc05c635304decd
Unapplied parent: 2b1157cf23ea81e562212dd1b51087cf58432937

New changelog entries:
  * d/p/0001-Allow-seven-digit-pid.patch:
    On 64bit systems, /proc/sys/kernel/pid_max can be set to PID_MAX_LIMIT,
    (2^22), which results in seven digit pids. Adjust the @{PID} variable in
    tunables/global to accept this. (LP: #1717714)

Author: Seyeong Kim
Author Date: 2018-01-08 15:49:55 UTC

Import patches-applied version 2.11.0-2ubuntu17.1 to applied/ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: 827803b98b3e754e6b6d5b475cc05c635304decd
Unapplied parent: 2b1157cf23ea81e562212dd1b51087cf58432937

New changelog entries:
  * d/p/0001-Allow-seven-digit-pid.patch:
    On 64bit systems, /proc/sys/kernel/pid_max can be set to PID_MAX_LIMIT,
    (2^22), which results in seven digit pids. Adjust the @{PID} variable in
    tunables/global to accept this. (LP: #1717714)

Author: Jamie Strandboge
Author Date: 2017-09-15 12:52:05 UTC

Import patches-unapplied version 2.11.0-2ubuntu17 to ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: 6bf4cdad2ed1881d83b4949811f83eac8a94c704

New changelog entries:
  * nameservice-add-stub-resolv.patch: allow read access to systemd stub
    resolver configuration

Author: Jamie Strandboge
Author Date: 2017-09-15 12:52:05 UTC

Import patches-applied version 2.11.0-2ubuntu17 to applied/ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: 1027fcaf43798cd45615582a6457a4428815243d
Unapplied parent: 52aeec4716e199198714fa1f79a544117fdaac1b

New changelog entries:
  * nameservice-add-stub-resolv.patch: allow read access to systemd stub
    resolver configuration

Author: Jamie Strandboge
Author Date: 2017-04-11 18:34:18 UTC

Import patches-applied version 2.11.0-2ubuntu4 to applied/ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: 61a425a208718399c4bd37590ba4c4ba0bd206ec
Unapplied parent: 655e3c648a5bb2049933d432c2ad7228b0264cff

New changelog entries:
  * debian/patches/aa-notify-urgency-normal.patch: adjust the notify-send
    urgency to 'normal' to accommodate gnome-shell (LP: #1681908)

Author: Jamie Strandboge
Author Date: 2017-04-11 18:34:18 UTC

Import patches-applied version 2.11.0-2ubuntu4 to applied/ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: 61a425a208718399c4bd37590ba4c4ba0bd206ec
Unapplied parent: 655e3c648a5bb2049933d432c2ad7228b0264cff

New changelog entries:
  * debian/patches/aa-notify-urgency-normal.patch: adjust the notify-send
    urgency to 'normal' to accommodate gnome-shell (LP: #1681908)

Author: Jamie Strandboge
Author Date: 2017-04-11 18:34:18 UTC

Import patches-unapplied version 2.11.0-2ubuntu4 to ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: 79c2d1fecb250882ab7d396d617964a4de9b6c16

New changelog entries:
  * debian/patches/aa-notify-urgency-normal.patch: adjust the notify-send
    urgency to 'normal' to accommodate gnome-shell (LP: #1681908)

Author: Jamie Strandboge
Author Date: 2017-04-11 18:34:18 UTC

Import patches-applied version 2.11.0-2ubuntu4 to applied/ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: 61a425a208718399c4bd37590ba4c4ba0bd206ec
Unapplied parent: 655e3c648a5bb2049933d432c2ad7228b0264cff

New changelog entries:
  * debian/patches/aa-notify-urgency-normal.patch: adjust the notify-send
    urgency to 'normal' to accommodate gnome-shell (LP: #1681908)

Author: Jamie Strandboge
Author Date: 2017-04-11 18:34:18 UTC

Import patches-unapplied version 2.11.0-2ubuntu4 to ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: 79c2d1fecb250882ab7d396d617964a4de9b6c16

New changelog entries:
  * debian/patches/aa-notify-urgency-normal.patch: adjust the notify-send
    urgency to 'normal' to accommodate gnome-shell (LP: #1681908)

Author: Jamie Strandboge
Author Date: 2017-04-11 18:34:18 UTC

Import patches-unapplied version 2.11.0-2ubuntu4 to ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: 79c2d1fecb250882ab7d396d617964a4de9b6c16

New changelog entries:
  * debian/patches/aa-notify-urgency-normal.patch: adjust the notify-send
    urgency to 'normal' to accommodate gnome-shell (LP: #1681908)

Author: Tyler Hicks
Author Date: 2017-03-28 15:51:36 UTC

Import patches-unapplied version 2.10.95-4ubuntu5.3 to ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: 7bad1a53082a1a7b8ad1ec2367f50990d82aa0ee

New changelog entries:
  * SECURITY UPDATE: Don't unload unknown profiles during package
    configuration or when restarting the apparmor init script, upstart job, or
    systemd unit as this could leave processes unconfined (LP: #1668892)
    - debian/apparmor.postinst, debian/apparmor.init, debian/apparmor.upstart:
      Remove calls to unload_obsolete_profiles()
    - debian/patches/utils-add-aa-remove-unknown.patch,
      debian/apparmor.install debian/apparmor.manpages: Include a new utility,
      aa-remove-unknown, which can be used to unload unknown profiles
    - CVE-2017-6507

Author: Tyler Hicks
Author Date: 2017-03-28 15:51:36 UTC

Import patches-applied version 2.10.95-4ubuntu5.3 to applied/ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: 6e9a21172e4424d8f51708601a5f0cc492ed5a4d
Unapplied parent: 541caa635e4e58fa66b8995ce80964838350b690

New changelog entries:
  * SECURITY UPDATE: Don't unload unknown profiles during package
    configuration or when restarting the apparmor init script, upstart job, or
    systemd unit as this could leave processes unconfined (LP: #1668892)
    - debian/apparmor.postinst, debian/apparmor.init, debian/apparmor.upstart:
      Remove calls to unload_obsolete_profiles()
    - debian/patches/utils-add-aa-remove-unknown.patch,
      debian/apparmor.install debian/apparmor.manpages: Include a new utility,
      aa-remove-unknown, which can be used to unload unknown profiles
    - CVE-2017-6507

Author: Tyler Hicks
Author Date: 2017-03-28 15:51:36 UTC

Import patches-applied version 2.10.95-4ubuntu5.3 to applied/ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: 6e9a21172e4424d8f51708601a5f0cc492ed5a4d
Unapplied parent: 541caa635e4e58fa66b8995ce80964838350b690

New changelog entries:
  * SECURITY UPDATE: Don't unload unknown profiles during package
    configuration or when restarting the apparmor init script, upstart job, or
    systemd unit as this could leave processes unconfined (LP: #1668892)
    - debian/apparmor.postinst, debian/apparmor.init, debian/apparmor.upstart:
      Remove calls to unload_obsolete_profiles()
    - debian/patches/utils-add-aa-remove-unknown.patch,
      debian/apparmor.install debian/apparmor.manpages: Include a new utility,
      aa-remove-unknown, which can be used to unload unknown profiles
    - CVE-2017-6507

Author: Tyler Hicks
Author Date: 2017-03-28 15:51:36 UTC

Import patches-applied version 2.10.95-4ubuntu5.3 to applied/ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: 6e9a21172e4424d8f51708601a5f0cc492ed5a4d
Unapplied parent: 541caa635e4e58fa66b8995ce80964838350b690

New changelog entries:
  * SECURITY UPDATE: Don't unload unknown profiles during package
    configuration or when restarting the apparmor init script, upstart job, or
    systemd unit as this could leave processes unconfined (LP: #1668892)
    - debian/apparmor.postinst, debian/apparmor.init, debian/apparmor.upstart:
      Remove calls to unload_obsolete_profiles()
    - debian/patches/utils-add-aa-remove-unknown.patch,
      debian/apparmor.install debian/apparmor.manpages: Include a new utility,
      aa-remove-unknown, which can be used to unload unknown profiles
    - CVE-2017-6507

Author: Tyler Hicks
Author Date: 2017-03-28 15:51:36 UTC

Import patches-unapplied version 2.10.95-4ubuntu5.3 to ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: 7bad1a53082a1a7b8ad1ec2367f50990d82aa0ee

New changelog entries:
  * SECURITY UPDATE: Don't unload unknown profiles during package
    configuration or when restarting the apparmor init script, upstart job, or
    systemd unit as this could leave processes unconfined (LP: #1668892)
    - debian/apparmor.postinst, debian/apparmor.init, debian/apparmor.upstart:
      Remove calls to unload_obsolete_profiles()
    - debian/patches/utils-add-aa-remove-unknown.patch,
      debian/apparmor.install debian/apparmor.manpages: Include a new utility,
      aa-remove-unknown, which can be used to unload unknown profiles
    - CVE-2017-6507

Author: Tyler Hicks
Author Date: 2017-03-28 15:51:36 UTC

Import patches-unapplied version 2.10.95-4ubuntu5.3 to ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: 7bad1a53082a1a7b8ad1ec2367f50990d82aa0ee

New changelog entries:
  * SECURITY UPDATE: Don't unload unknown profiles during package
    configuration or when restarting the apparmor init script, upstart job, or
    systemd unit as this could leave processes unconfined (LP: #1668892)
    - debian/apparmor.postinst, debian/apparmor.init, debian/apparmor.upstart:
      Remove calls to unload_obsolete_profiles()
    - debian/patches/utils-add-aa-remove-unknown.patch,
      debian/apparmor.install debian/apparmor.manpages: Include a new utility,
      aa-remove-unknown, which can be used to unload unknown profiles
    - CVE-2017-6507

Author: Tyler Hicks
Author Date: 2017-03-15 22:07:05 UTC

Import patches-applied version 2.7.102-0ubuntu3.11 to applied/ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: c208a1ad27b7145dd913d28a44dc6b2ae514d119
Unapplied parent: f0187852621bc412da2454eab517676edc3a5155

New changelog entries:
  * SECURITY UPDATE: Don't unload unknown profiles during package
    configuration or when restarting the apparmor init script as this could
    leave processes unconfined (LP: #1668892)
    - debian/apparmor.init: Remove call to unload_obsolete_profiles()
    - debian/patches/0042-utils-add-aa-remove-unknown.patch,
      debian/apparmor.install debian/apparmor.manpages: Include a new utility,
      aa-remove-unknown, which can be used to unload unknown profiles
    - CVE-2017-6507

Author: Tyler Hicks
Author Date: 2017-03-15 22:07:05 UTC

Import patches-unapplied version 2.7.102-0ubuntu3.11 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: f01bfe1a152ba5f5fbeb8827d77a003ac5d4ac7d

New changelog entries:
  * SECURITY UPDATE: Don't unload unknown profiles during package
    configuration or when restarting the apparmor init script as this could
    leave processes unconfined (LP: #1668892)
    - debian/apparmor.init: Remove call to unload_obsolete_profiles()
    - debian/patches/0042-utils-add-aa-remove-unknown.patch,
      debian/apparmor.install debian/apparmor.manpages: Include a new utility,
      aa-remove-unknown, which can be used to unload unknown profiles
    - CVE-2017-6507

Author: Tyler Hicks
Author Date: 2017-03-15 22:07:05 UTC

Import patches-unapplied version 2.7.102-0ubuntu3.11 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: f01bfe1a152ba5f5fbeb8827d77a003ac5d4ac7d

New changelog entries:
  * SECURITY UPDATE: Don't unload unknown profiles during package
    configuration or when restarting the apparmor init script as this could
    leave processes unconfined (LP: #1668892)
    - debian/apparmor.init: Remove call to unload_obsolete_profiles()
    - debian/patches/0042-utils-add-aa-remove-unknown.patch,
      debian/apparmor.install debian/apparmor.manpages: Include a new utility,
      aa-remove-unknown, which can be used to unload unknown profiles
    - CVE-2017-6507

Author: Tyler Hicks
Author Date: 2017-03-15 22:07:05 UTC

Import patches-unapplied version 2.7.102-0ubuntu3.11 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: f01bfe1a152ba5f5fbeb8827d77a003ac5d4ac7d

New changelog entries:
  * SECURITY UPDATE: Don't unload unknown profiles during package
    configuration or when restarting the apparmor init script as this could
    leave processes unconfined (LP: #1668892)
    - debian/apparmor.init: Remove call to unload_obsolete_profiles()
    - debian/patches/0042-utils-add-aa-remove-unknown.patch,
      debian/apparmor.install debian/apparmor.manpages: Include a new utility,
      aa-remove-unknown, which can be used to unload unknown profiles
    - CVE-2017-6507

Author: Tyler Hicks
Author Date: 2017-03-15 22:07:05 UTC

Import patches-applied version 2.7.102-0ubuntu3.11 to applied/ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: c208a1ad27b7145dd913d28a44dc6b2ae514d119
Unapplied parent: f0187852621bc412da2454eab517676edc3a5155

New changelog entries:
  * SECURITY UPDATE: Don't unload unknown profiles during package
    configuration or when restarting the apparmor init script as this could
    leave processes unconfined (LP: #1668892)
    - debian/apparmor.init: Remove call to unload_obsolete_profiles()
    - debian/patches/0042-utils-add-aa-remove-unknown.patch,
      debian/apparmor.install debian/apparmor.manpages: Include a new utility,
      aa-remove-unknown, which can be used to unload unknown profiles
    - CVE-2017-6507

Author: Tyler Hicks
Author Date: 2017-03-15 22:07:05 UTC

Import patches-applied version 2.7.102-0ubuntu3.11 to applied/ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: c208a1ad27b7145dd913d28a44dc6b2ae514d119
Unapplied parent: f0187852621bc412da2454eab517676edc3a5155

New changelog entries:
  * SECURITY UPDATE: Don't unload unknown profiles during package
    configuration or when restarting the apparmor init script as this could
    leave processes unconfined (LP: #1668892)
    - debian/apparmor.init: Remove call to unload_obsolete_profiles()
    - debian/patches/0042-utils-add-aa-remove-unknown.patch,
      debian/apparmor.install debian/apparmor.manpages: Include a new utility,
      aa-remove-unknown, which can be used to unload unknown profiles
    - CVE-2017-6507

Author: Tyler Hicks
Author Date: 2016-10-12 01:47:06 UTC

Import patches-applied version 2.10.95-4ubuntu5.1 to applied/ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: f5e818ab2127aaa96cfe5b458b9232bd7dbf01ee
Unapplied parent: 15ff2d7c30d670499738bba1cd80fd64dce727e4

New changelog entries:
  * debian/patches/profiles-grant-access-to-systemd-resolved.patch: AppArmor
    profiles that make use of the nameservice abstraction should be allowed to
    communicate with systemd-resolved over D-Bus. Ubuntu 16.10 systems are
    configured to use nss-resolve which then communicates with
    systemd-resolved's D-Bus API. (LP: #1598759)

Author: Tyler Hicks
Author Date: 2016-10-12 01:47:06 UTC

Import patches-unapplied version 2.10.95-4ubuntu5.1 to ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: 150669b3ef4740898f9425732af284f10f259685

New changelog entries:
  * debian/patches/profiles-grant-access-to-systemd-resolved.patch: AppArmor
    profiles that make use of the nameservice abstraction should be allowed to
    communicate with systemd-resolved over D-Bus. Ubuntu 16.10 systems are
    configured to use nss-resolve which then communicates with
    systemd-resolved's D-Bus API. (LP: #1598759)

Author: Tyler Hicks
Author Date: 2016-09-29 05:38:47 UTC

Import patches-applied version 2.10.95-4ubuntu5 to applied/ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: 23a48648092bab9173ebdb95c50aff230ee353ca
Unapplied parent: 69795792f51a866ab0a967e07bd5147ea4d4adc2

New changelog entries:
  * debian/lib/apparmor/functions, debian/apparmor.init,
    debian/apparmor.service, debian/apparmor.upstart,
    debian/lib/apparmor/profile-load: Adjust the checks that previously kept
    AppArmor policy from being loaded while booting a container. Now we
    attempt to load policy if we're in a LXD or LXC managed container that is
    using profile stacking inside of a policy namespace. (LP: #1628285)
  * Fix regression tests so that the kernel SRU process is not interrupted by
    failing tests
    - debian/patches/r3505-tests-fix-stacking-mode-checks.patch: Fix the
      stackonexec.sh and stackprofile.sh tests (LP: #1628295)
    - debian/patches/r3509-tests-fix-exec_stack-errors.patch: Fix the
      exec_stack.sh test (LP: #1628745)

Author: Tyler Hicks
Author Date: 2016-09-29 05:38:47 UTC

Import patches-unapplied version 2.10.95-4ubuntu5 to ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: 70b12ec17bd5bf8e1e436f66c93fa75a71c0060d

New changelog entries:
  * debian/lib/apparmor/functions, debian/apparmor.init,
    debian/apparmor.service, debian/apparmor.upstart,
    debian/lib/apparmor/profile-load: Adjust the checks that previously kept
    AppArmor policy from being loaded while booting a container. Now we
    attempt to load policy if we're in a LXD or LXC managed container that is
    using profile stacking inside of a policy namespace. (LP: #1628285)
  * Fix regression tests so that the kernel SRU process is not interrupted by
    failing tests
    - debian/patches/r3505-tests-fix-stacking-mode-checks.patch: Fix the
      stackonexec.sh and stackprofile.sh tests (LP: #1628295)
    - debian/patches/r3509-tests-fix-exec_stack-errors.patch: Fix the
      exec_stack.sh test (LP: #1628745)

Author: Tyler Hicks
Author Date: 2016-04-12 21:59:46 UTC

Import patches-applied version 2.10.95-0ubuntu2 to applied/ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 7f1e18982748ed25195923e4f63b1155c42e5c02
Unapplied parent: 0b5763f90885f00c378352371866c6f1e9519217

New changelog entries:
  * debian/patches/r3435-allow-dnsmasq-access-to-lxd-bridge.patch: Grant
    access to the new default bridge configuration in LXD 2.0.0 (LP: #1566944)
  * debian/patches/r3437-add-attach-disconnected-to-dnsmasq.patch: Add the
    attach_disconnected flag to the dnsmasq profile in order to prevent a
    disconnected path denial triggered by the latest network-manager upload
    (LP: #1569316)
  * debian/lib/apparmor/functions: Reference the new path used for snapd
    AppArmor profiles to fix a bug which left those profiles unloaded after
    booting (LP: #1569573)

Author: Tyler Hicks
Author Date: 2016-04-12 21:59:46 UTC

Import patches-unapplied version 2.10.95-0ubuntu2 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 54f1f709d944d79abe8c1901ca9e6ec5f28db642

New changelog entries:
  * debian/patches/r3435-allow-dnsmasq-access-to-lxd-bridge.patch: Grant
    access to the new default bridge configuration in LXD 2.0.0 (LP: #1566944)
  * debian/patches/r3437-add-attach-disconnected-to-dnsmasq.patch: Add the
    attach_disconnected flag to the dnsmasq profile in order to prevent a
    disconnected path denial triggered by the latest network-manager upload
    (LP: #1569316)
  * debian/lib/apparmor/functions: Reference the new path used for snapd
    AppArmor profiles to fix a bug which left those profiles unloaded after
    booting (LP: #1569573)

Author: Steve Beattie
Author Date: 2015-09-01 21:17:16 UTC

Import patches-applied version 2.10-0ubuntu6 to applied/ubuntu/wily-proposed

Imported using git-ubuntu import.

Changelog parent: 1bcbbcc5f6b0aa233f585af2814265a9d5510b95
Unapplied parent: 4171551d7a1ba9edaa52a27203f1cad777b74e52

New changelog entries:
  * debian/libapparmor-dev.manpages: add 5 missing libapparmor manpages
    (LP: #1491147, LP: #1384431)

Author: Steve Beattie
Author Date: 2015-09-01 21:17:16 UTC

Import patches-applied version 2.10-0ubuntu6 to applied/ubuntu/wily-proposed

Imported using git-ubuntu import.

Changelog parent: 1bcbbcc5f6b0aa233f585af2814265a9d5510b95
Unapplied parent: 4171551d7a1ba9edaa52a27203f1cad777b74e52

New changelog entries:
  * debian/libapparmor-dev.manpages: add 5 missing libapparmor manpages
    (LP: #1491147, LP: #1384431)

Author: Steve Beattie
Author Date: 2015-09-01 21:17:16 UTC

Import patches-applied version 2.10-0ubuntu6 to applied/ubuntu/wily-proposed

Imported using git-ubuntu import.

Changelog parent: 1bcbbcc5f6b0aa233f585af2814265a9d5510b95
Unapplied parent: 4171551d7a1ba9edaa52a27203f1cad777b74e52

New changelog entries:
  * debian/libapparmor-dev.manpages: add 5 missing libapparmor manpages
    (LP: #1491147, LP: #1384431)

Author: Steve Beattie
Author Date: 2015-09-01 21:17:16 UTC

Import patches-unapplied version 2.10-0ubuntu6 to ubuntu/wily-proposed

Imported using git-ubuntu import.

Changelog parent: 671a769c65155ed91f0a5dc47cccf31459c297dc

New changelog entries:
  * debian/libapparmor-dev.manpages: add 5 missing libapparmor manpages
    (LP: #1491147, LP: #1384431)

Author: Steve Beattie
Author Date: 2015-09-01 21:17:16 UTC

Import patches-unapplied version 2.10-0ubuntu6 to ubuntu/wily-proposed

Imported using git-ubuntu import.

Changelog parent: 671a769c65155ed91f0a5dc47cccf31459c297dc

New changelog entries:
  * debian/libapparmor-dev.manpages: add 5 missing libapparmor manpages
    (LP: #1491147, LP: #1384431)

Author: Steve Beattie
Author Date: 2015-09-01 21:17:16 UTC

Import patches-unapplied version 2.10-0ubuntu6 to ubuntu/wily-proposed

Imported using git-ubuntu import.

Changelog parent: 671a769c65155ed91f0a5dc47cccf31459c297dc

New changelog entries:
  * debian/libapparmor-dev.manpages: add 5 missing libapparmor manpages
    (LP: #1491147, LP: #1384431)

Author: Serge Hallyn
Author Date: 2015-04-02 18:00:35 UTC

Import patches-unapplied version 2.9.1-0ubuntu9 to ubuntu/vivid-proposed

Imported using git-ubuntu import.

Changelog parent: 46ad82c5bf69f12932b558311918328ac0af654b

New changelog entries:
  * Make debian/lib/apparmor/profile-load executable.

Author: Serge Hallyn
Author Date: 2015-04-02 18:00:35 UTC

Import patches-applied version 2.9.1-0ubuntu9 to applied/ubuntu/vivid-proposed

Imported using git-ubuntu import.

Changelog parent: fc0533a779f3d6d2c649770bcf2f64dc128efb19
Unapplied parent: edd6c747cf73cbe2ab295ab035befd621d1256ba

New changelog entries:
  * Make debian/lib/apparmor/profile-load executable.

Author: Serge Hallyn
Author Date: 2015-04-02 18:00:35 UTC

Import patches-applied version 2.9.1-0ubuntu9 to applied/ubuntu/vivid-proposed

Imported using git-ubuntu import.

Changelog parent: fc0533a779f3d6d2c649770bcf2f64dc128efb19
Unapplied parent: edd6c747cf73cbe2ab295ab035befd621d1256ba

New changelog entries:
  * Make debian/lib/apparmor/profile-load executable.

Author: Serge Hallyn
Author Date: 2015-04-02 18:00:35 UTC

Import patches-applied version 2.9.1-0ubuntu9 to applied/ubuntu/vivid-proposed

Imported using git-ubuntu import.

Changelog parent: fc0533a779f3d6d2c649770bcf2f64dc128efb19
Unapplied parent: edd6c747cf73cbe2ab295ab035befd621d1256ba

New changelog entries:
  * Make debian/lib/apparmor/profile-load executable.

Author: Serge Hallyn
Author Date: 2015-04-02 18:00:35 UTC

Import patches-unapplied version 2.9.1-0ubuntu9 to ubuntu/vivid-proposed

Imported using git-ubuntu import.

Changelog parent: 46ad82c5bf69f12932b558311918328ac0af654b

New changelog entries:
  * Make debian/lib/apparmor/profile-load executable.

Author: Serge Hallyn
Author Date: 2015-04-02 18:00:35 UTC

Import patches-unapplied version 2.9.1-0ubuntu9 to ubuntu/vivid-proposed

Imported using git-ubuntu import.

Changelog parent: 46ad82c5bf69f12932b558311918328ac0af654b

New changelog entries:
  * Make debian/lib/apparmor/profile-load executable.