Author: Ubuntu Git Importer
Author Date: 2020-05-25 16:34:16 UTC

DSC file for 2.13.4-2

Author: intrigeri
Author Date: 2020-05-25 09:23:21 UTC

2.13.4-2 (patches applied)

Imported using git-ubuntu import.

Author: intrigeri
Author Date: 2020-05-25 09:23:21 UTC

2.13.4-2 (patches unapplied)

Imported using git-ubuntu import.

Author: Ubuntu Git Importer
Author Date: 2020-05-22 12:09:31 UTC

DSC file for 2.13.3-7ubuntu5.1

Author: Jamie Strandboge
Author Date: 2020-05-19 16:59:49 UTC

2.13.3-7ubuntu5.1 (patches unapplied)

Imported using git-ubuntu import.

Author: Jamie Strandboge
Author Date: 2020-05-19 16:59:49 UTC

2.13.3-7ubuntu5.1 (patches applied)

Imported using git-ubuntu import.

Author: Jamie Strandboge
Author Date: 2020-05-19 16:59:49 UTC

2.13.3-7ubuntu5.1 (patches unapplied)

Imported using git-ubuntu import.

Author: Jamie Strandboge
Author Date: 2020-05-19 16:59:49 UTC

2.13.3-7ubuntu5.1 (patches applied)

Imported using git-ubuntu import.

Author: Sergio Durigan Junior
Author Date: 2020-05-11 09:55:16 UTC

Import patches-applied version 2.13.3-7ubuntu6 to applied/ubuntu/groovy-proposed

Imported using git-ubuntu import.

Changelog parent: 661f1e4bc8f02203f14892ec7598e2273d2c3fe8
Unapplied parent: 86f29cdb74f039441400f255c10f58d60373bd23

New changelog entries:
  * Add missing "boot_id" rule to abstractions/nameservice. (LP: #1872564)
    - d/p/upstream-commit-454fca7-Add-run-variable.patch: Add the
      definition for the "@{run}" variable.
    - d/p/upstream-commit-ef591a67-Add-trailing-slash-to-the-run-variable-definition.patch:
      Add trailing slash to the "@{run}" variable.
    - d/p/upstream-commit-1f319c3870-abstractions-nameservice-allow-accessing-run-systemd-user.patch:
      Add a missing rule to allow systemd to access
      @{PROC}/sys/kernel/random/boot_id and @{run}/systemd/userdb.
    - d/apparmor.install: Install new file 'tunables/run' under '/etc/apparmor.d'.

Author: Sergio Durigan Junior
Author Date: 2020-05-11 09:55:16 UTC

Import patches-applied version 2.13.3-7ubuntu6 to applied/ubuntu/groovy-proposed

Imported using git-ubuntu import.

Changelog parent: 661f1e4bc8f02203f14892ec7598e2273d2c3fe8
Unapplied parent: 86f29cdb74f039441400f255c10f58d60373bd23

New changelog entries:
  * Add missing "boot_id" rule to abstractions/nameservice. (LP: #1872564)
    - d/p/upstream-commit-454fca7-Add-run-variable.patch: Add the
      definition for the "@{run}" variable.
    - d/p/upstream-commit-ef591a67-Add-trailing-slash-to-the-run-variable-definition.patch:
      Add trailing slash to the "@{run}" variable.
    - d/p/upstream-commit-1f319c3870-abstractions-nameservice-allow-accessing-run-systemd-user.patch:
      Add a missing rule to allow systemd to access
      @{PROC}/sys/kernel/random/boot_id and @{run}/systemd/userdb.
    - d/apparmor.install: Install new file 'tunables/run' under '/etc/apparmor.d'.

Author: Sergio Durigan Junior
Author Date: 2020-05-11 09:55:16 UTC

Import patches-applied version 2.13.3-7ubuntu6 to applied/ubuntu/groovy-proposed

Imported using git-ubuntu import.

Changelog parent: 661f1e4bc8f02203f14892ec7598e2273d2c3fe8
Unapplied parent: 86f29cdb74f039441400f255c10f58d60373bd23

New changelog entries:
  * Add missing "boot_id" rule to abstractions/nameservice. (LP: #1872564)
    - d/p/upstream-commit-454fca7-Add-run-variable.patch: Add the
      definition for the "@{run}" variable.
    - d/p/upstream-commit-ef591a67-Add-trailing-slash-to-the-run-variable-definition.patch:
      Add trailing slash to the "@{run}" variable.
    - d/p/upstream-commit-1f319c3870-abstractions-nameservice-allow-accessing-run-systemd-user.patch:
      Add a missing rule to allow systemd to access
      @{PROC}/sys/kernel/random/boot_id and @{run}/systemd/userdb.
    - d/apparmor.install: Install new file 'tunables/run' under '/etc/apparmor.d'.

Author: Sergio Durigan Junior
Author Date: 2020-05-11 09:55:16 UTC

Import patches-applied version 2.13.3-7ubuntu6 to applied/ubuntu/groovy-proposed

Imported using git-ubuntu import.

Changelog parent: 661f1e4bc8f02203f14892ec7598e2273d2c3fe8
Unapplied parent: 86f29cdb74f039441400f255c10f58d60373bd23

New changelog entries:
  * Add missing "boot_id" rule to abstractions/nameservice. (LP: #1872564)
    - d/p/upstream-commit-454fca7-Add-run-variable.patch: Add the
      definition for the "@{run}" variable.
    - d/p/upstream-commit-ef591a67-Add-trailing-slash-to-the-run-variable-definition.patch:
      Add trailing slash to the "@{run}" variable.
    - d/p/upstream-commit-1f319c3870-abstractions-nameservice-allow-accessing-run-systemd-user.patch:
      Add a missing rule to allow systemd to access
      @{PROC}/sys/kernel/random/boot_id and @{run}/systemd/userdb.
    - d/apparmor.install: Install new file 'tunables/run' under '/etc/apparmor.d'.

Author: Sergio Durigan Junior
Author Date: 2020-05-11 13:55:25 UTC

Update changelog for 2.13.3-7ubuntu6 release

Author: Sergio Durigan Junior
Author Date: 2020-05-11 13:55:25 UTC

Update changelog for 2.13.3-7ubuntu6 release

Author: Sergio Durigan Junior
Author Date: 2020-05-11 13:55:25 UTC

Update changelog for 2.13.3-7ubuntu6 release

Author: Sergio Durigan Junior
Author Date: 2020-05-11 13:55:25 UTC

Update changelog for 2.13.3-7ubuntu6 release

Author: Jamie Strandboge
Author Date: 2020-04-12 16:11:31 UTC

Import patches-applied version 2.13.3-7ubuntu5 to applied/ubuntu/focal-proposed

Imported using git-ubuntu import.

Changelog parent: 8342092e323cf6e44a8366a3b2b12ea2bd292187
Unapplied parent: d6e005e5aac5beaf761a60db8ba578329a6e348a

New changelog entries:
  * snapd 2.44.3+20.04 introduced an apparmor unit of its own to load snap
    policy in /var/lib/snapd/apparmor/profiles. As such, don't load snapd
    policy twice by not loading it in the apparmor unit (LP: 1871148)
    - ubuntu/stop-loading-snapd-profiles.patch: stop loading snapd profiles
    - debian/control: add Breaks on snapd < 2.44.3+20.04~ since prior snapd
      versions assume that apparmor will load the snapd policy on boot
    - debian/apparmor.service: remove the now unneeded RequiresMountsFor on
      /var/lib/snapd/apparmor/profiles
  * drop ubuntu/parser-conf-no-expr-simplify.patch: Optimize=no-expr-simplify
    was added to parser.conf to mitigate slow snap policy compiles on 32bit
    ARM. These days, snapd calls apparmor_parser with "-O no-expr-simplify"
    and loads its snap policy, so drop this delta with upstream and Debian.

Author: Jamie Strandboge
Author Date: 2020-04-12 16:11:31 UTC

Import patches-unapplied version 2.13.3-7ubuntu5 to ubuntu/focal-proposed

Imported using git-ubuntu import.

Changelog parent: 9dda95770f3a4084e42c379400315cd54ddf1b04

New changelog entries:
  * snapd 2.44.3+20.04 introduced an apparmor unit of its own to load snap
    policy in /var/lib/snapd/apparmor/profiles. As such, don't load snapd
    policy twice by not loading it in the apparmor unit (LP: 1871148)
    - ubuntu/stop-loading-snapd-profiles.patch: stop loading snapd profiles
    - debian/control: add Breaks on snapd < 2.44.3+20.04~ since prior snapd
      versions assume that apparmor will load the snapd policy on boot
    - debian/apparmor.service: remove the now unneeded RequiresMountsFor on
      /var/lib/snapd/apparmor/profiles
  * drop ubuntu/parser-conf-no-expr-simplify.patch: Optimize=no-expr-simplify
    was added to parser.conf to mitigate slow snap policy compiles on 32bit
    ARM. These days, snapd calls apparmor_parser with "-O no-expr-simplify"
    and loads its snap policy, so drop this delta with upstream and Debian.

Author: Jamie Strandboge
Author Date: 2019-09-09 19:13:22 UTC

Import patches-applied version 2.13.3-5ubuntu1 to applied/ubuntu/eoan-proposed

Imported using git-ubuntu import.

Changelog parent: 3fc5c31504b4beed4e33a375a954035f448b2fa8
Unapplied parent: 421b26e9a111783ad4113aaaa749c375e4b4d29c

New changelog entries:
  * Merge new upstream release from Debian. Remaining changes:
    - Ubuntu-specific patches:
      + ubuntu/add-chromium-browser.patch
      + ubuntu/communitheme-snap-support.patch
      + ubuntu/mimeinfo-snap-support.patch
      + ubuntu/parser-conf-no-expr-simplify.patch
      + ubuntu/profiles-grant-access-to-systemd-resolved.patch
    - debian/apparmor.{install,maintscript}: feature pinning is not used in
      Ubuntu
    - debian/apparmor.preinst: remove cache files on upgrade to 2.13
    - debian/apparmor-profiles.install: install Ubuntu chromium-browser
      profile and abstraction
    - debian/apparmor-profiles.lintian-overrides: update for chromium-browser
      profile having read access to dpkg database for lsb-release
    - debian/apparmor-profiles.postinst: ubuntu-browsers.d/chromium-browser
      abstraction if it doesn't exist
    - debian/control: adjust the Vcs-{Browser,Git} control fields to reflect
      the branch where the Ubuntu packaging is maintained.
    - debian/gbp.conf: use ubuntu/master as the debian-branch
    - debian/patches/series: comment out debian-only patches
    - debian/tests/control and debian/tests/compile-policy: don't test
      thunderbird since the Ubuntu packaging doesn't ship a profile
  * Drop the following patches, no longer needed:
    - ubuntu/dont-include-site-local-with-dovecot.patch
    - lp1820068.patch
    - upstream-commit-fix-segfault-in-overlaydirat_for_each.patch
    - upstream-commit-add-option-to-dump-policy-cache-with-libapparmor.patch
    - upstream-commit-teach-aa_policy_cache_sh-about-the-new-cache.patch
    - upstream-commit-fix-segfault-when-loading-policy-cache-files.patch
    - upstream-commit-fix-variable-name-overlap-in-merge-macro.patch
  * upstream-dont-allow-fontconfig-cache-write.patch: don't allow write of
    fontconfig cache files
  * upstream-tests-mult-mount-bump-size-of-created-disk.patch: regression
    tests/mult_mount: bump size of created disk image

Author: Jamie Strandboge
Author Date: 2019-09-09 19:13:22 UTC

Import patches-applied version 2.13.3-5ubuntu1 to applied/ubuntu/eoan-proposed

Imported using git-ubuntu import.

Changelog parent: 3fc5c31504b4beed4e33a375a954035f448b2fa8
Unapplied parent: 421b26e9a111783ad4113aaaa749c375e4b4d29c

New changelog entries:
  * Merge new upstream release from Debian. Remaining changes:
    - Ubuntu-specific patches:
      + ubuntu/add-chromium-browser.patch
      + ubuntu/communitheme-snap-support.patch
      + ubuntu/mimeinfo-snap-support.patch
      + ubuntu/parser-conf-no-expr-simplify.patch
      + ubuntu/profiles-grant-access-to-systemd-resolved.patch
    - debian/apparmor.{install,maintscript}: feature pinning is not used in
      Ubuntu
    - debian/apparmor.preinst: remove cache files on upgrade to 2.13
    - debian/apparmor-profiles.install: install Ubuntu chromium-browser
      profile and abstraction
    - debian/apparmor-profiles.lintian-overrides: update for chromium-browser
      profile having read access to dpkg database for lsb-release
    - debian/apparmor-profiles.postinst: ubuntu-browsers.d/chromium-browser
      abstraction if it doesn't exist
    - debian/control: adjust the Vcs-{Browser,Git} control fields to reflect
      the branch where the Ubuntu packaging is maintained.
    - debian/gbp.conf: use ubuntu/master as the debian-branch
    - debian/patches/series: comment out debian-only patches
    - debian/tests/control and debian/tests/compile-policy: don't test
      thunderbird since the Ubuntu packaging doesn't ship a profile
  * Drop the following patches, no longer needed:
    - ubuntu/dont-include-site-local-with-dovecot.patch
    - lp1820068.patch
    - upstream-commit-fix-segfault-in-overlaydirat_for_each.patch
    - upstream-commit-add-option-to-dump-policy-cache-with-libapparmor.patch
    - upstream-commit-teach-aa_policy_cache_sh-about-the-new-cache.patch
    - upstream-commit-fix-segfault-when-loading-policy-cache-files.patch
    - upstream-commit-fix-variable-name-overlap-in-merge-macro.patch
  * upstream-dont-allow-fontconfig-cache-write.patch: don't allow write of
    fontconfig cache files
  * upstream-tests-mult-mount-bump-size-of-created-disk.patch: regression
    tests/mult_mount: bump size of created disk image

Author: Jamie Strandboge
Author Date: 2019-09-09 19:13:22 UTC

Import patches-unapplied version 2.13.3-5ubuntu1 to ubuntu/eoan-proposed

Imported using git-ubuntu import.

Changelog parent: f36f416127687b0c399e81a475dcc788c02fc89c

New changelog entries:
  * Merge new upstream release from Debian. Remaining changes:
    - Ubuntu-specific patches:
      + ubuntu/add-chromium-browser.patch
      + ubuntu/communitheme-snap-support.patch
      + ubuntu/mimeinfo-snap-support.patch
      + ubuntu/parser-conf-no-expr-simplify.patch
      + ubuntu/profiles-grant-access-to-systemd-resolved.patch
    - debian/apparmor.{install,maintscript}: feature pinning is not used in
      Ubuntu
    - debian/apparmor.preinst: remove cache files on upgrade to 2.13
    - debian/apparmor-profiles.install: install Ubuntu chromium-browser
      profile and abstraction
    - debian/apparmor-profiles.lintian-overrides: update for chromium-browser
      profile having read access to dpkg database for lsb-release
    - debian/apparmor-profiles.postinst: ubuntu-browsers.d/chromium-browser
      abstraction if it doesn't exist
    - debian/control: adjust the Vcs-{Browser,Git} control fields to reflect
      the branch where the Ubuntu packaging is maintained.
    - debian/gbp.conf: use ubuntu/master as the debian-branch
    - debian/patches/series: comment out debian-only patches
    - debian/tests/control and debian/tests/compile-policy: don't test
      thunderbird since the Ubuntu packaging doesn't ship a profile
  * Drop the following patches, no longer needed:
    - ubuntu/dont-include-site-local-with-dovecot.patch
    - lp1820068.patch
    - upstream-commit-fix-segfault-in-overlaydirat_for_each.patch
    - upstream-commit-add-option-to-dump-policy-cache-with-libapparmor.patch
    - upstream-commit-teach-aa_policy_cache_sh-about-the-new-cache.patch
    - upstream-commit-fix-segfault-when-loading-policy-cache-files.patch
    - upstream-commit-fix-variable-name-overlap-in-merge-macro.patch
  * upstream-dont-allow-fontconfig-cache-write.patch: don't allow write of
    fontconfig cache files
  * upstream-tests-mult-mount-bump-size-of-created-disk.patch: regression
    tests/mult_mount: bump size of created disk image

Author: Jamie Strandboge
Author Date: 2019-09-09 19:13:22 UTC

Import patches-unapplied version 2.13.3-5ubuntu1 to ubuntu/eoan-proposed

Imported using git-ubuntu import.

Changelog parent: f36f416127687b0c399e81a475dcc788c02fc89c

New changelog entries:
  * Merge new upstream release from Debian. Remaining changes:
    - Ubuntu-specific patches:
      + ubuntu/add-chromium-browser.patch
      + ubuntu/communitheme-snap-support.patch
      + ubuntu/mimeinfo-snap-support.patch
      + ubuntu/parser-conf-no-expr-simplify.patch
      + ubuntu/profiles-grant-access-to-systemd-resolved.patch
    - debian/apparmor.{install,maintscript}: feature pinning is not used in
      Ubuntu
    - debian/apparmor.preinst: remove cache files on upgrade to 2.13
    - debian/apparmor-profiles.install: install Ubuntu chromium-browser
      profile and abstraction
    - debian/apparmor-profiles.lintian-overrides: update for chromium-browser
      profile having read access to dpkg database for lsb-release
    - debian/apparmor-profiles.postinst: ubuntu-browsers.d/chromium-browser
      abstraction if it doesn't exist
    - debian/control: adjust the Vcs-{Browser,Git} control fields to reflect
      the branch where the Ubuntu packaging is maintained.
    - debian/gbp.conf: use ubuntu/master as the debian-branch
    - debian/patches/series: comment out debian-only patches
    - debian/tests/control and debian/tests/compile-policy: don't test
      thunderbird since the Ubuntu packaging doesn't ship a profile
  * Drop the following patches, no longer needed:
    - ubuntu/dont-include-site-local-with-dovecot.patch
    - lp1820068.patch
    - upstream-commit-fix-segfault-in-overlaydirat_for_each.patch
    - upstream-commit-add-option-to-dump-policy-cache-with-libapparmor.patch
    - upstream-commit-teach-aa_policy_cache_sh-about-the-new-cache.patch
    - upstream-commit-fix-segfault-when-loading-policy-cache-files.patch
    - upstream-commit-fix-variable-name-overlap-in-merge-macro.patch
  * upstream-dont-allow-fontconfig-cache-write.patch: don't allow write of
    fontconfig cache files
  * upstream-tests-mult-mount-bump-size-of-created-disk.patch: regression
    tests/mult_mount: bump size of created disk image

Author: Jamie Strandboge
Author Date: 2019-09-09 19:13:22 UTC

Import patches-applied version 2.13.3-5ubuntu1 to applied/ubuntu/eoan-proposed

Imported using git-ubuntu import.

Changelog parent: 3fc5c31504b4beed4e33a375a954035f448b2fa8
Unapplied parent: 421b26e9a111783ad4113aaaa749c375e4b4d29c

New changelog entries:
  * Merge new upstream release from Debian. Remaining changes:
    - Ubuntu-specific patches:
      + ubuntu/add-chromium-browser.patch
      + ubuntu/communitheme-snap-support.patch
      + ubuntu/mimeinfo-snap-support.patch
      + ubuntu/parser-conf-no-expr-simplify.patch
      + ubuntu/profiles-grant-access-to-systemd-resolved.patch
    - debian/apparmor.{install,maintscript}: feature pinning is not used in
      Ubuntu
    - debian/apparmor.preinst: remove cache files on upgrade to 2.13
    - debian/apparmor-profiles.install: install Ubuntu chromium-browser
      profile and abstraction
    - debian/apparmor-profiles.lintian-overrides: update for chromium-browser
      profile having read access to dpkg database for lsb-release
    - debian/apparmor-profiles.postinst: ubuntu-browsers.d/chromium-browser
      abstraction if it doesn't exist
    - debian/control: adjust the Vcs-{Browser,Git} control fields to reflect
      the branch where the Ubuntu packaging is maintained.
    - debian/gbp.conf: use ubuntu/master as the debian-branch
    - debian/patches/series: comment out debian-only patches
    - debian/tests/control and debian/tests/compile-policy: don't test
      thunderbird since the Ubuntu packaging doesn't ship a profile
  * Drop the following patches, no longer needed:
    - ubuntu/dont-include-site-local-with-dovecot.patch
    - lp1820068.patch
    - upstream-commit-fix-segfault-in-overlaydirat_for_each.patch
    - upstream-commit-add-option-to-dump-policy-cache-with-libapparmor.patch
    - upstream-commit-teach-aa_policy_cache_sh-about-the-new-cache.patch
    - upstream-commit-fix-segfault-when-loading-policy-cache-files.patch
    - upstream-commit-fix-variable-name-overlap-in-merge-macro.patch
  * upstream-dont-allow-fontconfig-cache-write.patch: don't allow write of
    fontconfig cache files
  * upstream-tests-mult-mount-bump-size-of-created-disk.patch: regression
    tests/mult_mount: bump size of created disk image

Author: Jamie Strandboge
Author Date: 2019-09-09 19:13:22 UTC

Import patches-unapplied version 2.13.3-5ubuntu1 to ubuntu/eoan-proposed

Imported using git-ubuntu import.

Changelog parent: f36f416127687b0c399e81a475dcc788c02fc89c

New changelog entries:
  * Merge new upstream release from Debian. Remaining changes:
    - Ubuntu-specific patches:
      + ubuntu/add-chromium-browser.patch
      + ubuntu/communitheme-snap-support.patch
      + ubuntu/mimeinfo-snap-support.patch
      + ubuntu/parser-conf-no-expr-simplify.patch
      + ubuntu/profiles-grant-access-to-systemd-resolved.patch
    - debian/apparmor.{install,maintscript}: feature pinning is not used in
      Ubuntu
    - debian/apparmor.preinst: remove cache files on upgrade to 2.13
    - debian/apparmor-profiles.install: install Ubuntu chromium-browser
      profile and abstraction
    - debian/apparmor-profiles.lintian-overrides: update for chromium-browser
      profile having read access to dpkg database for lsb-release
    - debian/apparmor-profiles.postinst: ubuntu-browsers.d/chromium-browser
      abstraction if it doesn't exist
    - debian/control: adjust the Vcs-{Browser,Git} control fields to reflect
      the branch where the Ubuntu packaging is maintained.
    - debian/gbp.conf: use ubuntu/master as the debian-branch
    - debian/patches/series: comment out debian-only patches
    - debian/tests/control and debian/tests/compile-policy: don't test
      thunderbird since the Ubuntu packaging doesn't ship a profile
  * Drop the following patches, no longer needed:
    - ubuntu/dont-include-site-local-with-dovecot.patch
    - lp1820068.patch
    - upstream-commit-fix-segfault-in-overlaydirat_for_each.patch
    - upstream-commit-add-option-to-dump-policy-cache-with-libapparmor.patch
    - upstream-commit-teach-aa_policy_cache_sh-about-the-new-cache.patch
    - upstream-commit-fix-segfault-when-loading-policy-cache-files.patch
    - upstream-commit-fix-variable-name-overlap-in-merge-macro.patch
  * upstream-dont-allow-fontconfig-cache-write.patch: don't allow write of
    fontconfig cache files
  * upstream-tests-mult-mount-bump-size-of-created-disk.patch: regression
    tests/mult_mount: bump size of created disk image

Author: Jamie Strandboge
Author Date: 2019-06-06 21:04:34 UTC

Import patches-unapplied version 2.13.2-9ubuntu6.1 to ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: 7c2b479e8367fdb640f81a503ed95e24efcfa4bf

New changelog entries:
  * lp1820068.patch: don't skip read cache when options are set (LP: #1820068)
  * reenable ubuntu/parser-conf-no-expr-simplify.patch

Author: Jamie Strandboge
Author Date: 2019-06-06 21:04:34 UTC

Import patches-applied version 2.13.2-9ubuntu6.1 to applied/ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: dbead38d30ff7e4fa282065eee8771ff30250204
Unapplied parent: f684813b7d0f207f1ffac2d7300e965b120db38f

New changelog entries:
  * lp1820068.patch: don't skip read cache when options are set (LP: #1820068)
  * reenable ubuntu/parser-conf-no-expr-simplify.patch

Author: Jamie Strandboge
Author Date: 2019-06-06 21:04:34 UTC

Import patches-unapplied version 2.13.2-9ubuntu6.1 to ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: 7c2b479e8367fdb640f81a503ed95e24efcfa4bf

New changelog entries:
  * lp1820068.patch: don't skip read cache when options are set (LP: #1820068)
  * reenable ubuntu/parser-conf-no-expr-simplify.patch

Author: Jamie Strandboge
Author Date: 2019-06-06 21:04:34 UTC

Import patches-applied version 2.13.2-9ubuntu6.1 to applied/ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: dbead38d30ff7e4fa282065eee8771ff30250204
Unapplied parent: f684813b7d0f207f1ffac2d7300e965b120db38f

New changelog entries:
  * lp1820068.patch: don't skip read cache when options are set (LP: #1820068)
  * reenable ubuntu/parser-conf-no-expr-simplify.patch

Author: Jamie Strandboge
Author Date: 2019-06-06 21:04:34 UTC

Import patches-applied version 2.13.2-9ubuntu6.1 to applied/ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: dbead38d30ff7e4fa282065eee8771ff30250204
Unapplied parent: f684813b7d0f207f1ffac2d7300e965b120db38f

New changelog entries:
  * lp1820068.patch: don't skip read cache when options are set (LP: #1820068)
  * reenable ubuntu/parser-conf-no-expr-simplify.patch

Author: Jamie Strandboge
Author Date: 2019-06-06 21:04:34 UTC

Import patches-unapplied version 2.13.2-9ubuntu6.1 to ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: 7c2b479e8367fdb640f81a503ed95e24efcfa4bf

New changelog entries:
  * lp1820068.patch: don't skip read cache when options are set (LP: #1820068)
  * reenable ubuntu/parser-conf-no-expr-simplify.patch

Author: Tyler Hicks
Author Date: 2019-05-28 21:33:21 UTC

Import patches-unapplied version 2.10.95-0ubuntu2.11 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: afda89aab7a9a9fc867ee5fc5932b8d71a52955f

New changelog entries:
  * Make dnsmasq profile and Python utility changes necessary to continue
    working correctly after the Linux kernel change to address CVE-2019-11190.
    Without these changes, some profile transitions may be unintentionally
    denied. (LP: #1830802)
    - 0001-dnsmasq-allow-libvirt_leaseshelper-m-permission-on-i.patch
    - 0001-handle_children-automatically-add-m-permissions-on-i.patch

Author: Tyler Hicks
Author Date: 2019-05-28 21:33:21 UTC

Import patches-applied version 2.10.95-0ubuntu2.11 to applied/ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: fff646c8e7efd98680ea829fb739c8493a2ef5db
Unapplied parent: e05c7cc97d7d860de66f03be91492c6a91ef6c19

New changelog entries:
  * Make dnsmasq profile and Python utility changes necessary to continue
    working correctly after the Linux kernel change to address CVE-2019-11190.
    Without these changes, some profile transitions may be unintentionally
    denied. (LP: #1830802)
    - 0001-dnsmasq-allow-libvirt_leaseshelper-m-permission-on-i.patch
    - 0001-handle_children-automatically-add-m-permissions-on-i.patch

Author: Tyler Hicks
Author Date: 2019-05-28 21:33:21 UTC

Import patches-applied version 2.10.95-0ubuntu2.11 to applied/ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: fff646c8e7efd98680ea829fb739c8493a2ef5db
Unapplied parent: e05c7cc97d7d860de66f03be91492c6a91ef6c19

New changelog entries:
  * Make dnsmasq profile and Python utility changes necessary to continue
    working correctly after the Linux kernel change to address CVE-2019-11190.
    Without these changes, some profile transitions may be unintentionally
    denied. (LP: #1830802)
    - 0001-dnsmasq-allow-libvirt_leaseshelper-m-permission-on-i.patch
    - 0001-handle_children-automatically-add-m-permissions-on-i.patch

Author: Tyler Hicks
Author Date: 2019-05-28 21:33:21 UTC

Import patches-applied version 2.10.95-0ubuntu2.11 to applied/ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: fff646c8e7efd98680ea829fb739c8493a2ef5db
Unapplied parent: e05c7cc97d7d860de66f03be91492c6a91ef6c19

New changelog entries:
  * Make dnsmasq profile and Python utility changes necessary to continue
    working correctly after the Linux kernel change to address CVE-2019-11190.
    Without these changes, some profile transitions may be unintentionally
    denied. (LP: #1830802)
    - 0001-dnsmasq-allow-libvirt_leaseshelper-m-permission-on-i.patch
    - 0001-handle_children-automatically-add-m-permissions-on-i.patch

Author: Tyler Hicks
Author Date: 2019-05-28 21:33:21 UTC

Import patches-unapplied version 2.10.95-0ubuntu2.11 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: afda89aab7a9a9fc867ee5fc5932b8d71a52955f

New changelog entries:
  * Make dnsmasq profile and Python utility changes necessary to continue
    working correctly after the Linux kernel change to address CVE-2019-11190.
    Without these changes, some profile transitions may be unintentionally
    denied. (LP: #1830802)
    - 0001-dnsmasq-allow-libvirt_leaseshelper-m-permission-on-i.patch
    - 0001-handle_children-automatically-add-m-permissions-on-i.patch

Author: Tyler Hicks
Author Date: 2019-05-28 21:33:21 UTC

Import patches-unapplied version 2.10.95-0ubuntu2.11 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: afda89aab7a9a9fc867ee5fc5932b8d71a52955f

New changelog entries:
  * Make dnsmasq profile and Python utility changes necessary to continue
    working correctly after the Linux kernel change to address CVE-2019-11190.
    Without these changes, some profile transitions may be unintentionally
    denied. (LP: #1830802)
    - 0001-dnsmasq-allow-libvirt_leaseshelper-m-permission-on-i.patch
    - 0001-handle_children-automatically-add-m-permissions-on-i.patch

Author: Jamie Strandboge
Author Date: 2019-04-15 15:59:54 UTC

Import patches-applied version 2.13.2-9ubuntu6 to applied/ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: 47ae479dec83ee7206f67640e4e0c446432d90c6
Unapplied parent: 5f8edf6d3c9ccef8f5397e23746bea7b0d8ba1a8

New changelog entries:
  * lp1824812.patch: set SFS_MOUNTPOINT in is_container_with_internal_policy()
    since it is sometimes called independently of is_apparmor_loaded()
    - LP: #1824812

Author: Jamie Strandboge
Author Date: 2019-04-15 15:59:54 UTC

Import patches-unapplied version 2.13.2-9ubuntu6 to ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: 3d828be0225850ec5c3dd1f01fa8657c937ac8ea

New changelog entries:
  * lp1824812.patch: set SFS_MOUNTPOINT in is_container_with_internal_policy()
    since it is sometimes called independently of is_apparmor_loaded()
    - LP: #1824812

Author: intrigeri
Author Date: 2019-03-30 13:23:11 UTC

Import patches-unapplied version 2.13.2-10 to debian/sid

Imported using git-ubuntu import.

Changelog parent: d0c45f18ae693c81f66d7538868da270bd77c650

New changelog entries:
  * Don't load AppArmor policy when running in a Debian Live environment
    that uses overlayfs (Closes: #922378).
    Rationale: the storage stack set up by live-boot with overlayfs
    is not supported by our AppArmor policy at the moment, resulting
    in breakage of confined software such as Evince and LibreOffice.
  * Ship nvidia_modprobe in enforce mode (Closes: #923273).
    - Rationale: as explained by Seth Arnold <seth.arnold@canonical.com>
      on #923273#32, profiles in complain mode can chew up essentially
      unlimited amounts of non-swappable kernel memory and huge amounts
      of IO bandwidth logging ALLOWED messages, which can in turn
      use large amounts of storage. This is why Ubuntu has applied this change
      already for their upcoming release.
    - Scope of this change: in Buster, this profile is used in one single place
      — the usr.lib.libreoffice.program.soffice.bin profile — for which it was
      developed and tested in the first place. So the risk and potential
      problematic impact of this change seems pretty low.
  * Cherry-pick the most important and non-invasive fixes
    from the upstream apparmor-2.13 maintenance branch:
    - base abstraction: allow mr on *.so* in common library paths,
      i.e. don't assume all common libraries' name starts with "lib".
      At the very least, this fixes Qt5 applications under some
      VirtualBox graphics configuration, where otherwise they would
      not start at all (Closes: Tails#16414).
      Upstream commits: 8dff7dc, 08f9d16
    - Fix 2 segfaults spotted upstream while writing automated tests
      for the multicache support (upstream MR!348):
       · in overlaydirat_for_each, segfault caused by repeatedly freeing
         the same memory area;
       · when loading policy cache files, due to incorrect size passed
         to qsort().
      Upstream commits: 5704fba, 01aec04

Author: intrigeri
Author Date: 2019-03-30 13:23:11 UTC

Import patches-applied version 2.13.2-10 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 3233979f66895177a3badf2730c6ed42a364900b
Unapplied parent: 1b50bbccdb1429e2f81ca4824959cda231deda1b

New changelog entries:
  * Don't load AppArmor policy when running in a Debian Live environment
    that uses overlayfs (Closes: #922378).
    Rationale: the storage stack set up by live-boot with overlayfs
    is not supported by our AppArmor policy at the moment, resulting
    in breakage of confined software such as Evince and LibreOffice.
  * Ship nvidia_modprobe in enforce mode (Closes: #923273).
    - Rationale: as explained by Seth Arnold <seth.arnold@canonical.com>
      on #923273#32, profiles in complain mode can chew up essentially
      unlimited amounts of non-swappable kernel memory and huge amounts
      of IO bandwidth logging ALLOWED messages, which can in turn
      use large amounts of storage. This is why Ubuntu has applied this change
      already for their upcoming release.
    - Scope of this change: in Buster, this profile is used in one single place
      — the usr.lib.libreoffice.program.soffice.bin profile — for which it was
      developed and tested in the first place. So the risk and potential
      problematic impact of this change seems pretty low.
  * Cherry-pick the most important and non-invasive fixes
    from the upstream apparmor-2.13 maintenance branch:
    - base abstraction: allow mr on *.so* in common library paths,
      i.e. don't assume all common libraries' name starts with "lib".
      At the very least, this fixes Qt5 applications under some
      VirtualBox graphics configuration, where otherwise they would
      not start at all (Closes: Tails#16414).
      Upstream commits: 8dff7dc, 08f9d16
    - Fix 2 segfaults spotted upstream while writing automated tests
      for the multicache support (upstream MR!348):
       · in overlaydirat_for_each, segfault caused by repeatedly freeing
         the same memory area;
       · when loading policy cache files, due to incorrect size passed
         to qsort().
      Upstream commits: 5704fba, 01aec04

Author: Jamie Strandboge
Author Date: 2018-09-27 18:20:54 UTC

Import patches-applied version 2.12-4ubuntu5.1 to applied/ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 9d19d1e5200cf96e815d9925f96f8738c46b6b29
Unapplied parent: 0a02f0a804e5e1aa584a1d0c220d87c3f06cf2f7

New changelog entries:
  * lp1788929+1794848.patch:
    - disallow writes to thumbnailer dir (LP: #1788929)
    - disallow access to the dirs of private files (LP: #1794848)

Author: Jamie Strandboge
Author Date: 2018-09-27 18:20:54 UTC

Import patches-applied version 2.12-4ubuntu5.1 to applied/ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 9d19d1e5200cf96e815d9925f96f8738c46b6b29
Unapplied parent: 0a02f0a804e5e1aa584a1d0c220d87c3f06cf2f7

New changelog entries:
  * lp1788929+1794848.patch:
    - disallow writes to thumbnailer dir (LP: #1788929)
    - disallow access to the dirs of private files (LP: #1794848)

Author: Jamie Strandboge
Author Date: 2018-09-27 18:38:50 UTC

Import patches-applied version 2.10.95-0ubuntu2.6~14.04.4 to applied/ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 2885880de35a4ae4c1ecdb7d37cba65b1a802da1
Unapplied parent: a27193d1fac0e2517e0306456978fd1193d2744a

New changelog entries:
  * {,14.04-}lp1788929+1794848.patch:
    - disallow writes to thumbnailer dir (LP: #1788929)
    - disallow access to the dirs of private files (LP: #1794848)

Author: Jamie Strandboge
Author Date: 2018-09-27 18:38:50 UTC

Import patches-unapplied version 2.10.95-0ubuntu2.6~14.04.4 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 1a09a8d1146540e4c5507667eae390f05f354428

New changelog entries:
  * {,14.04-}lp1788929+1794848.patch:
    - disallow writes to thumbnailer dir (LP: #1788929)
    - disallow access to the dirs of private files (LP: #1794848)

Author: Jamie Strandboge
Author Date: 2018-09-27 18:38:50 UTC

Import patches-unapplied version 2.10.95-0ubuntu2.6~14.04.4 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 1a09a8d1146540e4c5507667eae390f05f354428

New changelog entries:
  * {,14.04-}lp1788929+1794848.patch:
    - disallow writes to thumbnailer dir (LP: #1788929)
    - disallow access to the dirs of private files (LP: #1794848)

Author: Jamie Strandboge
Author Date: 2018-09-27 18:38:50 UTC

Import patches-applied version 2.10.95-0ubuntu2.6~14.04.4 to applied/ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 2885880de35a4ae4c1ecdb7d37cba65b1a802da1
Unapplied parent: a27193d1fac0e2517e0306456978fd1193d2744a

New changelog entries:
  * {,14.04-}lp1788929+1794848.patch:
    - disallow writes to thumbnailer dir (LP: #1788929)
    - disallow access to the dirs of private files (LP: #1794848)

Author: Jamie Strandboge
Author Date: 2018-09-27 18:38:50 UTC

Import patches-applied version 2.10.95-0ubuntu2.6~14.04.4 to applied/ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 2885880de35a4ae4c1ecdb7d37cba65b1a802da1
Unapplied parent: a27193d1fac0e2517e0306456978fd1193d2744a

New changelog entries:
  * {,14.04-}lp1788929+1794848.patch:
    - disallow writes to thumbnailer dir (LP: #1788929)
    - disallow access to the dirs of private files (LP: #1794848)

Author: Jamie Strandboge
Author Date: 2018-09-27 18:38:50 UTC

Import patches-unapplied version 2.10.95-0ubuntu2.6~14.04.4 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 1a09a8d1146540e4c5507667eae390f05f354428

New changelog entries:
  * {,14.04-}lp1788929+1794848.patch:
    - disallow writes to thumbnailer dir (LP: #1788929)
    - disallow access to the dirs of private files (LP: #1794848)

Author: Jamie Strandboge
Author Date: 2018-09-27 18:20:54 UTC

Import patches-unapplied version 2.12-4ubuntu5.1 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 19209d8fffd07cda1e32abec2ff356ac90c791d9

New changelog entries:
  * lp1788929+1794848.patch:
    - disallow writes to thumbnailer dir (LP: #1788929)
    - disallow access to the dirs of private files (LP: #1794848)

Author: Jamie Strandboge
Author Date: 2018-09-27 18:20:54 UTC

Import patches-applied version 2.12-4ubuntu5.1 to applied/ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 9d19d1e5200cf96e815d9925f96f8738c46b6b29
Unapplied parent: 0a02f0a804e5e1aa584a1d0c220d87c3f06cf2f7

New changelog entries:
  * lp1788929+1794848.patch:
    - disallow writes to thumbnailer dir (LP: #1788929)
    - disallow access to the dirs of private files (LP: #1794848)

Author: Jamie Strandboge
Author Date: 2018-09-27 18:20:54 UTC

Import patches-unapplied version 2.12-4ubuntu5.1 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 19209d8fffd07cda1e32abec2ff356ac90c791d9

New changelog entries:
  * lp1788929+1794848.patch:
    - disallow writes to thumbnailer dir (LP: #1788929)
    - disallow access to the dirs of private files (LP: #1794848)

Author: Jamie Strandboge
Author Date: 2018-09-27 18:20:54 UTC

Import patches-unapplied version 2.12-4ubuntu5.1 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 19209d8fffd07cda1e32abec2ff356ac90c791d9

New changelog entries:
  * lp1788929+1794848.patch:
    - disallow writes to thumbnailer dir (LP: #1788929)
    - disallow access to the dirs of private files (LP: #1794848)

Author: Jamie Strandboge
Author Date: 2018-09-27 17:25:04 UTC

Import patches-unapplied version 2.12-4ubuntu8 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: 6cba87070dbe6721130a1ee500282d503a671cf9

New changelog entries:
  * lp1788929+1794848.patch:
    - disallow writes to thumbnailer dir (LP: #1788929)
    - disallow access to the dirs of private files (LP: #1794848)

Author: Jamie Strandboge
Author Date: 2018-09-27 17:25:04 UTC

Import patches-unapplied version 2.12-4ubuntu8 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: 6cba87070dbe6721130a1ee500282d503a671cf9

New changelog entries:
  * lp1788929+1794848.patch:
    - disallow writes to thumbnailer dir (LP: #1788929)
    - disallow access to the dirs of private files (LP: #1794848)

Author: Jamie Strandboge
Author Date: 2018-09-27 17:25:04 UTC

Import patches-unapplied version 2.12-4ubuntu8 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: 6cba87070dbe6721130a1ee500282d503a671cf9

New changelog entries:
  * lp1788929+1794848.patch:
    - disallow writes to thumbnailer dir (LP: #1788929)
    - disallow access to the dirs of private files (LP: #1794848)

Author: Jamie Strandboge
Author Date: 2018-09-27 17:25:04 UTC

Import patches-applied version 2.12-4ubuntu8 to applied/ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: 78763385cb87264d6867d2793e21f03a8c99625d
Unapplied parent: 781528fe7cd4e279d1d88febb514043f0d136d1c

New changelog entries:
  * lp1788929+1794848.patch:
    - disallow writes to thumbnailer dir (LP: #1788929)
    - disallow access to the dirs of private files (LP: #1794848)

Author: Jamie Strandboge
Author Date: 2018-09-27 17:25:04 UTC

Import patches-applied version 2.12-4ubuntu8 to applied/ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: 78763385cb87264d6867d2793e21f03a8c99625d
Unapplied parent: 781528fe7cd4e279d1d88febb514043f0d136d1c

New changelog entries:
  * lp1788929+1794848.patch:
    - disallow writes to thumbnailer dir (LP: #1788929)
    - disallow access to the dirs of private files (LP: #1794848)

Author: Jamie Strandboge
Author Date: 2018-09-27 17:25:04 UTC

Import patches-applied version 2.12-4ubuntu8 to applied/ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: 78763385cb87264d6867d2793e21f03a8c99625d
Unapplied parent: 781528fe7cd4e279d1d88febb514043f0d136d1c

New changelog entries:
  * lp1788929+1794848.patch:
    - disallow writes to thumbnailer dir (LP: #1788929)
    - disallow access to the dirs of private files (LP: #1794848)

Author: intrigeri
Author Date: 2018-07-07 17:15:31 UTC

Import patches-unapplied version 2.13-2 to debian/experimental

Imported using git-ubuntu import.

Changelog parent: cbb9de0a8fd70270d6951d59acb2a2636a5a8252

New changelog entries:
  * Merge from sid:
    - upstream-commit-d9d3cae-adjust-python-abstraction-for-python-3.patch:
      new patch, to avoid breaking things with Python 3.7.
  * Regarding the "Don't invalidate the cache anymore […]" change inrtoduced
    in 2.13-1: one can manually do that with apparmor_parser --purge.

Author: intrigeri
Author Date: 2018-07-07 17:15:31 UTC

Import patches-applied version 2.13-2 to applied/debian/experimental

Imported using git-ubuntu import.

Changelog parent: 5630e4318724e858c93346983d0632be9825633d
Unapplied parent: d1e4a96937b6cac318a040276793c04fb140e19d

New changelog entries:
  * Merge from sid:
    - upstream-commit-d9d3cae-adjust-python-abstraction-for-python-3.patch:
      new patch, to avoid breaking things with Python 3.7.
  * Regarding the "Don't invalidate the cache anymore […]" change inrtoduced
    in 2.13-1: one can manually do that with apparmor_parser --purge.

Author: Jamie Strandboge
Author Date: 2018-04-17 20:15:16 UTC

Import patches-unapplied version 2.12-4ubuntu5 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: a5c9eb590c7032d78ae8580605c464c4c30259df

New changelog entries:
  [ Didier Roche ]
  * debian/patches/ubuntu/communitheme-snap-support.patch:
    - support communitheme snap (LP: #1762983)
  [ Jamie Strandboge ]
  * debian/patches/ubuntu/add-chromium-browser.patch: adjust for newer
    chromium (LP: #1101298, LP: #1594589, LP: #1647142)
    - add attach_disconnected
    - allow reading /proc/vmstat
    - don't require owner match for /proc/pid/{stat,status} and task
      counterparts
    - adjust pci[0-9] to be pci[0-9a-f]
    - allow reading all uevents and /sys/devices/virtual/tty/tty0/active
    - allow ptracing xdgsettings and lsb-release
    - xdgsettings uses head and tr and looks at /usr/share/ubuntu/applications/
    - lsb-release uses python 3.6 and looks at apport, apt.conf, dpkg and
      distro-info
    - use 'm' on on sandbox
  * debian/patches/ubuntu/mimeinfo-snap-support.patch: allow reading
    /var/lib/snapd/desktop/applications *.desktop and mimeinfo.cache
    (LP: #1712039)

Author: Jamie Strandboge
Author Date: 2018-04-17 20:15:16 UTC

Import patches-applied version 2.12-4ubuntu5 to applied/ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: c50fc60ffc59ca3cc9a56e3f1fb3294376ca5669
Unapplied parent: f01d3e58f1dc079d20ab673bdb4997c80461aaf1

New changelog entries:
  [ Didier Roche ]
  * debian/patches/ubuntu/communitheme-snap-support.patch:
    - support communitheme snap (LP: #1762983)
  [ Jamie Strandboge ]
  * debian/patches/ubuntu/add-chromium-browser.patch: adjust for newer
    chromium (LP: #1101298, LP: #1594589, LP: #1647142)
    - add attach_disconnected
    - allow reading /proc/vmstat
    - don't require owner match for /proc/pid/{stat,status} and task
      counterparts
    - adjust pci[0-9] to be pci[0-9a-f]
    - allow reading all uevents and /sys/devices/virtual/tty/tty0/active
    - allow ptracing xdgsettings and lsb-release
    - xdgsettings uses head and tr and looks at /usr/share/ubuntu/applications/
    - lsb-release uses python 3.6 and looks at apport, apt.conf, dpkg and
      distro-info
    - use 'm' on on sandbox
  * debian/patches/ubuntu/mimeinfo-snap-support.patch: allow reading
    /var/lib/snapd/desktop/applications *.desktop and mimeinfo.cache
    (LP: #1712039)

Author: Jamie Strandboge
Author Date: 2018-04-17 20:15:16 UTC

Import patches-applied version 2.12-4ubuntu5 to applied/ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: c50fc60ffc59ca3cc9a56e3f1fb3294376ca5669
Unapplied parent: f01d3e58f1dc079d20ab673bdb4997c80461aaf1

New changelog entries:
  [ Didier Roche ]
  * debian/patches/ubuntu/communitheme-snap-support.patch:
    - support communitheme snap (LP: #1762983)
  [ Jamie Strandboge ]
  * debian/patches/ubuntu/add-chromium-browser.patch: adjust for newer
    chromium (LP: #1101298, LP: #1594589, LP: #1647142)
    - add attach_disconnected
    - allow reading /proc/vmstat
    - don't require owner match for /proc/pid/{stat,status} and task
      counterparts
    - adjust pci[0-9] to be pci[0-9a-f]
    - allow reading all uevents and /sys/devices/virtual/tty/tty0/active
    - allow ptracing xdgsettings and lsb-release
    - xdgsettings uses head and tr and looks at /usr/share/ubuntu/applications/
    - lsb-release uses python 3.6 and looks at apport, apt.conf, dpkg and
      distro-info
    - use 'm' on on sandbox
  * debian/patches/ubuntu/mimeinfo-snap-support.patch: allow reading
    /var/lib/snapd/desktop/applications *.desktop and mimeinfo.cache
    (LP: #1712039)

Author: Jamie Strandboge
Author Date: 2018-04-17 20:15:16 UTC

Import patches-unapplied version 2.12-4ubuntu5 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: a5c9eb590c7032d78ae8580605c464c4c30259df

New changelog entries:
  [ Didier Roche ]
  * debian/patches/ubuntu/communitheme-snap-support.patch:
    - support communitheme snap (LP: #1762983)
  [ Jamie Strandboge ]
  * debian/patches/ubuntu/add-chromium-browser.patch: adjust for newer
    chromium (LP: #1101298, LP: #1594589, LP: #1647142)
    - add attach_disconnected
    - allow reading /proc/vmstat
    - don't require owner match for /proc/pid/{stat,status} and task
      counterparts
    - adjust pci[0-9] to be pci[0-9a-f]
    - allow reading all uevents and /sys/devices/virtual/tty/tty0/active
    - allow ptracing xdgsettings and lsb-release
    - xdgsettings uses head and tr and looks at /usr/share/ubuntu/applications/
    - lsb-release uses python 3.6 and looks at apport, apt.conf, dpkg and
      distro-info
    - use 'm' on on sandbox
  * debian/patches/ubuntu/mimeinfo-snap-support.patch: allow reading
    /var/lib/snapd/desktop/applications *.desktop and mimeinfo.cache
    (LP: #1712039)

Author: Ubuntu Git Importer
Author Date: 2018-03-15 17:50:27 UTC

pristine-tar data for apparmor_2.12.orig.tar.gz

Author: intrigeri
Author Date: 2018-02-27 10:59:06 UTC

Import patches-unapplied version 2.11.0-3+deb9u2 to debian/stretch

Imported using git-ubuntu import.

Changelog parent: 75908290953622a01b0ca853537e7dbc5824a913

New changelog entries:
  * Move the features file to /usr/share/apparmor-features;
    accordingly remove the old (now obsolete) '/etc/apparmor/features'
    conffile (Closes: #883682).
  * Configure gbp for DEP-14 and avoid gbp-pq prefixing patches
    with numbers.
  * Pin the AppArmor feature set to Stretch's kernel (Closes: #879585).
    This ensures Stretch systems, even when running a newer kernel (e.g.
    from backports), have their AppArmor feature set pinned to the one
    supported by the AppArmor policy shipped in Stretch. Otherwise they
    would experience breakage due to new AppArmor mediation features
    introduced in recent kernels.

Author: intrigeri
Author Date: 2018-02-27 10:59:06 UTC

Import patches-applied version 2.11.0-3+deb9u2 to applied/debian/stretch

Imported using git-ubuntu import.

Changelog parent: bab628b49faddbc35b55aea2d7ca9e876eea7aca
Unapplied parent: 7a89aacaec36f4ab1748529e011da92980e91ed3

New changelog entries:
  * Move the features file to /usr/share/apparmor-features;
    accordingly remove the old (now obsolete) '/etc/apparmor/features'
    conffile (Closes: #883682).
  * Configure gbp for DEP-14 and avoid gbp-pq prefixing patches
    with numbers.
  * Pin the AppArmor feature set to Stretch's kernel (Closes: #879585).
    This ensures Stretch systems, even when running a newer kernel (e.g.
    from backports), have their AppArmor feature set pinned to the one
    supported by the AppArmor policy shipped in Stretch. Otherwise they
    would experience breakage due to new AppArmor mediation features
    introduced in recent kernels.

Author: Ubuntu Git Importer
Author Date: 2018-03-08 02:06:45 UTC

pristine-tar data for apparmor_2.12.orig.tar.gz

Author: Christian Ehrhardt 
Author Date: 2018-02-20 15:04:02 UTC

Import patches-applied version 2.10.95-0ubuntu2.9 to applied/ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 1bebe3a2d3284e2dd23d89e7a65f746f3f659a0d
Unapplied parent: e84ac68db9311a7dc72bbb1f93da686f208a3174

New changelog entries:
  * debian/patches/base-journald-updates.patch: update base abstraction
    for additional journald sockets (LP: #1670408)
    Backport from 2.11.0-2ubuntu5 by Jamie Strandboge <jamie@ubuntu.com>

Author: Christian Ehrhardt 
Author Date: 2018-02-20 15:04:02 UTC

Import patches-unapplied version 2.10.95-0ubuntu2.9 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: a983c53cb5b63b027147378e177ed365223615ea

New changelog entries:
  * debian/patches/base-journald-updates.patch: update base abstraction
    for additional journald sockets (LP: #1670408)
    Backport from 2.11.0-2ubuntu5 by Jamie Strandboge <jamie@ubuntu.com>

Author: Eric Desrochers
Author Date: 2018-02-02 15:19:38 UTC

Import patches-unapplied version 2.10.95-0ubuntu2.6~14.04.3 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: 748e40e53baddd9a9e1896e4eef8384c029f2394

New changelog entries:
  * d/p/14.04-profiles-allow-seven-digit-pid-lp1717714.patch:
    - Renamed d/p/0001-Allow-seven-digit-pid.patch to mirror other
      profiles-14.04 patches naming pattern.
    - Modify the existing/renamed patch to use the dir that should be use to
      patch a profile. profiles-14.04/ should be use instead of profiles/
      which is not use. (LP: #1717714)

Author: Eric Desrochers
Author Date: 2018-02-02 15:19:38 UTC

Import patches-applied version 2.10.95-0ubuntu2.6~14.04.3 to applied/ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: f785424df2b4ec61079ed0151cecb4ff7ae8ca4d
Unapplied parent: 116fc7fb73974eec2335d846b2c32f6b9099af7f

New changelog entries:
  * d/p/14.04-profiles-allow-seven-digit-pid-lp1717714.patch:
    - Renamed d/p/0001-Allow-seven-digit-pid.patch to mirror other
      profiles-14.04 patches naming pattern.
    - Modify the existing/renamed patch to use the dir that should be use to
      patch a profile. profiles-14.04/ should be use instead of profiles/
      which is not use. (LP: #1717714)

Author: Seyeong Kim
Author Date: 2018-01-08 15:49:55 UTC

Import patches-unapplied version 2.11.0-2ubuntu17.1 to ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: 0695953b3aef86e3b772ee0c35398c4456c8be9a

New changelog entries:
  * d/p/0001-Allow-seven-digit-pid.patch:
    On 64bit systems, /proc/sys/kernel/pid_max can be set to PID_MAX_LIMIT,
    (2^22), which results in seven digit pids. Adjust the @{PID} variable in
    tunables/global to accept this. (LP: #1717714)

Author: Seyeong Kim
Author Date: 2018-01-08 15:49:55 UTC

Import patches-unapplied version 2.11.0-2ubuntu17.1 to ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: 0695953b3aef86e3b772ee0c35398c4456c8be9a

New changelog entries:
  * d/p/0001-Allow-seven-digit-pid.patch:
    On 64bit systems, /proc/sys/kernel/pid_max can be set to PID_MAX_LIMIT,
    (2^22), which results in seven digit pids. Adjust the @{PID} variable in
    tunables/global to accept this. (LP: #1717714)

Author: Seyeong Kim
Author Date: 2018-01-08 15:49:55 UTC

Import patches-unapplied version 2.11.0-2ubuntu17.1 to ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: 0695953b3aef86e3b772ee0c35398c4456c8be9a

New changelog entries:
  * d/p/0001-Allow-seven-digit-pid.patch:
    On 64bit systems, /proc/sys/kernel/pid_max can be set to PID_MAX_LIMIT,
    (2^22), which results in seven digit pids. Adjust the @{PID} variable in
    tunables/global to accept this. (LP: #1717714)

Author: Seyeong Kim
Author Date: 2018-01-08 15:49:55 UTC

Import patches-applied version 2.11.0-2ubuntu17.1 to applied/ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: 827803b98b3e754e6b6d5b475cc05c635304decd
Unapplied parent: 2b1157cf23ea81e562212dd1b51087cf58432937

New changelog entries:
  * d/p/0001-Allow-seven-digit-pid.patch:
    On 64bit systems, /proc/sys/kernel/pid_max can be set to PID_MAX_LIMIT,
    (2^22), which results in seven digit pids. Adjust the @{PID} variable in
    tunables/global to accept this. (LP: #1717714)

Author: Seyeong Kim
Author Date: 2018-01-08 15:49:55 UTC

Import patches-applied version 2.11.0-2ubuntu17.1 to applied/ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: 827803b98b3e754e6b6d5b475cc05c635304decd
Unapplied parent: 2b1157cf23ea81e562212dd1b51087cf58432937

New changelog entries:
  * d/p/0001-Allow-seven-digit-pid.patch:
    On 64bit systems, /proc/sys/kernel/pid_max can be set to PID_MAX_LIMIT,
    (2^22), which results in seven digit pids. Adjust the @{PID} variable in
    tunables/global to accept this. (LP: #1717714)

Author: Seyeong Kim
Author Date: 2018-01-08 15:49:55 UTC

Import patches-applied version 2.11.0-2ubuntu17.1 to applied/ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: 827803b98b3e754e6b6d5b475cc05c635304decd
Unapplied parent: 2b1157cf23ea81e562212dd1b51087cf58432937

New changelog entries:
  * d/p/0001-Allow-seven-digit-pid.patch:
    On 64bit systems, /proc/sys/kernel/pid_max can be set to PID_MAX_LIMIT,
    (2^22), which results in seven digit pids. Adjust the @{PID} variable in
    tunables/global to accept this. (LP: #1717714)

Author: Jamie Strandboge
Author Date: 2017-09-15 12:52:05 UTC

Import patches-unapplied version 2.11.0-2ubuntu17 to ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: 6bf4cdad2ed1881d83b4949811f83eac8a94c704

New changelog entries:
  * nameservice-add-stub-resolv.patch: allow read access to systemd stub
    resolver configuration

Author: Jamie Strandboge
Author Date: 2017-09-15 12:52:05 UTC

Import patches-applied version 2.11.0-2ubuntu17 to applied/ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: 1027fcaf43798cd45615582a6457a4428815243d
Unapplied parent: 52aeec4716e199198714fa1f79a544117fdaac1b

New changelog entries:
  * nameservice-add-stub-resolv.patch: allow read access to systemd stub
    resolver configuration

Author: Jamie Strandboge
Author Date: 2017-04-11 18:34:18 UTC

Import patches-unapplied version 2.11.0-2ubuntu4 to ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: 79c2d1fecb250882ab7d396d617964a4de9b6c16

New changelog entries:
  * debian/patches/aa-notify-urgency-normal.patch: adjust the notify-send
    urgency to 'normal' to accommodate gnome-shell (LP: #1681908)

Author: Jamie Strandboge
Author Date: 2017-04-11 18:34:18 UTC

Import patches-applied version 2.11.0-2ubuntu4 to applied/ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: 61a425a208718399c4bd37590ba4c4ba0bd206ec
Unapplied parent: 655e3c648a5bb2049933d432c2ad7228b0264cff

New changelog entries:
  * debian/patches/aa-notify-urgency-normal.patch: adjust the notify-send
    urgency to 'normal' to accommodate gnome-shell (LP: #1681908)

Author: Jamie Strandboge
Author Date: 2017-04-11 18:34:18 UTC

Import patches-unapplied version 2.11.0-2ubuntu4 to ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: 79c2d1fecb250882ab7d396d617964a4de9b6c16

New changelog entries:
  * debian/patches/aa-notify-urgency-normal.patch: adjust the notify-send
    urgency to 'normal' to accommodate gnome-shell (LP: #1681908)

Author: Jamie Strandboge
Author Date: 2017-04-11 18:34:18 UTC

Import patches-unapplied version 2.11.0-2ubuntu4 to ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: 79c2d1fecb250882ab7d396d617964a4de9b6c16

New changelog entries:
  * debian/patches/aa-notify-urgency-normal.patch: adjust the notify-send
    urgency to 'normal' to accommodate gnome-shell (LP: #1681908)

Author: Jamie Strandboge
Author Date: 2017-04-11 18:34:18 UTC

Import patches-applied version 2.11.0-2ubuntu4 to applied/ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: 61a425a208718399c4bd37590ba4c4ba0bd206ec
Unapplied parent: 655e3c648a5bb2049933d432c2ad7228b0264cff

New changelog entries:
  * debian/patches/aa-notify-urgency-normal.patch: adjust the notify-send
    urgency to 'normal' to accommodate gnome-shell (LP: #1681908)

Author: Jamie Strandboge
Author Date: 2017-04-11 18:34:18 UTC

Import patches-applied version 2.11.0-2ubuntu4 to applied/ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: 61a425a208718399c4bd37590ba4c4ba0bd206ec
Unapplied parent: 655e3c648a5bb2049933d432c2ad7228b0264cff

New changelog entries:
  * debian/patches/aa-notify-urgency-normal.patch: adjust the notify-send
    urgency to 'normal' to accommodate gnome-shell (LP: #1681908)

Author: Tyler Hicks
Author Date: 2017-03-28 15:51:36 UTC

Import patches-unapplied version 2.10.95-4ubuntu5.3 to ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: 7bad1a53082a1a7b8ad1ec2367f50990d82aa0ee

New changelog entries:
  * SECURITY UPDATE: Don't unload unknown profiles during package
    configuration or when restarting the apparmor init script, upstart job, or
    systemd unit as this could leave processes unconfined (LP: #1668892)
    - debian/apparmor.postinst, debian/apparmor.init, debian/apparmor.upstart:
      Remove calls to unload_obsolete_profiles()
    - debian/patches/utils-add-aa-remove-unknown.patch,
      debian/apparmor.install debian/apparmor.manpages: Include a new utility,
      aa-remove-unknown, which can be used to unload unknown profiles
    - CVE-2017-6507

Author: Tyler Hicks
Author Date: 2017-03-28 15:51:36 UTC

Import patches-unapplied version 2.10.95-4ubuntu5.3 to ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: 7bad1a53082a1a7b8ad1ec2367f50990d82aa0ee

New changelog entries:
  * SECURITY UPDATE: Don't unload unknown profiles during package
    configuration or when restarting the apparmor init script, upstart job, or
    systemd unit as this could leave processes unconfined (LP: #1668892)
    - debian/apparmor.postinst, debian/apparmor.init, debian/apparmor.upstart:
      Remove calls to unload_obsolete_profiles()
    - debian/patches/utils-add-aa-remove-unknown.patch,
      debian/apparmor.install debian/apparmor.manpages: Include a new utility,
      aa-remove-unknown, which can be used to unload unknown profiles
    - CVE-2017-6507

Author: Tyler Hicks
Author Date: 2017-03-28 15:51:36 UTC

Import patches-unapplied version 2.10.95-4ubuntu5.3 to ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: 7bad1a53082a1a7b8ad1ec2367f50990d82aa0ee

New changelog entries:
  * SECURITY UPDATE: Don't unload unknown profiles during package
    configuration or when restarting the apparmor init script, upstart job, or
    systemd unit as this could leave processes unconfined (LP: #1668892)
    - debian/apparmor.postinst, debian/apparmor.init, debian/apparmor.upstart:
      Remove calls to unload_obsolete_profiles()
    - debian/patches/utils-add-aa-remove-unknown.patch,
      debian/apparmor.install debian/apparmor.manpages: Include a new utility,
      aa-remove-unknown, which can be used to unload unknown profiles
    - CVE-2017-6507

Author: Tyler Hicks
Author Date: 2017-03-28 15:51:36 UTC

Import patches-applied version 2.10.95-4ubuntu5.3 to applied/ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: 6e9a21172e4424d8f51708601a5f0cc492ed5a4d
Unapplied parent: 541caa635e4e58fa66b8995ce80964838350b690

New changelog entries:
  * SECURITY UPDATE: Don't unload unknown profiles during package
    configuration or when restarting the apparmor init script, upstart job, or
    systemd unit as this could leave processes unconfined (LP: #1668892)
    - debian/apparmor.postinst, debian/apparmor.init, debian/apparmor.upstart:
      Remove calls to unload_obsolete_profiles()
    - debian/patches/utils-add-aa-remove-unknown.patch,
      debian/apparmor.install debian/apparmor.manpages: Include a new utility,
      aa-remove-unknown, which can be used to unload unknown profiles
    - CVE-2017-6507

Author: Tyler Hicks
Author Date: 2017-03-28 15:51:36 UTC

Import patches-applied version 2.10.95-4ubuntu5.3 to applied/ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: 6e9a21172e4424d8f51708601a5f0cc492ed5a4d
Unapplied parent: 541caa635e4e58fa66b8995ce80964838350b690

New changelog entries:
  * SECURITY UPDATE: Don't unload unknown profiles during package
    configuration or when restarting the apparmor init script, upstart job, or
    systemd unit as this could leave processes unconfined (LP: #1668892)
    - debian/apparmor.postinst, debian/apparmor.init, debian/apparmor.upstart:
      Remove calls to unload_obsolete_profiles()
    - debian/patches/utils-add-aa-remove-unknown.patch,
      debian/apparmor.install debian/apparmor.manpages: Include a new utility,
      aa-remove-unknown, which can be used to unload unknown profiles
    - CVE-2017-6507

Author: Tyler Hicks
Author Date: 2017-03-28 15:51:36 UTC

Import patches-applied version 2.10.95-4ubuntu5.3 to applied/ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: 6e9a21172e4424d8f51708601a5f0cc492ed5a4d
Unapplied parent: 541caa635e4e58fa66b8995ce80964838350b690

New changelog entries:
  * SECURITY UPDATE: Don't unload unknown profiles during package
    configuration or when restarting the apparmor init script, upstart job, or
    systemd unit as this could leave processes unconfined (LP: #1668892)
    - debian/apparmor.postinst, debian/apparmor.init, debian/apparmor.upstart:
      Remove calls to unload_obsolete_profiles()
    - debian/patches/utils-add-aa-remove-unknown.patch,
      debian/apparmor.install debian/apparmor.manpages: Include a new utility,
      aa-remove-unknown, which can be used to unload unknown profiles
    - CVE-2017-6507

Author: Tyler Hicks
Author Date: 2017-03-15 22:07:05 UTC

Import patches-unapplied version 2.7.102-0ubuntu3.11 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: f01bfe1a152ba5f5fbeb8827d77a003ac5d4ac7d

New changelog entries:
  * SECURITY UPDATE: Don't unload unknown profiles during package
    configuration or when restarting the apparmor init script as this could
    leave processes unconfined (LP: #1668892)
    - debian/apparmor.init: Remove call to unload_obsolete_profiles()
    - debian/patches/0042-utils-add-aa-remove-unknown.patch,
      debian/apparmor.install debian/apparmor.manpages: Include a new utility,
      aa-remove-unknown, which can be used to unload unknown profiles
    - CVE-2017-6507

Author: Tyler Hicks
Author Date: 2017-03-15 22:07:05 UTC

Import patches-unapplied version 2.7.102-0ubuntu3.11 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: f01bfe1a152ba5f5fbeb8827d77a003ac5d4ac7d

New changelog entries:
  * SECURITY UPDATE: Don't unload unknown profiles during package
    configuration or when restarting the apparmor init script as this could
    leave processes unconfined (LP: #1668892)
    - debian/apparmor.init: Remove call to unload_obsolete_profiles()
    - debian/patches/0042-utils-add-aa-remove-unknown.patch,
      debian/apparmor.install debian/apparmor.manpages: Include a new utility,
      aa-remove-unknown, which can be used to unload unknown profiles
    - CVE-2017-6507

Author: Tyler Hicks
Author Date: 2017-03-15 22:07:05 UTC

Import patches-unapplied version 2.7.102-0ubuntu3.11 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: f01bfe1a152ba5f5fbeb8827d77a003ac5d4ac7d

New changelog entries:
  * SECURITY UPDATE: Don't unload unknown profiles during package
    configuration or when restarting the apparmor init script as this could
    leave processes unconfined (LP: #1668892)
    - debian/apparmor.init: Remove call to unload_obsolete_profiles()
    - debian/patches/0042-utils-add-aa-remove-unknown.patch,
      debian/apparmor.install debian/apparmor.manpages: Include a new utility,
      aa-remove-unknown, which can be used to unload unknown profiles
    - CVE-2017-6507

Author: Tyler Hicks
Author Date: 2017-03-15 22:07:05 UTC

Import patches-applied version 2.7.102-0ubuntu3.11 to applied/ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: c208a1ad27b7145dd913d28a44dc6b2ae514d119
Unapplied parent: f0187852621bc412da2454eab517676edc3a5155

New changelog entries:
  * SECURITY UPDATE: Don't unload unknown profiles during package
    configuration or when restarting the apparmor init script as this could
    leave processes unconfined (LP: #1668892)
    - debian/apparmor.init: Remove call to unload_obsolete_profiles()
    - debian/patches/0042-utils-add-aa-remove-unknown.patch,
      debian/apparmor.install debian/apparmor.manpages: Include a new utility,
      aa-remove-unknown, which can be used to unload unknown profiles
    - CVE-2017-6507

Author: Tyler Hicks
Author Date: 2017-03-15 22:07:05 UTC

Import patches-applied version 2.7.102-0ubuntu3.11 to applied/ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: c208a1ad27b7145dd913d28a44dc6b2ae514d119
Unapplied parent: f0187852621bc412da2454eab517676edc3a5155

New changelog entries:
  * SECURITY UPDATE: Don't unload unknown profiles during package
    configuration or when restarting the apparmor init script as this could
    leave processes unconfined (LP: #1668892)
    - debian/apparmor.init: Remove call to unload_obsolete_profiles()
    - debian/patches/0042-utils-add-aa-remove-unknown.patch,
      debian/apparmor.install debian/apparmor.manpages: Include a new utility,
      aa-remove-unknown, which can be used to unload unknown profiles
    - CVE-2017-6507

Author: Tyler Hicks
Author Date: 2017-03-15 22:07:05 UTC

Import patches-applied version 2.7.102-0ubuntu3.11 to applied/ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: c208a1ad27b7145dd913d28a44dc6b2ae514d119
Unapplied parent: f0187852621bc412da2454eab517676edc3a5155

New changelog entries:
  * SECURITY UPDATE: Don't unload unknown profiles during package
    configuration or when restarting the apparmor init script as this could
    leave processes unconfined (LP: #1668892)
    - debian/apparmor.init: Remove call to unload_obsolete_profiles()
    - debian/patches/0042-utils-add-aa-remove-unknown.patch,
      debian/apparmor.install debian/apparmor.manpages: Include a new utility,
      aa-remove-unknown, which can be used to unload unknown profiles
    - CVE-2017-6507

Author: Tyler Hicks
Author Date: 2016-10-12 01:47:06 UTC

Import patches-unapplied version 2.10.95-4ubuntu5.1 to ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: 150669b3ef4740898f9425732af284f10f259685

New changelog entries:
  * debian/patches/profiles-grant-access-to-systemd-resolved.patch: AppArmor
    profiles that make use of the nameservice abstraction should be allowed to
    communicate with systemd-resolved over D-Bus. Ubuntu 16.10 systems are
    configured to use nss-resolve which then communicates with
    systemd-resolved's D-Bus API. (LP: #1598759)

Author: Tyler Hicks
Author Date: 2016-10-12 01:47:06 UTC

Import patches-applied version 2.10.95-4ubuntu5.1 to applied/ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: f5e818ab2127aaa96cfe5b458b9232bd7dbf01ee
Unapplied parent: 15ff2d7c30d670499738bba1cd80fd64dce727e4

New changelog entries:
  * debian/patches/profiles-grant-access-to-systemd-resolved.patch: AppArmor
    profiles that make use of the nameservice abstraction should be allowed to
    communicate with systemd-resolved over D-Bus. Ubuntu 16.10 systems are
    configured to use nss-resolve which then communicates with
    systemd-resolved's D-Bus API. (LP: #1598759)