apparmor 2.13.3-5ubuntu1 source package in Ubuntu

Changelog

apparmor (2.13.3-5ubuntu1) eoan; urgency=medium

  * Merge new upstream release from Debian. Remaining changes:
    - Ubuntu-specific patches:
      + ubuntu/add-chromium-browser.patch
      + ubuntu/communitheme-snap-support.patch
      + ubuntu/mimeinfo-snap-support.patch
      + ubuntu/parser-conf-no-expr-simplify.patch
      + ubuntu/profiles-grant-access-to-systemd-resolved.patch
    - debian/apparmor.{install,maintscript}: feature pinning is not used in
      Ubuntu
    - debian/apparmor.preinst: remove cache files on upgrade to 2.13
    - debian/apparmor-profiles.install: install Ubuntu chromium-browser
      profile and abstraction
    - debian/apparmor-profiles.lintian-overrides: update for chromium-browser
      profile having read access to dpkg database for lsb-release
    - debian/apparmor-profiles.postinst: ubuntu-browsers.d/chromium-browser
      abstraction if it doesn't exist
    - debian/control: adjust the Vcs-{Browser,Git} control fields to reflect
      the branch where the Ubuntu packaging is maintained.
    - debian/gbp.conf: use ubuntu/master as the debian-branch
    - debian/patches/series: comment out debian-only patches
    - debian/tests/control and debian/tests/compile-policy: don't test
      thunderbird since the Ubuntu packaging doesn't ship a profile
  * Drop the following patches, no longer needed:
    - ubuntu/dont-include-site-local-with-dovecot.patch
    - lp1820068.patch
    - upstream-commit-fix-segfault-in-overlaydirat_for_each.patch
    - upstream-commit-add-option-to-dump-policy-cache-with-libapparmor.patch
    - upstream-commit-teach-aa_policy_cache_sh-about-the-new-cache.patch
    - upstream-commit-fix-segfault-when-loading-policy-cache-files.patch
    - upstream-commit-fix-variable-name-overlap-in-merge-macro.patch
  * upstream-dont-allow-fontconfig-cache-write.patch: don't allow write of
    fontconfig cache files
  * upstream-tests-mult-mount-bump-size-of-created-disk.patch: regression
    tests/mult_mount: bump size of created disk image

apparmor (2.13.3-5) unstable; urgency=medium

  * upstream-mr-419-Xwayland-vs-recent-mutter.patch: new patch (Closes: #935058)

apparmor (2.13.3-4) unstable; urgency=medium

  * New patch, cherry-picked and adapted from Ubuntu: don't include local/
    snippets in the Dovecot profiles. These inclusions of non-existing files
    break aa-genprof (Closes: #928160).
  * Merge ubuntu/2.13.2-9ubuntu7, which turns out to be a no-op, because
    we essentially revert all changes brought by this merge:
    - Drop lp1820068.patch, introduced in 2.13.2-9ubuntu7: it's included
      in the 2.13.3 upstream release already.
    - Don't enable ubuntu/parser-conf-no-expr-simplify.patch, that Ubuntu just
      re-enabled: in Debian we don't disable expression tree simplification,
      because we've cherry-picked an upstream patch that improves its
      performance sufficiently.

apparmor (2.13.3-3) unstable; urgency=medium

  [ Michael Biebl ]
  * Move libraries back to /usr/lib

  [ intrigeri ]
  * Remove Lintian override made obsolete by the move to /usr/lib/apparmor/
  * Avoid-blhc-CPPFLAGS-missing-false-positive.patch: new patch.
  * Revert "debian/control: Breaks on snapd < 2.38~"
    Jamie Strandboge explained in details on #932815 the rationale behind this
    Breaks relationship. The user impact seems non-critical and the risk of the
    problem happening in practice is very low, so for now let's remove this
    Breaks, that prevents apparmor from migrating to testing (we don't have
    snapd 2.38+ in Debian yet).

apparmor (2.13.3-2) unstable; urgency=medium

  * Install the lsb_release profile.

apparmor (2.13.3-1) unstable; urgency=medium

  * Import new 2.13.3 upstream release and accordingly:
    - Update dev-pkg-without-shlib-symlink Lintian override: soname
      was bumped to 1.6.1.
    - Drop patches that were applied upstream.
  * Merge ubuntu/2.13.2-9ubuntu6, dropping the Ubuntu delta (Closes: #926015):
    - lp1824812.patch: set SFS_MOUNTPOINT in is_container_with_internal_policy()
      since it is sometimes called independently of is_apparmor_loaded()
      (LP: #1824812)
    - debian/apparmor.postrm: remove parser-created subdirs
    - debian/tests/control: try Ubuntu kernel but mark skip-not-installable
    - regression testsuite fixes:
      upstream-commit-add-option-to-dump-policy-cache-with-libapparmor.patch,
      upstream-commit-teach-aa_policy_cache_sh-about-the-new-cache.patch,
      upstream-commit-fix-variable-name-overlap-in-merge-macro.patch
    - debian/debhelper/postrm-apparmor: also remove cache files
    - debian/control: Breaks on snapd < 2.38~ (the cache forest breaks snap
      remove)
  * Declare compatibility with Debian Policy 4.4.0.
  * Bump debhelper compatibility level to 12. Accordingly:
    - dh_installinit: replace --no-restart-on-upgrade with its new
      --no-stop-on-upgrade name
    - Add override_dh_installsystemd that mimics our override_dh_installinit
  * tests/compile-policy: check syntax of kopano profiles (implements
    #923313 except kopano-search, until giraffe-team/kopanocore!4 is merged
    and uploaded)

 -- Jamie Strandboge <email address hidden>  Mon, 09 Sep 2019 19:13:22 +0000

Upload details

Uploaded by:
Jamie Strandboge on 2019-09-09
Uploaded to:
Eoan
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
admin
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Eoan release on 2019-09-10 main admin

Downloads

File Size SHA-256 Checksum
apparmor_2.13.3.orig.tar.gz 7.0 MiB 267053234c68cdb122c5294d7c276b6e2f5fa7e75c6c2d23e3ce69f95d9a7639
apparmor_2.13.3.orig.tar.gz.asc 870 bytes 5f280617cca0c5f83ac113166eafcb3ca58be75fdbc4444141282724fb8ad7d7
apparmor_2.13.3-5ubuntu1.debian.tar.xz 101.1 KiB 92d1005314f4a2b603c7091de76b923fabffdf2734a58100d004ff5a32d9af8f
apparmor_2.13.3-5ubuntu1.dsc 3.5 KiB efd3e276b1d7109358454deba8f9a7c66ba6aba80a5170bfee0ec375739da0aa

Available diffs

View changes file

Binary packages built by this source

apparmor: user-space parser utility for AppArmor

 apparmor provides the system initialization scripts needed to use the
 AppArmor Mandatory Access Control system, including the AppArmor Parser
 which is required to convert AppArmor text profiles into machine-readable
 policies that are loaded into the kernel for use with the AppArmor Linux
 Security Module.

apparmor-dbgsym: debug symbols for apparmor
apparmor-easyprof: AppArmor easyprof profiling tool

 apparmor-easyprof provides the aa-easyprof utility which is an easy to
 use interface for AppArmor policy generation. aa-easyprof supports the
 use of templates and policy groups to quickly profile an application.

apparmor-notify: AppArmor notification system

 apparmor-notify provides a utility to display AppArmor denial
 messages via desktop notifications. The utility can also be used to
 generate summary reports.

apparmor-profiles: experimental profiles for AppArmor security policies

 apparmor-profiles provides various experimental AppArmor profiles.
 Do not expect these profiles to work out-of-the-box.
 .
 These profiles are not mature enough to be shipped in enforce mode by
 default on Debian. They are shipped in complain mode so that users
 can test them, choose which are desired, and help improve them
 upstream if needed.
 .
 Some even more experimental profiles are included in
 /usr/share/doc/apparmor-profiles/extras/.

apparmor-utils: utilities for controlling AppArmor

 apparmor-utilities provides utilities that operate on AppArmor
 profiles. Profiles can be created, updated, enforced, set to complain
 mode, and disabled with tools such as aa-genprof, aa-enforce,
 aa-complain and aa-disabled.

dh-apparmor: AppArmor debhelper routines

 dh-apparmor provides the debhelper tools used to install and migrate
 AppArmor profiles. This is normally used from package maintainer scripts
 during install and removal.

libapache2-mod-apparmor: changehat AppArmor library as an Apache module

 libapache2-mod-apparmor provides the Apache module needed to declare
 various differing confinement policies when running virtual hosts in the
 webserver by using the changehat abilities exposed through libapparmor.

libapache2-mod-apparmor-dbgsym: debug symbols for libapache2-mod-apparmor
libapparmor-dev: AppArmor development libraries and header files

 libapparmor-dev provides the development libraries and header
 files needed to link against the AppArmor changehat and log parsing
 functions. Also includes the manpages for library functions.

libapparmor-perl: AppArmor library Perl bindings

 libapparmor-perl provides the Perl module that contains the language
 bindings for the AppArmor library, libapparmor, which were autogenerated
 via SWIG.

libapparmor-perl-dbgsym: debug symbols for libapparmor-perl
libapparmor1: changehat AppArmor library

 libapparmor1 provides the shared library used for making use
 of the AppArmor profile and changehat functionality, as well as common
 log parsing routines.

libapparmor1-dbgsym: debug symbols for libapparmor1
libpam-apparmor: changehat AppArmor library as a PAM module

 libpam-apparmor provides the PAM module needed to declare various
 differing confinement policies when starting PAM sessions by using the
 changehat abilities exposed through libapparmor.

libpam-apparmor-dbgsym: debug symbols for libpam-apparmor
python3-apparmor: AppArmor Python3 utility library

 python3-apparmor provides the Python3 modules that implement the
 higher-level AppArmor applications.

python3-libapparmor: AppArmor library Python3 bindings

 python3-libapparmor provides the Python3 module that contains the language
 bindings for the AppArmor library, libapparmor, which were autogenerated
 via SWIG.

python3-libapparmor-dbgsym: debug symbols for python3-libapparmor