Ubuntu
apparmor package

lp:ubuntu/trusty-proposed/apparmor

  1. Trusty (14.04)
  2. trusty-proposed
Created by Ubuntu Package Importer and last modified
Get this branch:
bzr branch lp:ubuntu/trusty-proposed/apparmor
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

74. By Steve Beattie

debian/apparmor-profiles.install: add missing dovecot profiles
(LP: #1296667)

73. By Steve Beattie

* debian/patches/php5-Zend_semaphore-lp1401084.patch: allow php5
  abstraction access to Zend opcache files (LP: #1401084)
* debian/patches/dnsmasq-lxc_networking-lp1403468.patch: update
  profile for lxc support (LP: #1403468)
* debian/patches/profiles-texlive_font_generation-lp1010909.patch:
  allow generation of texlive fonts by sanitized-helpers
  (LP: #1010909)
* debian/apport/source_apparmor.py: fix the apparmor apport hook
  so it does not raise an exception if a non-unicode character is
  found in /var/log/kern.log or in /var/log/syslog. This should
  work under python3 or python2.7 (LP: #1304447)
* debian/patches/profiles-dovecot-updates-lp1296667.patch: update
  dovecot profiles to address several missing permissions.
  (LP: #1296667)
* debian/patches/profiles-adjust_X_for_lightdm-lp1339727.patch:
  adjust X abstraction for LightDM xauthority location (LP: #1339727)
* debian/patches/libapparmor-fix_memory_leaks-lp1340927.patch; fix
  memory leaks in log parsing component of libapparmor (LP: #1340927)
* debian/patches/libapparmor-another_audit_format-lp1399027.patch:
  add support for another log format style (LP: #1399027)
* debian/patches/tests-workaround_for_unix_socket_change-lp1425398.patch:
  work around apparmor kernel behavioral change in regression tests
  (LP: #1425398)
* debian/control: add breaks on python3-apparmor against older
  apparmor-utils that used to be where python bits lived
  (LP: #1373259)
* debian/patches/utils-update_to_2.9.2.patch: update the python
  utilities to the upstream 2.9.2 (LP: #1449769, incorporating a
  large number of fixes and improvements, including:
  - fix aa-genprof traceback with apparmor 2.8.95 (LP: #1294797)
  - fix aa-genprof crashing when selecting scan on Ubuntu 14.04 server
    (LP: #1319829)
  - make aa-logprof read profile instead of program binary
    (LP: #1317176, LP: #1324154)
  - aa-complain: don't traceback when marking multiple profiles
    (LP: #1378095)
  - make python tools able to parse mounts with UTF-8 non-ascii
    characters (LP: #1310598)

72. By Jamie Strandboge

debian/control: add versioned Breaks to apparmor for lxc, libvirt-bin,
lightdm and apparmor-easyprof-ubuntu

71. By Tyler Hicks

[ Jamie Strandboge ]
* debian/lib/apparmor/functions: properly calculate number of profiles in
  /var/lib/apparmor/profiles (LP: #1295816)
* autostart aa-notify via /etc/xdg/autostart instead of /etc/X11/Xsession.d
  (LP: #1288241)
  - remove debian/notify/90apparmor-notify
  - add debian/notify/apparmor-notify.desktop
  - debian/apparmor-notify.install: adjust for the above
  - add debian/apparmor-notify.maintscript to remove 90apparmor-notify
* debian/notify/notify.conf: use_group should be set to "sudo" instead of
  "admin" (LP: #1009666)

[ Tyler Hicks ]
* debian/patches/initialize-mount-flags.patch: Initialize the variables
  containing mount rule flags to zero. Otherwise, the parser may set
  unexpected bits in the mount flags field for rules that do not specify
  mount flags. The uninitialized mount flag variables may have caused
  unexpected AppArmor denials during mount mediation. (LP: #1296459)
* debian/patches/fix-typo-in-dbus_write.patch: Fix a bug in the
  apparmor/aa.py module that caused the utilities in the apparmor-utils
  package to write out network rules instead of dbus rules
* debian/patches/limited-mount-rule-support.patch: Fix a bug in the
  apparmor/aa.py module that caused the utilities in the apparmor-utils
  package to traceback when encountering a mount rule (LP: #1294825)
* debian/patches/bare-capability-rule-support.patch: Fix a bug in the
  apparmor/aa.py module that caused the utilities in the apparmor-utils
  package to traceback when encountering a bare capability rule
  (LP: #1294819)
* debian/patches/check-config-for-sysctl.patch,
  debian/patches/increase-swap-size.patch: Fix bugs in the regression test
  suite that caused errors when running on ppc64el
* debian/patches/test-v6-policy.patch,
  debian/patches/test-mount-mediation.patch: Improve the regression tests
  by increasing the mount rule test coverage

70. By Jamie Strandboge

debian/control: Depends on python-pkg-resources for python-apparmor and
python3-pkg-resources for python3-apparmor to fix autopkgtests in
click-apparmor and apparmor-easyprof-ubuntu

69. By Seth Arnold

[ Jamie Strandboge ]

 * debian/debhelper/dh_apparmor: exit with error if aa-easyprof does not
   exist
 * debian/control: drop Depends on apparmor-easyprof to Suggests for
   dh-apparmor

[ Seth Arnold, Jamie Strandboge, Steve Beattie, John Johansen, Tyler Hicks ]

* New upstream snapshot (LP: #1278702, #1061693, #1285653) dropping very
  large Ubuntu delta and fixing the following bugs:
  - Adjust fonts abstraction for libthai (LP: #1278702)
  - Support translated XDG user directories (LP: #1061693)
  - Adjust abstractions/web-data to include /var/www/html (LP: #1285653)
    Refresh 0002-add-debian-integration-to-lighttpd.patch to include
    /etc/lighttpd/conf-available/*.conf
  - Adjust debian/libapparmor1.symbols to reflect new upstream versioning
    for the aa_query_label() function
  - Raise exceptions in Python bindings when something fails
* ship new Python replacements for previous Perl-based tools
  - debian/apparmor-utils.install: remove usr/share/perl5/Immunix/*.pm and
    add usr/sbin/aa-autodep, usr/sbin/aa-cleanprof and usr/sbin/aa-mergeprof
  - debian/control:
    + remove various Perl dependencies
    + add python-apparmor and python3-apparmor
    + python3-apparmor Breaks: apparmor-easyprof to move the file since it
      ships dist-packages/apparmor/__init__.py now
  - debian/apparmor-utils.manpages: ship new manpages for aa-cleanprof and
    aa-mergeprof
  - debian/rules: build and install Python tools
* debian/apparmor.install:
  - install apparmorfs, dovecot, kernelvars, securityfs, sys,
    and xdg-user-dirs tunables and xdg-user-dirs.d directory
* debian/apparmor.dirs:
  - install /etc/apparmor.d/tunables/xdg-user-dirs.d
* debian/rules: delete upstream-provided xdg-user-dirs.d/site.local
* debian/apparmor.postinst: create xdg-user-dirs.d/site.local
* debian/apparmor.postrm: remove xdg-user-dirs.d
* Remaining patches:
  - add-chromium-browser.patch
  - add-debian-integration-to-lighttpd.patch
  - ubuntu-manpage-updates.patch
  - libapparmor-layout-deb.patch
  - libapparmor-mention-dbus-method-in-getcon-man.patch
  - etc-writable.patch
  - aa-utils_are_bilingual.patch
* New patches:
  - convert-to-rules.patch
  - list-fns.patch
  - parse-mode.patch
  - add-decimal-interp.patch
  - policy_mediates.patch
  - fix-failpath.patch
  - feature_file.patch
  - fix-network.patch
  - aare-to-class.patch
  - add-mediation-unix.patch
  - parser_version.patch
  - caching.patch
  - label-class.patch
  - fix-lexer-debug.patch
  - use-diff-encode.patch
  - fix-serialize.patch
  - fix-ppc-endian-ftbfs.patch
  - opt_arg.patch
  - tests-cond-dbus.patch
* Move manpages from libapparmor1 to libapparmor-dev
  - debian/libapparmor-dev.manpages: install aa_change_hat.2,
    aa_change_profile.2, aa_find_mountpoint.2, aa_getcon.2
  - debian/control: libapparmor-dev Replaces: and Breaks: libapparmor1
* Move /usr/lib/python3/dist-packages/apparmor/__init__.py from
  apparmor-easyprof to python3-apparmor
  - debian/control: python3-apparmor Breaks: apparmor-easyprof
  - debian/apparmor-easyprof.install: remove
    usr/lib/python*.*/site-packages/apparmor*
* New profiles and abstractions:
  - debian/apparmor.install: tunables/dovecot, tunables/kernelvars,
    tunables/xdg-user-dirs, tunables/xdg-user-dirs.d

68. By Tyler Hicks

[ Tyler Hicks ]
* 0084-parser-add-dbus-eavesdrop-perm.patch: Add an eavesdrop permission to
  the dbus rule type, allowing confined applications to eavesdrop. The only
  valid conditional for eavesdrop rules is 'bus'. See the apparmor.d(5) man
  page for more information. (LP: #1262440)

[ Steve Beattie ]
* 0085-push-normalize-tree-ops-into-expr-tree-classes.patch: Improve
  parser performance in some cases

[ John Johansen ]
* 0086-add-diff-state-compression-to-dfa.patch: Implement differential
  state compression in the parser
* 0087-fix-dfa-minimization.patch: Fix a parser bug that caused some DFAs to
  not be fully minimized (LP: #1262938)
* 0088-fix-pol-generation-for-small-dfas.patch: Fixes bugs in the parser
  when generating policy for some small DFAs

67. By Tyler Hicks

[ Jan Rękorajski ]
* 0082-parser-fix-FTBFS-with-bison-3.patch: Fix parser FTBFS with bison 3

[ Steve Beattie ]
* 0083-libapparmor-require-libtoolize.patch: Fix FTBFS by switching
  the autogen.sh script to use libtoolize instead of libtool

66. By Matthias Klose

Rebuild for python3.4 as a supported python version.

65. By Stéphane Graber

abstractions/nameservice: Also allow access to the sssd nss pipe.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/utopic/apparmor
This branch contains Public information 
Everyone can see this information.

Subscribers