lp:ubuntu/utopic-proposed/apparmor
- Get this branch:
- bzr branch lp:ubuntu/utopic-proposed/apparmor
Branch merges
Branch information
Recent revisions
- 81. By Steve Beattie
-
* Updated to apparmor 2.9.beta4 (aka apparmor 2.8.98)
- fix logparsing memory leak (LP: #1340927)
- incorporate fixes to regression testsuite to compensate for
af_unix mediation, as well as extend test coverage
(LP: #1375403, LP: #1375516)
- fix libapparmor's log parsing code to accept additional rejection
types (LP: #1375413)
- fix X abstraction for changed lightdm xauthority file locations
(LP: #1339727)
- parser: disable downgrade and not enforced rule messages
by default
- fix error when using regex profile names in IPC rules
(LP: #1373085)
- updates and fixes to the python utilities
- translation updates[ Steve Beattie ]
* Removed upstreamed patches:
drop-peer_addr- with-local- addr-in- base.patch,
update_socketpair_ tests_for_ af_unix. patch,
fix_socketpair_tests. patch, sanitized- helpers- updates. patch,
01-tests-unix_socket_ lists.patch,
02-tests-accept_ unix_rules_ in_mkprofile. patch,
03-tests-unix_sockets_ v7_pathnames. patch,
04-tests-migrate_ from_poll_ to_sockio_ timeout. patch,
05-tests-add_abstract_ socket_ tests.patch,
06-tests-use_socketpair_ and_none. patch,
07-parser-fix_local_ perms.patch,
08-phpsysinfo-policy- updates. patch,
09-apache2-policy- instructions. patch,
10-lp1371771.patch, 11-lp1371765.patch,
lp1169881.patch
* refreshed etc-writable.patch and libapparmor-layout- deb.patch
* debian/control: add breaks on python3-apparmor against older
apparmor-utils that used to be where python bits lived
(LP: #1373259)
* debian/apport/ source_ apparmor. py:
- fixes the apparmor apport hook so it does not raise an exception if
a non-unicode character is found in /var/log/kern.log or in
/var/log/syslog. This should work under python3 or python2.7
(LP: #1304447)
- adjusts the add_info() function to take the expected additional ui
argument, though it has no need for it.
- converts the log parsing code to use with statements so as not to
leak open file descriptors
- updates the set of packages to query to see if installed and if so,
report the version of.
- adjust import to make pyflakes job easier
- minor pep8 cleanups[ Jamie Strandboge ]
* add-chromium-browser. patch: don't allow writing to the oom score and
adjust files since this allows chromium to change the values for any
process matching our UID
* debian/apparmor. upstart: check if click-apparmor md5sums changed so we
regenerate the policy if it changes too (LP: #1371574)
* debian/apparmor. init: make corresponding upstart change to initscript
* debian/lib/apparmor/ functions: fall back to using -n1 if the parser failed
to load a profile set. This should be removed when the parser properly
handles profile sets with corrupted profiles (LP: 1377338)
* debian/control: fix typo (LP: #1187447) - 80. By Jamie Strandboge
-
add-chromium-
browser. patch: user addr=none instead of peer=(addr=none)
(LP: #1374363) - 79. By Jamie Strandboge
-
* lp1169881.patch: add /usr/bin/
gnome-gmail to ubuntu-email (LP: #1169881)
* debian/control: update Breaks on lxc 1.1.0~alpha1-0ubuntu5~ (LP: #1373555) - 78. By Jamie Strandboge
-
[ Jamie Strandboge ]
* sanitized-helpers- updates. patch: update ubuntu-helpers for unix mediation
* 10-lp1371771.patch: don't exit prematurely and fail to load remaining
policy if encounter a corrupt cache file (LP: #1371771)
* 11-lp1371765.patch: if a cache load fails, attempt to rebuild and load it
(LP: #1371765)
* debian/lib/apparmor/ functions:
- don't return 0 on parsing failure. Patch thanks to Felix Geyer
(LP: #1370228)
- use xargs -n1 when we don't have cache files, but omit it when we do.
This allows taking full advantage of xargs -P when we need it most,
without the cost when we don't.[ Steve Beattie ]
* update_socketpair_ tests_for_ af_unix. patch,
fix_socketpair_tests. patch: update socketpair regression tests for
af_unix socket mediation - 77. By Jamie Strandboge
-
* debian/
apparmor. {upstart, init}: make sure we always update the .md5sums
for apparmor-easyprof- ubuntu even when apparmor is updated (before if both
were updated, aa-clickhook -f would be run on the 1st and 2nd boot rather
than just the 1st)
* debian/apparmor. postinst: update the cached .md5sums file on upgrade to
avoid running on install and then again on first boot after upgrade. This
change only affects apt upgrades and not system-image upgrades since
system-image upgrades always use the existing .md5sums if they exist (see
/etc/system- image/writable- paths).
* ubuntu-manpage- updates. patch: adjust for move to upstart job and click
policy
* debian/lib/apparmor/ functions: don't pass costly '-n1' to xargs in
foreach_configured_ profile( ) when loading valid cache files. This used to
be needed when apparmor_parser would generate different binary caches when
compiling policy one profile at a time and all at once. That bug is long
fixed and removing -n1 gives a significant performance improvement for
boots with valid cache files (~65% on armhf) - 76. By Jamie Strandboge
-
* 08-phpsysinfo-
policy- updates. patch: update for new phpsysinfo on Ubuntu
14.10
* 09-apache2-policy- instructions. patch: update for recent Debian/Ubuntu
packaging
* debian/control: update Breaks for apparmor-easyprof- ubuntu, libvirt-bin,
and lightdm. Add Breaks on rsyslog. - 75. By Jamie Strandboge
-
* Updates for perl 5.20 multiarch transition
- debian/libapparmor- perl.install: don't hardcode usr/lib/perl5 but
instead use $Config{vendorarch} in an executable install file. Make it
executable
- debian/control: Build-Depends on debhelper (>= 9) (9 is needed to use
an executable install file)
- debian/patches/ perl-multiarch. patch:
+ add @{multiarch} paths to perl abstraction
+ update logprof.conf, severity.db and corresponding tests for updated
perl path - 74. By Jamie Strandboge
-
update-
nameservice- abstraction- for-extrausers. patch: update nameservice
abstraction to allow passwd and group when using libnss-extrausers - 73. By Marc Deslauriers
-
* Updated to r2541 snapshot of 2.8.96:
- removed upstreamed patches: convert-to-rules. patch, list-fns.patch,
parse-mode.patch, add-decimal- interp. patch, policy_ mediates. patch,
fix-failpath. patch, feature_file.patch, fix-network.patch,
aare-to-class. patch, add-mediation- unix.patch, parser_ version. patch,
caching.patch, label-class.patch, fix-lexer-debug.patch,
use-diff-encode. patch, fix-serialize. patch,
fix-ppc-endian- ftbfs.patch, opt_arg.patch, tests-cond- dbus.patch,
initialize-mount-flags. patch, fix-typo- in-dbus_ write.patch,
limited-mount-rule- support. patch, bare-capability -rule-support. patch,
check-config- for-sysctl. patch, increase- swap-size. patch,
test-v6-policy. patch, test-mount- mediation. patch,
mediate-signals. patch, change- signal- syntax. patch,
mediate-ptrace. patch, change- ptrace- syntax. patch,
test-signal- rules.patch, test-ptrace- rules.patch,
update-tests-for- new-semantics. patch,
fix-garbage- in-preprocessor -output. patch,
fix-double- comma-in- preprocessor- output. patch,
symtab-tests-and- seenlist- bug.patch, add-profile- name-variable. patch,
fix-names-treated- as-condlistid. patch, manpage- signal- ptrace. patch,
python-utils-file- support. patch, python- utils-signal- support. patch,
python-utils-ptrace- support. patch,
python-utils-pivot_ root-support. patch.
* Added upstart job (LP: #1305108)
- debian/apparmor. upstart: new upstart job.
- debian/apparmor. init: added click handling, move some code to
unload_obsolete_ profiles( ).
- debian/lib/apparmor/ functions: add unload_ obsolete_ profiles( ).
- debian/apparmor. postinst, debian/ apparmor- profiles. postinst: reload
profiles directly since invoke-rc.d won't allow to do this easily
with upstart and systemd jobs.
- debian/rules: pass --no-start to dh_installinit since we're handling
reloading profiles manually in the postinst scripts.
- debian/control: add a versioned apparmor Depends to the
apparmor-profiles package to make sure the required tools are
installed for the postinst script. - 72. By Jamie Strandboge
-
debian/control: add versioned Breaks to apparmor for lxc, libvirt-bin,
lightdm and apparmor-easyprof- ubuntu
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/vivid/apparmor