lp:ubuntu/utopic-proposed/apparmor

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

81. By Steve Beattie on 2014-10-09

* Updated to apparmor 2.9.beta4 (aka apparmor 2.8.98)
  - fix logparsing memory leak (LP: #1340927)
  - incorporate fixes to regression testsuite to compensate for
    af_unix mediation, as well as extend test coverage
    (LP: #1375403, LP: #1375516)
  - fix libapparmor's log parsing code to accept additional rejection
    types (LP: #1375413)
  - fix X abstraction for changed lightdm xauthority file locations
    (LP: #1339727)
  - parser: disable downgrade and not enforced rule messages
    by default
  - fix error when using regex profile names in IPC rules
    (LP: #1373085)
  - updates and fixes to the python utilities
  - translation updates

[ Steve Beattie ]
* Removed upstreamed patches:
  drop-peer_addr-with-local-addr-in-base.patch,
  update_socketpair_tests_for_af_unix.patch,
  fix_socketpair_tests.patch, sanitized-helpers-updates.patch,
  01-tests-unix_socket_lists.patch,
  02-tests-accept_unix_rules_in_mkprofile.patch,
  03-tests-unix_sockets_v7_pathnames.patch,
  04-tests-migrate_from_poll_to_sockio_timeout.patch,
  05-tests-add_abstract_socket_tests.patch,
  06-tests-use_socketpair_and_none.patch,
  07-parser-fix_local_perms.patch,
  08-phpsysinfo-policy-updates.patch,
  09-apache2-policy-instructions.patch,
  10-lp1371771.patch, 11-lp1371765.patch,
  lp1169881.patch
* refreshed etc-writable.patch and libapparmor-layout-deb.patch
* debian/control: add breaks on python3-apparmor against older
  apparmor-utils that used to be where python bits lived
  (LP: #1373259)
* debian/apport/source_apparmor.py:
 - fixes the apparmor apport hook so it does not raise an exception if
   a non-unicode character is found in /var/log/kern.log or in
   /var/log/syslog. This should work under python3 or python2.7
   (LP: #1304447)
 - adjusts the add_info() function to take the expected additional ui
   argument, though it has no need for it.
 - converts the log parsing code to use with statements so as not to
   leak open file descriptors
 - updates the set of packages to query to see if installed and if so,
   report the version of.
 - adjust import to make pyflakes job easier
 - minor pep8 cleanups

[ Jamie Strandboge ]
* add-chromium-browser.patch: don't allow writing to the oom score and
  adjust files since this allows chromium to change the values for any
  process matching our UID
* debian/apparmor.upstart: check if click-apparmor md5sums changed so we
  regenerate the policy if it changes too (LP: #1371574)
* debian/apparmor.init: make corresponding upstart change to initscript
* debian/lib/apparmor/functions: fall back to using -n1 if the parser failed
  to load a profile set. This should be removed when the parser properly
  handles profile sets with corrupted profiles (LP: 1377338)
* debian/control: fix typo (LP: #1187447)

80. By Jamie Strandboge on 2014-09-27

add-chromium-browser.patch: user addr=none instead of peer=(addr=none)
(LP: #1374363)

79. By Jamie Strandboge on 2014-09-25

* lp1169881.patch: add /usr/bin/gnome-gmail to ubuntu-email (LP: #1169881)
* debian/control: update Breaks on lxc 1.1.0~alpha1-0ubuntu5~ (LP: #1373555)

78. By Jamie Strandboge on 2014-09-22

[ Jamie Strandboge ]
* sanitized-helpers-updates.patch: update ubuntu-helpers for unix mediation
* 10-lp1371771.patch: don't exit prematurely and fail to load remaining
  policy if encounter a corrupt cache file (LP: #1371771)
* 11-lp1371765.patch: if a cache load fails, attempt to rebuild and load it
  (LP: #1371765)
* debian/lib/apparmor/functions:
  - don't return 0 on parsing failure. Patch thanks to Felix Geyer
    (LP: #1370228)
  - use xargs -n1 when we don't have cache files, but omit it when we do.
    This allows taking full advantage of xargs -P when we need it most,
    without the cost when we don't.

[ Steve Beattie ]
* update_socketpair_tests_for_af_unix.patch,
  fix_socketpair_tests.patch: update socketpair regression tests for
  af_unix socket mediation

77. By Jamie Strandboge on 2014-09-12

* debian/apparmor.{upstart,init}: make sure we always update the .md5sums
  for apparmor-easyprof-ubuntu even when apparmor is updated (before if both
  were updated, aa-clickhook -f would be run on the 1st and 2nd boot rather
  than just the 1st)
* debian/apparmor.postinst: update the cached .md5sums file on upgrade to
  avoid running on install and then again on first boot after upgrade. This
  change only affects apt upgrades and not system-image upgrades since
  system-image upgrades always use the existing .md5sums if they exist (see
  /etc/system-image/writable-paths).
* ubuntu-manpage-updates.patch: adjust for move to upstart job and click
  policy
* debian/lib/apparmor/functions: don't pass costly '-n1' to xargs in
  foreach_configured_profile() when loading valid cache files. This used to
  be needed when apparmor_parser would generate different binary caches when
  compiling policy one profile at a time and all at once. That bug is long
  fixed and removing -n1 gives a significant performance improvement for
  boots with valid cache files (~65% on armhf)

76. By Jamie Strandboge on 2014-09-08

* 08-phpsysinfo-policy-updates.patch: update for new phpsysinfo on Ubuntu
  14.10
* 09-apache2-policy-instructions.patch: update for recent Debian/Ubuntu
  packaging
* debian/control: update Breaks for apparmor-easyprof-ubuntu, libvirt-bin,
  and lightdm. Add Breaks on rsyslog.

75. By Jamie Strandboge on 2014-08-19

* Updates for perl 5.20 multiarch transition
  - debian/libapparmor-perl.install: don't hardcode usr/lib/perl5 but
    instead use $Config{vendorarch} in an executable install file. Make it
    executable
  - debian/control: Build-Depends on debhelper (>= 9) (9 is needed to use
    an executable install file)
  - debian/patches/perl-multiarch.patch:
    + add @{multiarch} paths to perl abstraction
    + update logprof.conf, severity.db and corresponding tests for updated
      perl path

74. By Jamie Strandboge on 2014-07-28

update-nameservice-abstraction-for-extrausers.patch: update nameservice
abstraction to allow passwd and group when using libnss-extrausers

73. By Marc Deslauriers on 2014-06-20

* Updated to r2541 snapshot of 2.8.96:
  - removed upstreamed patches: convert-to-rules.patch, list-fns.patch,
    parse-mode.patch, add-decimal-interp.patch, policy_mediates.patch,
    fix-failpath.patch, feature_file.patch, fix-network.patch,
    aare-to-class.patch, add-mediation-unix.patch, parser_version.patch,
    caching.patch, label-class.patch, fix-lexer-debug.patch,
    use-diff-encode.patch, fix-serialize.patch,
    fix-ppc-endian-ftbfs.patch, opt_arg.patch, tests-cond-dbus.patch,
    initialize-mount-flags.patch, fix-typo-in-dbus_write.patch,
    limited-mount-rule-support.patch, bare-capability-rule-support.patch,
    check-config-for-sysctl.patch, increase-swap-size.patch,
    test-v6-policy.patch, test-mount-mediation.patch,
    mediate-signals.patch, change-signal-syntax.patch,
    mediate-ptrace.patch, change-ptrace-syntax.patch,
    test-signal-rules.patch, test-ptrace-rules.patch,
    update-tests-for-new-semantics.patch,
    fix-garbage-in-preprocessor-output.patch,
    fix-double-comma-in-preprocessor-output.patch,
    symtab-tests-and-seenlist-bug.patch, add-profile-name-variable.patch,
    fix-names-treated-as-condlistid.patch, manpage-signal-ptrace.patch,
    python-utils-file-support.patch, python-utils-signal-support.patch,
    python-utils-ptrace-support.patch,
    python-utils-pivot_root-support.patch.
* Added upstart job (LP: #1305108)
  - debian/apparmor.upstart: new upstart job.
  - debian/apparmor.init: added click handling, move some code to
    unload_obsolete_profiles().
  - debian/lib/apparmor/functions: add unload_obsolete_profiles().
  - debian/apparmor.postinst, debian/apparmor-profiles.postinst: reload
    profiles directly since invoke-rc.d won't allow to do this easily
    with upstart and systemd jobs.
  - debian/rules: pass --no-start to dh_installinit since we're handling
    reloading profiles manually in the postinst scripts.
  - debian/control: add a versioned apparmor Depends to the
    apparmor-profiles package to make sure the required tools are
    installed for the postinst script.

72. By Jamie Strandboge on 2014-04-04

debian/control: add versioned Breaks to apparmor for lxc, libvirt-bin,
lightdm and apparmor-easyprof-ubuntu