lp:~ubuntu-core-dev/apparmor/lucid
- Get this branch:
- bzr branch lp:~ubuntu-core-dev/apparmor/lucid
Branch merges
Related source package recipes
Branch information
Recent revisions
- 1367. By Jamie Strandboge
-
Bring up to date with what was shipped in lucid-proposed and add most recent
lucid-security update* Fix for apparmor_parser not generating correct policy when mixing exec
transitions with and without unconfined fallback transitions.
- debian/patches/ 0013-lp693082. patch: adjust dfa match flag table size
and fix index calculation for pux and cux.
- LP: #693082
* debian/patches/ 0011-lucid- compat- dbus.patch: move /var/lib/ dbus/machine- id
* debian/patches/ 0012-lucid- compat- kde.patch: add kde4-config to kde
+ 0004-ubuntu-abstractions- updates. patch
* debian/patches/ 0009-sensible- browser- pix.patch: use Pix with
sensible-browser
* debian/patches/ 0010-ubuntu- buildd. patch: skip parser caching test if
the AppArmor securityfs introspection directory is not mounted, as
is the case on Ubuntu buildds. - 1365. By Jamie Strandboge
-
* Backport 2.5.1-0ubuntu0.
10.10.1 from maverick for userspace tools to work
with newer kernels (LP: #660077)
NOTE: user-tmp now uses 'owner' match, so non-default profiles will have
to be adjusted when 2 separately confined applications that both use the
user-tmp abstraction depend on being able to cooperatively share files
with each other in /tmp or /var/tmp.
* remove the following patches (features not appropriate for SRU):
- 0002-add-chromium- browser. patch
- 0003-local-includes. patch
- 0004-ubuntu-abstractions- updates. patch
* debian/rules (this makes it the same as what was shipped in 10.04 LTS
release):
- don't ship aa-update-browser and its man page (requires
0004-ubuntu- abstractions- updates. patch)
- don't ship apparmor.d/local/ (requires 0003-local-includes. patch)
- don't use dh_apparmor (not in Ubuntu 10.04 LTS)
- don't ship chromium profile
* remove debian/profiles/ chromium- browser
* remove debian/aa-update- browser*
* debian/apparmor- profiles. postinst: revert to that in lucid release
(requires dh_apparmor and 0002-add-chromium- browser. patch)
* remove debian/apparmor- profiles. postrm: doesn't make sense without
0002-add-chromium- browser. patch
* debian/control:
- revert Build-Depends on debhelper (>= 5)
- revert Standards-Version to 3.8.4
- revert Vcs-Bzr
* debian/patches/ 0009-lucid- compat- dbus.patch: move /var/lib/ dbus/machine- id
back into dbus, since profiles on 10.04 LTS expect it there
* debian/patches/ 0010-lucid- compat- kde.patch: add kde4-config to kde
abstraction, since the firefox profile on Ubuntu 10.04 LTS expects it to
be there
* New upstream release (LP: #660077)
- The following patches were refreshed:
+ 0001-fix-release. patch
+ 0003-local-includes. patch
+ 0008-lp648900.patch: renamed as 0005-lp648900.patch
- The following patches were dropped (included upstream):
+ 0005-lp601583.patch
+ 0006-network-interface- enumeration. patch
+ 0007-gnome-updates. patch
* debian/patches/ 0006-testsuite- fixes.patch: testsuite fixes from head
of 2.5 branch. These are needed for QRT and SRU testing (LP: #652211)
* debian/patches/ 0007-honor- cflags. patch: have the parser makefile honor
CFLAGS environment variable. Brings back missing symbols for the retracer
* debian/patches/ 0008-lp652674. patch: fix warnings for messages without
denied or requested masks (LP: #652674)
* debian/apparmor. init: fix path to aa-status (LP: #654841)
* debian/apport/ source_ apparmor. py: apport hook should use
root_command_ hook() for running apparmor_status (LP: #655529)
* debian/apport/ source_ apparmor. py: use ProcKernelCmdline and don't clobber
cmdline details (LP: #657091)
* debian/{rules, control} : move apache2 abstractions into the base package
so we can put apache2 profiles into the -profiles package without
aa-logprof bailing out. Patch by Marc Deslauriers.
(LP: #539441)
* abstractions/ubuntu- email: adjustment for ever-changing thunderbird path
(LP: #648900)
[ Jamie Strandboge ]
* New upstream RC release (revision 1413). In addition to getting the tools
to work with the maverick kernel, this update fixes:
- LP: #619521
- LP: #633369
- LP: #626451
- LP: #581525
- LP: #623467 (link and unlink still need to be addressed)
* Dropped the following patches, included upstream:
- 0002-lp615177.patch
- 0004-ubuntu-pux.patch
- 0006-kde4-config- pux.patch
- 0007-lp605835.patch
- 0012-lp625041.patch
- 0013-lp623586.patch
* Update the following patches:
- rename 0010-fix-release. patch as 0001-fix- release. patch since this will
likely always need to be here
- rename 0005-add-chromium- browser. patch as
0002-add-chromium- browser. patch
- rename 0001-local-includes. patch as 0003-local- includes. patch and update
to use r1493 (from trunk) of local/README file. This can be dropped in
2.6.
- collect the ubuntu abstractions updates pulled from trunk into
0004-ubuntu- abstractions- updates. patch. This can be dropped in 2.6.
- rename 0008-lp601583.patch as 0005-lp601583.patch. This can be dropped
in 2.5.1 final.
* fix up some lintian warnings:
- debian/control:
+ don't use 'Section' in apparmor-notify, since it is the same as the
source
+ updates Standards-Version to 3.9.1
+ add ${misc:Depends} to libapparmor-dev and apparmor-notify
- add debian/source/ format
- debian/libapache2- mod-apparmor. postrm: use #DEBHELPER#
- debian/libapache2- mod-apparmor. preinst: use #DEBHELPER#
- add debian/watch
* debian/notify/ notify. conf: set show_notificati ons="yes" by default
* debian/patches/ 0006-network- interface- enumeration. patch: allow network
interface enumeration. This can be dropped in 2.5.1 final.
* debian/patches/ 0007-gnome- updates. patch: update for font/icon/mime
locations in current gnome. This can be dropped in 2.5.1 final.
[ Kees Cook ]
* debian/apparmor. init: rename "stop" to "teardown", drop caches on
"stop" and warn about the dangers of "teardown".
* debian/profiles/ chromium- browser: updated to have the proper path to
local/
* debian/patches/ 0011-lp514356+ 573344+ 593413. patch: browser abstraction
updates for /net, kmozillahelper and gnome-appearance-properties
(LP: #593413, LP: #514356, LP: #573344)
* debian/patches/ 0012-lp625041. patch: add sensible-browser (LP: #625041)
* debian/patches/ 0013-lp623586. patch: allow access to ghostscript fonts when
not using defoma (LP: #623586)
* debian/patches/ 0007-lp605835. patch: allow ca-certificates in ssl_certs
abstraction (LP: #605835)
* debian/patches/ 0008-lp601583. patch: adjust X abstraction for newer gdm
(LP: #601583)
* debian/patches/ 0009-lp565753. patch: add ubuntu-feed-readers abstraction
and have ubuntu-browsers. d/multimedia use it (LP: #565753)
* debian/apparmor. config: don't try to read in the existing value from
/etc/apparmor. d/tunables/ home.d/ ubuntu, but instead always use what is
in debconf. (LP: #561694)
* add aa-update-browser for giving a programmatic way to update browser
profiles to use browser abstractions
- add debian/aa-update- browser
- add debian/aa-update- browser. 8
- debian/rules: install aa-update-browser*
* debian/patches/ 0003-ubuntu- browsers- d.patch: updated to generalize java
child profile names
* debian/patches/ 0010-fix- release. patch: update common/Make.rules to use
lsb_release
* debian/patches/ 0001-local- includes. patch: updated to adjust local/README
to have upstream clarifications
* debian/patches/ 0003-ubuntu- browsers- d.patch: add ubuntu-browsers.d/*
abstractions
* debian/patches/ 0004-ubuntu- pux.patch: use 'PUx' instead of 'Ux' in
abstractions/ubuntu- *
* add chromium-browser profile. All this can be removed once
chromium-browser ships its own profile:
- debian/patches/ 0005-add- chromium- browser. patch: add preliminary
profiles/apparmor. d/usr.bin. chromium- browser
- debian/profiles/ chromium- browser: added for use with ubuntu-browsers.d
- debian/rules: ship debian/profiles/ chromium- browser in apparmor-profiles
* don't make /etc/apparmor.d/local/ * from apparmor-profiles conffiles
- debian/control: Build-Depends on debhelper 7.4.20ubuntu5
- debian/rules: use dh_apparmor instead of shipping the files as conffiles
- debian/apparmor- profiles. postinst: move DEBHELPER before initscript
reload
- debian/apparmor- profiles. postrm: added to remove chromium-browser config
file
* debian/patches/ 0006-kde4- config- pux.patch: remove kde4-config from kde
abstraction and add it to kde ubuntu-browsers abstraction
* debian/patches/ 0002-lp615177. patch: 'owner' match in commit 1406 too
strict for /tmp/ and /var/tmp/ (LP: #615177)
* debian/rules: move local/usr.lib.apache2. mpm-prefork. apache2 to
libapache2-mod-apparmor
* Update to upstream bzr revision 1393 from lp:apparmor/2.5.
* add dbus-session abstraction (LP: #566207)
* require owner in user-tmp abstraction (LP: #578922)
* don't use uninitialized $opt_s (LP: #582075)
* allow thunderbird 3 in abstractions/ubuntu- email (LP: #590462)
* allow gmplayer in abstractions/ubuntu- media-players (LP: #591421)
* debian/control: updated branches.
* debian/patches/ 0001-local- includes. patch: backported patch from trunk to
allow local administrators to customize their profiles without modifying
a shipped profile
* debian/rules:
- don't pass RELEASE to libapparmor's 'make install' as it breaks the
build and isn't used by the Makfile anyway
- install apparmor.d/local/ README in apparmor, not apparmor-profiles
- don't install apparmor.d/local/ usr.sbin. ntpd
* Drop the following patches already included upstream:
- 0001-lp538561.patch
- 0002-aalogprof-warnings. patch
- 0003-fix-memleaks. patch
- 0004-lp549557.patch
- 0005-lp538661.patch
- 0006-lp611248.patch
* debian/patches/ 0006-lp611248. patch: allow access to gdk-pixbuf loaders
LP: #611248 - 1361. By Jamie Strandboge
-
refresh 0004-lp549557.patch to handle access to logfiles after we drop privs
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:apparmor/2.12
