ubuntu/+source/apparmor:ubuntu/cosmic

Last commit made on 2018-09-28
Get this branch:
git clone -b ubuntu/cosmic https://git.launchpad.net/ubuntu/+source/apparmor
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/cosmic
Repository:
lp:ubuntu/+source/apparmor

Recent commits

1fdff2d... by Jamie Strandboge on 2018-09-27

Import patches-unapplied version 2.12-4ubuntu8 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: 6cba87070dbe6721130a1ee500282d503a671cf9

New changelog entries:
  * lp1788929+1794848.patch:
    - disallow writes to thumbnailer dir (LP: #1788929)
    - disallow access to the dirs of private files (LP: #1794848)

6cba870... by Dimitri John Ledkov on 2018-08-01

Import patches-unapplied version 2.12-4ubuntu7 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: 4d417a774626c77b7c4b1972b31b36b28c93f9d0

New changelog entries:
  * Cherry-pick upstream patch for usr-merge for useradd profile.
  * Update chromium-browser profile with latest from profiles project.
  * Fixes LP: #1784023

4d417a7... by Matthias Klose on 2018-06-28

Import patches-unapplied version 2.12-4ubuntu6 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: 19209d8fffd07cda1e32abec2ff356ac90c791d9

New changelog entries:
  * No-change rebuild to build for python3.7.

19209d8... by Jamie Strandboge on 2018-04-17

Import patches-unapplied version 2.12-4ubuntu5 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: a5c9eb590c7032d78ae8580605c464c4c30259df

New changelog entries:
  [ Didier Roche ]
  * debian/patches/ubuntu/communitheme-snap-support.patch:
    - support communitheme snap (LP: #1762983)
  [ Jamie Strandboge ]
  * debian/patches/ubuntu/add-chromium-browser.patch: adjust for newer
    chromium (LP: #1101298, LP: #1594589, LP: #1647142)
    - add attach_disconnected
    - allow reading /proc/vmstat
    - don't require owner match for /proc/pid/{stat,status} and task
      counterparts
    - adjust pci[0-9] to be pci[0-9a-f]
    - allow reading all uevents and /sys/devices/virtual/tty/tty0/active
    - allow ptracing xdgsettings and lsb-release
    - xdgsettings uses head and tr and looks at /usr/share/ubuntu/applications/
    - lsb-release uses python 3.6 and looks at apport, apt.conf, dpkg and
      distro-info
    - use 'm' on on sandbox
  * debian/patches/ubuntu/mimeinfo-snap-support.patch: allow reading
    /var/lib/snapd/desktop/applications *.desktop and mimeinfo.cache
    (LP: #1712039)

a5c9eb5... by Jamie Strandboge on 2018-04-04

Import patches-unapplied version 2.12-4ubuntu4 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: 42820d523519341c9e0c52ee353cf827b3eee9c7

New changelog entries:
  * Remove another Ubuntu Touch profile (LP: #1761176)
    - debian/control: Breaks on messaging-app
    - debian/postinst: on upgrade, remove profile for usr.bin.messaging-app

42820d5... by Jamie Strandboge on 2018-04-03

Import patches-unapplied version 2.12-4ubuntu3 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: 7569e2aef2cc320553b44270e403eac9c3e21a73

New changelog entries:
  * Remove old Ubuntu Touch profiles for packages removed from the archive
    since they need apparmor-easyprof-ubuntu to compile, and it was also
    removed from the archive (LP: #1756800)
    - debian/control: Breaks on media-hub, mediascanner2.0 and webbrowser-app
    - debian/postinst: on upgrade, remove profiles for usr.bin.webbrowser-app,
      usr.bin.media-hub-server, usr.lib.mediascanner-2.0.mediascanner-extractor
      and usr.bin.mediascanner-service-2.0

7569e2a... by Jamie Strandboge on 2018-03-22

Import patches-unapplied version 2.12-4ubuntu2 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: ceb6d62ee0293f308b0daa6f5b2d9157791f5633

New changelog entries:
  * Remove old click and snapv1 support since those packages no longer exist
    in bionic
    - debian/apparmor.dirs: don't install /var/lib/apparmor/profiles
    - debian/apparmor.init: remove click and snapv1 additions
    - debian/apparmor.postinst: don't update the md5sums for click/snapv1
    - debian/apparmor.postrm: remove code for handling
      /var/lib/apparmor/profiles
    - debian/apparmor.preinst: remove md5sums files from
      /var/lib/apparmor/profiles
    - debian/lib/apparmor/functions: remove compare_and_save_debsums() and
      compare_previous_version() since nothing in the archive uses them any
      more. For now, leave snap v2 support, but eventually we'll want to move
      to the upstream init recommendations
  * profiles-grant-access-to-systemd-resolved.patch: fix typo in DEP-3 headers

ceb6d62... by Tyler Hicks on 2018-03-19

Import patches-unapplied version 2.12-4ubuntu1 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: 71e16392b27abbe50d2fab29129d00156d1948d0

New changelog entries:
  [ Tyler Hicks ]
  * Merge from Debian to get gbp-pq related packaging improvements. Thanks to
    intrigeri for making those improvements! Remaining Ubuntu changes:
    - debian/gbp.conf: Use ubuntu/master as the debian-branch
    - Update package maintainer to be Ubuntu Developers in the control file
    - Call handle_system_policy_package_updates in apparmor.init.
      This is needed for snappy and system-images. Note that this prevents
      using a remove /var.
    - Apply Ubuntu-specific patches
      + parser-include-usr-share-apparmor.patch
      + profiles-grant-access-to-systemd-resolved.patch
      + add-chromium-browser.patch
    - Install Ubuntu chromium-browser profile and abstraction
    - Feature pinning is not used in Ubuntu
  [ intrigeri ]
  * Adjust the Vcs-{Browser,Git} control fields to reflect the branch where
    the Ubuntu packaging is maintained.

71e1639... by intrigeri on 2018-03-18

Import patches-unapplied version 2.12-4 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 0b062c3c659a01e0c871e633744834c55c91a35b

New changelog entries:
  * Migrate patch handling to gbp-pq (Closes: #888244).
  * Merge 2.12-3ubuntu1 (dropping the Ubuntu delta):
    - upstream-commit-46f88f5-properly-identify-empty-ouid-fsuid-fields.patch:
      new patch, properly identify empty ouid/fsuid fields in logs.
    - upstream-commit-130958a-allow-shell-helper-read-locale.patch:
      new patch, allow the shell helper regression test program read
      the locale.

0b062c3... by Tyler Hicks on 2018-03-15

Import patches-unapplied version 2.12-3ubuntu1 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: 9da7ffcf9229d99eecba0a709b4de9f1d0971d18

New changelog entries:
  * New upstream bug fix release. Bugs fixed:
    - abstraction/nameservice should include allow access to
      /var/lib/sss/mc/initgroups (LP: #1751402)
    - Cannot Add Request Hat or Use Default Hat in aa-logprof and mod_apparmor
      (LP: #1752365)
    - python tools do not understand 'non-magic' include rules (LP: #1733700)
    - "Unable to open external link" in Evince when google-chrome-unstable is
      the default browser (LP: #1730536)
    - apparmor_parser is missing fix for rule down grades (LP: #1728120)
    - base abstraction missing glibc /proc/$pid/ things (LP: #1658239)
    - logparser.py parse_event_for_tree() doesn't care about owner vs. all in
      file events(LP: #1538340)
    - aa-decode can't decode the audit log which contains the proctitle string
      (LP: #1736841)
    - aa-logprof asks for "a" rule even if "deny w" is present (LP: #1385474)
  * Merge from Debian. Remaining Ubuntu changes:
    - debian/gbp.conf: Use ubuntu/master as the debian-branch
    - Update package maintainer to be Ubuntu Developers in the control file
    - Call handle_system_policy_package_updates in apparmor.init.
      This is needed for snappy and system-images. Note that this prevents
      using a remove /var.
    - Apply Ubuntu-specific patches
      + parser-include-usr-share-apparmor.patch
      + profiles-grant-access-to-systemd-resolved.patch
      + add-chromium-browser.patch
    - Install Ubuntu chromium-browser profile and abstraction
  * Dropped patches that were not merged upstream:
    - ubuntu-manpage-updates.patch: The changes were out of date because
      they only addressed upstart based systems
    - utils-keep-shebang.patch: A different solution was merged upstream
      so that the shebang lines aren't rewritten
  * Feature pinning is not used in Ubuntu
  * Properly identify empty ouid/fsuid fields in logs
  * Allow the shell helper regression test program read the locale