ubuntu/+source/apparmor:ubuntu/eoan

Last commit made on 2019-09-09
Get this branch:
git clone -b ubuntu/eoan https://git.launchpad.net/ubuntu/+source/apparmor
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/eoan
Repository:
lp:ubuntu/+source/apparmor

Recent commits

aa4fb23... by Jamie Strandboge on 2019-09-09

Import patches-unapplied version 2.13.3-5ubuntu1 to ubuntu/eoan-proposed

Imported using git-ubuntu import.

Changelog parent: f36f416127687b0c399e81a475dcc788c02fc89c

New changelog entries:
  * Merge new upstream release from Debian. Remaining changes:
    - Ubuntu-specific patches:
      + ubuntu/add-chromium-browser.patch
      + ubuntu/communitheme-snap-support.patch
      + ubuntu/mimeinfo-snap-support.patch
      + ubuntu/parser-conf-no-expr-simplify.patch
      + ubuntu/profiles-grant-access-to-systemd-resolved.patch
    - debian/apparmor.{install,maintscript}: feature pinning is not used in
      Ubuntu
    - debian/apparmor.preinst: remove cache files on upgrade to 2.13
    - debian/apparmor-profiles.install: install Ubuntu chromium-browser
      profile and abstraction
    - debian/apparmor-profiles.lintian-overrides: update for chromium-browser
      profile having read access to dpkg database for lsb-release
    - debian/apparmor-profiles.postinst: ubuntu-browsers.d/chromium-browser
      abstraction if it doesn't exist
    - debian/control: adjust the Vcs-{Browser,Git} control fields to reflect
      the branch where the Ubuntu packaging is maintained.
    - debian/gbp.conf: use ubuntu/master as the debian-branch
    - debian/patches/series: comment out debian-only patches
    - debian/tests/control and debian/tests/compile-policy: don't test
      thunderbird since the Ubuntu packaging doesn't ship a profile
  * Drop the following patches, no longer needed:
    - ubuntu/dont-include-site-local-with-dovecot.patch
    - lp1820068.patch
    - upstream-commit-fix-segfault-in-overlaydirat_for_each.patch
    - upstream-commit-add-option-to-dump-policy-cache-with-libapparmor.patch
    - upstream-commit-teach-aa_policy_cache_sh-about-the-new-cache.patch
    - upstream-commit-fix-segfault-when-loading-policy-cache-files.patch
    - upstream-commit-fix-variable-name-overlap-in-merge-macro.patch
  * upstream-dont-allow-fontconfig-cache-write.patch: don't allow write of
    fontconfig cache files
  * upstream-tests-mult-mount-bump-size-of-created-disk.patch: regression
    tests/mult_mount: bump size of created disk image

f36f416... by intrigeri on 2019-09-08

Import patches-unapplied version 2.13.3-5 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 09efc73317135baf675b99046482fe14022150ea

New changelog entries:
  * upstream-mr-419-Xwayland-vs-recent-mutter.patch: new patch (Closes: #935058)

09efc73... by intrigeri on 2019-07-27

Import patches-unapplied version 2.13.3-4 to debian/sid

Imported using git-ubuntu import.

Changelog parent: beca7551164e27cad936cd7b48235b48dcebc4a6

New changelog entries:
  * New patch, cherry-picked and adapted from Ubuntu: don't include local/
    snippets in the Dovecot profiles. These inclusions of non-existing files
    break aa-genprof (Closes: #928160).
  * Merge ubuntu/2.13.2-9ubuntu7, which turns out to be a no-op, because
    we essentially revert all changes brought by this merge:
    - Drop lp1820068.patch, introduced in 2.13.2-9ubuntu7: it's included
      in the 2.13.3 upstream release already.
    - Don't enable ubuntu/parser-conf-no-expr-simplify.patch, that Ubuntu just
      re-enabled: in Debian we don't disable expression tree simplification,
      because we've cherry-picked an upstream patch that improves its
      performance sufficiently.

beca755... by intrigeri on 2019-07-23

Import patches-unapplied version 2.13.3-3 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 8e446387471240be02d7b81700b98de0eaa609cc

New changelog entries:
  [ Michael Biebl ]
  * Move libraries back to /usr/lib
  [ intrigeri ]
  * Remove Lintian override made obsolete by the move to /usr/lib/apparmor/
  * Avoid-blhc-CPPFLAGS-missing-false-positive.patch: new patch.
  * Revert "debian/control: Breaks on snapd < 2.38~"
    Jamie Strandboge explained in details on #932815 the rationale behind this
    Breaks relationship. The user impact seems non-critical and the risk of the
    problem happening in practice is very low, so for now let's remove this
    Breaks, that prevents apparmor from migrating to testin (we don't have
    snapd 2.38+ in Debian yet).

8e44638... by intrigeri on 2019-07-17

Import patches-unapplied version 2.13.3-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 7c2b479e8367fdb640f81a503ed95e24efcfa4bf

New changelog entries:
  * Install the lsb_release profile.
  * Import new 2.13.3 upstream release and accordingly:
    - Update dev-pkg-without-shlib-symlink Lintian override: soname
      was bumped to 1.6.1.
    - Drop patches that were applied upstream.
  * Merge ubuntu/2.13.2-9ubuntu6, dropping the Ubuntu delta (Closes: #926015):
    - lp1824812.patch: set SFS_MOUNTPOINT in is_container_with_internal_policy()
      since it is sometimes called independently of is_apparmor_loaded()
      (LP: #1824812)
    - debian/apparmor.postrm: remove parser-created subdirs
    - debian/tests/control: try Ubuntu kernel but mark skip-not-installable
    - regression testsuite fixes:
      upstream-commit-add-option-to-dump-policy-cache-with-libapparmor.patch,
      upstream-commit-teach-aa_policy_cache_sh-about-the-new-cache.patch,
      upstream-commit-fix-variable-name-overlap-in-merge-macro.patch
    - debian/debhelper/postrm-apparmor: also remove cache files
    - debian/control: Breaks on snapd < 2.38~ (the cache forest breaks snap
      remove)
  * Declare compatibility with Debian Policy 4.4.0.
  * Bump debhelper compatibility level to 12. Accordingly:
    - dh_installinit: replace --no-restart-on-upgrade with its new
      --no-stop-on-upgrade name
    - Add override_dh_installsystemd that mimics our override_dh_installinit
  * tests/compile-policy: check syntax of kopano profiles (implements
    #923313 except kopano-search, until giraffe-team/kopanocore!4 is merged
    and uploaded)

7c2b479... by Jamie Strandboge on 2019-04-15

Import patches-unapplied version 2.13.2-9ubuntu6 to ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: 3d828be0225850ec5c3dd1f01fa8657c937ac8ea

New changelog entries:
  * lp1824812.patch: set SFS_MOUNTPOINT in is_container_with_internal_policy()
    since it is sometimes called independently of is_apparmor_loaded()
    - LP: #1824812

3d828be... by Jamie Strandboge on 2019-04-02

Import patches-unapplied version 2.13.2-9ubuntu5 to ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: 32f8c080edf632620f1ec4b0e90ad04293a4ec06

New changelog entries:
  * ubuntu/dont-include-site-local-with-dovecot.patch: don't include local/
    files in the dovecot extras profiles since the included path may not
    exist

32f8c08... by Jamie Strandboge on 2019-03-27

Import patches-unapplied version 2.13.2-9ubuntu4 to ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: 31e6eb0614ac00d1db838244b57d7e66d94507d0

New changelog entries:
  * debian/tests/control and debian/tests/compile-policy: don't test
    thunderbird since the Ubuntu packaging doesn't ship a profile

31e6eb0... by Jamie Strandboge on 2019-03-27

Import patches-unapplied version 2.13.2-9ubuntu3 to ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: 311ad46660024549a66e905f523ef078ed6c79ad

New changelog entries:
  * debian/tests/control: try Ubuntu kernel but mark skip-not-installable
  * debian/apparmor-profiles.postinst: add back copying
    ubuntu-browsers.d/chromium-browser (LP: #1821920)
  * debian/apparmor.postrm: remove parser-created subdirs

311ad46... by Jamie Strandboge on 2019-03-26

Import patches-unapplied version 2.13.2-9ubuntu2 to ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: d0c45f18ae693c81f66d7538868da270bd77c650

New changelog entries:
  * debian/debhelper/postrm-apparmor: don't quote the glob
  * debian/apparmor.preinst: remove cache files on upgrade to 2.13
  * New 2.13.2 release for Ubuntu (LP: #1817799). Notable changes:
    - Upstream AppArmor introduces the new cache forest rather than a single
      toplevel global cache directory which improves boot speed when booting
      between kernels with different feature sets. This cache forest is located
      in /var/cache/apparmor instead of /etc/apparmor.d/cache
    - This release uses a proper systemd unit rather than calling out to the
      SysV initscript
  * Merge from Debian (LP: #1817799). Remaining changes:
    - Ubuntu-specific patches:
      + ubuntu/add-chromium-browser.patch
      + ubuntu/communitheme-snap-support.patch
      + ubuntu/mimeinfo-snap-support.patch
      + ubuntu/profiles-grant-access-to-systemd-resolved.patch
    - debian/apparmor-profiles.install: install Ubuntu chromium-browser
      profile and abstraction
    - debian/apparmor.{install,maintscript}: feature pinning is not used in
      Ubuntu
    - debian/control: adjust the Vcs-{Browser,Git} control fields to reflect
      the branch where the Ubuntu packaging is maintained.
    - debian/gbp.conf: use ubuntu/master as the debian-branch
  * Drop the following patches, no longer needed:
    - ubuntu/parser-include-usr-share-apparmor.patch
    - e99fa6c6054fa10a2b49d30967e993bd5764e77f.patch: cherry-pick upstream
      patch for usr-merge for useradd profile
    - ubuntu/lp1788929+1794848.patch
  * Do not apply the following Debian-specific patches:
    - d-only/pin-feature-set.patch
    - d-only/Document-which-AppArmor-features-are-not-supported-on-Deb.patch
  * debian/put-all-profiles-in-complain-mode.sh: nvidia_modprobe should be in
    enforce mode
  * add but don't apply ubuntu/parser-conf-no-expr-simplify.patch: disable
    expr tree simplification to greatly speed up armhf. We might consider
    making this change armhf specific and/or limiting it to only the snapd
    policy in the future. (LP: 1383858). Once LP: 1820068 is fixed, we can
    reenable this patch
  * debian/control: Breaks on snapd < 2.38~ (the cache forest breaks snap
    remove)
  * debian/debhelper/postrm-apparmor: also remove cache files
  * add upstream-commit-fix-segfault-in-overlaydirat_for_each.patch
  * regression testsuite fixes:
    - upstream-commit-add-option-to-dump-policy-cache-with-libapparmor.patch
    - upstream-commit-teach-aa_policy_cache_sh-about-the-new-cache.patch
    - upstream-commit-fix-segfault-when-loading-policy-cache-files.patch
    - upstream-commit-fix-variable-name-overlap-in-merge-macro.patch
  * debian/apparmor-profiles.lintian-overrides: update for chromium-browser
    profile having read access to dpkg database for lsb-release