apparmor (4.0.1really4.0.1-0ubuntu0.24.04.4) noble; urgency=medium
* d/p/u/fix-redefinition-of-ignored-var.patch Fixes a regression caused by a
commit that changed the number of return values for the
get_next_to_profile() function. This patch is backported from upstream
(LP: #2078467)
-- Bryan Fraschetti <bryan.fraschetti@canonical.com> Wed, 19 Mar 2025 18:09:43 +0000
apparmor (4.0.1really4.0.1-0ubuntu0.24.04.3) noble; urgency=medium
* Revert to version 4.0.1-0ubuntu0.24.04.2 except for the patch
that enables the bwrap-userns-restrict profile (LP: #2072811).
* New upstream release.
(LP: #2064672, LP: #2046844, LP: #2060100, LP: #2056297)
* Drop patches which have now been applied upstream
- d/p/u/parser-fix-issues-appointed-by-coverity.patch
- d/p/u/profiles-add-unconfined-profile-for-tuxedo-control-c.patch
- d/p/u/parser-support-uin128_t-key-as-a-pair-of-uint64_t-nu.patch
- d/p/u/Minor-improvements-for-MountRule.patch
* Add patch to add balena-etcher profile (LP: #2046844)
- d/p/u/profiles-add-unconfined-balena-etcher-profile.patch
* Add upstream patch to relax mount rules to fix use of virtiofs and
other file-system types
- d/p/u/mountrule-relaxing-constraints-on-fstype.patch
* Refresh
- d/p/u/samba-systemd-interaction.patch
- d/p/u/parser-add-support-for-prompting.patch
- Add condition in policydb serialization to only encode xtable if
kernel_supports_permstable32
* Fix d/p/u/userns-runtime-disable.patch to work when
kernel.apparmor_restrict_unprivileged_userns does not exist by adding
-e to sysctl.
* d/apparmor-profiles.install
- install new profile
- unshare-userns-restrict
- bwrap-userns-restrict
* d/apparmor.install
- install new profiles
- wike - changed installation from apparmor to apparmor.d
- foliate
- balena-etcher
- transmission
* d/control: Remove obsolete lsb-base Depends and swap pkg-config to
pkgconf for Build-Depends
-- Georgia Garcia <georgia.garcia@canonical.com> Thu, 18 Jul 2024 15:28:46 -0300
apparmor (4.0.1really4.0.0-beta3-0ubuntu0.1) noble; urgency=medium
* Due to regression, revert changes in previous update back to a
source tree equivalent to 4.0.0-beta3-0ubuntu3 (LP: #2072811).
* This drops /etc/apparmor.d/bwrap-userns-restrict, allowing various
Flatpak apps to save files again.
* d/apparmor.maintscript: rm_conffile on the following in
/etc/apparmor.d/ to properly revert conffiles introduced in the
update being reverted:
- abstractions/transmission-common
- balena-etcher
- bwrap-userns-restrict
- foliate
- transmission
- wike
-- Robie Basak <robie.basak@ubuntu.com> Sun, 14 Jul 2024 22:25:31 +0000
apparmor (4.0.1-0ubuntu0.24.04.2) noble; urgency=medium
[Georgia Garcia]
* New upstream release. (LP: #2064672)
* Refresh
- d/p/u/parser-add-support-for-prompting.patch
- Add condition in policydb serialization to only encode xtable if
kernel_supports_permstable32
* Add patch to add balena-etcher profile (LP: #2046844)
- d/p/u/profiles-add-unconfined-balena-etcher-profile.patch
* Fix d/p/u/userns-runtime-disable.patch to work when
kernel.apparmor_restrict_unprivileged_userns does not exist by adding
-e to sysctl.
* d/apparmor.install
- install new profiles
- wike - changed installation from apparmor to apparmor.d
- foliate
- balena-etcher
- transmission
[Alex Murray]
* Add upstream patch to relax mount rules to fix use of virtiofs and
other file-system types
- d/p/u/mountrule-relaxing-constraints-on-fstype.patch
* Remove patches which got dropped from quilt series earlier
- d/p/u/parser-support-uin128_t-key-as-a-pair-of-uint64_t-nu.patch
- d/p/u/Minor-improvements-for-MountRule.patch
* d/control: Remove obsolete lsb-base Depends and swap pkg-config to
pkgconf for Build-Depends
-- Georgia Garcia <georgia.garcia@canonical.com> Tue, 30 Apr 2024 14:12:01 -0300
apparmor (4.0.0-beta4-0ubuntu1) noble; urgency=medium
* New upstream release.
(LP: #2046844, LP: #2060100, LP: #2056297)
* Refresh
- d/p/u/samba-systemd-interaction.patch
* Drop patches which have now been applied updatea
- d/p/u/parser-fix-issues-appointed-by-coverity.patch
- d/p/u/profiles-add-unconfined-profile-for-tuxedo-control-c.patch
* Add patch to enable bwrap profile
- d/p/u/enable-bwrap-profile.patch
(LP: #2046844, LP: #2065708)
* d/apparmor.install
- install new profile
- bwrap-userns-restrict
* d/apparmor-profiles.install
- install new profile
- unshare-userns-restrict
-- John Johansen <johnjohansen@canonical.com> Mon, 08 Apr 2024 03:40:37 -0700
apparmor (4.0.0-beta3-0ubuntu3) noble; urgency=medium
* No-change rebuild for CVE-2024-3094
-- Steve Langasek <steve.langasek@ubuntu.com> Sun, 31 Mar 2024 07:27:03 +0000
apparmor (4.0.0-beta3-0ubuntu2) noble; urgency=medium
* d/apparmor.install
- install new profiles
- geary
- goldendict
- kchmviewer
- loupe
- notepadqq
- pageedit
- privacybrowser
- qmapshack
- qutebrowser
- rssguard
- scide
- tuxedo-control-center
- unix-chkpwd
-- John Johansen <johnjohansen@canonical.com> Mon, 18 Mar 2024 18:34:14 -0700
apparmor (4.0.0-beta3-0ubuntu1) noble; urgency=medium
* New upstream release.
(LP: #2058329, LP: #2056747, LP: #2056739, LP: #2046844)
* Refresh patches
- d/p/u/samba-systemd-interaction.patch
- d/p/u/parser-add-support-for-prompting.patch
* Drop patches which have now been applied upstream
- ubuntu/parser-support-uin128_t-key-as-a-pair-of-uint64_t-nu.patch
- ubuntu/Minor-improvements-for-MountRule.patch
* Add patches from upstream that are post Beta3 and will be in Beta4
- d/p/u/parser-fix-issues-appointed-by-coverity.patch
- d/p/u/profiles-add-unconfined-profile-for-tuxedo-control-c.patch
(LP: #2046844)
-- John Johansen <johnjohansen@canonical.com> Mon, 18 Mar 2024 16:48:32 -0700
apparmor (4.0.0~beta2-0ubuntu3) noble; urgency=medium
* Add fix for failing mount rule tests
- d/p/u/Minor-improvements-for-MountRule.patch
-- John Johansen <johnjohansen@canonical.com> Thu, 07 Mar 2024 11:32:22 -0800
apparmor (4.0.0~beta2-0ubuntu2) noble; urgency=medium
* No-change update .changes file to include everything from 4.0.0~alpha4-0ubuntu1
-- John Johansen <johnjohansen@canonical.com> Wed, 06 Mar 2024 22:08:28 -0800
apparmor (4.0.0~beta2-0ubuntu1) noble; urgency=medium
* New upstream release.
* Refresh patches
- d/p/u/parser-add-support-for-prompting.patch
-- John Johansen <johnjohansen@canonical.com> Wed, 06 Mar 2024 18:29:50 -0800
apparmor (4.0.0~beta1-0ubuntu4) noble; urgency=medium
* Add fix for 32 bit architectures
- d/p/u/parser-support-uin128_t-key-as-a-pair-of-uint64_t-nu.patch
-- John Johansen <johnjohansen@canonical.com> Thu, 29 Feb 2024 17:32:43 -0800
apparmor (4.0.0~beta1-0ubuntu3) noble; urgency=medium
* Update uint128_t define
- d/p/u/parser-add-support-for-prompting.patch
-- John Johansen <johnjohansen@canonical.com> Thu, 29 Feb 2024 16:42:15 -0800
apparmor (4.0.0~beta1-0ubuntu2) noble; urgency=medium
* Add feature support patches for prompt
- d/p/u/parser-add-support-for-prompting.patch
-- John Johansen <johnjohansen@canonical.com> Thu, 29 Feb 2024 16:12:32 -0800
apparmor (4.0.0~beta1-0ubuntu1) noble; urgency=medium
* New upstream release.
* Drop patches which have now been applied upstream
- d/p/u/add-keybase-unconfined-profile.patch
- d/p/u/add-more-unconfined-profiles.patch
- d/p/u/tests-fix-usr-merge-failures-on-exec-and-regex-tests.patch
- d/p/u/tests-handle-unprivileged_userns-transition-in-usern.patch
* Refresh patches
- d/p/u/samba-systemd-interaction.patch
* d/apparmor.install
- install new profiles
- nautilus
- element-desktop
* d/control: add build-dependency on autoconf-archive
-- Georgia Garcia <georgia.garcia@canonical.com> Thu, 29 Feb 2024 19:33:32 -0300
apparmor (4.0.0~alpha4-0ubuntu1) noble; urgency=medium
[Georgia Garcia]
* New upstream release.
* Add unconfined profiles to support the use unprivileged user namespace
(LP: #2052297, LP: #2046844)
- d/p/u/add-keybase-unconfined-profile.patch
- d/p/u/add-more-unconfined-profiles.patch
* Fix regression tests failures on regex.sh, exec.sh and userns.sh
- d/p/u/tests-fix-usr-merge-failures-on-exec-and-regex-tests.patch
- d/p/u/tests-handle-unprivileged_userns-transition-in-usern.patch
* Drop patches which have now been applied upstream
- d/p/u/userns-unconfined-profiles.patch
- d/p/u/tests-fix-userns-setns-opening-pipe-order.patch
- d/p/u/tests-replace-individual-socket-permissions.patch
- d/p/u/tests-fix-test-specifying-path-on-attach-disconnected.patch
- d/p/u/binutils-aa_status.c-quiet-verbose-outputs-when-json.patch
- d/p/u/oot-unconfined-profiles.patch
* Refresh patches
- d/p/d/etc-writable.patch
- d/p/u/profiles-grant-access-to-systemd-resolved.patch
- d/p/u/userns-runtime-disable.patch
* d/apparmor.install
- install new profiles
- plasmashell
- surfshark
- unprivileged_userns
- keybase
- devhelp
- epiphany
- evolution
- opam
- renamed profiles
- ch-checkns
- ch-run
- crun
- flatpak
- linux-sandbox
- busybox
- buildah
- cam
- ipa_verify
- lc-compliance
- libcamerify
- qcam
- podman
- lxc-attach
- lxc-create
- lxc-destroy
- lxc-execute
- lxc-stop
- lxc-unshare
- lxc-usernsexec
- mmdebstrap
- vpnns
- QtWebEngineProcess
- systemd-coredump
- rootlesskit
- rpm
- runc
- virtiofsd
- sbuild
- sbuild-abort
- sbuild-adduser
- sbuild-apt
- sbuild-checkpackages
- sbuild-clean
- sbuild-createchroot
- sbuild-destroychroot
- sbuild-distupgrade
- sbuild-hold
- sbuild-shell
- sbuild-unhold
- sbuild-update
- sbuild-upgrade
- slirp4netns
- stress-ng
- thunderbird
- toybox
- trinity
- tup
- userbindmount
- uwsgi-core
- vdens
- chrome
- msedge
- brave
- vivaldi-bin
* d/apparmor.maintscript
- add renamed profiles so they are removed on upgrade
* d/libapache2-mod-apparmor.install
- remove etc/apparmor.d/local/usr.sbin.apache2, no longer needed
[John Johansen]
* debian/rules:
- don't run debian/put-all-profiles-in-complain-mode.sh on install
[Alex Murray]
* debian/apparmor.lintian-overrides:
- suppress false-positive warning about needing a Depends: on adduser
for the apparmor binary package
-- Georgia Garcia <georgia.garcia@canonical.com> Fri, 02 Feb 2024 16:12:21 -0300
apparmor (4.0.0~alpha2-0ubuntu8) noble; urgency=medium
* Add unconfined userns profile for systemd-coredump
-- Nick Rosbrook <enr0n@ubuntu.com> Wed, 10 Jan 2024 09:55:51 -0500
apparmor (4.0.0~alpha2-0ubuntu7) noble; urgency=medium
[Alex Murray]
* Enable user namespace restrictions by default (LP: #2046477)
- d/p/u/userns-runtime-disable.patch: add logic to disable user
namespace restrictions if kernel lacks support
- debian/usr/lib/sysctl.d/10-apparmor.conf: set sysctl value to 1 and
update comment to match
- debian/apparmor.service: run After systemd-sysctl.service
[John Johansen]
* Add additional AppArmor profiles to support third-party applications
that use unprivileged user namespace
- add d/p/u/oot-unconfined-profiles.patch
- add profiles to debian/apparmor.install
- /etc/apparmor.d/1password
- /etc/apparmor.d/Discord
- /etc/apparmor.d/MongoDB_Compass
- /etc/apparmor.d/code
- /etc/apparmor.d/firefox
- /etc/apparmor.d/github-desktop
- /etc/apparmor.d/obsidian
- /etc/apparmor.d/opera
- /etc/apparmor.d/polypane
- /etc/apparmor.d/signal-desktop
- /etc/apparmor.d/slack
- /etc/apparmor.d/steam
[Alex Murray]
* Drop duplicate profiles for usr.share.code.bin.code and
* usr.lib.multiarch.opera.opera since they are now also in
d/p/u/oot-unconfined-profiles.patch
- modified d/p/u/userns-unconfined-profiles.patch to remove them
- removed from debian/apparmor.install
- added to debian/apparmor.maintscript to ensure they are removed on
upgrade
-- John Johansen <john.johansen@canonical.com> Wed, 13 Dec 2023 20:38:45 -0800
apparmor (4.0.0~alpha2-0ubuntu6) noble; urgency=medium
* No-change rebuild with Python 3.12 as supported version
-- Graham Inggs <ginggs@ubuntu.com> Tue, 31 Oct 2023 16:45:44 +0000
apparmor (4.0.0~alpha2-0ubuntu5) mantic; urgency=medium
* Add additional AppArmor profiles to support third-party applications
that use unprivileged user namespace restrictions (LP: #2036698)
- Refreshed d/p/u/userns-unconfined-profiles.patch to add additional
profiles and added to debian/apparmor.install
- usr.share.code.bin.code
- opt.microsoft.msedge.msedge
- usr.lib.multiarch.opera.opera
- opt.brave.com.brave.brave
- opt.vivaldi.vivaldi-bin
* Clarify comment in sysctl.d conf file that this feature is not
enabled by default but can be overridden by the user if desired.
-- Alex Murray <alex.murray@canonical.com> Fri, 22 Sep 2023 16:50:22 +0930
apparmor (4.0.0~alpha2-0ubuntu4) mantic; urgency=medium
* Remove conflicting profile for usr.bin.lxc-start (LP: #2036302)
- d/p/u/userns-unconfined-profiles.patch: Don't ship a profile for
usr.bin.lxc-start as this is already shipped in liblxc-common
- debian/apparmor.install: Remove usr.bin.lxc-start profile
-- Alex Murray <alex.murray@canonical.com> Mon, 18 Sep 2023 10:59:37 +0930
apparmor (4.0.0~alpha2-0ubuntu3) mantic; urgency=medium
* Add remaining AppArmor profiles to support unprivileged user
namespace restrictions (LP: #2035315)
- Refreshed d/p/u/userns-unconfined-profiles.patch to add remaining
profiles and added to debian/apparmor.install
- usr.libexec.multiarch.bazel.linux-sandbox
- usr.bin.busybox
- usr.bin.buildah
- usr.bin.cam
- usr.bin.ipa_verify
- usr.bin.lc-compliance
- usr.bin.libcamerify
- usr.bin.qcam
- usr.bin.podman
- usr.bin.lxc-attach
- usr.bin.lxc-create
- usr.bin.lxc-destroy
- usr.bin.lxc-execute
- usr.bin.lxc-start
- usr.bin.lxc-stop
- usr.bin.lxc-unshare
- usr.bin.lxc-usernsexec
- usr.bin.mmdebstrap
- usr.bin.vpnns
- usr.lib.qt6.libexec.QtWebEngineProcess
- usr.lib.multiarch.qt5.libexec.QtWebEngineProcess
- usr.bin.rootlesskit
- usr.bin.rpm
- usr.sbin.runc
- usr.libexec.virtiofsd
- usr.bin.sbuild
- usr.bin.sbuild-abort
- usr.bin.sbuild-apt
- usr.bin.sbuild-checkpackages
- usr.bin.sbuild-clean
- usr.bin.sbuild-createchroot
- usr.bin.sbuild-distupgrade
- usr.bin.sbuild-hold
- usr.bin.sbuild-shell
- usr.bin.sbuild-unhold
- usr.bin.sbuild-update
- usr.bin.sbuild-upgrade
- usr.sbin.sbuild-adduser
- usr.sbin.sbuild-destroychroot
- usr.bin.slirp4netns
- usr.bin.stress-ng
- usr.bin.thunderbird
- bin.toybox
- usr.bin.trinity
- usr.bin.tup
- usr.bin.userbindmount
- usr.bin.uwsgi-core
- usr.bin.vdens
- opt.google.chrome.chrome
-- Alex Murray <alex.murray@canonical.com> Thu, 14 Sep 2023 15:58:40 +0930
apparmor (4.0.0~alpha2-0ubuntu2) mantic; urgency=medium
* Fix invalid JSON output from aa-status --json via upstream patch
(LP: #2032994)
- d/p/u/binutils-aa_status.c-quiet-verbose-outputs-when-json.patch
-- Alex Murray <alex.murray@canonical.com> Fri, 25 Aug 2023 09:48:24 +0930
apparmor (4.0.0~alpha2-0ubuntu1) mantic; urgency=medium
[ John Johansen ]
* New upstream release 4.0-alpha2
[ Alex Murray ]
* Infrastructure to enable AppArmor userns restrictions
(LP: #2030353, LP: #2032602)
- debian/usr/lib/sysctl.d/10-apparmor.conf: disable userns restrictions
for now until we have a complete set of profiles for the whole
Ubuntu archive
- debian/apparmor.install: ship sysctl.d file in the apparmor binary
package
- d/p/u/userns-unconfined.patch: add some additional profiles that
specify the userns permission with the unconfined flag for a currently
incomplete list of applications within the Ubuntu archive that use
unprivileged user namespaces
- usr.bin.ch-checkns
- usr.bin.ch-run
- usr.bin.crun
- usr.bin.flatpak
- debian/put-all-profiles-in-complain-mode.sh: don't put unconfined
profiles in complain mode
* Add patches from upstream to fix test failures
- d/p/u/tests-fix-userns-setns-opening-pipe-order.patch
- d/p/u/tests-replace-individual-socket-permissions.patch
- d/p/u/tests-fix-test-specifying-path-on-attach-disconnected.patch
* Add new symbols
-- Alex Murray <alex.murray@canonical.com> Tue, 22 Aug 2023 12:30:32 +0930
apparmor (4.0.0~alpha1-0ubuntu1) mantic; urgency=medium
* New upstream release.
* Drop patches which have now been applied upstream
- d/p/fix-expected-library-version.patch
- d/p/u/enable-pinning-of-pre-AppArmor-3.x-poli.patch
- d/p/u/regression-tests-fix-aa_policy_cache-when-using-syst.patch
- d/p/u/add-mqueue-support.patch
- d/p/u/add-userns-support.patch
- d/p/u/update-snap-browsers-permissions-lp1794064.patch
- d/p/u/add-4.0-abi.patch
* Refresh patches
- d/p/d/etc-writable.patch
- d/p/u/samba-systemd-interaction.patch
* d/apparmor.install: install aa-load
* d/apparmor-profiles.install:
- install new profiles
- usr.lib.dovecot.director
- usr.lib.dovecot.doveadm-server
- usr.lib.dovecot.replicator
- zgrep
- rpcbind
- chromium_browser
- usr.bin.pyzorsocket
- usr.bin.razorsocket
- usr.sbin.clamd
- usr.sbin.haproxy
- rename profiles
- firefox
- firefox.sh
-- Georgia Garcia <georgia.garcia@canonical.com> Tue, 11 Jul 2023 17:20:09 -0300
apparmor (3.0.8-1ubuntu4) mantic; urgency=medium
* Backport 4.0 ABI from upstream (LP: #2026227)
- d/p/u/add-4.0-abi.patch
-- Alex Murray <alex.murray@canonical.com> Thu, 06 Jul 2023 12:14:15 +0930
apparmor (3.0.8-1ubuntu3) mantic; urgency=medium
* Update abstractions/snap-browsers to include lock permissions
(LP: #1794064)
- d/p/u/update-snap-browsers-permissions-lp1794064.patch
-- Georgia Garcia <georgia.garcia@canonical.com> Tue, 06 Jun 2023 08:52:13 -0300
apparmor (3.0.8-1ubuntu2) lunar; urgency=medium
* Rebuild to drop Python 3.10 extension
-- Jeremy Bicha <jbicha@ubuntu.com> Tue, 28 Feb 2023 17:18:12 -0500
apparmor (3.0.8-1ubuntu1) lunar; urgency=medium
* Merge from Debian unstable; remaining changes:
- Enable Ubuntu specific patches:
- d/p/u/communitheme-snap-support.patch
- d/p/u/mimeinfo-snap-support.patch
- d/p/u/profiles-grant-access-to-systemd-resolved.patch
- d/p/u/enable-pinning-of-pre-AppArmor-3.x-poli.patch
- d/p/u/regression-tests-fix-aa_policy_cache-when-using-syst.patch
- d/p/u/samba-systemd-interaction.patch
- d/p/u/add-mqueue-support.patch
- d/p/u/add-userns-support.patch
- Disable Debian specific patches:
- d/p/d-o/pin-feature-set.patch
- d/p/d-o/aa-notify-point-to-Debian-documentation.patch
- d/p/d-o/Document-which-AppArmor-features-are-not-supported-on-Deb.patch
- d/{control,gbp.conf}:
- Update Vcs / git branch for ubuntu
- d/apparmor.install:
- Disable debian feature pinning
- d/rules:
- Create empty files of expected mqueue testcase err output added in
d/p/u/add-mqueue-support.patch since quilt does not support creating
new empty files
* Dropped Ubuntu specific changes which have now been applied upstream
- d/p/u/lp1990692-update-samba-profile.patch
- d/p/u/samba-rpcd-spoolss.patch
-- Alex Murray <alex.murray@canonical.com> Mon, 12 Dec 2022 15:48:20 +1030
apparmor (3.0.8-1) unstable; urgency=medium
* New upstream release
* debian/watch: only track the 3.0 series for now
* Add upstream patch to fix test suite
-- intrigeri <intrigeri@debian.org> Sat, 10 Dec 2022 17:54:51 +0000
apparmor (3.0.7-1ubuntu4) lunar; urgency=medium
* d/p/u/samba-rpcd-spoolss.patch: fix samba-rpcd-spoolss apparmor
profile (LP: #1993572)
-- Andreas Hasenack <andreas@canonical.com> Wed, 23 Nov 2022 14:47:14 -0300
apparmor (3.0.7-1ubuntu3) lunar; urgency=medium
* No-change rebuild with Python 3.11 as supported
-- Graham Inggs <ginggs@ubuntu.com> Wed, 02 Nov 2022 10:11:19 +0000
apparmor (3.0.7-1ubuntu2) kinetic; urgency=medium
* ubuntu/add-mqueue-support.patch: add message queue IPC support to
parser, python tools, and regression tests.
* ubuntu/add-userns-support.patch: add user namespace support to
parser.
* ubuntu/lp1990692-update-samba-profile.patch: update samba policy to
enable the printing subsystem to work (LP: #1990692)
-- Georgia Garcia <georgia.garcia@canonical.com> Fri, 23 Sep 2022 18:21:44 -0300
apparmor (3.0.7-1ubuntu1) kinetic; urgency=medium
* Merge from Debian unstable; remaining changes:
- Enable Ubuntu specific patches:
- d/p/u/communitheme-snap-support.patch
- d/p/u/mimeinfo-snap-support.patch
- d/p/u/profiles-grant-access-to-systemd-resolved.patch
- d/p/u/enable-pinning-of-pre-AppArmor-3.x-poli.patch
- Add additional Ubuntu specific patches:
- d/p/u/regression-tests-fix-aa_policy_cache-when-using-syst.patch
- d/p/u/samba-systemd-interaction.patch
- Disable Debian specific patches:
- d/p/d-o/pin-feature-set.patch
- d/p/d-o/aa-notify-point-to-Debian-documentation.patch
- d/p/d-o/Document-which-AppArmor-features-are-not-supported-on-Deb.patch
- d/{control,gbp.conf}:
- Update Vcs / git branch for ubuntu
- d/apparmor.install:
- Disable debian feature pinning
* Dropped Ubuntu specific changes which have now been applied upstream
- d/p/u/abstraction-exo-open-Remove-dbus-deny-rule.patch
-- Alex Murray <alex.murray@canonical.com> Thu, 18 Aug 2022 16:02:52 +0930
apparmor (3.0.7-1) unstable; urgency=medium
* New upstream release
-- intrigeri <intrigeri@debian.org> Tue, 16 Aug 2022 14:09:22 +0000
apparmor (3.0.6-1) unstable; urgency=medium
* New upstream release (Closes: #1015354)
* Drop patch that was applied upstream
* Enable LTO
* Declare compliance with Policy 4.6.1
-- intrigeri <intrigeri@debian.org> Tue, 02 Aug 2022 09:15:54 +0000
apparmor (3.0.5-1) unstable; urgency=medium
* New upstream release
* Drop patches that were applied upstream
* Drop profile-load script: part of upstream 3.0.5
* Install newly upstreamed aa-notify.desktop instead of the custom Debian one
* Rename debian/master branch to debian/unstable
* New patch, to fix new upstream "dirtest" test
* Install new samba-* profiles
-- intrigeri <intrigeri@debian.org> Mon, 25 Jul 2022 13:46:44 +0000
apparmor (3.0.4-3ubuntu1) kinetic; urgency=medium
* Merge from Debian unstable; remaining changes:
- Ubuntu specific changes:
- d/p/u/communitheme-snap-support.patch
- d/p/u/mimeinfo-snap-support.patch
- d/p/u/profiles-grant-access-to-systemd-resolved.patch
- d/p/u/enable-pinning-of-pre-AppArmor-3.x-poli.patch
- d/p/u/regression-tests-fix-aa_policy_cache-when-using-syst.patch
- d/p/u/samba-systemd-interaction.patch
- d/p/u/abstraction-exo-open-Remove-dbus-deny-rule.patch
- d/{control,gbp.conf}:
- Update Vcs / git branch for ubuntu
- d/apparmor.install:
- Disable debian feature pinning
- d/rules:
- Disable lto builds
* Dropped Ubuntu specific changes which have now been added by Debian:
- d/p/u/abstractions-nss-systemd-Allow-access-for-systemd-ma.patch
* Drop unnecessary libnss-systemd patch as this is already present in
the nss-systemd abstraction
- d/p/u/libnss-systemd.patch
-- Alex Murray <alex.murray@canonical.com> Tue, 12 Jul 2022 17:02:14 +0930
apparmor (3.0.4-3) unstable; urgency=medium
* Cherry-pick 7 patches from upstream apparmor-3.0 branch (Closes: #1003153)
* Adjust overrides for recent Lintian
* Override Lintian false positives
-- intrigeri <intrigeri@debian.org> Wed, 06 Jul 2022 07:48:25 +0000
apparmor (3.0.4-2ubuntu3) kinetic; urgency=medium
* Add upstream commit to remove dbus deny rule from exo-open abstraction
to fix evince startup
(LP: #1969896)
- d/p/u/abstraction-exo-open-Remove-dbus-deny-rule.patch
-- Alex Murray <alex.murray@canonical.com> Fri, 17 Jun 2022 20:34:25 +0930
apparmor (3.0.4-2ubuntu2) jammy; urgency=medium
* Update abstractions/nss-systemd to add support for systemd-machined
(LP: #1964325)
- d/p/u/abstractions-nss-systemd-Allow-access-for-systemd-ma.patch
* Drop unnecessary libnss-systemd patch as this is already present in
the nss-systemd abstraction
- d/p/u/libnss-systemd.patch (dropped)
-- Alex Murray <alex.murray@canonical.com> Thu, 10 Mar 2022 12:05:06 +1030
apparmor (3.0.4-2ubuntu1) jammy; urgency=medium
* Merge from Debian unstable; remaining changes:
- Ubuntu specific changes:
- d/p/u/communitheme-snap-support.patch
- d/p/u/enable-pinning-of-pre-AppArmor-3.x-poli.patch
- d/p/u/libnss-systemd.patch
- d/p/u/mimeinfo-snap-support.patch
- d/p/u/profiles-grant-access-to-systemd-resolved.patch
- d/p/u/regression-tests-fix-aa_policy_cache-when-using-syst.patch
- d/p/u/samba-systemd-interaction.patch
- d/{control,gbp.conf}:
- Update Vcs / git branch for ubuntu
- d/apparmor.install:
- Disable debian feature pinning
- d/rules:
- Disable lto builds
* Dropped changes:
- d/p/ubuntu/fix-test-aa-notify.patch
-- Alex Murray <alex.murray@canonical.com> Thu, 24 Feb 2022 12:05:11 +1030
apparmor (3.0.4-2) unstable; urgency=medium
* Add upstream commit that makes the test suite compatible with Python 3.10
-- intrigeri <intrigeri@debian.org> Wed, 23 Feb 2022 09:48:59 +0000
apparmor (3.0.4-1ubuntu1) jammy; urgency=medium
* Merge from Debian unstable; remaining changes:
- Drop the following patches that have been included in the upstream
release or which Debian has also included:
- d/p/ubuntu/adjust-for-ibus-1.5.22.patch
- d/p/ubuntu/0011-add-mctp-network-protocol.patch
- Refresh
d/p/regression-tests-fix-aa_policy_cache-when-using-syst.patch to the
official version from upstream
- d/p/u/samba-systemd-interaction.patch: allow smbd to interact with
systemd
- d/p/u/libnss-systemd.patch: allow accessing the libnss-systemd
VarLink sockets and DBus APIs
- Disable lto builds
- Fix autotest test-aa-notify.py
- d/p/ubuntu/fix-test-aa-notify.patch
- Drop outdated lintian-overrides
-- Alex Murray <alex.murray@canonical.com> Tue, 22 Feb 2022 10:13:44 +1030
apparmor (3.0.4-1) unstable; urgency=medium
* New upstream release
* apparmor-profiles: install new samba-bgqd profile
* Drop backported patches that are now obsolete
* debian/allow-access-to-ibus-socket.patch: drop support for pre-Bullseye
ibus path
* Declare compliance with Policy 4.6.0.1
* Drop XS- prefix for adopted Python-Version control field
* Add new symbols
-- intrigeri <intrigeri@debian.org> Sat, 12 Feb 2022 12:34:23 +0000
apparmor (3.0.3-6) unstable; urgency=medium
* debian/rules: let "set -e" take effect (Closes: #998843)
* Add support for Python 3.10 (Closes: #998686):
- upstream-ab4cfb5e-replace-distutils-with-setuptools.patch: new patch,
edited to drop changes to upstream .gitignore.
- Add build-dependency on python3-setuptools
-- intrigeri <intrigeri@debian.org> Thu, 18 Nov 2021 09:15:55 +0000
apparmor (3.0.3-5) unstable; urgency=medium
[ Debian Janitor ]
* Remove constraints unnecessary since stretch.
[ Helmut Grohne ]
* Make the package cross-buildable (Closes: #984582):
- Multiarchify python Build-Depends
- Let dh_auto_build pass cross tools to make
- Annotate perl build-dependency with !nocheck
[ intrigeri ]
* Remove obsolete libapparmor-perl on upgrade
-- intrigeri <intrigeri@debian.org> Sat, 23 Oct 2021 10:22:04 +0000
apparmor (3.0.3-4) unstable; urgency=medium
* Merge apparmor-easyprof into apparmor-utils (Closes: #972880)
* Make apparmor-utils and python3-apparmor arch:all (Closes: #972881)
-- intrigeri <intrigeri@debian.org> Sun, 17 Oct 2021 17:23:17 +0000
apparmor (3.0.3-3) unstable; urgency=medium
* Adjust gbp.conf and Vcs-* control fields for 3.0.x now being in sid.
* Stop building the libapparmor-perl binary package (Closes: #993565)
* Update Lintian overrides
* Add B-D on dh-sequence-python3, to workaround #996089 in Lintian
* B-D: python3-all → python3-all:any, to appease Lintian
-- intrigeri <intrigeri@debian.org> Wed, 13 Oct 2021 05:56:16 +0000
apparmor (3.0.3-2) unstable; urgency=medium
* Upload to unstable
-- intrigeri <intrigeri@debian.org> Fri, 03 Sep 2021 08:23:30 +0000
apparmor (3.0.3-1) experimental; urgency=medium
* New upstream release
* Drop debian/Revert-libapparmor-fixing-setup.py-call-when-crosscompili.patch:
obsolete
* Refresh patches
* Merge changes from sid, up to 2.13.6-10
* upstream-6cfc6eee-python-3.10.patch: new patch,
for compatibility with Python 3.10
-- intrigeri <intrigeri@debian.org> Mon, 23 Aug 2021 18:25:14 +0000
apparmor (3.0.3-0ubuntu9) jammy; urgency=medium
* fix test-aa-notify.py and test-network.py autotests (LP: #1961196):
- debian/patches/ubuntu/0010-fix-test-aa-notify-help-check.patch
- debian/patches/ubuntu/0011-add-mctp-network-protocol.patch
-- Andrea Righi <andrea.righi@canonical.com> Thu, 17 Feb 2022 12:18:31 +0000
apparmor (3.0.3-0ubuntu7) jammy; urgency=medium
* No-change rebuild to update maintainer scripts, see LP: 1959054
-- Dave Jones <dave.jones@canonical.com> Wed, 16 Feb 2022 16:44:45 +0000
apparmor (3.0.3-0ubuntu6) jammy; urgency=medium
* No-change rebuild for the perl update.
-- Matthias Klose <doko@ubuntu.com> Sun, 06 Feb 2022 13:39:44 +0100
apparmor (3.0.3-0ubuntu5) jammy; urgency=medium
[ intrigeri ]
* upstream-6cfc6eee-python-3.10.patch: new patch,
for compatibility with Python 3.10
* debian/rules: let "set -e" take effect (Closes: #998843)
* Add support for Python 3.10 (Closes: #998686):
- upstream-ab4cfb5e-replace-distutils-with-setuptools.patch: new patch,
edited to drop changes to upstream .gitignore.
- Add build-dependency on python3-setuptools
-- Graham Inggs <ginggs@ubuntu.com> Fri, 10 Dec 2021 12:32:27 +0000
apparmor (3.0.3-0ubuntu4) jammy; urgency=medium
* d/p/u/samba-systemd-interaction.patch: allow smbd to interact with
systemd (LP: #1952242):
- allow notify access
- allow specific /proc access
- allow ptrace read
-- Andreas Hasenack <andreas@canonical.com> Mon, 29 Nov 2021 14:43:28 +0000
apparmor (3.0.3-0ubuntu3) jammy; urgency=medium
* No-change rebuild with fixed py3versions
-- Graham Inggs <ginggs@ubuntu.com> Sat, 06 Nov 2021 08:23:55 +0000
apparmor (3.0.3-0ubuntu2) jammy; urgency=medium
* No-change rebuild to add python3.10.
-- Matthias Klose <doko@ubuntu.com> Sat, 16 Oct 2021 09:34:02 +0200
apparmor (3.0.3-0ubuntu1) impish; urgency=medium
* New upstream release 3.0.3
- Fix regression tests when using system installed parser
+ d/p/ubuntu/regression-tests-fix-aa_policy_cache-when-using-syst.patch
- Drop the following patches that have been included in the upstream
release:
+ d/p/ubuntu/lp1891338.patch
+ d/p/ubuntu/lp1889699.patch
+ d/p/ubuntu/lp1881357.patch
+ d/p/ubuntu/parser-Fix-warning-message-when-complain-mode-is-for.patch
+ d/p/ubuntu/parser-Add-support-for-cap-checkpoint-restore.patch
+ d/p/ubuntu/Add-CAP_CHECKPOINT_RESTORE-to-severity.db.patch
+ d/p/ubuntu/lp1934005.patch
+ d/p/ubuntu/lp1932331.patch
-- Alex Murray <alex.murray@canonical.com> Mon, 09 Aug 2021 15:53:39 +0930
apparmor (3.0.1-6) experimental; urgency=medium
* autopkgtest: use hint-testsuite-triggers to ensure dummy test is not run
-- intrigeri <intrigeri@debian.org> Fri, 02 Apr 2021 11:38:16 +0000
apparmor (3.0.1-5) experimental; urgency=medium
* Merge changes from sid, up to 2.13.6-9
-- intrigeri <intrigeri@debian.org> Fri, 12 Feb 2021 14:37:24 +0000
apparmor (3.0.1-4) experimental; urgency=medium
* apparmor: drop obsolete dependency on python3 (#981442)
* Merge changes from sid, up to 2.13.6-7
-- intrigeri <intrigeri@debian.org> Fri, 05 Feb 2021 06:48:41 +0000
apparmor (3.0.1-3) experimental; urgency=medium
* Supersede failed, incomplete dgit upload
-- intrigeri <intrigeri@debian.org> Sun, 27 Dec 2020 10:44:24 +0000
apparmor (3.0.1-2) experimental; urgency=medium
* Supersede failed, incomplete dgit upload
-- intrigeri <intrigeri@debian.org> Sun, 27 Dec 2020 10:16:16 +0000
apparmor (3.0.1-1) experimental; urgency=medium
* New upstream release
* Vcs-* control fields: track the debian/experimental branch
* Drop upstream-commit-*.patch: included in 3.0.1
* Refresh patches
* Add aa_features_new_from_file to symbols file
* Pin the Linux 5.9 feature set
* Only pin the policy ABI, not the kernel ABI
-- intrigeri <intrigeri@debian.org> Sun, 27 Dec 2020 09:23:01 +0000
apparmor (3.0.0-1) experimental; urgency=medium
* New upstream release (Closes: #930031)
* Merge ubuntu/3.0.0-0ubuntu1:
- Drop upstreamed patches
- d/apparmor.install:
+ install new aa-features-abi binary to /usr/bin
+ include abi/ directory and tunables/etc.
- d/apparmor.manpages:
+ install new aa-features-abi.1 manpage
+ install apparmor_xattrs.7 manpage
- d/apparmor-profiles.install:
+ install new usr.lib.dovecot.script-login
+ adjust for renamed postfix profiles
+ add usr.bin.dumpcap to extra-profiles
+ remove usr.sbin.nmbd and usr.sbin.smbd from extra-profiles
(already in apparmor-profiles)
- d/control:
+ apparmor-utils: drop perl dependency
+ Update apparmor-notify dependencies: it was ported to Python
- d/tests/test-installed:
+ include libraries/ in workdir so tests have access to private
headers
- New patches:
+ d/p/u/parser-Fix-warning-message-when-complain-mode-is-for.patch:
Provide better message about caching not happening due to a profile
being in force-complain mode. (LP: #1899218)
+ d/p/ubuntu/lp1891338.patch: adjust ubuntu-integration to use
abstractions/exo-open (LP: #1891338)
+ d/p/ubuntu/lp1889699.patch: adjust to support brave in ubuntu
abstractions (LP: #1889699)
+ d/p/ubuntu/lp1881357.patch: adjust for new ICEauthority path in /run
(LP: #1881357)
* Drop another already upstreamed patch
* Upstream the patches added by Ubuntu
* New patches:
- upstream-commit-9350038-add-CAP_CHECKPOINT_RESTORE.patch:
fixes FTBFS on Linux 5.9
- upstream-commit-5958930-add-_aa_asprintf-to-private-symbols.patch:
fixes symbols discrepancy
- upstream-commit-51144b5-apparmor_xattrs.7-fix-whatis-entry.patch
- upstream-commit-11d1f38-Fix-typos.patch
- debian/Revert-libapparmor-fixing-setup.py-call-when-crosscompili.patch:
fixes passing hardening LDFLAGS to Python build
* apparmor-profiles: install new php-fpm profile
* Tell dh_missing that we purposely don't ship the chromium-browser profile
* Override a Lintian false positive
-- intrigeri <intrigeri@debian.org> Sun, 25 Oct 2020 12:03:26 +0000
apparmor (3.0.0-0ubuntu9) impish; urgency=medium
* Make X11 socket writable again (LP: #1934005):
- d/p/ubuntu/lp1934005.patch
* Fix i18n.sh regression test on arm64 (LP: #1932331)
- d/p/ubuntu/lp1932331.patch
-- Thomas Ward <teward@ubuntu.com> Wed, 30 Jun 2021 17:31:12 -0400
apparmor (3.0.0-0ubuntu8) impish; urgency=medium
[ Andrea Righi ]
* add support for CAP_CHECKPOINT_RESTORE in /etc/apparmor/severity.db
(LP: #1923432):
- d/p/ubuntu/Add-CAP_CHECKPOINT_RESTORE-to-severity.db.patch
[ Steve Beattie ]
* fix adt compile-test to handle the changed name of the tcpdump
apparmor profile (LP: #1925411)
- d/t/compile-test: test against usr.bin.tcpdump
-- Andrea Righi <andrea.righi@canonical.com> Mon, 12 Apr 2021 15:51:45 +0000
apparmor (3.0.0-0ubuntu7) hirsute; urgency=medium
* Disable lto builds, not yet ready upstream.
-- Matthias Klose <doko@ubuntu.com> Tue, 23 Mar 2021 12:42:52 +0100
apparmor (3.0.0-0ubuntu6) hirsute; urgency=medium
* Backport upstream patch to support CAP_CHECKPOINT_RESTORE to fix
failing autopkgtests
- d/p/ubuntu/parser-Add-support-for-cap-checkpoint-restore.patch
-- Alex Murray <alex.murray@canonical.com> Wed, 24 Feb 2021 21:33:07 +1030
apparmor (3.0.0-0ubuntu5) hirsute; urgency=medium
* No-change rebuild to drop python3.8 extensions.
-- Matthias Klose <doko@ubuntu.com> Mon, 07 Dec 2020 18:39:21 +0100
apparmor (3.0.0-0ubuntu4) hirsute; urgency=medium
* Remove kopanocore dependencies from the testsuite-triggers, to be removed.
-- Matthias Klose <doko@ubuntu.com> Wed, 11 Nov 2020 12:32:09 +0100
apparmor (3.0.0-0ubuntu3) hirsute; urgency=medium
* No-change rebuild for the perl update.
-- Matthias Klose <doko@ubuntu.com> Mon, 09 Nov 2020 12:40:54 +0100
apparmor (3.0.0-0ubuntu2) hirsute; urgency=medium
* No-change rebuild to build with python3.9 as supported.
-- Matthias Klose <doko@ubuntu.com> Sat, 24 Oct 2020 10:51:45 +0200
apparmor (3.0.0-0ubuntu1) groovy; urgency=medium
[ Alex Murray ]
* Update to the final AppArmor 3.0 upstream release
- d/apparmor.install:
+ install new aa-features-abi binary to /usr/bin
- d/apparmor.manpages:
+ install new aa-features-abi.1 man page
- d/apparmor-profiles.install:
+ install new usr.lib.dovecot.script-login
+ adjust for renamed postfix profiles
- d/tests/test-installed:
+ include libraries/ in workdir so tests have access to private
headers
- Drop the following patches that were originally backported from
upstream but are now incorporated in the final release:
+ d/p/parser-fix_cap_match.patch
+ d/p/policy-provide-example-and-base-abi-to-pin-pre-3.0-p.patch
+ d/p/parser-add-abi-warning-flags.patch
+ d/p/fix-tests-regression-apparmor-prologue-inc-settest.patch
+ d/p/fix-automatic-adding-of-rule-for-change-hat-iface.patch
+ d/p/fix-parser-to-emit-proc-attr-access-for-all-situations.patch
+ d/p/fix-change-profile-stack-abstraction.patch
+ d/p/ubuntu/stop-loading-snapd-profiles.patch
[ Emilia Torino ]
* d/control: adjust apparmor-notify to depends on python3-psutil and
python3-apparmor (LP: #1899046)
[ Steve Beattie ]
* d/p/u/parser-Fix-warning-message-when-complain-mode-is-for.patch:
Provide better message about caching not happening due to a profile
being in force-complain mode. (LP: #1899218)
-- Alex Murray <alex.murray@canonical.com> Sun, 11 Oct 2020 16:26:32 -0700
apparmor (3.0.0~beta1-0ubuntu6) groovy; urgency=medium
* Drop d/p/lp1824812.patch: this patch was only needed with 2.13 and not
3.0. With AppArmor 3, the patch ends up setting SFS_MOUNTPOINT to the
wrong directory in is_container_with_internal_policy(), which causes
policy to always fail to load in containers. Thanks to Christian Ehrhardt
for the analysis. (LP: #1895967)
-- Jamie Strandboge <jamie@ubuntu.com> Tue, 22 Sep 2020 15:10:33 +0000
apparmor (3.0.0~beta1-0ubuntu5) groovy; urgency=medium
[ John Johansen ]
* d/p/fix-parser-to-emit-proc-attr-access-for-all-situations.patch:
fix-automatic-adding-of-rule-for-change-hat-iface.patch fixed the
parser to emit rules needed for change_hat in the hat profiles but
broke the rule being emitted for the parent profile, this fixes it for
both so that it is emitted for any profile that is a hat or that
contains a hat.
* d/p/fix-change-profile-stack-abstraction.patch: fix the change_profile
abstraction so that it allows access to the apparmor attribute paths
under LSM stacking.
-- Alex Murray <alex.murray@canonical.com> Fri, 18 Sep 2020 11:58:59 +0930
apparmor (3.0.0~beta1-0ubuntu2) groovy; urgency=medium
[ John Johansen ]
* d/p/fix-automatic-adding-of-rule-for-change-hat-iface.patch: fix
parser not adding a rule to profiles if they are a hat or contain hats
granting write access to the kernel interfaces.
-- Emilia Torino <emilia.torino@canonical.com> Thu, 17 Sep 2020 12:40:09 -0300
apparmor (3.0.0~beta1-0ubuntu1) groovy; urgency=medium
[ John Johansen ]
* New upstream release (LP: #1895060, LP: #1887577, LP: #1880841)
* Drop all patches backported from upstream: applied in 3.0
* d/p/policy-provide-example-and-base-abi-to-pin-pre-3.0-p.patch: provide
example and base abi to pin pre 3.0 policy
* d/p/ubuntu/enable-pinning-of-pre-AppArmor-3.x-poli.patch: enable pinning
of pre AppArmor 3.x policy
* drop d/p/debian/dont-include-site-local-with-dovecot.patch: no longer
needed with upstream 'include if exists'
[ Steve Beattie ]
* d/p/parser-fix_cap_match.patch: fix cap match to work correctly, important
now that groovy has a 5.8 kernel.
* d/apparmor-profiles.install:
+ adjust for renamed postfix profiles
+ add usr.bin.dumpcap and usr.bin.mlmmj-receive to extra-profiles
+ remove usr.sbin.nmbd and usr.sbin.smbd from extra-profiles (already in
apparmor-profiles)
* d/apparmor.install: include abi/ directory and tunables/etc.
* d/apparmor.manpages: add apparmor_xattrs.7 manpage
* d/control:
+ apparmor-utils: no more shipped perl tools, drop perl dependency
+ apparmor-notify: aa-notify was converted to python3 from perl; adjust
-notify dependencies to compensate
* d/p/fix-tests-regression-apparmor-prologue-inc-settest.patch:
fix sed expression in settest()
[ Emilia Torino ]
* Removing Ubuntu specific chromium-browser profile. This is safe to do
since groovy's chromium-browser deb installs the snap. If apparmor3
is backported to 18.04 or earlier, the profile will need to be taken
into consideration
- d/profiles/chromium-browser: remove chromium-browser profile
- d/apparmor-profiles.postinst: remove postinst script as it only
contains chromium-browser related functionallity.
- d/apparmor-profiles.postrm: remove postrm script as it only
contains chromium-browser related functionallity.
- d/apparmor-profiles.install: remove ubuntu-specific
chromium-browser abstraction and profile
- d/apparmor-profiles.lintian-overrides: remove chromium-browser
profile lintian overrides
- d/p/ubuntu/add-chromium-browser.patch: remove patch which added
chrome-browser
[ Alex Murray ]
* d/p/policy-provide-example-and-base-abi-to-pin-pre-3.0-p.patch: refresh
this patch with the official upstream version
* d/p/ubuntu/enable-pinning-of-pre-AppArmor-3.x-poli.patch: refresh this
patch to match the above
* d/p/parser-add-abi-warning-flags.patch: enable parser warnings
to be silenced or to be treated as errors
[ Jamie Strandboge ]
* d/p/adjust-for-ibus-1.5.22.patch: update ibus abstract path for ibus
1.5.22. This can be dropped with AppArmor 3.0 final.
* d/p/parser-add-abi-warning-flags.patch: refresh to avoid lintian warnings
* d/p/ubuntu/lp1891338.patch: adjust ubuntu-integration to use
abstractions/exo-open (LP: #1891338)
* d/p/ubuntu/lp1889699.patch: adjust to support brave in ubuntu
abstractions. Patch thanks to François Marier (LP: #1889699)
* d/p/ubuntu/lp1881357.patch: adjust for new ICEauthority path in /run
(LP: #1881357)
-- Jamie Strandboge <jamie@ubuntu.com> Wed, 09 Sep 2020 21:48:17 +0000
apparmor (2.13.6-10) unstable; urgency=medium
* autopkgtest: use hint-testsuite-triggers to ensure dummy test is not run
(Closes: #954655)
-- intrigeri <intrigeri@debian.org> Sat, 03 Apr 2021 06:09:19 +0000
apparmor (2.13.6-9) unstable; urgency=medium
* usr.lib.dovecot.script-login: don't include non-existent local override file
(Closes: #982112)
* Declare compliance with Policy 4.5.1
-- intrigeri <intrigeri@debian.org> Sat, 06 Feb 2021 17:07:35 +0000
apparmor (2.13.6-8) unstable; urgency=medium
* Backport patch from upstream 3.0 series, which ports aa-status to C
(upstream-commit-8f9046b-port-aa-status-to-c.patch), then
drop obsolete dependency from the apparmor binary package
on python3 (Closes: #981442)
* Annotate test dependencies <!nocheck> (Closes: #981205).
Thanks to Helmut Grohne <helmut@subdivi.de> for the patch!
-- intrigeri <intrigeri@debian.org> Fri, 05 Feb 2021 11:24:57 +0000
apparmor (2.13.6-7) unstable; urgency=medium
* Supersede failed dgit upload.
-- intrigeri <intrigeri@debian.org> Fri, 15 Jan 2021 13:16:37 +0000
apparmor (2.13.6-6) unstable; urgency=medium
* New patch:
upstream-commit-1ba978b6-adjust-for-new-ICEauthority-path-in-run.patch
(Closes: #980154)
-- intrigeri <intrigeri@debian.org> Fri, 15 Jan 2021 12:30:06 +0000
apparmor (2.13.6-5) unstable; urgency=medium
* Supersede failed dgit upload.
-- intrigeri <intrigeri@debian.org> Mon, 11 Jan 2021 08:33:53 +0000
apparmor (2.13.6-4) unstable; urgency=medium
* autopkgtest: update tcpdump profile name
-- intrigeri <intrigeri@debian.org> Mon, 11 Jan 2021 08:15:55 +0000
apparmor (2.13.6-3) unstable; urgency=medium
* Only pin the policy ABI, not the kernel ABI.
I hope this fixes the regressions, on older kernels, caused by pinning
the Linux 5.9 feature set, that I guess is the reason behind the
several autokpgtest regressions caused by 2.13.6-2 (debci runs
on Linux 4.19.x).
-- intrigeri <intrigeri@debian.org> Mon, 28 Dec 2020 11:41:02 +0000
apparmor (2.13.6-2) unstable; urgency=medium
* Pin the Linux 5.9 feature set
-- intrigeri <intrigeri@debian.org> Sun, 27 Dec 2020 10:24:57 +0000
apparmor (2.13.6-1) unstable; urgency=medium
* New upstream release (Closes: #969114, #930031)
* Improve long descriptions:
- apparmor-utils: fix typos
- libapparmor1, libapparmor-dev: don't try to list all functionality
* autopkgtest: don't try to compile kopano policies (kopanocore is not
in testing and was orphaned)
* Adjust to the fact 3.0.x was released upstream and packaged in experimental:
- debian/watch: use the Launchpad page with all downloads
- gbp: use upstream/2.13.x as the upstream branch
* Drop obsolete patches
* apparmor-profiles: install usr.lib.dovecot.script-login (Closes: #972883)
* Drop dh_perl custom invocation
-- intrigeri <intrigeri@debian.org> Sun, 27 Dec 2020 08:00:50 +0000
apparmor (2.13.5-1) unstable; urgency=medium
* New upstream release (Closes: #868563, #934869, #969267)
* Drop patches now included upstream
* Refresh patches
* d/apparmor.install: Install new file 'tunables/run' under '/etc/apparmor.d'
* upstream-commit-145136f-fix-2.13-libapparmor-so-version.patch: new patch
* Stop building on non-Linux architectures (Closes: #972049).
Thanks to Laurent Bigonville <bigon@debian.org> for the suggestion.
* Drop obsolete Lintian overrides
* Update Lintian override name
* Bump debhelper compat level to 13
* Update symbols list
* Install gettext translations
* apparmor-profiles: install a few more profiles (usr.bin.mlmmj-receive,
usr.lib.postfix.dnsblog, usr.lib.postfix.postscreen)
* debian/not-installed: list files not installed on purpose
* Adjust *.install source files to appease dh_missing
* autopkgtests: don't try to test disabled Thunderbird profile
* Merge ubuntu/2.13.3-7ubuntu6. Remaining included changes after resolving
conflicts and dropping patches included in 2.13.{4,5}:
- debian/control: add Breaks on snapd < 2.44.3+20.04~ since prior snapd
versions assume that apparmor will load the snapd policy on boot
-- intrigeri <intrigeri@debian.org> Sat, 24 Oct 2020 17:15:28 +0000
apparmor (2.13.4-3) unstable; urgency=medium
* apparmor-profiles: provide (upstream) bug reporting instructions
* upstream-commit-1f319c3-systemd-userdbd-compat.patch: new patch
(Closes: #962405)
-- intrigeri <intrigeri@debian.org> Tue, 16 Jun 2020 13:09:13 +0000
apparmor (2.13.4-2) unstable; urgency=medium
* apparmor-profiles: don't ship redundant freshclam profile (Closes: #959915)
* Apply upstream !465: fix the build with make 4.3
* Drop unused Lintian override
* GitLab CI:
- allow reprotest to fail without failing the whole pipeline
- enable diffoscope for reprotest
-- intrigeri <intrigeri@debian.org> Mon, 25 May 2020 09:23:21 +0000
apparmor (2.13.4-1) unstable; urgency=medium
* New upstream release
* Switch to HTTPS for upstream homepage URL
* apparmor-profiles: install missing usr.lib.dovecot.stats profile
(Closes: #953268)
* Drop backported patches that are now obsolete.
* Cherry-picked from Ubuntu:
- Update ibus abstract path for ibus 1.5.22
- debian/control: drop Breaks that were only needed for upgrades to bionic
* Drop obsolete Lintian overrides
* Add python3-all to Build-Depends
* Override Lintian false positive
* Declare compliance with Policy 4.5.0
* Apply upstream !464: let Mesa check if the kernel supports
the i915 perf interface
-- intrigeri <intrigeri@debian.org> Tue, 31 Mar 2020 08:45:58 +0000
apparmor (2.13.3-7ubuntu6) groovy; urgency=medium
* Add missing "boot_id" rule to abstractions/nameservice. (LP: #1872564)
- d/p/upstream-commit-454fca7-Add-run-variable.patch: Add the
definition for the "@{run}" variable.
- d/p/upstream-commit-ef591a67-Add-trailing-slash-to-the-run-variable-definition.patch:
Add trailing slash to the "@{run}" variable.
- d/p/upstream-commit-1f319c3870-abstractions-nameservice-allow-accessing-run-systemd-user.patch:
Add a missing rule to allow systemd to access
@{PROC}/sys/kernel/random/boot_id and @{run}/systemd/userdb.
- d/apparmor.install: Install new file 'tunables/run' under '/etc/apparmor.d'.
-- Sergio Durigan Junior <sergio.durigan@canonical.com> Mon, 11 May 2020 09:55:16 -0400
apparmor (2.13.3-7ubuntu5) focal; urgency=medium
* snapd 2.44.3+20.04 introduced an apparmor unit of its own to load snap
policy in /var/lib/snapd/apparmor/profiles. As such, don't load snapd
policy twice by not loading it in the apparmor unit (LP: 1871148)
- ubuntu/stop-loading-snapd-profiles.patch: stop loading snapd profiles
- debian/control: add Breaks on snapd < 2.44.3+20.04~ since prior snapd
versions assume that apparmor will load the snapd policy on boot
- debian/apparmor.service: remove the now unneeded RequiresMountsFor on
/var/lib/snapd/apparmor/profiles
* drop ubuntu/parser-conf-no-expr-simplify.patch: Optimize=no-expr-simplify
was added to parser.conf to mitigate slow snap policy compiles on 32bit
ARM. These days, snapd calls apparmor_parser with "-O no-expr-simplify"
and loads its snap policy, so drop this delta with upstream and Debian.
-- Jamie Strandboge <jamie@ubuntu.com> Sun, 12 Apr 2020 16:11:31 +0000
apparmor (2.13.3-7ubuntu4) focal; urgency=medium
* debian/apparmor.service: add /var/lib/snapd/apparmor/profiles to
RequiresMountsFor since Ubuntu's rc.apparmor.functions looks for it
(LP: #1871148)
* libnss-systemd.patch: allow accessing the libnss-systemd VarLink sockets
and DBus APIs. Patch partially based on work by Simon Deziel.
(LP: #1796911, LP: #1869024)
* upstream-mr-424-kerberos-dot-dirs.patch: abstractions/kerberosclient:
allow reading /etc/krb5.conf.d/
* upstream-mr-442-gnome-user-themes.patch: gnome abstraction: allow reading
per-user themes from $XDG_DATA_HOME (Closes: #930031)
* upstream-mr-443-ecryptfs-dirs.patch: abstractions/base: allow read access
to top-level ecryptfs directories (LP: #1848919)
* upstream-mr-445-uuidd-request.patch: abstractions/base: allow read access
to /run/uuidd/request
* upstream-mr-464-Mesa_i915_perf_interface.patch: let Mesa check if the
kernel supports the i915 perf interface. Patch from Debian
-- Jamie Strandboge <jamie@ubuntu.com> Mon, 06 Apr 2020 17:47:20 +0000
apparmor (2.13.3-7ubuntu3) focal; urgency=medium
* Add upstream-abstractions-add-etc-mdns.allow-to-etc-apparmor.d-ab.patch
(LP: #1869629)
-- John Johansen <john.johansen@canonical.com> Wed, 01 Apr 2020 01:05:30 -0700
apparmor (2.13.3-7ubuntu2) focal; urgency=medium
* No-change rebuild to drop python3.7.
-- Matthias Klose <doko@ubuntu.com> Tue, 18 Feb 2020 10:42:36 +0100
apparmor (2.13.3-7ubuntu1) focal; urgency=medium
* Merge from Debian. Remaining changes:
- Ubuntu-specific patches:
+ ubuntu/add-chromium-browser.patch
+ ubuntu/communitheme-snap-support.patch
+ ubuntu/mimeinfo-snap-support.patch
+ ubuntu/parser-conf-no-expr-simplify.patch
+ ubuntu/profiles-grant-access-to-systemd-resolved.patch
+ upstream-dont-allow-fontconfig-cache-write.patch
+ upstream-tests-mult-mount-bump-size-of-created-disk.patch
- debian/apparmor.{install,maintscript}: feature pinning is not used in
Ubuntu
- debian/apparmor.preinst: remove cache files on upgrade to 2.13
- debian/apparmor-profiles.install: install Ubuntu chromium-browser
profile and abstraction
- debian/apparmor-profiles.lintian-overrides: update for chromium-browser
profile having read access to dpkg database for lsb-release
- debian/apparmor-profiles.postinst: ubuntu-browsers.d/chromium-browser
abstraction if it doesn't exist
- debian/control: adjust the Vcs-{Browser,Git} control fields to reflect
the branch where the Ubuntu packaging is maintained.
- debian/gbp.conf: use ubuntu/master as the debian-branch
- debian/patches/series: comment out debian-only patches
- debian/tests/control and debian/tests/compile-policy: don't test
thunderbird since the Ubuntu packaging doesn't ship a profile
* Drop the following patches, no longer needed:
- python3.8-ac.diff
* debian/control: drop Breaks on media-hub, mediascanner2.0, messaging-app,
and webbrowser-app which was needed for upgrades to bionic (LP: #1797242)
* upstream-adjust-for-ibus-1.5.22.patch: update ibus abstract path for ibus
1.5.22
* upstream-adjust-gnome-for-mimeapps.patch: abstractions/gnome: also allow
/etc/xdg/mimeapps.list (LP: #1792027)
-- Jamie Strandboge <jamie@ubuntu.com> Tue, 17 Dec 2019 15:50:00 +0000
apparmor (2.13.3-7) unstable; urgency=medium
* Add explicit build dependency on dh-python, so that this package
can built with python3-defaults 3.7.5-3.
-- intrigeri <intrigeri@debian.org> Fri, 15 Nov 2019 10:37:05 +0000
apparmor (2.13.3-6) unstable; urgency=medium
[ Matthias Klose ]
* debian/rules: ensure "set -e" is honored (Closes: #943649).
* Add upstream-mr-430-Fix-a-Python-3.8-autoconf-check.patch (Closes: #943657).
-- intrigeri <intrigeri@debian.org> Tue, 29 Oct 2019 18:57:51 +0000
apparmor (2.13.3-5ubuntu5) focal; urgency=medium
* Don't ignore exit status in debian/rules.
* Fix a Python 3.8 autoconf check.
-- Matthias Klose <doko@ubuntu.com> Sun, 27 Oct 2019 16:38:00 +0200
apparmor (2.13.3-5ubuntu2) focal; urgency=medium
* No-change rebuild for the perl update.
-- Matthias Klose <doko@ubuntu.com> Fri, 18 Oct 2019 19:26:58 +0000
apparmor (2.13.3-5ubuntu1) eoan; urgency=medium
* Merge new upstream release from Debian. Remaining changes:
- Ubuntu-specific patches:
+ ubuntu/add-chromium-browser.patch
+ ubuntu/communitheme-snap-support.patch
+ ubuntu/mimeinfo-snap-support.patch
+ ubuntu/parser-conf-no-expr-simplify.patch
+ ubuntu/profiles-grant-access-to-systemd-resolved.patch
- debian/apparmor.{install,maintscript}: feature pinning is not used in
Ubuntu
- debian/apparmor.preinst: remove cache files on upgrade to 2.13
- debian/apparmor-profiles.install: install Ubuntu chromium-browser
profile and abstraction
- debian/apparmor-profiles.lintian-overrides: update for chromium-browser
profile having read access to dpkg database for lsb-release
- debian/apparmor-profiles.postinst: ubuntu-browsers.d/chromium-browser
abstraction if it doesn't exist
- debian/control: adjust the Vcs-{Browser,Git} control fields to reflect
the branch where the Ubuntu packaging is maintained.
- debian/gbp.conf: use ubuntu/master as the debian-branch
- debian/patches/series: comment out debian-only patches
- debian/tests/control and debian/tests/compile-policy: don't test
thunderbird since the Ubuntu packaging doesn't ship a profile
* Drop the following patches, no longer needed:
- ubuntu/dont-include-site-local-with-dovecot.patch
- lp1820068.patch
- upstream-commit-fix-segfault-in-overlaydirat_for_each.patch
- upstream-commit-add-option-to-dump-policy-cache-with-libapparmor.patch
- upstream-commit-teach-aa_policy_cache_sh-about-the-new-cache.patch
- upstream-commit-fix-segfault-when-loading-policy-cache-files.patch
- upstream-commit-fix-variable-name-overlap-in-merge-macro.patch
* upstream-dont-allow-fontconfig-cache-write.patch: don't allow write of
fontconfig cache files
* upstream-tests-mult-mount-bump-size-of-created-disk.patch: regression
tests/mult_mount: bump size of created disk image
-- Jamie Strandboge <jamie@ubuntu.com> Mon, 09 Sep 2019 19:13:22 +0000
apparmor (2.13.3-5) unstable; urgency=medium
* upstream-mr-419-Xwayland-vs-recent-mutter.patch: new patch (Closes: #935058)
-- intrigeri <intrigeri@debian.org> Sun, 08 Sep 2019 08:00:56 +0000
apparmor (2.13.3-4) unstable; urgency=medium
* New patch, cherry-picked and adapted from Ubuntu: don't include local/
snippets in the Dovecot profiles. These inclusions of non-existing files
break aa-genprof (Closes: #928160).
* Merge ubuntu/2.13.2-9ubuntu7, which turns out to be a no-op, because
we essentially revert all changes brought by this merge:
- Drop lp1820068.patch, introduced in 2.13.2-9ubuntu7: it's included
in the 2.13.3 upstream release already.
- Don't enable ubuntu/parser-conf-no-expr-simplify.patch, that Ubuntu just
re-enabled: in Debian we don't disable expression tree simplification,
because we've cherry-picked an upstream patch that improves its
performance sufficiently.
-- intrigeri <intrigeri@debian.org> Sat, 27 Jul 2019 17:18:43 +0000
apparmor (2.13.3-3) unstable; urgency=medium
[ Michael Biebl ]
* Move libraries back to /usr/lib
[ intrigeri ]
* Remove Lintian override made obsolete by the move to /usr/lib/apparmor/
* Avoid-blhc-CPPFLAGS-missing-false-positive.patch: new patch.
* Revert "debian/control: Breaks on snapd < 2.38~"
Jamie Strandboge explained in details on #932815 the rationale behind this
Breaks relationship. The user impact seems non-critical and the risk of the
problem happening in practice is very low, so for now let's remove this
Breaks, that prevents apparmor from migrating to testing (we don't have
snapd 2.38+ in Debian yet).
-- intrigeri <intrigeri@debian.org> Tue, 23 Jul 2019 22:19:02 +0000
apparmor (2.13.3-2) unstable; urgency=medium
* Install the lsb_release profile.
-- intrigeri <intrigeri@debian.org> Wed, 17 Jul 2019 19:41:32 +0000
apparmor (2.13.3-1) unstable; urgency=medium
* Import new 2.13.3 upstream release and accordingly:
- Update dev-pkg-without-shlib-symlink Lintian override: soname
was bumped to 1.6.1.
- Drop patches that were applied upstream.
* Merge ubuntu/2.13.2-9ubuntu6, dropping the Ubuntu delta (Closes: #926015):
- lp1824812.patch: set SFS_MOUNTPOINT in is_container_with_internal_policy()
since it is sometimes called independently of is_apparmor_loaded()
(LP: #1824812)
- debian/apparmor.postrm: remove parser-created subdirs
- debian/tests/control: try Ubuntu kernel but mark skip-not-installable
- regression testsuite fixes:
upstream-commit-add-option-to-dump-policy-cache-with-libapparmor.patch,
upstream-commit-teach-aa_policy_cache_sh-about-the-new-cache.patch,
upstream-commit-fix-variable-name-overlap-in-merge-macro.patch
- debian/debhelper/postrm-apparmor: also remove cache files
- debian/control: Breaks on snapd < 2.38~ (the cache forest breaks snap
remove)
* Declare compatibility with Debian Policy 4.4.0.
* Bump debhelper compatibility level to 12. Accordingly:
- dh_installinit: replace --no-restart-on-upgrade with its new
--no-stop-on-upgrade name
- Add override_dh_installsystemd that mimics our override_dh_installinit
* tests/compile-policy: check syntax of kopano profiles (implements
#923313 except kopano-search, until giraffe-team/kopanocore!4 is merged
and uploaded)
-- intrigeri <intrigeri@debian.org> Wed, 17 Jul 2019 17:55:09 +0000
# Older entries have been removed from this changelog.
# To read the complete changelog use `apt changelog libapparmor1`.
Generated by dwww version 1.16 on Tue Dec 16 16:45:35 CET 2025.