lp://staging/ubuntu/wily-proposed/apparmor

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Bug #1413410: Unable to match embedded NULLs in unix bind rule for abstract sockets	High	In Progress
Bug #1466812: aa-logprof crash	High	Triaged

Link a bug report

Related blueprints

96. By Steve Beattie on 2015-09-01

debian/libapparmor-dev.manpages: add 5 missing libapparmor manpages
(LP: #1491147, LP: #1384431)

95. By Dimitri John Ledkov on 2015-08-15

Rebuild against python3.5.

94. By Tyler Hicks on 2015-08-12

* debian/patches/parser-fix-cache-file-mtime-regression.patch: Fix a bug
  that resulted in the mtime of generate policy cache files to be set
  incorrectly. The mtime of cache files should be the newest mtime detected
  on the profile and abstraction files used to generate the policy cache
  file. However, the bug caused the mtime of the policy cache file to either
  not be updated or to be updated to an incorrect time. (LP: #1484178)
* debian/patches/parser-verify-cache-file-mtime.patch: Add tests to verify
  that the policy cache file's mtime is being set correctly and that cache
  handling is correct when the profile or abstraction files are newer than
  the policy cache file.
* debian/patches/parser-run-caching-tests-without-apparmorfs.patch,
  debian/patches/parser-do-cleanup-when-test-was-skipped.patch: Enable the
  caching tests to run on the buildds even though apparmorfs isn't mounted.

93. By Steve Beattie on 2015-07-31

* debian/patches/aa-status-dont_require_python3-apparmor.patch:
  make aa-status(8) work even when python3-apparmor is not installed,
  otherwise dh_apparmor postinst snippets can fail (LP: #1480492)
* debian/control: make apparmor-utils depend on the same package
  version of python3-apparmor

92. By Steve Beattie on 2015-07-23

* Update to apparmor 2.10
  - libapparmor added functions to ease loading profile cache files to
    help support systemd on-demand load of policy (LP: #1385414)
  - apparmor parser: fixed policy generation to allow matching
    embedded NULs in abstract unix socket names (LP: #1413410)
  - aa-status: don't traceback when not permitted to read current
    set of apparmor policy (LP: #1466768)
  - aa-logprof: don't crash on policies that have an #include of a
    directory (LP: #1471425)
  - aa-logprof: fix crash when network rejections occur when file
    operations are performed on network sockets (LP: #1466812)
* dropped reproducible-pdf.patch, incorporated upstream
* debian/patches/tests-fix_sysctl_test.patch: fix sysctl test failure
  with 4.1 kernel and newer.
* debian/control: add alternate dependency on linux-initramfs-tool
  (LP: #1109029)
* debian/libapparmor1.symbols: update symbols file for added symbols
  in libapparmor

91. By Steve Langasek on 2015-07-22

No-change rebuild for python3.5 transition

90. By Steve Beattie on 2015-05-11

* Update to apparmor 2.9.2
  - Fix minitools to work with multiple profiles at once (LP: #1378095)
  - Parse mounts that have non-ascii UTF-8 chars (LP: #1310598)
  - Update dovecot profiles (LP: #1296667)
  - Allow ubuntu-helpers to build texlive fonts (LP: #1010909)
* dropped patches incorporated upstream:
  add-mir-abstraction-lp1422521.patch, systemd-dev-log-lp1413232.patch
  parser-fix_modifier_compilation_+_tests.patch,
  tests-fix_systemd_breakage_in_pivot_root-lp1436109.patch,
  GDM_X_authority-lp1432126.patch, and
  debian/patches/easyprof-framework-policy.patch
* Partial merge with debian apparmor package:
  - debian/rules: enable the bindnow hardening flag during build.
  - debian/upstream/signing-key.asc: add new upstream public
    signing key
  - debian/watch: fix watch file, add gpg signature checking
  - install libapparmor.so dev symlink under /usr not /lib
  - debian/patches/reproducible-pdf.patch: make techdoc.pdf
    reproducible even in face of timezone variations.
  - debian/control: sync fields
  - debian/debhelper/postrm-apparmor: remove
    /etc/apparmor.d/{disable,} on package purge
  - debian/libapache2-mod-apparmor.postrm: on package purge, delete
    /etc/apparmor.d/{,disable} if empty
  - debian/libapparmor1.symbols: Use Build-Depends-Package in the
    symbols file.
  - debian/copyright: sync

89. By Serge Hallyn on 2015-04-02

Make debian/lib/apparmor/profile-load executable.

88. By Jamie Strandboge on 2015-03-28

[ Steve Beattie ]
* debian/rules: run make check on the libapparmor library
* add-chromium-browser.patch: add support for chromium policies
  (LP: #1419294)
* debian/apparmor.{init,upstart}: add support for triggering
  aa-profile-hook runs when packages are updated via snappy system
  image updates (LP: #1434143)
* parser-fix_modifier_compilation_+_tests.patch: fix compilation
  of audit modifiers for exec and pivot_root and deny modifiers on
  link rules as well as significantly expand related tests
  (LP: #1431717, LP: #1432045, LP: #1433829)
* tests-fix_systemd_breakage_in_pivot_root-lp1436109.patch: work
  around pivot_root test failures due to init=systemd (LP: #1436109)
* GDM_X_authority-lp1432126.patch: add location GDM creates Xauthority
  file to X abstraction (LP: #1432126)

[ Jamie Strandboge ]
* easyprof-framework-policy.patch: add --include-templates-dir and
  --include-policy-groups-dir options to easyprof to support framework
  policy on snappy

[ Robie Basak ]
* Add /lib/apparmor/profile-load; moved from
  /lib/init/apparmor-profile-load from the upstart package. A wrapper at
  the original path is now provided by init-system-helpers. (LP: #1432683)

87. By Jamie Strandboge on 2015-03-06

systemd-dev-log-lp1413232.patch: Allow writes to the systemd journal
socket /{,var}/run/systemd/journal/dev-log. This can be dropped with
with AppArmor 2.9.2. (LP: #1413232)