Change log for apparmor package in Debian
| 1 → 75 of 120 results | First • Previous • Next • Last |
apparmor (3.0.13-2) unstable; urgency=medium * Revert "Vcs-* control fields: track the debian/experimental branch" * Revert "gbp.conf: set debian-branch to debian/experimental" * Upload to unstable -- intrigeri <email address hidden> Mon, 25 Mar 2024 10:52:20 +0000
| Deleted in experimental-release (Reason: None provided.) |
apparmor (3.0.13-1) experimental; urgency=medium
[ intrigeri ]
* Don't install
/etc/apparmor.d/abstractions/ubuntu-browsers.d/chromium-browser
(Closes: #1039668)
* Declare compliance with Policy 4.6.2
* Update build dependency: pkg-config → pkgconf
* Fix spelling error in README.source
* autopkgtests: enforce "set -u" in scripts
* autopkgtests: make scripts ShellCheck-compliant
* Import new upstream release (Closes: #1057453)
[ Helmut Grohne ]
* Fix FTCBFS: Fix confusion of compiler flags for python extension
(Closes: #1057188)
[ Michael Biebl ]
* Install PAM module, binaries and helper scripts into /usr.
(Closes: #1064151)
[ Remus-Gabriel Chelu ]
* Add Romanian translation of debconf templates (Closes: #1031142)
-- intrigeri <email address hidden> Wed, 28 Feb 2024 17:21:10 +0000
apparmor (3.0.12-1) unstable; urgency=medium
* New upstream releases: 3.0.9, 3.0.10, 3.0.11, and 3.0.12
(Closes: #929990, #1037578, #1040481)
* Drop patches that are part of new upstream releases
* Adjust to profiles renamed upstream
* Refresh remaining patches
* Install new profiles
* Don't install new clamd profile: clamav-daemon ships one
* Adjust to profile renamed upstream
-- intrigeri <email address hidden> Sun, 16 Jul 2023 14:39:37 +0000
apparmor (3.0.8-3) unstable; urgency=medium * Cherry-pick a few small, targeted fixes from upstream 3.0 branch -- intrigeri <email address hidden> Tue, 14 Feb 2023 11:49:15 +0000
apparmor (3.0.8-2) unstable; urgency=medium
* Only pin the policy ABI, not the kernel ABI.
This brings back the desired behavior that we had on Bullseye.
Fixes regression introduced in 3.0.3-1.
* Drop obsolete dependency on lsb-base: it's transitional
and provided by sysvinit-utils, which is essential
-- intrigeri <email address hidden> Wed, 18 Jan 2023 11:10:22 +0000
apparmor (3.0.8-1) unstable; urgency=medium * New upstream release * debian/watch: only track the 3.0 series for now * Add upstream patch to fix test suite -- intrigeri <email address hidden> Sat, 10 Dec 2022 17:54:51 +0000
apparmor (3.0.7-1) unstable; urgency=medium * New upstream release -- intrigeri <email address hidden> Tue, 16 Aug 2022 14:09:22 +0000
apparmor (3.0.6-1) unstable; urgency=medium * New upstream release (Closes: #1015354) * Drop patch that was applied upstream * Enable LTO * Declare compliance with Policy 4.6.1 -- intrigeri <email address hidden> Tue, 02 Aug 2022 09:15:54 +0000
apparmor (3.0.5-1) unstable; urgency=medium * New upstream release * Drop patches that were applied upstream * Drop profile-load script: part of upstream 3.0.5 * Install newly upstreamed aa-notify.desktop instead of the custom Debian one * Rename debian/master branch to debian/unstable * New patch, to fix new upstream "dirtest" test * Install new samba-* profiles -- intrigeri <email address hidden> Mon, 25 Jul 2022 13:46:44 +0000
apparmor (3.0.4-3) unstable; urgency=medium * Cherry-pick 7 patches from upstream apparmor-3.0 branch (Closes: #1003153) * Adjust overrides for recent Lintian * Override Lintian false positives -- intrigeri <email address hidden> Wed, 06 Jul 2022 07:48:25 +0000
apparmor (3.0.4-2) unstable; urgency=medium * Add upstream commit that makes the test suite compatible with Python 3.10 -- intrigeri <email address hidden> Wed, 23 Feb 2022 09:48:59 +0000
apparmor (3.0.4-1) unstable; urgency=medium
* New upstream release
* apparmor-profiles: install new samba-bgqd profile
* Drop backported patches that are now obsolete
* debian/allow-access-to-ibus-socket.patch: drop support for pre-Bullseye
ibus path
* Declare compliance with Policy 4.6.0.1
* Drop XS- prefix for adopted Python-Version control field
* Add new symbols
-- intrigeri <email address hidden> Sat, 12 Feb 2022 12:34:23 +0000
apparmor (3.0.3-6) unstable; urgency=medium
* debian/rules: let "set -e" take effect (Closes: #998843)
* Add support for Python 3.10 (Closes: #998686):
- upstream-ab4cfb5e-replace-distutils-with-setuptools.patch: new patch,
edited to drop changes to upstream .gitignore.
- Add build-dependency on python3-setuptools
-- intrigeri <email address hidden> Thu, 18 Nov 2021 09:15:55 +0000
apparmor (3.0.3-5) unstable; urgency=medium
[ Debian Janitor ]
* Remove constraints unnecessary since stretch.
[ Helmut Grohne ]
* Make the package cross-buildable (Closes: #984582):
- Multiarchify python Build-Depends
- Let dh_auto_build pass cross tools to make
- Annotate perl build-dependency with !nocheck
[ intrigeri ]
* Remove obsolete libapparmor-perl on upgrade
-- intrigeri <email address hidden> Sat, 23 Oct 2021 10:22:04 +0000
apparmor (3.0.3-4) unstable; urgency=medium * Merge apparmor-easyprof into apparmor-utils (Closes: #972880) * Make apparmor-utils and python3-apparmor arch:all (Closes: #972881) -- intrigeri <email address hidden> Sun, 17 Oct 2021 17:23:17 +0000
apparmor (3.0.3-3) unstable; urgency=medium * Adjust gbp.conf and Vcs-* control fields for 3.0.x now being in sid. * Stop building the libapparmor-perl binary package (Closes: #993565) * Update Lintian overrides * Add B-D on dh-sequence-python3, to workaround #996089 in Lintian * B-D: python3-all → python3-all:any, to appease Lintian -- intrigeri <email address hidden> Wed, 13 Oct 2021 05:56:16 +0000
apparmor (3.0.3-2) unstable; urgency=medium * Upload to unstable -- intrigeri <email address hidden> Fri, 03 Sep 2021 08:23:30 +0000
| Deleted in experimental-release (Reason: None provided.) |
apparmor (3.0.3-1) experimental; urgency=medium
* New upstream release
* Drop debian/Revert-libapparmor-fixing-setup.py-call-when-crosscompili.patch:
obsolete
* Refresh patches
* Merge changes from sid, up to 2.13.6-10
* upstream-6cfc6eee-python-3.10.patch: new patch,
for compatibility with Python 3.10
-- intrigeri <email address hidden> Mon, 23 Aug 2021 18:25:14 +0000
apparmor (2.13.6-10) unstable; urgency=medium
* autopkgtest: use hint-testsuite-triggers to ensure dummy test is not run
(Closes: #954655)
-- intrigeri <email address hidden> Sat, 03 Apr 2021 06:09:19 +0000
| Deleted in experimental-release (Reason: None provided.) |
apparmor (3.0.1-6) experimental; urgency=medium * autopkgtest: use hint-testsuite-triggers to ensure dummy test is not run -- intrigeri <email address hidden> Fri, 02 Apr 2021 11:38:16 +0000
| Superseded in experimental-release |
apparmor (3.0.1-5) experimental; urgency=medium * Merge changes from sid, up to 2.13.6-9 -- intrigeri <email address hidden> Fri, 12 Feb 2021 14:37:24 +0000
apparmor (2.13.6-9) unstable; urgency=medium
* usr.lib.dovecot.script-login: don't include non-existent local override file
(Closes: #982112)
* Declare compliance with Policy 4.5.1
-- intrigeri <email address hidden> Sat, 06 Feb 2021 17:07:35 +0000
apparmor (2.13.6-8) unstable; urgency=medium
* Backport patch from upstream 3.0 series, which ports aa-status to C
(upstream-commit-8f9046b-port-aa-status-to-c.patch), then
drop obsolete dependency from the apparmor binary package
on python3 (Closes: #981442)
* Annotate test dependencies <!nocheck> (Closes: #981205).
Thanks to Helmut Grohne <email address hidden> for the patch!
-- intrigeri <email address hidden> Fri, 05 Feb 2021 11:24:57 +0000
| Superseded in experimental-release |
apparmor (3.0.1-4) experimental; urgency=medium * apparmor: drop obsolete dependency on python3 (#981442) * Merge changes from sid, up to 2.13.6-7 -- intrigeri <email address hidden> Fri, 05 Feb 2021 06:48:41 +0000
apparmor (2.13.6-7) unstable; urgency=medium * Supersede failed dgit upload. -- intrigeri <email address hidden> Fri, 15 Jan 2021 13:16:37 +0000
apparmor (2.13.6-3) unstable; urgency=medium
* Only pin the policy ABI, not the kernel ABI.
I hope this fixes the regressions, on older kernels, caused by pinning
the Linux 5.9 feature set, that I guess is the reason behind the
several autokpgtest regressions caused by 2.13.6-2 (debci runs
on Linux 4.19.x).
-- intrigeri <email address hidden> Mon, 28 Dec 2020 11:41:02 +0000
apparmor (2.13.6-2) unstable; urgency=medium * Pin the Linux 5.9 feature set -- intrigeri <email address hidden> Sun, 27 Dec 2020 10:24:57 +0000
| Superseded in experimental-release |
apparmor (3.0.1-3) experimental; urgency=medium * Supersede failed, incomplete dgit upload -- intrigeri <email address hidden> Sun, 27 Dec 2020 10:44:24 +0000
| Superseded in experimental-release |
apparmor (3.0.0-1) experimental; urgency=medium
* New upstream release (Closes: #930031)
* Merge ubuntu/3.0.0-0ubuntu1:
- Drop upstreamed patches
- d/apparmor.install:
+ install new aa-features-abi binary to /usr/bin
+ include abi/ directory and tunables/etc.
- d/apparmor.manpages:
+ install new aa-features-abi.1 manpage
+ install apparmor_xattrs.7 manpage
- d/apparmor-profiles.install:
+ install new usr.lib.dovecot.script-login
+ adjust for renamed postfix profiles
+ add usr.bin.dumpcap to extra-profiles
+ remove usr.sbin.nmbd and usr.sbin.smbd from extra-profiles
(already in apparmor-profiles)
- d/control:
+ apparmor-utils: drop perl dependency
+ Update apparmor-notify dependencies: it was ported to Python
- d/tests/test-installed:
+ include libraries/ in workdir so tests have access to private
headers
- New patches:
+ d/p/u/parser-Fix-warning-message-when-complain-mode-is-for.patch:
Provide better message about caching not happening due to a profile
being in force-complain mode. (LP: #1899218)
+ d/p/ubuntu/lp1891338.patch: adjust ubuntu-integration to use
abstractions/exo-open (LP: #1891338)
+ d/p/ubuntu/lp1889699.patch: adjust to support brave in ubuntu
abstractions (LP: #1889699)
+ d/p/ubuntu/lp1881357.patch: adjust for new ICEauthority path in /run
(LP: #1881357)
* Drop another already upstreamed patch
* Upstream the patches added by Ubuntu
* New patches:
- upstream-commit-9350038-add-CAP_CHECKPOINT_RESTORE.patch:
fixes FTBFS on Linux 5.9
- upstream-commit-5958930-add-_aa_asprintf-to-private-symbols.patch:
fixes symbols discrepancy
- upstream-commit-51144b5-apparmor_xattrs.7-fix-whatis-entry.patch
- upstream-commit-11d1f38-Fix-typos.patch
- debian/Revert-libapparmor-fixing-setup.py-call-when-crosscompili.patch:
fixes passing hardening LDFLAGS to Python build
* apparmor-profiles: install new php-fpm profile
* Tell dh_missing that we purposely don't ship the chromium-browser profile
* Override a Lintian false positive
-- intrigeri <email address hidden> Sun, 25 Oct 2020 12:03:26 +0000
apparmor (2.13.5-1) unstable; urgency=medium
* New upstream release (Closes: #868563, #934869, #969267)
* Drop patches now included upstream
* Refresh patches
* d/apparmor.install: Install new file 'tunables/run' under '/etc/apparmor.d'
* upstream-commit-145136f-fix-2.13-libapparmor-so-version.patch: new patch
* Stop building on non-Linux architectures (Closes: #972049).
Thanks to Laurent Bigonville <email address hidden> for the suggestion.
* Drop obsolete Lintian overrides
* Update Lintian override name
* Bump debhelper compat level to 13
* Update symbols list
* Install gettext translations
* apparmor-profiles: install a few more profiles (usr.bin.mlmmj-receive,
usr.lib.postfix.dnsblog, usr.lib.postfix.postscreen)
* debian/not-installed: list files not installed on purpose
* Adjust *.install source files to appease dh_missing
* autopkgtests: don't try to test disabled Thunderbird profile
* Merge ubuntu/2.13.3-7ubuntu6. Remaining included changes after resolving
conflicts and dropping patches included in 2.13.{4,5}:
- debian/control: add Breaks on snapd < 2.44.3+20.04~ since prior snapd
versions assume that apparmor will load the snapd policy on boot
-- intrigeri <email address hidden> Sat, 24 Oct 2020 17:15:28 +0000
apparmor (2.13.4-3) unstable; urgency=medium
* apparmor-profiles: provide (upstream) bug reporting instructions
* upstream-commit-1f319c3-systemd-userdbd-compat.patch: new patch
(Closes: #962405)
-- intrigeri <email address hidden> Tue, 16 Jun 2020 13:09:13 +0000
apparmor (2.13.4-2) unstable; urgency=medium
* apparmor-profiles: don't ship redundant freshclam profile (Closes: #959915)
* Apply upstream !465: fix the build with make 4.3
* Drop unused Lintian override
* GitLab CI:
- allow reprotest to fail without failing the whole pipeline
- enable diffoscope for reprotest
-- intrigeri <email address hidden> Mon, 25 May 2020 09:23:21 +0000
apparmor (2.13.4-1) unstable; urgency=medium
* New upstream release
* Switch to HTTPS for upstream homepage URL
* apparmor-profiles: install missing usr.lib.dovecot.stats profile
(Closes: #953268)
* Drop backported patches that are now obsolete.
* Cherry-picked from Ubuntu:
- Update ibus abstract path for ibus 1.5.22
- debian/control: drop Breaks that were only needed for upgrades to bionic
* Drop obsolete Lintian overrides
* Add python3-all to Build-Depends
* Override Lintian false positive
* Declare compliance with Policy 4.5.0
* Apply upstream !464: let Mesa check if the kernel supports
the i915 perf interface
-- intrigeri <email address hidden> Tue, 31 Mar 2020 08:45:58 +0000
apparmor (2.13.3-7) unstable; urgency=medium
* Add explicit build dependency on dh-python, so that this package
can built with python3-defaults 3.7.5-3.
-- intrigeri <email address hidden> Fri, 15 Nov 2019 10:37:05 +0000
apparmor (2.13.3-6) unstable; urgency=medium [ Matthias Klose ] * debian/rules: ensure "set -e" is honored (Closes: #943649). * Add upstream-mr-430-Fix-a-Python-3.8-autoconf-check.patch (Closes: #943657). -- intrigeri <email address hidden> Tue, 29 Oct 2019 18:57:51 +0000
apparmor (2.13.3-5) unstable; urgency=medium * upstream-mr-419-Xwayland-vs-recent-mutter.patch: new patch (Closes: #935058) -- intrigeri <email address hidden> Sun, 08 Sep 2019 08:00:56 +0000
apparmor (2.13.3-4) unstable; urgency=medium
* New patch, cherry-picked and adapted from Ubuntu: don't include local/
snippets in the Dovecot profiles. These inclusions of non-existing files
break aa-genprof (Closes: #928160).
* Merge ubuntu/2.13.2-9ubuntu7, which turns out to be a no-op, because
we essentially revert all changes brought by this merge:
- Drop lp1820068.patch, introduced in 2.13.2-9ubuntu7: it's included
in the 2.13.3 upstream release already.
- Don't enable ubuntu/parser-conf-no-expr-simplify.patch, that Ubuntu just
re-enabled: in Debian we don't disable expression tree simplification,
because we've cherry-picked an upstream patch that improves its
performance sufficiently.
-- intrigeri <email address hidden> Sat, 27 Jul 2019 17:18:43 +0000
apparmor (2.13.3-3) unstable; urgency=medium
[ Michael Biebl ]
* Move libraries back to /usr/lib
[ intrigeri ]
* Remove Lintian override made obsolete by the move to /usr/lib/apparmor/
* Avoid-blhc-CPPFLAGS-missing-false-positive.patch: new patch.
* Revert "debian/control: Breaks on snapd < 2.38~"
Jamie Strandboge explained in details on #932815 the rationale behind this
Breaks relationship. The user impact seems non-critical and the risk of the
problem happening in practice is very low, so for now let's remove this
Breaks, that prevents apparmor from migrating to testin (we don't have
snapd 2.38+ in Debian yet).
-- intrigeri <email address hidden> Tue, 23 Jul 2019 22:19:02 +0000
apparmor (2.13.3-2) unstable; urgency=medium * Install the lsb_release profile. -- intrigeri <email address hidden> Wed, 17 Jul 2019 19:41:32 +0000
apparmor (2.13.2-10) unstable; urgency=medium
* Don't load AppArmor policy when running in a Debian Live environment
that uses overlayfs (Closes: #922378).
Rationale: the storage stack set up by live-boot with overlayfs
is not supported by our AppArmor policy at the moment, resulting
in breakage of confined software such as Evince and LibreOffice.
* Ship nvidia_modprobe in enforce mode (Closes: #923273).
- Rationale: as explained by Seth Arnold <email address hidden>
on #923273#32, profiles in complain mode can chew up essentially
unlimited amounts of non-swappable kernel memory and huge amounts
of IO bandwidth logging ALLOWED messages, which can in turn
use large amounts of storage. This is why Ubuntu has applied this change
already for their upcoming release.
- Scope of this change: in Buster, this profile is used in one single place
— the usr.lib.libreoffice.program.soffice.bin profile — for which it was
developed and tested in the first place. So the risk and potential
problematic impact of this change seems pretty low.
* Cherry-pick the most important and non-invasive fixes
from the upstream apparmor-2.13 maintenance branch:
- base abstraction: allow mr on *.so* in common library paths,
i.e. don't assume all common libraries' name starts with "lib".
At the very least, this fixes Qt5 applications under some
VirtualBox graphics configuration, where otherwise they would
not start at all (Closes: Tails#16414).
Upstream commits: 8dff7dc, 08f9d16
- Fix 2 segfaults spotted upstream while writing automated tests
for the multicache support (upstream MR!348):
· in overlaydirat_for_each, segfault caused by repeatedly freeing
the same memory area;
· when loading policy cache files, due to incorrect size passed
to qsort().
Upstream commits: 5704fba, 01aec04
-- intrigeri <email address hidden> Sat, 30 Mar 2019 13:23:11 +0000
apparmor (2.13.2-9) unstable; urgency=medium
* Revert "Add autopkgtest that checks if apparmor.service starts
on package installation". It passes with the schroot and qemu
backends locally but fails on ci.debian.net.
-- intrigeri <email address hidden> Mon, 25 Feb 2019 06:10:18 +0000
apparmor (2.13.2-8) unstable; urgency=medium
* Cherry-pick 5 more commits from upstream apparmor-2.13 branch
(Closes: #921866).
* Cherry-pick upstream MR!344 (Closes: #920833, #921888).
* Install the nvidia_modprobe named profile (Closes: #921875)
and add it to the list of profiles whose syntax is checked
via autopkgtests.
* Patch usr.sbin.smdb to include snippet generated at runtime
(part of the fix for #896080).
* New autopkgtest: ensure apparmor.service starts on
package installation.
* Update salsa CI pipeline.
-- intrigeri <email address hidden> Sun, 24 Feb 2019 17:00:23 +0000
apparmor (2.13.2-7) unstable; urgency=medium
* Stop shipping /var/cache/apparmor/CACHEDIR.TAG (Closes: #920682)
* New patches, cherry-picked from upstream !320, so the "audio"
abstraction grants read access to Alsa and libao config files
(Closes: #920669, #920670).
-- intrigeri <email address hidden> Thu, 31 Jan 2019 09:51:59 +0000
apparmor (2.13.2-6) unstable; urgency=medium
* initscript: implement missing aa_log_action_begin and
aa_log_action_end functions (Closes: #917962).
-- intrigeri <email address hidden> Mon, 28 Jan 2019 18:11:53 +0000
apparmor (2.13.2-5) unstable; urgency=medium
* Really move libapparmor.so unversioned symlink to /lib/<triplet>
(Closes: #919705).
* Add Lintian override for dev-pkg-without-shlib-symlink: arguably
a false positive (see #843932).
* Add Lintian override for uses-dpkg-database-directly: false positive.
* Declare compliance with Standards-Version 4.3.0.
* autopkgtests:
- Test compiling many more profiles:
- all profiles that apparmor-profiles-extra ships in enforce mode
- the profiles shipped by bind9, cups-browsed, haveged,
libreoffice-common, man-db, ntp, onioncircuits, tcpdump, thunderbird,
and tor
- another profile shipped by libvirt-daemon-system
- Declare that the compile-policy test is not superficial anymore.
- Make the parser verbose in the compile-policy test.
-- intrigeri <email address hidden> Mon, 28 Jan 2019 08:29:19 +0000
apparmor (2.13.2-4) unstable; urgency=medium
* Move libapparmor.so unversioned symlink to /lib/<triplet> (Closes: #919705).
* New patches, cherry-picked from upstream:
- Make tunables/share play well with aliases.
- Fix access to /usr/share/drirc.d.conf (Closes: #919775).
- Fix access to the default paths used by dehydrated in Debian.
- Support new font configuration paths.
- Support libvirt named profile.
- Fix access to /etc/alsa/conf.d/.
* autopkgtests: test compiling more profiles shipped by other packages.
* Patch the dnsmasq profile to fix ptrace and signal communication
with libvirtd.
-- intrigeri <email address hidden> Sun, 27 Jan 2019 17:07:34 +0000
apparmor (2.13.2-3) unstable; urgency=medium * Update upstream MR!252 backport to fix initscript (Closes: #917874) -- intrigeri <email address hidden> Tue, 01 Jan 2019 18:03:54 +0000
apparmor (2.13.2-2) unstable; urgency=medium
* Patch rc.apparmor.functions to suit Debian/Ubuntu's needs.
* Port initscript, systemd service, postinst and profile-load
to use the upstream rc.apparmor.functions shell library.
This way, the systemd service does not require the SysV initscript
anymore (Closes: #870697).
* Drop obsolete /etc/apparmor/subdomain.conf conffile.
-- intrigeri <email address hidden> Sat, 29 Dec 2018 17:50:23 +0000
apparmor (2.13.2-1) unstable; urgency=medium
* Import new upstream release, drop backported patches that are now obsolete,
refresh remaining patches.
* autopkgtest: add dummy test so that changes to linux-image-amd64
trigger our other tests on ci.debian.net
* Replace home-made GitLab CI with the standard Salsa pipeline
(Closes: #912722).
* Drop extra signatures from public upstream signing key.
-- intrigeri <email address hidden> Sat, 22 Dec 2018 13:26:14 +0000
apparmor (2.13.1-3) unstable; urgency=medium
* GitLab CI/Lintian: install dpkg-dev, that ships dpkg-architecture,
needed to run some Lintian checks.
* Re-enable expression tree simplification and cherry-pick upstream patch
that improves its performance.
* Bump debhelper compatibility level to 11.
* Patch apparmor.d(5) to document which features are not supported on Debian
(Closes: #807369).
* Patch apparmor(7) to document debugging options (Closes: #826218).
-- intrigeri <email address hidden> Tue, 30 Oct 2018 10:57:44 +0000
apparmor (2.13.1-2) unstable; urgency=medium
* Deal with obsolete /etc/apparmor.d/abstractions/launchpad-integration
conffile (Closes: #911745).
* Declare autopkgtests as superficial (Closes: #911827).
Adjust GitLab CI configuration to cope with exit code 8 accordingly.
-- intrigeri <email address hidden> Fri, 26 Oct 2018 12:08:26 +0000
apparmor (2.13.1-1) unstable; urgency=medium
[ intrigeri ]
* New upstream release (Closes: #901470, #871441).
* Bump pinned feature set to linux-image-4.18.0-2-amd64, version 4.18.10-2.
* Add Breaks: apparmor-profiles-extra (<< 1.21): the Pidgin profile up
to 1.20 used the launchpad-integration abstraction, that was removed
in AppArmor 2.13.1.
* Drop backported patches that are now obsolete.
* Refresh patches.
* Add debian/.gitlab-ci.yml: build the package then run Lintian
and autopkgtests on it.
* upstream-commit-3bf11ce-Fix-syntax-error-in-rc.apparmor.functions.patch,
upstream-commit-b77116e-Add-profile-names.patch: new patches to fix
regressions introduced in 2.13.1.
* Drop unused Lintian override.
* Declare compliance with policy 4.2.1.
* Update symbols list.
* Honor nocheck in DEB_BUILD_OPTIONS.
* Make /lib/apparmor/apparmor.systemd executable.
[ Sven Joachim ]
* Do not remove /var/cache/apparmor/CACHEDIR.TAG on upgrades
(Closes: #910217).
[ Helmut Grohne ]
* Don't hard code the location of netinet/in.h (Closes: #909966).
-- intrigeri <email address hidden> Sun, 21 Oct 2018 08:32:47 +0000
apparmor (2.13-8) unstable; urgency=medium
* Only fix permissions on /lib/apparmor/apparmor.systemd when building
arch-dependent packages. Fixes FTBFS when building only
arch:all packages.
-- intrigeri <email address hidden> Thu, 02 Aug 2018 06:12:18 +0000
apparmor (2.13-7) unstable; urgency=medium
* Move the binary cache to /var/cache/apparmor (Closes: #904637).
And then:
- Delete obsolete cache files in /var/cache/apparmor on upgrade.
- initscript: document the potential drawback of loading the policy
before remote filesystems are mounted.
* Turn off expression tree simplification, that makes performance
much worse in some cases, and rarely much better.
* Fix aa-teardown by installing /lib/apparmor/apparmor.systemd
and making it executable.
* Override a few Lintian false positives.
-- intrigeri <email address hidden> Thu, 02 Aug 2018 01:29:03 +0000
apparmor (2.13-6) unstable; urgency=low
* Install new tunables/share, needed by tunables/global.
Fixes regression introduced in 2.13-5 (Closes: #904970).
* New autopkgtest: test that we can compile the Evince profile.
Having this in place earlier would have avoided introducing #904970.
-- intrigeri <email address hidden> Mon, 30 Jul 2018 07:46:00 +0000
apparmor (2.13-5) unstable; urgency=low
* freedesktop.org abstraction: support directories exported by Flatpak apps,
replacing former flatpak-exports.patch with the patchset that was merged
upstream (Closes: #865206).
-- intrigeri <email address hidden> Mon, 30 Jul 2018 00:27:57 +0000
apparmor (2.13-4) unstable; urgency=medium
* Stop building the Python 2 bindings packages: python-apparmor,
python-libapparmor (Closes: #904599).
* Mark libapparmor-perl Multi-Arch: same.
* dh-apparmor's postinst snippet template: drop now useless backwards
compatibility code; simplify.
-- intrigeri <email address hidden> Fri, 27 Jul 2018 12:00:18 +0000
apparmor (2.13-3) unstable; urgency=medium
* Upload to unstable.
* Set proper SELinux labels on files created during installation or upgrade.
Thanks to Laurent Bigonville <email address hidden> for the bug report
and the patch! (Closes: #903633)
* Fix CACHEDIR.TAG installation path and let dpkg replace the CACHEDIR.TAG
directory (erroneously created by 2.13-1 and 2.13-2) with a regular file.
(Closes: #883584)
* New patch: make aa-notify point to Debian documentation (Closes: #904436).
Thanks to Clément Hermann <email address hidden> for the bug report.
* Install Dovecot profiles in /usr/share/apparmor/extra-profiles/
instead of /etc/apparmor.d/: the previous setup created lots of noise
in the logs and gave no security benefit. Thanks to Jonas Smedegaard
<email address hidden> for raising the issue.
* Skip *.dpkg-(new|old|dist|bak|remove) when falling back to calling the
parser on individual profiles. Fixes a regression introduced in 2.13-1
and adds .dpkg-remove, that was missing in the exclusion list before.
* Bump pinned feature set to linux-image-4.17.0-1-amd64, version 4.17.8-1.
-- intrigeri <email address hidden> Wed, 25 Jul 2018 13:28:53 +0000
apparmor (2.12-5) unstable; urgency=medium
* upstream-commit-d9d3cae-adjust-python-abstraction-for-python-3.patch:
new patch, to avoid breaking things with Python 3.7.
-- intrigeri <email address hidden> Sat, 07 Jul 2018 16:50:01 +0000
| Deleted in experimental-release (Reason: None provided.) |
apparmor (2.13-2) experimental; urgency=medium
* Merge from sid:
- upstream-commit-d9d3cae-adjust-python-abstraction-for-python-3.patch:
new patch, to avoid breaking things with Python 3.7.
* Regarding the "Don't invalidate the cache anymore […]" change inrtoduced
in 2.13-1: one can manually do that with apparmor_parser --purge.
-- intrigeri <email address hidden> Sat, 07 Jul 2018 17:15:31 +0000
| Superseded in experimental-release |
apparmor (2.13-1) experimental; urgency=medium
* New upstream release (Closes: #893974).
* Drop backported and upstreamed patches that are now obsolete.
* Refresh and export patches with gbp.
* debian/libapparmor1.symbols: add newly introduced symbols.
* upstream-commit-e83fa67-fix-test-failures.patch: new patch,
cherry-picked from upstream, that fixes test suite failures.
* Declare compatibility with Standards-Version 4.1.4.
* debian/rules: drop deprecated get-orig-source target.
* Merge 2.12-4ubuntu5 (dropping the Ubuntu delta):
- Drop support for snap v1.
* Add Lintian overrides for a few non-issues.
* debian/apparmor.dirs, debian/lib/apparmor/functions:
adjust for new (multi-)cache location.
* Install /etc/apparmor.d/cache.d/CACHEDIR.TAG (Closes: #883584).
* Install aa-teardown and its manpage.
* initscript: drop sysvinit-specific "recache" and "teardown" commands.
* Simplify foreach_configured_profile() thanks to recent parser features.
* aa-remove-unknown: use upstream functions instead of custom ones,
i.e. one step towards deprecating distro-specific /lib/apparmor/functions.
To make this work:
- install the upstream shell functions library
- patch one upstream function to add support for the snap profile directory
and to not depend on aa_log_*_msg()
* Don't invalidate the cache anymore when stopping, reloading or restarting
the service, nor when installing or upgrading the apparmor package:
the parser now manages its caches itself.
* debian/lib/apparmor/functions: drop a bunch of functions that are not
used anymore, thanks to the aforementioned changes.
* Make apparmor.service more similar to upstream's:
- reorder directives
- use the same Description as upstream
- start After=systemd-journald-audit.socket
* apparmor.service: point to current homepage.
-- intrigeri <email address hidden> Wed, 13 Jun 2018 09:15:02 +0000
apparmor (2.12-4) unstable; urgency=medium
* Migrate patch handling to gbp-pq (Closes: #888244).
* Merge 2.12-3ubuntu1 (dropping the Ubuntu delta):
- upstream-commit-46f88f5-properly-identify-empty-ouid-fsuid-fields.patch:
new patch, properly identify empty ouid/fsuid fields in logs.
- upstream-commit-130958a-allow-shell-helper-read-locale.patch:
new patch, allow the shell helper regression test program read
the locale.
-- intrigeri <email address hidden> Sun, 18 Mar 2018 13:47:35 +0000
| Published in stretch-release |
apparmor (2.11.0-3+deb9u2) stretch; urgency=medium
* Move the features file to /usr/share/apparmor-features;
accordingly remove the old (now obsolete) '/etc/apparmor/features'
conffile (Closes: #883682).
* Configure gbp for DEP-14 and avoid gbp-pq prefixing patches
with numbers.
-- intrigeri <email address hidden> Tue, 27 Feb 2018 10:59:06 +0000
apparmor (2.12-3) unstable; urgency=medium
* dnsmasq-profile-allow-chown-capability.patch: new patch (Closes: #889806)
* Update-base-abstraction-for-ld.so.conf-and-friends.patch: new patch,
cherry-picked from upstream (solves a minor part of #887973).
* libapparmor-perl: install example program.
-- intrigeri <email address hidden> Sun, 25 Feb 2018 18:23:21 +0000
apparmor (2.12-2) unstable; urgency=medium
* This release is dedicated to the memory of Ursula K. Le Guin.
* Install the "extra" profiles to the default upstream directory
(Closes: #832984).
* Cherry-pick policy improvements from upstream Git (Closes: #887591).
* Stop recommending the apparmor-profile package to the general public:
- apparmor: drop "Suggests: apparmor-profile".
- apparmor-profile: make it clear in the package description that
these profiles cannot be expected to work out-of-the-box.
* Bump debhelper compatibility level to 10.
- This reintroduces --parallel building, which was fixed upstream
since we disabled it.
- Don't manually enable the systemd debhelper sequence: now done
by default.
- Drop now useless build-dependency on autotools-dev.
* Declare compliance with Standards-Version 4.1.3 (no change required).
* debian/control: add Rules-Requires-Root: no.
- Cherry-pick upstream fix to pam_apparmor's Makefile.
* Packaging cleanup:
- Remove Kees Cook <email address hidden> from the Uploaders control field.
Thanks a lot for the inspiring work you've done on this package
in the past!
- Remove obsolete calls to rm_conffile.
- debian/copyright: use canonical URL to copyright-format/1.0.
- debian/copyright: sort licenses in lexical order.
- Use canonical URL to Debian bug in patch header.
- debian/*.install: remove duplicates.
- Stop versioning dependencies that are satisfied on Debian Wheezy
and Ubuntu Trusty.
- Reformat debian/* with 'cme fix dpkg' + wrap-and-sort.
-- intrigeri <email address hidden> Wed, 24 Jan 2018 09:18:26 +0000
apparmor (2.12-1) unstable; urgency=medium
* New upstream release (Closes: #885522, #882043, #884014, #886732,
#875892, #882070, #874665, #884280, #881936, #882135).
- Drop obsolete patches.
* dh-apparmor postinst snippet: create empty files in
/etc/apparmor.d/local/ instead of repeating boilerlate.
* dh-apparmor postinst snippet: simplify local overrides directory
creation code.
* Migrate to Git:
- Configure gbp for DEP-14
- Configure gbp-pq to avoid prefixing patches with numbers
- README.source: adjust to Git
- Update Vcs-* control fields: migrate to Git
* Move libpam to Section: admin
-- intrigeri <email address hidden> Sun, 14 Jan 2018 17:01:17 +0000
apparmor (2.11.1-4) unstable; urgency=medium
* Bump pinned feature set to linux-image-4.14.0-1's, version 4.14.2-1
- Pinning a feature set without "mount", as we did before this change,
breaks mount operations due to a bug in the kernel (Closes: #883703).
Thanks to Fabian Grünbichler and Felix Geyer for reporting this.
- AppArmor maintainers in Debian have been testing 4.14 without pinning
for a while and all the known issues were fixed; it's time to enable
4.14's features so we can learn what parts of our policy still need
updates (Closes: #880078, #877581).
* Move features file to /usr/share/apparmor-features (Closes: #883682).
Thanks to Fabian Grünbichler <email address hidden> for the patch.
* Document in apparmor/README.Debian where online documentation wrt. AppArmor
on Debian lives (Closes: #845232). Thanks to Wouter Verhelst and Jean-Michel
Vourgère for the suggestion.
* Improve usability of apparmor-notify:
- notify.conf: unset use_group.
aa-notify checks that it can read the selected log file — and aborts
if it can't — before it checks group membership vs. use_group, so in
practice setting use_group is only useful for users who are allowed
to read logs but don't want to see notifications. This seems to be
a corner case, easily addressed per-user (~/.apparmor/notify.conf)
or system-wide (by deinstalling apparmor-notify).
So let's instead optimize for a more common use case, i.e. users who can
read logs and want to see the notifications. This change does not
impact the most common use case, i.e. desktop users who are not allowed
to read logs (Closes: #880859).
- Document in apparmor-notify/README.Debian that one must be in the "adm"
group to use aa-notify.
Thanks to Lisandro Damián Nicanor Pérez Meyer and Salvatore Bonaccorso
whose combined bug reports lead to this solution.
* /lib/apparmor/functions: don't delete /etc/apparmor.d/cache/CACHEDIR.TAG
ourselves (necessary, but not sufficient, to fix #883584).
* Declare compliance with Standards-Version 4.1.2.
-- intrigeri <email address hidden> Thu, 07 Dec 2017 07:32:02 +0000
apparmor (2.11.1-3) unstable; urgency=medium
* upstream-commit-92752f5-support-Google-Chrome-beta.patch:
new patch, backported from upstream (Closes: #880923).
-- intrigeri <email address hidden> Sun, 05 Nov 2017 19:26:47 +0000
apparmor (2.11.1-2) unstable; urgency=medium
* apparmor: drop obsolete dependency on libapparmor-perl.
This dependency was added in 2.8.0-0ubuntu15, when aa-exec (that was
written in Perl back then) got moved to the apparmor package.
Nowadays aa-exec is written in C and AFAICT there's nothing in the
apparmor package that uses libapparmor-perl.
* apparmor-utils: drop obsolete dependency on libapparmor-perl.
All the programs shipped in this package were rewritten in Python.
* Drop obsolete dependencies on python{,3}-pkg-resources.
They were added to "fix autopkgtests in click-apparmor and
apparmor-easyprof-ubuntu". We don't ship these packages in Debian,
and I'm told they're going away in Ubuntu anyway.
-- intrigeri <email address hidden> Wed, 25 Oct 2017 13:58:08 +0000
apparmor (2.11.1-1) unstable; urgency=medium
* Import upstream 2.11.1 release.
Drop obsolete patches and refresh remaining ones as need.
* pin-feature-set.patch: new patch, that pins the AppArmor feature set
to Linux 4.13.4-2's (Closes: #879584).
The AppArmor policy we ship is not fully ready for Linux 4.14 yet.
Once our policy has been updated (#877581) we can bump the pinned
feature set to Linux 4.14's.
Note, however, that this is not fully effective in the specific case
of 4.14-rcN up to 4.14-rc6 due to a kernel bug with pinned older
feature sets, that will likely be fixed in Linux 4.14-rc7.
For example, with Linux 4.14-rc5 some network (e.g. unix, inet, inet6)
operations are denied despite the fact this pinned feature does not
enable network mediation support. For details, see:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1721278
* Disable parser-include-usr-share-apparmor.patch: it's not used on Debian
and would be made fuzzy by pin-feature-set.patch, thus causing useless
maintenance busywork.
* Improve phrasing of long packages description, based on a patch
by Vincas Dargis <email address hidden> (Closes: #795431).
* Replace build-dependency on dh-systemd with a versioned one
on debhelper, that now ships dh_systemd_*.
* Set priority to "optional": "extra" is deprecated.
* Bump Standards-Version to 4.1.1.
* Drop "Testsuite: autopkgtest" control field: it is automatically added
by dpkg-source(1) since dpkg 1.17.1 when a debian/tests/control file exists,
which is the case here.
* Move libapache2-mod-apparmor to Section "httpd", as suggested by Lintian.
-- intrigeri <email address hidden> Mon, 23 Oct 2017 14:19:33 +0000
apparmor (2.11.0-11) unstable; urgency=medium
* Only use systemd-detect-virt when it's installed (Closes: #871953).
* dh_apparmor: include the version of the package, so that one can find
packages that were built with a particular version of dh_apparmor.
(Closes: #872167).
* Import patch submitted upstream to support Flatpak exports
(Closes: #865206).
* Revert "Build with GCC-6 on mips64el to workaround Debian#871538":
that gcc-7 bug was fixed in 7.2.0-3 on 2017-09-02, presumably all buildd's
chroot should have it by now.
* Merge from Ubuntu citrain up to revision 1627, aka. 2.11.0-2ubuntu17.
Applied all changes (filtering from that list what had already been
done in Debian):
- Remove apparmor system upstart job on upgrades.
- r3631-apparmor-utils-python3.6-LOCALE.patch: fix utils to avoid
breakage with python 3.6 (LP: #1661766).
- nameservice-add-stub-resolv.patch: allow read access to systemd stub
resolver configuration
-- intrigeri <email address hidden> Sun, 03 Sep 2017 09:05:00 +0000
apparmor (2.11.0-10) unstable; urgency=medium * Build with GCC-6 on mips64el to workaround #871538. -- intrigeri <email address hidden> Wed, 09 Aug 2017 13:37:47 +0000
apparmor (2.11.0-9) unstable; urgency=medium
* debian-chromium-paths.patch: new patch, fixes e.g. opening links
(e.g. from Thunderbird) when Chromium is the default web browser
(reported in #858911).
-- intrigeri <email address hidden> Mon, 07 Aug 2017 22:36:01 +0000
apparmor (2.11.0-7) unstable; urgency=medium
* compare_and_save_debsums(): fix quieting of diff on initial installation
(Closes: #870696).
* Don't explicitly pass runlevel nor sequence number to update-rc.d
via dh_installinit (Closes: #870695).
Thanks to Michael Biebl for the hint!
* wayland-cursor.patch: new patch, to allow wayland-cursor-shared-*
(Closes: #870807).
* Merge from Ubuntu citrain up to revision 1620, i.e. 2.11.0-2ubuntu11.
Applied all changes:
- fix-aa-status-pod.patch: updates aa-status for newer podchecker
(LP: #1707614)
- adjust-python-for-3.6.patch: update python abstraction for 3.6
- adjust-nameservice-for-systemd-resolved.patch: grant access to
systemd-resolved in the nameservice abstraction (LP: #1598759).
… and then disabled adjust-nameservice-for-systemd-resolved.patch
that's dangerous without fine-grained AppArmor mediation of
D-Bus traffic.
* Remove upstart configuration: Upstart was removed in Debian Stretch
so this file is no longer useful.
* Drop ubuntu-manpage-updates.patch, that was only relevant with Upstart.
-- intrigeri <email address hidden> Sat, 05 Aug 2017 14:21:08 +0000
apparmor (2.11.0-6) unstable; urgency=medium * libapparmor-dev: stop installing /lib/*/libapparmor.la (Closes: #866636). -- intrigeri <email address hidden> Fri, 30 Jun 2017 17:20:45 +0000
| 1 → 75 of 120 results | First • Previous • Next • Last |
