-
apparmor (2.8.96~2652-0ubuntu5.3) 14.09; urgency=medium
* debian/lib/apparmor/functions: disable expr tree simplification for
/var/lib/apparmor/profiles (LP: #1383858)
* parser-dont-skip-read-cache-with-optimizations.patch: don't skip read
cache when specifying '-O' (LP: #1385947)
* 10-lp1371771.patch, 11-lp1371765.patch: refresh for the above
-- Jamie Strandboge <email address hidden> Mon, 27 Oct 2014 07:13:42 -0500
-
apparmor (2.8.96~2652-0ubuntu5.1) 14.09; urgency=medium
* debian/apparmor.{upstart,init}: check if click-apparmor md5sums changed so
we regenerate the policy if it changes too (LP: #1371574)
* debian/lib/apparmor/functions: fall back to using -n1 if the parser failed
to load a profile set. This should be removed when the parser properly
handles profile sets with corrupted profiles (LP: #1377338).
-- Jamie Strandboge <email address hidden> Tue, 07 Oct 2014 09:24:45 -0500
-
apparmor (2.8.96~2652-0ubuntu5) utopic; urgency=medium
[ Jamie Strandboge ]
* sanitized-helpers-updates.patch: update ubuntu-helpers for unix mediation
* 10-lp1371771.patch: don't exit prematurely and fail to load remaining
policy if encounter a corrupt cache file (LP: #1371771)
* 11-lp1371765.patch: if a cache load fails, attempt to rebuild and load it
(LP: #1371765)
* debian/lib/apparmor/functions:
- don't return 0 on parsing failure. Patch thanks to Felix Geyer
(LP: #1370228)
- use xargs -n1 when we don't have cache files, but omit it when we do.
This allows taking full advantage of xargs -P when we need it most,
without the cost when we don't.
[ Steve Beattie ]
* update_socketpair_tests_for_af_unix.patch,
fix_socketpair_tests.patch: update socketpair regression tests for
af_unix socket mediation
-- Jamie Strandboge <email address hidden> Mon, 22 Sep 2014 09:39:10 -0500
-
apparmor (2.8.96~2652-0ubuntu3) utopic; urgency=medium
* 08-phpsysinfo-policy-updates.patch: update for new phpsysinfo on Ubuntu
14.10
* 09-apache2-policy-instructions.patch: update for recent Debian/Ubuntu
packaging
* debian/control: update Breaks for apparmor-easyprof-ubuntu, libvirt-bin,
and lightdm. Add Breaks on rsyslog.
apparmor (2.8.96~2652-0ubuntu2) utopic; urgency=medium
* 07-parser-fix_local_perms.patch: do not output local permissions for rules
that have peer_conditionals. Patch from John Johansen
apparmor (2.8.96~2652-0ubuntu1) utopic; urgency=medium
* Updated to r2652 snapshot of 2.8.96 (LP: #1362199, LP: #1341152)
[ Steve Beattie ]
* removed upstreamed patches:
- dnsmasq-libvirtd-signal-ptrace.patch
- update-base-abstraction-for-signals-and-ptrace.patch
- update-nameservice-abstraction-for-extrausers.patch
- debian/apparmor-profiles.install: dropped program-chunks/postfix-common,
moved to abstractions/ and covered by apparmor.install
- refreshed libapparmor-layout-deb.patch patch
* Add in Tyler Hicks' regression test improvements:
- 01-tests-unix_socket_lists.patch,
- 02-tests-accept_unix_rules_in_mkprofile.patch,
- 03-tests-unix_sockets_v7_pathnames.patch,
- 04-tests-migrate_from_poll_to_sockio_timeout.patch,
- 05-tests-add_abstract_socket_tests.patch,
* 07-parser-fix_local_perms.patch: do not output local permissions
for rules that have peer_conditionals
[ Jamie Strandboge ]
* add-chromium-browser.patch: update for unix socket mediation
* drop-peer_addr-with-local-addr-in-base.patch: don't use peer=(addr=none)
with getattr, getopt, setopt and shutdown
[ Tyler Hicks ]
* debian/lib/apparmor/functions, debian/apparmor.init,
debian/apparmor.upstart: Ensure system policy cache cannot become stale
after image based upgrades that update the system profiles (LP: #1350673)
* parser-include-usr-share-apparmor.patch, debian/apparmor.install: Adjust
the default parser.conf file, to add /usr/share/apparmor as an additional
search path when resolving include directives in profiles, and install the
file in /etc/apparmor. Ubuntu places hardware specific access rules in
/usr/share/apparmor/hardware. This change allows these files to be
included without using an absolute path (e.g.,
'#include <hardware/graphics.d>').
-- Jamie Strandboge <email address hidden> Mon, 08 Sep 2014 16:13:10 -0500
-
apparmor (2.8.96~2541-0ubuntu2) utopic; urgency=medium
* update-nameservice-abstraction-for-extrausers.patch: update nameservice
abstraction to allow passwd and group when using libnss-extrausers
-- Jamie Strandboge <email address hidden> Mon, 28 Jul 2014 08:16:39 -0500