apparmor (2.1+1075-0ubuntu9) hardy; urgency=low * parser/rc.apparmor.functions: do not abort if parser is missing, in the case of an unpurged "apparmor" init script running under SELinux. -- Kees Cook Mon, 07 Apr 2008 13:25:06 -0700 apparmor (2.1+1075-0ubuntu8) hardy; urgency=low * Sync bugfixes from upstream 8.04 branch, svn 1161. - documentation updated to reflect AppArmor 2.1 features. - minor profile updates (nscd, ntpd, opera) - util/SubDomain.pm: corrected mask merging and type detection. -- Kees Cook Wed, 02 Apr 2008 15:48:58 -0700 apparmor (2.1+1075-0ubuntu7) hardy; urgency=low * profiles/apparmor.d/abstractions/nameservice: (LP: #207912) - fix ldap path - add nsswitch "db" backend paths -- Kees Cook Thu, 27 Mar 2008 14:19:06 -0700 apparmor (2.1+1075-0ubuntu6) hardy; urgency=low [ Kees Cook ] * utils/SubDomain.pm: - fix up mask parsing to match kernel version (LP: #202920). - fix up syslog parsing regexp to match broken kernels (LP: #202888). * profiles/apparmor.d/abstractions/base: add licenses path for reading. * profiles/apparmor.d/abstractions/freedesktop.org: include /usr/local. * profiles/apparmor.d/usr.sbin.smbd: include print client abstraction. * profiles/apparmor.d/abstractions/nameservice: include missing gai.conf (LP: #202991). [ Jamie Strandboge ] * add Debian Policy compliant way to toggle complain mode (LP: #203137) - parser/rc.apparmor.functions: add '-C' to PARSER_ARGS if force-complain/ exists - utils/enforce: remove symlink in force-complain/ - debian/rules: create /etc/apparmor.d/force-complain -- Kees Cook Mon, 17 Mar 2008 10:28:23 -0700 apparmor (2.1+1075-0ubuntu5) hardy; urgency=low * profiles/apparmor.d/abstractions/python: update shared python locations. * debian/control: adjust Depends to allow sysvinit (LP: #199871). -- Kees Cook Tue, 11 Mar 2008 15:25:11 -0700 apparmor (2.1+1075-0ubuntu4) hardy; urgency=low [ Jamie Strandboge ] * removed usr.sbin.named and usr.sbin.mysqld, as these will be provided be bind9 and mysql-server-5.0, respectively. [ Mathias Gug ] * profiles/apparmor.d/abstractions/ssl_keys: add ssl_keys abstraction, to be used by profiles accessing ssl privates keys. [ Rick Clark ] * added abstraction for likewise-open. -- Mathias Gug Wed, 13 Feb 2008 19:16:12 -0500 apparmor (2.1+1075-0ubuntu3) hardy; urgency=low * profiles/apparmor.d/abstractions/fonts: add missing ~/.fonts.conf * profiles/apparmor.d/sbin.klogd: add newly needed @{PROC}/kallsyms -- Kees Cook Wed, 16 Jan 2008 14:16:18 -0800 apparmor (2.1+1075-0ubuntu2) hardy; urgency=low * utils/apparmor_status: fix module loaded test to handle built-in. -- Kees Cook Thu, 03 Jan 2008 17:24:40 -0800 apparmor (2.1+1075-0ubuntu1) hardy; urgency=low [ Mathias Gug ] * profiles/apparmor.d/abstractions/nameservice: update nameservice abstraction to support nscd setup. [ Kees Cook ] * merge with upstream trunk revision 1075. * debian/{control,apparmor.postrm,apparmor.postinst,apparmor.initramfs}: dropped module hook since module is loaded in kernel automatically now. * debian/rules: tweaked get-orig-source to use defined variables. * debian/copyright: mention "get-orig-source" build rule. * debian/{rules,control,libpam-apparmor.docs}: add libpam-apparmor now that PAM is 0.99. -- Kees Cook Thu, 03 Jan 2008 13:29:31 -0800 apparmor (2.1+993-0ubuntu3) gutsy; urgency=low [ Mathias Gug ] * Add mdns4 resolution to nameservice abstraction. (LP: #148579). * Update syslog-ng profile. (LP: #148708). * Add xen tls libraries to base abstraction. (LP: #150282). * Update cups-client abstraction: add /var/run/cups/cups.sock. (LP: #151269) [ Kees Cook ] * Adjust KDE abstractions for Ubuntu paths (LP: #148309). -- Kees Cook Fri, 12 Oct 2007 12:54:36 -0700 apparmor (2.1+993-0ubuntu2) gutsy; urgency=low [ Mathias Gug ] * debian/control: Set maintainer to Ubuntu Core Developers. * utils/SubDomain.pm, utils/logprog.conf: refactor readprofiledir() to not fail on non-existing profile directory. Fixes LP: #141128. * debian/rules: don't compress profiles in doc/extras/. * utils/SubDomain.pm: Fix regex so that aa-logprof can find audit messages in syslog files. Fixes LP: #140508. * Update usr.sbin.nscd profile. Fixes LP: #144383. [ Kees Cook ] * abstractions/gnupg: drop bad attempt at general-purpose client rule. * abstractions/fonts: adjust for new syntax, add more local fonts paths. * abstractions/nameservice: add mmap permission to some /etc files. -- Kees Cook Tue, 25 Sep 2007 10:23:29 -0700 apparmor (2.1+993-0ubuntu1) gutsy; urgency=low * new merge from upstream: * fixes to support new audit messages sent by the kernel module. * bump in minor library version for libapparmor. * debian/control: Add perl libterm-readkey-perl and librpc-xml-perl dependencies for apparmor-utils. Fixes LP: #139757, LP: #139091. * utils/SubDomain.pm: Re-enable RPC client for remote repositories. * profiles/apparmor.d/sbin.syslogd: update profile. Fixes LP: #140672, LP: #140274. -- Mathias Gug Tue, 18 Sep 2007 11:12:50 -0400 apparmor (2.1+961-0ubuntu5) gutsy; urgency=low * utils/SubDomain.pm, parser/rc.apparmor.functions: skip .dpkg-dist profiles. * debian/rules, debian/apparmor.postinst: fix postinst script failure on upgrades. Fix LP: #139683. -- Mathias Gug Fri, 14 Sep 2007 17:20:01 -0400 apparmor (2.1+961-0ubuntu4) gutsy; urgency=low [ Mathias Gug ] * debian/rules: Fix libapparmor-dev build. * apparmor-profiles: remove gnupg.moved. [ Kees Cook ] * abstractions: adjust gnome for new syntax. * abstractions: adjust aspell to add locking. -- Kees Cook Fri, 14 Sep 2007 09:34:15 -0700 apparmor (2.1+961-0ubuntu3) gutsy; urgency=low [ Mathias Gug ] * Update avahi-daemon profile: add m permission to /etc/password and /etc/group. [ Kees Cook ] * Rename libapparmor1-dev back to libapparmor-dev. -- Kees Cook Thu, 13 Sep 2007 15:44:30 -0700 apparmor (2.1+961-0ubuntu2) gutsy; urgency=low [ Mathias Gug ] * Disable html documentation: Fixes LP: #139091. * parser/Makefile, debian/rules: disable html documentation building. * debian/control: remove latex2html dependency. * profiles/apparmor.d/usr.sbin.avahi-daemon: add sys_chroot capability. Fixes LP: #139092. [ Kees Cook ] * profiles/apparmor.d/abstractions/user-tmp: adjust directory permissions for newly unmasked /tmp handling (LP: #138978). * utils/SubDomain.pm: disable remote repositories until RPC::XML MIR clears (LP: 139091). * utils/*.pod: adjust for Ubuntu paths and "aa-" prefixes (LP: #116647). * Fix upgrades to not unload profiles, which would cause programs to become unconfined: - debian/rules: don't stop apparmor on upgrades. - debian/apparmor.postinst: reload profiles after a configure. -- Kees Cook Wed, 12 Sep 2007 13:14:02 -0700 apparmor (2.1+961-0ubuntu1) gutsy; urgency=low * New upstream version. * Support resolvconf. Fix LP: #132468. * Move package maintainance to bzr: * Apply all patches directly into the tree with dpatch apply-all. * debian/patches/: remove all patches as they are applied inline now. * debian/control, debian/control.modules.in: remove dpatch from Build Depends. * debian/rules: * remove dpatch include. * remove patch and unpatch dependencies * debian/control: * Rename libapparmor-dev to libapparmor1-dev. Add Provides: and Conflict: tags. * Remove universe component in Section tag. * Remove apparmor-utils depends on bsdutils. * Update apparmor-modules Recommends to apparmor-modules-2.1. * utils/: * Add audit man page. * Fix mod_appamor library: remove rpath info. * debian/rules: remove rpath info. * debian/control: add chrpath as a build dependency. * Remove apparmor-modules-source package: * debian/conrol: remove apparmor-modules-source package. * debian/apparmor.postinst, debian/apparmor.preinst, debian/apparmor.prerm: remove error_handler function. * debian/rules: remove error_handler option from dh_installinit. * debian/apparmor-modules-_KVERS_.postinst.modules.in, debian/control.modules.in: remove control and postinst files. -- Mathias Gug Tue, 11 Sep 2007 10:44:56 -0400 apparmor (2.0.1+510.dfsg-0ubuntu25) gutsy; urgency=low * debian/rules: move tunables/ and abstractions/ in apparmor package. Fixes LP: #130114. -- Mathias Gug Mon, 06 Aug 2007 14:40:37 -0400 apparmor (2.0.1+510.dfsg-0ubuntu24) gutsy; urgency=low * Cannot Depend on apparmor-modules-* in apparmor due to germinate issues. Moved to Recommends. -- Kees Cook Mon, 23 Jul 2007 11:08:38 -0700 apparmor (2.0.1+510.dfsg-0ubuntu23) gutsy; urgency=low * debian/control: add explicit Depends on l-u-m apparmor kernel modules. -- Kees Cook Wed, 18 Jul 2007 21:07:03 -0700 apparmor (2.0.1+510.dfsg-0ubuntu22) gutsy; urgency=low * 13-subdomain.pm-skip-files.dpatch: update isSkippable function in SubDomain.pm to skip the same files as rc.apparmor.functions (used by the init script) : .dpkg-old, .dpkg-new and symlinks in disable/ sub-directory. -- Mathias Gug Thu, 12 Jul 2007 06:56:45 -0400 apparmor (2.0.1+510.dfsg-0ubuntu21) gutsy; urgency=low * 07-apparmor-init-script.dpatch, debian/rules: skip profiles that have a link in /etc/apparmor.d/disable. Update rules file : create /etc/apparmor.d/disable. -- Mathias Gug Mon, 09 Jul 2007 11:07:29 -0400 apparmor (2.0.1+510.dfsg-0ubuntu20) gutsy; urgency=low * debian/control - fix typo in XS-Vcs. - adjust apparmor-modules-source to no longer be required and document the fact that the modules come from the linux-ubuntu-modules package now. - add initramfs-tools for loading apparmor modules early. * debian/apparmor.{initramfs,postinst,prerm}, debian/rules: install initramfs hook and update-initramfs for adding armor modules for boot. -- Kees Cook Fri, 06 Jul 2007 03:41:06 -0700 apparmor (2.0.1+510.dfsg-0ubuntu19) gutsy; urgency=low * Update 11-getprocattr-api.dpatch: pass back the correct string pointer so as to not corrupt kernel memory (LP: #123081). * debian/control: add XS-Vcs for bzr branch. -- Kees Cook Tue, 03 Jul 2007 09:07:52 -0700 apparmor (2.0.1+510.dfsg-0ubuntu18) gutsy; urgency=low * 02-profile-abstractions-ubuntu.dpatch: add m permission for all libraries under /usr/lib/**, so that ssl libraries optimized for i686 can be accessed. * 09-profile-usr-sbin-mysqld.dpatch: add m permission to /etc/passwd, /etc/group. * 12-profile-samba.dpatch: add profile for smbd and nmbd daemons from samba. * 99-complain-all-profiles.dpatch: turn complain mode for smbd and nmbd profiles. -- Mathias Gug Fri, 29 Jun 2007 15:19:15 +0200 apparmor (2.0.1+510.dfsg-0ubuntu17) gutsy; urgency=low * Update 11-getprocattr-api.dpatch: match upstream more closely, check for errors. -- Kees Cook Tue, 26 Jun 2007 16:00:08 -0700 apparmor (2.0.1+510.dfsg-0ubuntu16) gutsy; urgency=low * Added 11-getprocattr-api.dpatch: update kernel module for getprocattr API change (LP: #122444). -- Kees Cook Tue, 26 Jun 2007 15:21:54 -0700 apparmor (2.0.1+510.dfsg-0ubuntu15) gutsy; urgency=low * debian/apparmor.init: do not unload apparmor module on stop, since it already defaults to capabilities-compatible fall back and we don't want to lose the started process knowledge of the module for the next load of the parser. * Added 10-namespace-header.dpatch: include namespace_sem extern, since mnt_namespace.h is missing it currently. * Updated 07-apparmor-init-script.dpatch: ignore .dpkg-old profiles. -- Kees Cook Tue, 26 Jun 2007 10:04:54 -0700 apparmor (2.0.1+510.dfsg-0ubuntu14) gutsy; urgency=low * Correct missing libapparmor1 file contents. -- Kees Cook Thu, 21 Jun 2007 08:04:42 -0700 apparmor (2.0.1+510.dfsg-0ubuntu13) gutsy; urgency=low * 02-profile-abstractions-ubuntu.dpatch: add /lib/tls/i686/cmov/lib* to base abstraction to support i686 optimized libraries from libc6-i686 package. * 09-profile-usr-sbin-mysqld.dpatch: * add profile usr.sbin.mysqld * update abstractions/mysql * debian/rules: remove extras/usr.sbin.mysqld. * 99-complain-all-profiles.dpatch: * put mysqld profile in complain mode. * put named profile in complain mode. -- Mathias Gug Wed, 20 Jun 2007 12:12:28 -0400 apparmor (2.0.1+510.dfsg-0ubuntu12) gutsy; urgency=low * Add missing dh_makeshlibs call to rules, fix up libapparmor naming. -- Kees Cook Wed, 20 Jun 2007 09:15:48 -0700 apparmor (2.0.1+510.dfsg-0ubuntu11) gutsy; urgency=low * Packaged libapparmor, libapparmor-dev, and libapache2-mod-apparmor. -- Kees Cook Mon, 18 Jun 2007 18:27:46 -0700 apparmor (2.0.1+510.dfsg-0ubuntu10) gutsy; urgency=low * 02-profile-abstractions-ubuntu.dpatch, 06-profile-usr-sbin-named.dpatch: move /dev/random into abstractions/base. * 06-profile-usr-sbin-named.dpatch: Add sys_chroot capability. * debian/rules: don't package aa-eventd and Reports.pm as they use perl modules not maintained in main. Reports.pm is only used by Yast for now. aa-eventd maintains an sqlite database of audit messages which is used by Reports.pm. If configured (not by default), aa-eventd can also send emails when AppArmor audit messages are emited. * debian/control: Add universe component to Section: header. Needed to make it work with PPA. -- Mathias Gug Fri, 15 Jun 2007 12:47:05 -0400 apparmor (2.0.1+510.dfsg-0ubuntu9) gutsy; urgency=low * 06-profile-usr-sbin-named.dpatch : Generate a new profile for /usr/sbin/named to make it work with bind9. * debian/apparmor.init, 07-apparmor-init-script.dpatch: merge ubuntu changes with the latest version from upstream. * 99-complain-all-profiles.dpatch : put all profiles into complain mode by default. Add a small script (put-all-profiles-in-complain-mode.sh) in debian/ that takes care of automatically setting all profiles into complain mode. This script should be used by the maintainer to set all profiles in complain mode before packaging them. -- Mathias Gug Wed, 6 Jun 2007 13:41:57 -0400 apparmor (2.0.1+510.dfsg-0ubuntu8) gutsy; urgency=low * Start apparmor as early as possible in the boot process : just after mountall in rcS.d. Add preinst script to remove symlinks previously installed in rc*.d/. (LP: #116624). * Sync 04-apparmor-status.dpatch with upstream apparmor_status. The previous patch has been merged in upstream. * Update klogd profile : add /var/run/klogd/klogd.pid and /var/run/klogd/kmsg to the profile. -- Mathias Gug Thu, 31 May 2007 14:26:03 -0400 apparmor (2.0.1+510.dfsg-0ubuntu7) gutsy; urgency=low * 03-profile-usr-sbin-ntpd.dpatch: udpdate profile for ntpd daemon. Add /var/lib/ntp/ntp.drift and /var/log/ntpstats/peerstats* to the profile. * 04-apparmor-status.dpatch: improve apparmor_status script. Report more detailed information. -- Mathias Gug Tue, 29 May 2007 13:05:55 -0400 apparmor (2.0.1+510.dfsg-0ubuntu6) gutsy; urgency=low * 02-profile-abstractions-ubuntu.dpatch: Update abstractions for changes specific to Gnome, Debian, and 32bit on 64bit environments. * debian/control: adjust Recommends to apparmor-modules-source (LP: #113553). * debian/apparmor.init: moved rmmod/modprobe into init script, and dropped alias to avoid confusion and move control of the LSM closer to loading the profiles and work around capability already being loaded in the initrd (LP: #113887). -- Kees Cook Thu, 17 May 2007 20:34:41 -0700 apparmor (2.0.1+510.dfsg-0ubuntu5) gutsy; urgency=low * 01-logger-path.dpatch: Fix path to logger (LP: #112147). -- Kees Cook Thu, 03 May 2007 11:59:34 -0700 apparmor (2.0.1+510.dfsg-0ubuntu4) feisty; urgency=low * debian/control: move apparmor-modules to Recommends to Avoid uninstallable situation when AppArmor modules haven't yet been compiled/installed. -- Kees Cook Wed, 11 Apr 2007 11:39:39 -0700 apparmor (2.0.1+510.dfsg-0ubuntu3) feisty; urgency=low * debian/rules, debian/apparmor.{postinst,prerm}: ignore init script failures so that they don't block package installs/upgrades/uninstalls. -- Kees Cook Wed, 11 Apr 2007 08:52:37 -0700 apparmor (2.0.1+510.dfsg-0ubuntu2) feisty; urgency=low * debian/control: add missing Depend on 'dpatch' for modules-source. -- Kees Cook Sat, 7 Apr 2007 09:35:16 -0700 apparmor (2.0.1+510.dfsg-0ubuntu1) feisty; urgency=low * Initial release, thanks to Magnus Runesson and Jesse Michael (LP: #95334). -- Kees Cook Fri, 23 Mar 2007 16:42:01 -0700