apparmor (2.5.1-0ubuntu0.10.04.2) lucid-security; urgency=low * Fix for apparmor_parser not generating correct policy when mixing exec transitions with and without unconfined fallback transitions. - debian/patches/0013-lp693082.patch: adjust dfa match flag table size and fix index calculation for pux and cux. - LP: #693082 -- Jamie Strandboge Wed, 05 Jan 2011 12:15:29 -0600 apparmor (2.5.1-0ubuntu0.10.04.1) lucid-proposed; urgency=low * Backport 2.5.1-0ubuntu0.10.10.1 from maverick for userspace tools to work with newer kernels (LP: #660077) NOTE: user-tmp now uses 'owner' match, so non-default profiles will have to be adjusted when 2 separately confined applications that both use the user-tmp abstraction depend on being able to cooperatively share files with each other in /tmp or /var/tmp. * remove the following patches (features not appropriate for SRU): - 0002-add-chromium-browser.patch - 0003-local-includes.patch - 0004-ubuntu-abstractions-updates.patch * debian/rules (this makes it the same as what was shipped in 10.04 LTS release): - don't ship aa-update-browser and its man page (requires 0004-ubuntu-abstractions-updates.patch) - don't ship apparmor.d/local/ (requires 0003-local-includes.patch) - don't use dh_apparmor (not in Ubuntu 10.04 LTS) - don't ship chromium profile * remove debian/profiles/chromium-browser * remove debian/aa-update-browser* * debian/apparmor-profiles.postinst: revert to that in lucid release (requires dh_apparmor and 0002-add-chromium-browser.patch) * remove debian/apparmor-profiles.postrm: doesn't make sense without 0002-add-chromium-browser.patch * debian/control: - revert Build-Depends on debhelper (>= 5) - revert Standards-Version to 3.8.4 - revert Vcs-Bzr - use Conflicts/Replaces version that was in Ubuntu 10.04 LTS * debian/patches/0011-lucid-compat-dbus.patch: move /var/lib/dbus/machine-id back into dbus, since profiles on 10.04 LTS expect it there * debian/patches/0012-lucid-compat-kde.patch: add kde4-config to kde abstraction, since the firefox profile on Ubuntu 10.04 LTS expects it to be there -- Jamie Strandboge Tue, 02 Nov 2010 13:33:15 -0500 apparmor (2.5.1-0ubuntu0.10.10.2) maverick-proposed; urgency=low * New upstream release (LP: #660077) - The following patches were refreshed: + 0001-fix-release.patch + 0003-local-includes.patch + 0004-ubuntu-abstractions-updates.patch + 0008-lp648900.patch: renamed as 0005-lp648900.patch - The following patches were dropped (included upstream): + 0005-lp601583.patch + 0006-network-interface-enumeration.patch + 0007-gnome-updates.patch * debian/patches/0006-testsuite-fixes.patch: testsuite fixes from head of 2.5 branch. These are needed for QRT and SRU testing (LP: #652211) * debian/patches/0007-honor-cflags.patch: have the parser makefile honor CFLAGS environment variable. Brings back missing symbols for the retracer * debian/patches/0008-lp652674.patch: fix warnings for messages without denied or requested masks (LP: #652674) * debian/apparmor.init: fix path to aa-status (LP: #654841) * debian/apport/source_apparmor.py: apport hook should use root_command_hook() for running apparmor_status (LP: #655529) * debian/apport/source_apparmor.py: use ProcKernelCmdline and don't clobber cmdline details (LP: #657091) * debian/{rules,control}: move apache2 abstractions into the base package so we can put apache2 profiles into the -profiles package without aa-logprof bailing out. Patch by Marc Deslauriers. (LP: #539441) * debian/patches/0009-sensible-browser-pix.patch: use Pix with sensible-browser * debian/patches/0010-ubuntu-buildd.patch: skip parser caching test if the AppArmor securityfs introspection directory is not mounted, as is the case on Ubuntu buildds. -- Jamie Strandboge Tue, 02 Nov 2010 12:04:06 -0500 apparmor (2.5.1~rc1-0ubuntu2) maverick; urgency=low * abstractions/ubuntu-email: adjustment for ever-changing thunderbird path (LP: #648900) -- Jamie Strandboge Mon, 27 Sep 2010 09:00:06 -0500 apparmor (2.5.1~rc1-0ubuntu1) maverick; urgency=low [ Jamie Strandboge ] * New upstream RC release (revision 1413). In addition to getting the tools to work with the maverick kernel, this update fixes: - LP: #619521 - LP: #633369 - LP: #626451 - LP: #581525 - LP: #623467 (link and unlink still need to be addressed) * Dropped the following patches, included upstream: - 0002-lp615177.patch - 0004-ubuntu-pux.patch - 0006-kde4-config-pux.patch - 0007-lp605835.patch - 0012-lp625041.patch - 0013-lp623586.patch * Update the following patches: - rename 0010-fix-release.patch as 0001-fix-release.patch since this will likely always need to be here - rename 0005-add-chromium-browser.patch as 0002-add-chromium-browser.patch - rename 0001-local-includes.patch as 0003-local-includes.patch and update to use r1493 (from trunk) of local/README file. This can be dropped in 2.6. - collect the ubuntu abstractions updates pulled from trunk into 0004-ubuntu-abstractions-updates.patch. This can be dropped in 2.6. - rename 0008-lp601583.patch as 0005-lp601583.patch. This can be dropped in 2.5.1 final. * fix up some lintian warnings: - debian/control: + don't use 'Section' in apparmor-notify, since it is the same as the source + updates Standards-Version to 3.9.1 + add ${misc:Depends} to libapparmor-dev and apparmor-notify - add debian/source/format - debian/libapache2-mod-apparmor.postrm: use #DEBHELPER# - debian/libapache2-mod-apparmor.preinst: use #DEBHELPER# - add debian/watch * debian/notify/notify.conf: set show_notifications="yes" by default * debian/patches/0006-network-interface-enumeration.patch: allow network interface enumeration. This can be dropped in 2.5.1 final. * debian/patches/0007-gnome-updates.patch: update for font/icon/mime locations in current gnome. This can be dropped in 2.5.1 final. [ Kees Cook ] * debian/apparmor.init: rename "stop" to "teardown", drop caches on "stop" and warn about the dangers of "teardown". -- Jamie Strandboge Fri, 10 Sep 2010 11:07:19 -0500 apparmor (2.5.1~pre1393-0ubuntu6) maverick; urgency=low * debian/profiles/chromium-browser: updated to have the proper path to local/ * debian/patches/0011-lp514356+573344+593413.patch: browser abstraction updates for /net, kmozillahelper and gnome-appearance-properties (LP: #593413, LP: #514356, LP: #573344) * debian/patches/0012-lp625041.patch: add sensible-browser (LP: #625041) * debian/patches/0013-lp623586.patch: allow access to ghostscript fonts when not using defoma (LP: #623586) -- Jamie Strandboge Fri, 03 Sep 2010 07:39:31 -0500 apparmor (2.5.1~pre1393-0ubuntu5) maverick; urgency=low * debian/patches/0007-lp605835.patch: allow ca-certificates in ssl_certs abstraction (LP: #605835) * debian/patches/0008-lp601583.patch: adjust X abstraction for newer gdm (LP: #601583) * debian/patches/0009-lp565753.patch: add ubuntu-feed-readers abstraction and have ubuntu-browsers.d/multimedia use it (LP: #565753) * debian/apparmor.config: don't try to read in the existing value from /etc/apparmor.d/tunables/home.d/ubuntu, but instead always use what is in debconf. (LP: #561694) * add aa-update-browser for giving a programmatic way to update browser profiles to use browser abstractions - add debian/aa-update-browser - add debian/aa-update-browser.8 - debian/rules: install aa-update-browser* * debian/patches/0003-ubuntu-browsers-d.patch: updated to generalize java child profile names * debian/patches/0010-fix-release.patch: update common/Make.rules to use lsb_release -- Jamie Strandboge Wed, 11 Aug 2010 09:24:23 -0500 apparmor (2.5.1~pre1393-0ubuntu4) maverick; urgency=low * debian/patches/0001-local-includes.patch: updated to adjust local/README to have upstream clarifications * debian/patches/0003-ubuntu-browsers-d.patch: add ubuntu-browsers.d/* abstractions * debian/patches/0004-ubuntu-pux.patch: use 'PUx' instead of 'Ux' in abstractions/ubuntu-* * add chromium-browser profile. All this can be removed once chromium-browser ships its own profile: - debian/patches/0005-add-chromium-browser.patch: add preliminary profiles/apparmor.d/usr.bin.chromium-browser - debian/profiles/chromium-browser: added for use with ubuntu-browsers.d - debian/rules: ship debian/profiles/chromium-browser in apparmor-profiles * don't make /etc/apparmor.d/local/* from apparmor-profiles conffiles - debian/control: Build-Depends on debhelper 7.4.20ubuntu5 - debian/rules: use dh_apparmor instead of shipping the files as conffiles - debian/apparmor-profiles.postinst: move DEBHELPER before initscript reload - debian/apparmor-profiles.postrm: added to remove chromium-browser config file * debian/patches/0006-kde4-config-pux.patch: remove kde4-config from kde abstraction and add it to kde ubuntu-browsers abstraction -- Jamie Strandboge Tue, 10 Aug 2010 14:31:32 -0500 apparmor (2.5.1~pre1393-0ubuntu3) maverick; urgency=low * debian/patches/0002-lp615177.patch: 'owner' match in commit 1406 too strict for /tmp/ and /var/tmp/ (LP: #615177) -- Jamie Strandboge Mon, 09 Aug 2010 10:17:05 -0500 apparmor (2.5.1~pre1393-0ubuntu2) maverick; urgency=low * debian/rules: move local/usr.lib.apache2.mpm-prefork.apache2 to libapache2-mod-apparmor -- Jamie Strandboge Fri, 06 Aug 2010 13:38:59 -0500 apparmor (2.5.1~pre1393-0ubuntu1) maverick; urgency=low * Update to upstream bzr revision 1393 from lp:apparmor/2.5. * add dbus-session abstraction (LP: #566207) * require owner in user-tmp abstraction (LP: #578922) * don't use uninitialized $opt_s (LP: #582075) * allow thunderbird 3 in abstractions/ubuntu-email (LP: #590462) * allow gmplayer in abstractions/ubuntu-media-players (LP: #591421) * debian/control: updated branches. * debian/patches/0001-local-includes.patch: backported patch from trunk to allow local administrators to customize their profiles without modifying a shipped profile * debian/rules: - don't pass RELEASE to libapparmor's 'make install' as it breaks the build and isn't used by the Makfile anyway - install apparmor.d/local/README in apparmor, not apparmor-profiles - don't install apparmor.d/local/usr.sbin.ntpd * Drop the following patches already included upstream: - 0001-lp538561.patch - 0002-aalogprof-warnings.patch - 0003-fix-memleaks.patch - 0004-lp549557.patch - 0005-lp538661.patch - 0006-lp611248.patch -- Jamie Strandboge Thu, 05 Aug 2010 16:10:46 -0500 apparmor (2.5-0ubuntu4) maverick; urgency=low * debian/patches/0006-lp611248.patch: allow access to gdk-pixbuf loaders LP: #611248 -- Jamie Strandboge Tue, 03 Aug 2010 09:32:10 -0500 apparmor (2.5-0ubuntu3) lucid; urgency=low [ Jamie Strandboge ] * debian/patches/lp-549557.patch: have apparmor_notify deal with log file rotation. (LP: #549557) * debian/notify/notify.conf: set show_notifications="yes" * debian/patches/0005-lp538661.patch: adjust php5 abstraction for cgi config file path and extensions (LP: #538661) [ Kees Cook ] * debian/apparmor.functions: do not load in parallel, this is causing weird side-effects. -- Jamie Strandboge Tue, 30 Mar 2010 11:31:49 -0500 apparmor (2.5-0ubuntu2) lucid; urgency=low [ Jamie Strandboge ] * debian/patches/0001-lp538561.patch: add 'k' to /var/lib/samba/**.tdb in the samba abstraction (LP: #538561) [ Marc Deslauriers ] * debian/patches/0002-aalogprof-warnings.patch: get rid of warnings when aa-logprof is run. * debian/{rules,control}: move apache2 abstractions into the base package so we can put apache2 profiles into the -profiles package without aa-logprof bailing out. (LP: #539441) * debian/patches/0003-fix-memleaks.patch: include a couple of leak patches from upstream. -- Marc Deslauriers Fri, 26 Mar 2010 11:39:18 -0400 apparmor (2.5-0ubuntu1) lucid; urgency=low * New upstream release. * debian/control: updated branches. * debian/copyright: updated download locations. * debian/rules: drop unneeded build variables. * common/Make.rules: set distributor. -- Kees Cook Thu, 11 Mar 2010 00:08:08 -0800 apparmor (2.5~pre+bzr1367-0ubuntu1) lucid; urgency=low * Update to upstream bzr revision 1367 * debian/notify/90apparmor-notify: sleep for 60 seconds for boot speed and to make sure that X is all the way up so the notifications look pretty -- Jamie Strandboge Mon, 08 Mar 2010 13:53:50 -0600 apparmor (2.5~pre+bzr1364-0ubuntu1) lucid; urgency=low * Update to upstream bzr revision 1364. * debian/apparmor.functions: ignore .dpkg-bak files when loading too. -- Kees Cook Wed, 17 Feb 2010 13:36:21 -0800 apparmor (2.5~pre+bzr1362-0ubuntu2) lucid; urgency=low * debian/apparmor.postinst: on upgrades, prepopulate apparmor/homedirs if it is not preseeded. Will check /etc/passwd for UIDs >= 1000 and < 30000 for unique dirnames of home directories that are not /home. Fully resolves (LP: #447292) -- Jamie Strandboge Wed, 17 Feb 2010 09:42:55 -0600 apparmor (2.5~pre+bzr1362-0ubuntu1) lucid; urgency=low [ Kees Cook ] * Update to upstream bzr revision 1362. - This release includes DFA minimization, transition table compression, and improved partitioning performance (LP: #503869). - drop 0001-tunable-alias.patch, now upstream. * debian/apparmor.postinst: update home.d template to note the trailing slash, even if the debconf template mentions it too. * debian/apparmor.functions: go fully parallel with parsing to use all CPUs in the case of needing to regenerate caches. * debian/rules: enable library testsuite during build. * debian/control: add dejagnu for library testsuite. * debian/{rules,control}: use chrpath to drop rpath in libapparmor-perl. [ Jamie Strandboge ] * debian/control: add apparmor-notify * add debian/notify/notify.conf * add debian/notify/90apparmor-notify * add debian/apparmor-notify.install: install notify.conf to /etc/apparmor and 90apparmor-notify to /etc/X11/Xsession.d * debian/rules: - remove upstream notify.conf since we will install our own via debhelper - move apparmor_notify script and man pages to apparmor-notify -- Kees Cook Sat, 13 Feb 2010 12:19:30 -0800 apparmor (2.3.1+bzr1312-0ubuntu4) lucid; urgency=low * 0001-tunable-alias.patch: backport r1330 to make it easier for people to use AppArmor's alias rules (LP: #160002) -- Jamie Strandboge Mon, 11 Jan 2010 14:31:06 -0600 apparmor (2.3.1+bzr1312-0ubuntu3) lucid; urgency=low * debian/apparmor.{init,functions}: - add "recache" argument to init script for liveCD cache generation. - skip start/stop/reload when running on liveCD. -- Kees Cook Fri, 08 Jan 2010 08:39:14 -0800 apparmor (2.3.1+bzr1312-0ubuntu2) lucid; urgency=low * debian/rules: disable profiling support for released version. -- Kees Cook Wed, 06 Jan 2010 16:57:58 -0800 apparmor (2.3.1+bzr1312-0ubuntu1) lucid; urgency=low [ Kees Cook ] * Update to upstream bzr revision 1312. * debian/apparmor.postrm: fix comment typo. * debain/rules: switch to bzr for upstream versioning. * debian/rules: install apache2-* abstractions into apache2-mod package. * drop debian/patches/0001-likewise-home-tunables.patch: this is causing too much time in the parser (see LP 503869). The default install is suffering, so move this configuration to likewise-open (see LP 274350). [ Jamie Strandboge ] * debian/rules: - don't ship tunables/home.d/site.local - correct path for moving apache2 abstraction * add debconf question for adjusting HOMEDIRS (LP: #447292) - add debian/apparmor.config - debian/apparmor.postinst: query debconf and adjust tunables/home.d/ubuntu - debian/apparmor.postrm: on purge, remove tunables/home.d/ubuntu and run db_purge - debian/control: Build-Depends on po-debconf and have apparmor Depends on debconf - add debian/po/* - debian/rules: use dh_installdebconf -papparmor - added debian/templates -- Kees Cook Wed, 06 Jan 2010 15:51:33 -0800 apparmor (2.3.1+1403-0ubuntu31) lucid; urgency=low * Remove initramfs hooks, as early profile loading is handled on a service-by-service basis with Upstart jobs now. -- Kees Cook Fri, 04 Dec 2009 13:22:04 -0800 apparmor (2.3.1+1403-0ubuntu30) lucid; urgency=low [ Jamie Strandboge ] * convert to using quilt - debian/control: Build-Depends on quilt - add debian/README.source - debian/rules: include /usr/share/quilt/quilt.make and adjust targets for patching * debian/patches/0001-likewise-home-tunables.patch: tunables/home: add /home/likewise-open/*/ to HOMEDIRS (LP: #274350) * Merge to upstream bzr rev 1308. - really add chromium-browser (LP: #488559) - add official google-chrome (LP: #481661) [ Kees Cook ] * parser/parser_main.c: use nanosec ctime resolution when checking cache file times. * parser/tst/caching.sh: add tests for cache use based on timestamps. -- Jamie Strandboge Fri, 04 Dec 2009 11:11:01 -0600 apparmor (2.3.1+1403-0ubuntu29) lucid; urgency=low * parser/Makefile: generate af_names.h based on bits/socket.h since linux/socket.h no longer has what we need (LP: #474751) * usr.sbin.dnsmasq: fully address LP: #445818 - more pidfile refinements - allow access to /var/run/dnsmasq - allow access to /etc/dnsmasq.d - allow dac_override so it can write its pidfile * abstractions/ubuntu-browsers: add chromium-browser -- Jamie Strandboge Wed, 04 Nov 2009 17:07:23 -0600 apparmor (2.3.1+1403-0ubuntu28) lucid; urgency=low [ Jamie Strandboge ] * update skype profile in extras. Based on work by Андрей Калинин. (LP: #226624) * abstractions/ubuntu-browsers: add opera and icecat (LP: #432778) * abstractions/ubuntu-browsers: add epiphany (epiphany-browser and epiphany-webkit were already present, but the recent changes in epiphany packaging require /usr/bin/epiphany) (LP: #472952) * usr.sbin.dnsmasq: allow pidfiles for /var/run/dnsmasq*.pid (LP: #445818) * abstractions/gnome: allow access to ~/.themes (LP: #460125) * abstractions/kde: allow access to /etc/kde4rc and /usr/bin/kde4-config (LP: #447006) [ Marc Deslauriers ] * utils/Subdomain.pm: don't skip reading profiles that are also in the cache directory (LP: #446449) * utils/Subdomain.pm: correctly parse PUxr modes * utils/Subdomain.pm: support include directories -- Jamie Strandboge Wed, 04 Nov 2009 11:02:27 -0600 apparmor (2.3.1+1403-0ubuntu27) karmic; urgency=low * utils/SubDomain.pm: handle new format "null" log entries (LP: #446524) -- Marc Deslauriers Fri, 16 Oct 2009 14:40:04 -0400 apparmor (2.3.1+1403-0ubuntu26) karmic; urgency=low * abstractions/ubuntu-browsers: add Dooble * abstractions/ubuntu-browsers: add chromium (LP: #448812) * abstractions/gnome: add read for /etc/orbitrc * abstractions/audio: add read for /etc/pulse/* for when ~/.pulse/* doesn't exist and these files are used for fallback -- Jamie Strandboge Wed, 14 Oct 2009 07:59:03 -0500 apparmor (2.3.1+1403-0ubuntu25) karmic; urgency=low * Do not use tools in /usr during initial start-up (LP: #439726). -- Kees Cook Fri, 02 Oct 2009 16:52:04 -0700 apparmor (2.3.1+1403-0ubuntu24) karmic; urgency=low * abstractions/X: allow mouse themes (LP: #438051) -- Jamie Strandboge Thu, 01 Oct 2009 16:07:25 -0500 apparmor (2.3.1+1403-0ubuntu23) karmic; urgency=low [ Kees Cook ] * Really fix quiet mode in initramfs (LP: #435285). * Handle older kernel versions when loading profiles (LP: #429872): - parser/parser_{interface,main}.c: detect kernel version and downgrade. - debian/apparmor.functions, parser/parser_main.c: keep kernel features recorded in cache directory. - parser/parser_{interface,main}.c: add --skip-kernel-load for testing. - parser/tst/caching.*: add caching tests. [ Jamie Strandboge ] * abstractions/audio: add a few more files for pulseaudio -- Kees Cook Fri, 25 Sep 2009 09:54:01 -0700 apparmor (2.3.1+1403-0ubuntu22) karmic; urgency=low * Do not run AppArmor on the LiveCD, again (LP: #131976). * More aggressively stay quiet when booting in quiet mode (LP: #435285). -- Kees Cook Wed, 23 Sep 2009 15:40:22 -0700 apparmor (2.3.1+1403-0ubuntu21) karmic; urgency=low * debian/apparmor.{init-bottom,functions,initramfs}: perform initial apparmor rule loading in initramfs. -- Kees Cook Mon, 21 Sep 2009 14:16:26 -0700 apparmor (2.3.1+1403-0ubuntu20) karmic; urgency=low * added disabled apache2 profile (FFE LP: #430812): - add profiles/apparmor.d/usr.lib.apache2.mpm-prefork.apache2: new apache2 profile - add profiles/apparmor.d/apache2.d/phpsysinfo: example profile for the phpsysinfo application - profiles/Makefile: handle the apache2.d directory - add debian/libapache2-mod-apparmor.postinst: reload apparmor after installation since we now ship a profile in this package - add debian/libapache2-mod-apparmor.preinst: disable apache2 profile if the user does not already have a profile defined - add debian/libapache2-mod-apparmor.postrm: remove disabled symlink on purge - debian/rules: move apache2 profile to the libapache2-mod-apparmor package and create apache2.d directory * utils/SubDomain.pm: handle "open" log entries (LP: #427966) * added ouid parsing support (LP: #431929): - libraries/libapparmor/testsuite/test_multi.c - libraries/libapparmor/src/{scanner.l,grammar.y,aalogparse.h, libaalogparse.c} -- Marc Deslauriers Sat, 19 Sep 2009 09:32:02 -0400 apparmor (2.3.1+1403-0ubuntu19) karmic; urgency=low [ Jamie Strandboge ] * abstractions/fonts: allow links in @{HOME}/.fontconfig/** [ Kees Cook ] * debian/apparmor.init: expect that the securityfs is mounted, and only test for the mounted filesystem against the type column when it is not found. -- Kees Cook Wed, 09 Sep 2009 11:42:07 -0700 apparmor (2.3.1+1403-0ubuntu18) karmic; urgency=low * added the following abstractions: - ubuntu-browsers: Ux transitions to graphical browsers - ubuntu-console-browsers: Ux transitions to text-mode browsers - ubuntu-console-email: Ux transitions to text-mode email clients - ubuntu-email: Ux transitions to graphical email clients - ubuntu-gnome-terminal: ix transition for gnome-terminal - ubuntu-konsole: ix transition for konsole - ubuntu-xterm: ix transition for xterm -- Jamie Strandboge Thu, 03 Sep 2009 11:57:39 -0500 apparmor (2.3.1+1403-0ubuntu17) karmic; urgency=low * abstractions/base: workaround for ecryptfs and apparmor by allowing 'owner' match for files in .Private. (LP: #359338) -- Jamie Strandboge Mon, 31 Aug 2009 15:38:54 -0500 apparmor (2.3.1+1403-0ubuntu16) karmic; urgency=low * profiles/apparmor.d/*dovecot*: add first-pass at complain-only profiles for basic dovecot operation. -- Kees Cook Wed, 26 Aug 2009 15:19:46 -0700 apparmor (2.3.1+1403-0ubuntu15) karmic; urgency=low * utils/SubDomain.pm: don't abort when an include file only contains hats (LP: #400367) -- Marc Deslauriers Wed, 26 Aug 2009 11:35:58 -0400 apparmor (2.3.1+1403-0ubuntu14) karmic; urgency=low * Pull upstream changes for 64bit capabilities (svn 1427, 1437, 1438). * Pull upstream changes for pux exec mode (svn 1439). * debian/apparmor.init: "find" -name is not brace-aware (LP: #418364). -- Kees Cook Mon, 24 Aug 2009 18:01:05 -0700 apparmor (2.3.1+1403-0ubuntu13) karmic; urgency=low [ Kees Cook ] * parser/parser_main.c: add --skip-read-cache to force reading of uncached profiles while still allowing for --write-cache to work. * parser/apparmor_parser.pod: add all missing option documentation. [ Jamie Strandboge ] * abstractions/kde: update for kde4 -- Jamie Strandboge Wed, 19 Aug 2009 12:07:06 -0500 apparmor (2.3.1+1403-0ubuntu12) karmic; urgency=low * abstractions/base: add more locale paths (LP: #413454) -- Jamie Strandboge Fri, 14 Aug 2009 07:31:03 -0500 apparmor (2.3.1+1403-0ubuntu11) karmic; urgency=low * utils/enforce: remove /etc/apparmor.d/disable/ symlink LP: #413153 * debian/rules: don't install usr.sbin.ntpd or tunables/ntpd. Can remove this when we create a new orig.tar.gz -- Jamie Strandboge Wed, 12 Aug 2009 10:04:34 -0500 apparmor (2.3.1+1403-0ubuntu10) karmic; urgency=low * remove apparmor.d/usr.sbin.ntpd and apparmor.d/tunables/ntpd since ntpd will begin shipping its own profile -- Jamie Strandboge Wed, 12 Aug 2009 10:02:53 -0500 apparmor (2.3.1+1403-0ubuntu9) karmic; urgency=low * Revert 64-bit capabilities (LP: #408773). -- Kees Cook Tue, 04 Aug 2009 11:51:27 +0100 apparmor (2.3.1+1403-0ubuntu8) karmic; urgency=low * Update to upstream subversion r1431. - change_profile can use regex (LP: #390810, #401931) * debian/apparmor.init: always clear cache on reload. -- Kees Cook Mon, 03 Aug 2009 07:46:33 -0700 apparmor (2.3.1+1403-0ubuntu7) karmic; urgency=low * profiles/apparmor.d/abstractions/base: add /proc/sys/crypto (LP: #392337). -- Kees Cook Sat, 25 Jul 2009 09:04:46 -0700 apparmor (2.3.1+1403-0ubuntu6) karmic; urgency=low [ Kees Cook ] * parser/parser_policy.c: return errors instead of exiting. * debian/apparmor.init: skip more suffixes. * parser/parser_lex.l: define file suffixes to ignore. * parser/parser_main.c: disable cache for parsing reports. * debian/apparmor.init: also remove unparsed profiles. [ Jamie Strandboge ] * update gnome abstraction for /var/run/gdm/auth*/database * utils/SubDomain.pm: parse profiles in subdirectories, not just include files (LP: #401935) -- Jamie Strandboge Mon, 20 Jul 2009 11:45:24 -0500 apparmor (2.3.1+1403-0ubuntu5) karmic; urgency=low * Always use --replace when loading profiles so that if profiles are loaded outside of the init script (e.g. dhcp3), the init script does not abort (LP: #401109). * parser/parser_main.c: more carefully create cache files. -- Kees Cook Sun, 19 Jul 2009 07:48:11 -0700 apparmor (2.3.1+1403-0ubuntu4) karmic; urgency=low * utils/SubDomain.pm: exclude new cache directory. * parser/parser_main.c: - allow OPTION_REMOVE to work again (LP: #400781). - warn about using stdin. - do not cache disabled profiles. - report cached loading if not quiet. * debian/apparmor.init: - do not depend on aa-status. - only write cache from init script. -- Kees Cook Fri, 17 Jul 2009 10:10:05 -0700 apparmor (2.3.1+1403-0ubuntu3) karmic; urgency=low * debian/apparmor.init: more cleanly handle disabled AppArmor. -- Kees Cook Fri, 17 Jul 2009 00:12:19 -0700 apparmor (2.3.1+1403-0ubuntu2) karmic; urgency=low * improve profile loading speed (LP: #382944): - parser/parser_lex.l: move include handling into flex parser. - parser/parser_main.c: - move disable/complain logic into loader. - add binary caching. - debian/apparmor.init: reduce to bare minimum. -- Kees Cook Wed, 15 Jul 2009 17:05:49 -0700 apparmor (2.3.1+1403-0ubuntu1) karmic; urgency=low [ Kees Cook ] * New upstream bundle (svn1403). * debian/apparmor.init: add specific Start/Stop dependencies (LP: #372441). * debian/control: correctly use lsb-base not sysv for Depends. [ Jamie Strandboge ] * add abstractions/launchpad-integration * abstractions/audio: add pulseaudio * add abstractions/private-files* for explicitly denying access to sensitive files. -- Kees Cook Fri, 10 Jul 2009 08:37:54 -0700 apparmor (2.3+1289-0ubuntu15) karmic; urgency=low * Depend on upstart 0.6.0 which contains upstart-compat-sysv now -- Scott James Remnant Fri, 10 Jul 2009 10:28:45 +0100 apparmor (2.3+1289-0ubuntu14) jaunty; urgency=low * abstractions/smbpass: Add *.ldb used in Samba 3.2 and above (LP: #357581) -- Thierry Carrez Wed, 08 Apr 2009 13:42:21 +0200 apparmor (2.3+1289-0ubuntu13) jaunty; urgency=low [ Kees Cook ] * abstractions/gnome: allow /proc/$pid/mounts for gvfs. * abstractions/python: clean up allowed paths (LP: #350820), thanks to Jonathan Davies. [ Jamie Strandboge ] * abstractions/user-tmp: allow 'k' for files in tmp dirs (LP: #351275) -- Jamie Strandboge Tue, 31 Mar 2009 09:57:57 -0500 apparmor (2.3+1289-0ubuntu12) jaunty; urgency=low * expand allowed library paths to handle unexpected architectures (LP: #349819). -- Kees Cook Fri, 27 Mar 2009 13:48:11 -0700 apparmor (2.3+1289-0ubuntu11) jaunty; urgency=low * fix path to winbindd_privileged/pipe in winbind abstraction (LP: #348541) -- Jamie Strandboge Fri, 27 Mar 2009 08:29:13 -0500 apparmor (2.3+1289-0ubuntu10) jaunty; urgency=low * utils/SubDomain.pm: - teach utils about rearranged syslog audit messages (LP: #340183) from upstream commit https://forgesvn1.novell.com/viewsvn/apparmor?view=rev&revision=1393 - fix corruption of profiles, from upstream commit https://forgesvn1.novell.com/viewsvn/apparmor?view=rev&revision=1354 - don't ask about networking events over and over again, from upstream commit https://forgesvn1.novell.com/viewsvn/apparmor?view=rev&revision=1296 - use apparmor logdir instead of /tmp to write debugging log -- Steve Beattie Thu, 19 Mar 2009 03:05:07 -0700 apparmor (2.3+1289-0ubuntu9) jaunty; urgency=low [ Kees Cook ] * abstractions/base: allow /proc/$pid/maps (LP: #343287). * abstractions/*: clean up lib, lib32, lib64 semantics (LP: #342200). * abstractions/nameservice: fix up paths for nscd (LP: #342198). * parser/rc.apparmor.functions, debian/apparmor.init: LSB-ify startup messages (LP: #295200). [ Steve Beattie ] * libapparmor/src/scanner.l: adjust lexer to fix matching updated audit messages (LP: #340183) from upstream commit https://forgesvn1.novell.com/viewsvn/apparmor?view=rev&revision=1389 * debian/source_apparmor.py: add a per-package apport hook (LP: #342554). -- Kees Cook Wed, 18 Mar 2009 21:18:01 -0700 apparmor (2.3+1289-0ubuntu8) jaunty; urgency=low * abstractions/ssl_keys: allow read access to all of /etc/ssl (LP: #317109) * utils/SubDomain.pm: re-add dropped patch to not process disable/ as include files, and also don't process force-complain/ (LP: #331534) -- Jamie Strandboge Thu, 12 Mar 2009 12:53:08 -0500 apparmor (2.3+1289-0ubuntu7) jaunty; urgency=low * abstractions/dbus: add machine-id * abstractions/audio: add libcanberra paths * abstractions/freedesktop.org: add user-dirs.dirs -- Jamie Strandboge Thu, 12 Feb 2009 11:28:15 -0600 apparmor (2.3+1289-0ubuntu6) jaunty; urgency=low [ Kees Cook ] * abstractions/X: add DRI paths. * parser/Makefile: blacklist AF_PHONET. [ Jamie Strandboge ] * update usr.sbin.smbd profile to write to /var/lib/samba/** and read/write to /var/run/dbus/system_bus_socket (LP: #294802) * abstractions/freedesktop.org: use /usr/share/mime/**, @{HOME}/.icons/, and @{HOME}/.recently-used.xbel* * abstractions/gnome: add gvfs remote-volume-monitors paths and printing files -- Kees Cook Mon, 22 Dec 2008 17:20:10 -0800 apparmor (2.3+1289-0ubuntu5) jaunty; urgency=low * abstractions/nameservice: allow read access to /etc/resolvconf/run/resolv.conf (LP: #286080) * adjust src/grammar.y and src/scanner.l to account for the moved type=NNNN field in 2.6.27 kernels and capture non-matching logfile input instead of printing it to stdout (LP: #271252). Patch thanks to Jesse Michael and Steve Beattie. - https://forgesvn1.novell.com/viewsvn/apparmor?view=rev&revision=1310 * add syslog test cases to testsuite. Patch thanks to Steve Beattie. - https://forgesvn1.novell.com/viewsvn/apparmor?view=rev&revision=1307 - https://forgesvn1.novell.com/viewsvn/apparmor?view=rev&revision=1308 - https://forgesvn1.novell.com/viewsvn/apparmor?view=rev&revision=1309 -- Jamie Strandboge Tue, 21 Oct 2008 09:09:58 -0500 apparmor (2.3+1289-0ubuntu4) intrepid; urgency=low * parser/rc.apparmor.functions: fix typo seen when admin changes the default location of the apparmor.d directory (LP: #280467). * abstractions/{samba,base}: clean up unneeded "m" permissions. * abstractions/perl: add missing default perl paths. -- Kees Cook Wed, 08 Oct 2008 16:42:10 -0700 apparmor (2.3+1289-0ubuntu3) intrepid; urgency=low * add locking permission to /var/log/wtmp abstraction, thanks to Martin Pitt (LP: #253328). * utils/logprof.conf: repository updated for Intrepid (LP: #258818). * profiles/apparmor.d/usr.sbin.nscd: added cache directory (LP: #144383). * parser/rc.apparmor.functions: redirect stderr (LP: #244013). * parser/Makefile: blacklist "AF_ISDN". -- Kees Cook Wed, 30 Jul 2008 09:29:03 -0700 apparmor (2.3+1289-0ubuntu2) intrepid; urgency=low [ Mathias Gug ] * debian/control: - move apparmor-profiles to a suggested package by apparmor. [ Kees Cook ] * debian/control - move libterm-readline-gnu-perl to "suggests". - drop apparmor-modules-source since it no longer exists. -- Kees Cook Wed, 02 Jul 2008 12:35:12 -0700 apparmor (2.3+1289-0ubuntu1) intrepid; urgency=low * Updated to upstream subversion v1289. - new parser requires new AppArmor kernel LSM. * debian/control: - add libapparmor-perl, and associated Depends - bump standards version to 3.7.3.0 (no changes needed) * debian/rules: - adjust "clean" rule to be more effective. -- Kees Cook Sat, 28 Jun 2008 15:38:12 -0700 apparmor (2.1+1075-0ubuntu10) intrepid; urgency=low [ Jamie Strandboge ] * added abstractions/smbpass and #include it in abstractions/authentication to allow access to /var/lib/samba/*.tdb. LP: #217787 [ Mathias Gug ] * update likewise-open authentication abstraction: allow access to privileged pipe (LP: #235646). * Update smbd profile to include access to /var/spool/samba/ (printer sharing) and utmp update (LP: #237066). * Update esound location in audio profile (LP: #229127). Thanks to Adam Mondl. * Add dnsmasq profile (LP: #148590). Thanks to John Dong. -- Mathias Gug Mon, 09 Jun 2008 18:24:09 -0400 apparmor (2.1+1075-0ubuntu9) hardy; urgency=low * parser/rc.apparmor.functions: do not abort if parser is missing, in the case of an unpurged "apparmor" init script running under SELinux. -- Kees Cook Mon, 07 Apr 2008 13:25:06 -0700 apparmor (2.1+1075-0ubuntu8) hardy; urgency=low * Sync bugfixes from upstream 8.04 branch, svn 1161. - documentation updated to reflect AppArmor 2.1 features. - minor profile updates (nscd, ntpd, opera) - util/SubDomain.pm: corrected mask merging and type detection. -- Kees Cook Wed, 02 Apr 2008 15:48:58 -0700 apparmor (2.1+1075-0ubuntu7) hardy; urgency=low * profiles/apparmor.d/abstractions/nameservice: (LP: #207912) - fix ldap path - add nsswitch "db" backend paths -- Kees Cook Thu, 27 Mar 2008 14:19:06 -0700 apparmor (2.1+1075-0ubuntu6) hardy; urgency=low [ Kees Cook ] * utils/SubDomain.pm: - fix up mask parsing to match kernel version (LP: #202920). - fix up syslog parsing regexp to match broken kernels (LP: #202888). * profiles/apparmor.d/abstractions/base: add licenses path for reading. * profiles/apparmor.d/abstractions/freedesktop.org: include /usr/local. * profiles/apparmor.d/usr.sbin.smbd: include print client abstraction. * profiles/apparmor.d/abstractions/nameservice: include missing gai.conf (LP: #202991). [ Jamie Strandboge ] * add Debian Policy compliant way to toggle complain mode (LP: #203137) - parser/rc.apparmor.functions: add '-C' to PARSER_ARGS if force-complain/ exists - utils/enforce: remove symlink in force-complain/ - debian/rules: create /etc/apparmor.d/force-complain -- Kees Cook Mon, 17 Mar 2008 10:28:23 -0700 apparmor (2.1+1075-0ubuntu5) hardy; urgency=low * profiles/apparmor.d/abstractions/python: update shared python locations. * debian/control: adjust Depends to allow sysvinit (LP: #199871). -- Kees Cook Tue, 11 Mar 2008 15:25:11 -0700 apparmor (2.1+1075-0ubuntu4) hardy; urgency=low [ Jamie Strandboge ] * removed usr.sbin.named and usr.sbin.mysqld, as these will be provided be bind9 and mysql-server-5.0, respectively. [ Mathias Gug ] * profiles/apparmor.d/abstractions/ssl_keys: add ssl_keys abstraction, to be used by profiles accessing ssl privates keys. [ Rick Clark ] * added abstraction for likewise-open. -- Mathias Gug Wed, 13 Feb 2008 19:16:12 -0500 apparmor (2.1+1075-0ubuntu3) hardy; urgency=low * profiles/apparmor.d/abstractions/fonts: add missing ~/.fonts.conf * profiles/apparmor.d/sbin.klogd: add newly needed @{PROC}/kallsyms -- Kees Cook Wed, 16 Jan 2008 14:16:18 -0800 apparmor (2.1+1075-0ubuntu2) hardy; urgency=low * utils/apparmor_status: fix module loaded test to handle built-in. -- Kees Cook Thu, 03 Jan 2008 17:24:40 -0800 apparmor (2.1+1075-0ubuntu1) hardy; urgency=low [ Mathias Gug ] * profiles/apparmor.d/abstractions/nameservice: update nameservice abstraction to support nscd setup. [ Kees Cook ] * merge with upstream trunk revision 1075. * debian/{control,apparmor.postrm,apparmor.postinst,apparmor.initramfs}: dropped module hook since module is loaded in kernel automatically now. * debian/rules: tweaked get-orig-source to use defined variables. * debian/copyright: mention "get-orig-source" build rule. * debian/{rules,control,libpam-apparmor.docs}: add libpam-apparmor now that PAM is 0.99. -- Kees Cook Thu, 03 Jan 2008 13:29:31 -0800 apparmor (2.1+993-0ubuntu3) gutsy; urgency=low [ Mathias Gug ] * Add mdns4 resolution to nameservice abstraction. (LP: #148579). * Update syslog-ng profile. (LP: #148708). * Add xen tls libraries to base abstraction. (LP: #150282). * Update cups-client abstraction: add /var/run/cups/cups.sock. (LP: #151269) [ Kees Cook ] * Adjust KDE abstractions for Ubuntu paths (LP: #148309). -- Kees Cook Fri, 12 Oct 2007 12:54:36 -0700 apparmor (2.1+993-0ubuntu2) gutsy; urgency=low [ Mathias Gug ] * debian/control: Set maintainer to Ubuntu Core Developers. * utils/SubDomain.pm, utils/logprog.conf: refactor readprofiledir() to not fail on non-existing profile directory. Fixes LP: #141128. * debian/rules: don't compress profiles in doc/extras/. * utils/SubDomain.pm: Fix regex so that aa-logprof can find audit messages in syslog files. Fixes LP: #140508. * Update usr.sbin.nscd profile. Fixes LP: #144383. [ Kees Cook ] * abstractions/gnupg: drop bad attempt at general-purpose client rule. * abstractions/fonts: adjust for new syntax, add more local fonts paths. * abstractions/nameservice: add mmap permission to some /etc files. -- Kees Cook Tue, 25 Sep 2007 10:23:29 -0700 apparmor (2.1+993-0ubuntu1) gutsy; urgency=low * new merge from upstream: * fixes to support new audit messages sent by the kernel module. * bump in minor library version for libapparmor. * debian/control: Add perl libterm-readkey-perl and librpc-xml-perl dependencies for apparmor-utils. Fixes LP: #139757, LP: #139091. * utils/SubDomain.pm: Re-enable RPC client for remote repositories. * profiles/apparmor.d/sbin.syslogd: update profile. Fixes LP: #140672, LP: #140274. -- Mathias Gug Tue, 18 Sep 2007 11:12:50 -0400 apparmor (2.1+961-0ubuntu5) gutsy; urgency=low * utils/SubDomain.pm, parser/rc.apparmor.functions: skip .dpkg-dist profiles. * debian/rules, debian/apparmor.postinst: fix postinst script failure on upgrades. Fix LP: #139683. -- Mathias Gug Fri, 14 Sep 2007 17:20:01 -0400 apparmor (2.1+961-0ubuntu4) gutsy; urgency=low [ Mathias Gug ] * debian/rules: Fix libapparmor-dev build. * apparmor-profiles: remove gnupg.moved. [ Kees Cook ] * abstractions: adjust gnome for new syntax. * abstractions: adjust aspell to add locking. -- Kees Cook Fri, 14 Sep 2007 09:34:15 -0700 apparmor (2.1+961-0ubuntu3) gutsy; urgency=low [ Mathias Gug ] * Update avahi-daemon profile: add m permission to /etc/password and /etc/group. [ Kees Cook ] * Rename libapparmor1-dev back to libapparmor-dev. -- Kees Cook Thu, 13 Sep 2007 15:44:30 -0700 apparmor (2.1+961-0ubuntu2) gutsy; urgency=low [ Mathias Gug ] * Disable html documentation: Fixes LP: #139091. * parser/Makefile, debian/rules: disable html documentation building. * debian/control: remove latex2html dependency. * profiles/apparmor.d/usr.sbin.avahi-daemon: add sys_chroot capability. Fixes LP: #139092. [ Kees Cook ] * profiles/apparmor.d/abstractions/user-tmp: adjust directory permissions for newly unmasked /tmp handling (LP: #138978). * utils/SubDomain.pm: disable remote repositories until RPC::XML MIR clears (LP: 139091). * utils/*.pod: adjust for Ubuntu paths and "aa-" prefixes (LP: #116647). * Fix upgrades to not unload profiles, which would cause programs to become unconfined: - debian/rules: don't stop apparmor on upgrades. - debian/apparmor.postinst: reload profiles after a configure. -- Kees Cook Wed, 12 Sep 2007 13:14:02 -0700 apparmor (2.1+961-0ubuntu1) gutsy; urgency=low * New upstream version. * Support resolvconf. Fix LP: #132468. * Move package maintainance to bzr: * Apply all patches directly into the tree with dpatch apply-all. * debian/patches/: remove all patches as they are applied inline now. * debian/control, debian/control.modules.in: remove dpatch from Build Depends. * debian/rules: * remove dpatch include. * remove patch and unpatch dependencies * debian/control: * Rename libapparmor-dev to libapparmor1-dev. Add Provides: and Conflict: tags. * Remove universe component in Section tag. * Remove apparmor-utils depends on bsdutils. * Update apparmor-modules Recommends to apparmor-modules-2.1. * utils/: * Add audit man page. * Fix mod_appamor library: remove rpath info. * debian/rules: remove rpath info. * debian/control: add chrpath as a build dependency. * Remove apparmor-modules-source package: * debian/conrol: remove apparmor-modules-source package. * debian/apparmor.postinst, debian/apparmor.preinst, debian/apparmor.prerm: remove error_handler function. * debian/rules: remove error_handler option from dh_installinit. * debian/apparmor-modules-_KVERS_.postinst.modules.in, debian/control.modules.in: remove control and postinst files. -- Mathias Gug Tue, 11 Sep 2007 10:44:56 -0400 apparmor (2.0.1+510.dfsg-0ubuntu25) gutsy; urgency=low * debian/rules: move tunables/ and abstractions/ in apparmor package. Fixes LP: #130114. -- Mathias Gug Mon, 06 Aug 2007 14:40:37 -0400 apparmor (2.0.1+510.dfsg-0ubuntu24) gutsy; urgency=low * Cannot Depend on apparmor-modules-* in apparmor due to germinate issues. Moved to Recommends. -- Kees Cook Mon, 23 Jul 2007 11:08:38 -0700 apparmor (2.0.1+510.dfsg-0ubuntu23) gutsy; urgency=low * debian/control: add explicit Depends on l-u-m apparmor kernel modules. -- Kees Cook Wed, 18 Jul 2007 21:07:03 -0700 apparmor (2.0.1+510.dfsg-0ubuntu22) gutsy; urgency=low * 13-subdomain.pm-skip-files.dpatch: update isSkippable function in SubDomain.pm to skip the same files as rc.apparmor.functions (used by the init script) : .dpkg-old, .dpkg-new and symlinks in disable/ sub-directory. -- Mathias Gug Thu, 12 Jul 2007 06:56:45 -0400 apparmor (2.0.1+510.dfsg-0ubuntu21) gutsy; urgency=low * 07-apparmor-init-script.dpatch, debian/rules: skip profiles that have a link in /etc/apparmor.d/disable. Update rules file : create /etc/apparmor.d/disable. -- Mathias Gug Mon, 09 Jul 2007 11:07:29 -0400 apparmor (2.0.1+510.dfsg-0ubuntu20) gutsy; urgency=low * debian/control - fix typo in XS-Vcs. - adjust apparmor-modules-source to no longer be required and document the fact that the modules come from the linux-ubuntu-modules package now. - add initramfs-tools for loading apparmor modules early. * debian/apparmor.{initramfs,postinst,prerm}, debian/rules: install initramfs hook and update-initramfs for adding armor modules for boot. -- Kees Cook Fri, 06 Jul 2007 03:41:06 -0700 apparmor (2.0.1+510.dfsg-0ubuntu19) gutsy; urgency=low * Update 11-getprocattr-api.dpatch: pass back the correct string pointer so as to not corrupt kernel memory (LP: #123081). * debian/control: add XS-Vcs for bzr branch. -- Kees Cook Tue, 03 Jul 2007 09:07:52 -0700 apparmor (2.0.1+510.dfsg-0ubuntu18) gutsy; urgency=low * 02-profile-abstractions-ubuntu.dpatch: add m permission for all libraries under /usr/lib/**, so that ssl libraries optimized for i686 can be accessed. * 09-profile-usr-sbin-mysqld.dpatch: add m permission to /etc/passwd, /etc/group. * 12-profile-samba.dpatch: add profile for smbd and nmbd daemons from samba. * 99-complain-all-profiles.dpatch: turn complain mode for smbd and nmbd profiles. -- Mathias Gug Fri, 29 Jun 2007 15:19:15 +0200 apparmor (2.0.1+510.dfsg-0ubuntu17) gutsy; urgency=low * Update 11-getprocattr-api.dpatch: match upstream more closely, check for errors. -- Kees Cook Tue, 26 Jun 2007 16:00:08 -0700 apparmor (2.0.1+510.dfsg-0ubuntu16) gutsy; urgency=low * Added 11-getprocattr-api.dpatch: update kernel module for getprocattr API change (LP: #122444). -- Kees Cook Tue, 26 Jun 2007 15:21:54 -0700 apparmor (2.0.1+510.dfsg-0ubuntu15) gutsy; urgency=low * debian/apparmor.init: do not unload apparmor module on stop, since it already defaults to capabilities-compatible fall back and we don't want to lose the started process knowledge of the module for the next load of the parser. * Added 10-namespace-header.dpatch: include namespace_sem extern, since mnt_namespace.h is missing it currently. * Updated 07-apparmor-init-script.dpatch: ignore .dpkg-old profiles. -- Kees Cook Tue, 26 Jun 2007 10:04:54 -0700 apparmor (2.0.1+510.dfsg-0ubuntu14) gutsy; urgency=low * Correct missing libapparmor1 file contents. -- Kees Cook Thu, 21 Jun 2007 08:04:42 -0700 apparmor (2.0.1+510.dfsg-0ubuntu13) gutsy; urgency=low * 02-profile-abstractions-ubuntu.dpatch: add /lib/tls/i686/cmov/lib* to base abstraction to support i686 optimized libraries from libc6-i686 package. * 09-profile-usr-sbin-mysqld.dpatch: * add profile usr.sbin.mysqld * update abstractions/mysql * debian/rules: remove extras/usr.sbin.mysqld. * 99-complain-all-profiles.dpatch: * put mysqld profile in complain mode. * put named profile in complain mode. -- Mathias Gug Wed, 20 Jun 2007 12:12:28 -0400 apparmor (2.0.1+510.dfsg-0ubuntu12) gutsy; urgency=low * Add missing dh_makeshlibs call to rules, fix up libapparmor naming. -- Kees Cook Wed, 20 Jun 2007 09:15:48 -0700 apparmor (2.0.1+510.dfsg-0ubuntu11) gutsy; urgency=low * Packaged libapparmor, libapparmor-dev, and libapache2-mod-apparmor. -- Kees Cook Mon, 18 Jun 2007 18:27:46 -0700 apparmor (2.0.1+510.dfsg-0ubuntu10) gutsy; urgency=low * 02-profile-abstractions-ubuntu.dpatch, 06-profile-usr-sbin-named.dpatch: move /dev/random into abstractions/base. * 06-profile-usr-sbin-named.dpatch: Add sys_chroot capability. * debian/rules: don't package aa-eventd and Reports.pm as they use perl modules not maintained in main. Reports.pm is only used by Yast for now. aa-eventd maintains an sqlite database of audit messages which is used by Reports.pm. If configured (not by default), aa-eventd can also send emails when AppArmor audit messages are emited. * debian/control: Add universe component to Section: header. Needed to make it work with PPA. -- Mathias Gug Fri, 15 Jun 2007 12:47:05 -0400 apparmor (2.0.1+510.dfsg-0ubuntu9) gutsy; urgency=low * 06-profile-usr-sbin-named.dpatch : Generate a new profile for /usr/sbin/named to make it work with bind9. * debian/apparmor.init, 07-apparmor-init-script.dpatch: merge ubuntu changes with the latest version from upstream. * 99-complain-all-profiles.dpatch : put all profiles into complain mode by default. Add a small script (put-all-profiles-in-complain-mode.sh) in debian/ that takes care of automatically setting all profiles into complain mode. This script should be used by the maintainer to set all profiles in complain mode before packaging them. -- Mathias Gug Wed, 6 Jun 2007 13:41:57 -0400 apparmor (2.0.1+510.dfsg-0ubuntu8) gutsy; urgency=low * Start apparmor as early as possible in the boot process : just after mountall in rcS.d. Add preinst script to remove symlinks previously installed in rc*.d/. (LP: #116624). * Sync 04-apparmor-status.dpatch with upstream apparmor_status. The previous patch has been merged in upstream. * Update klogd profile : add /var/run/klogd/klogd.pid and /var/run/klogd/kmsg to the profile. -- Mathias Gug Thu, 31 May 2007 14:26:03 -0400 apparmor (2.0.1+510.dfsg-0ubuntu7) gutsy; urgency=low * 03-profile-usr-sbin-ntpd.dpatch: udpdate profile for ntpd daemon. Add /var/lib/ntp/ntp.drift and /var/log/ntpstats/peerstats* to the profile. * 04-apparmor-status.dpatch: improve apparmor_status script. Report more detailed information. -- Mathias Gug Tue, 29 May 2007 13:05:55 -0400 apparmor (2.0.1+510.dfsg-0ubuntu6) gutsy; urgency=low * 02-profile-abstractions-ubuntu.dpatch: Update abstractions for changes specific to Gnome, Debian, and 32bit on 64bit environments. * debian/control: adjust Recommends to apparmor-modules-source (LP: #113553). * debian/apparmor.init: moved rmmod/modprobe into init script, and dropped alias to avoid confusion and move control of the LSM closer to loading the profiles and work around capability already being loaded in the initrd (LP: #113887). -- Kees Cook Thu, 17 May 2007 20:34:41 -0700 apparmor (2.0.1+510.dfsg-0ubuntu5) gutsy; urgency=low * 01-logger-path.dpatch: Fix path to logger (LP: #112147). -- Kees Cook Thu, 03 May 2007 11:59:34 -0700 apparmor (2.0.1+510.dfsg-0ubuntu4) feisty; urgency=low * debian/control: move apparmor-modules to Recommends to Avoid uninstallable situation when AppArmor modules haven't yet been compiled/installed. -- Kees Cook Wed, 11 Apr 2007 11:39:39 -0700 apparmor (2.0.1+510.dfsg-0ubuntu3) feisty; urgency=low * debian/rules, debian/apparmor.{postinst,prerm}: ignore init script failures so that they don't block package installs/upgrades/uninstalls. -- Kees Cook Wed, 11 Apr 2007 08:52:37 -0700 apparmor (2.0.1+510.dfsg-0ubuntu2) feisty; urgency=low * debian/control: add missing Depend on 'dpatch' for modules-source. -- Kees Cook Sat, 7 Apr 2007 09:35:16 -0700 apparmor (2.0.1+510.dfsg-0ubuntu1) feisty; urgency=low * Initial release, thanks to Magnus Runesson and Jesse Michael (LP: #95334). -- Kees Cook Fri, 23 Mar 2007 16:42:01 -0700