[ubuntu/groovy-proposed] apparmor 3.0.0~beta1-0ubuntu6 (Accepted)

Jamie Strandboge jamie at ubuntu.com
Tue Sep 22 19:46:15 UTC 2020


apparmor (3.0.0~beta1-0ubuntu6) groovy; urgency=medium

  * Drop d/p/lp1824812.patch: this patch was only needed with 2.13 and not
    3.0. With AppArmor 3, the patch ends up setting SFS_MOUNTPOINT to the
    wrong directory in is_container_with_internal_policy(), which causes
    policy to always fail to load in containers. Thanks to Christian Ehrhardt
    for the analysis. (LP: #1895967)

apparmor (3.0.0~beta1-0ubuntu5) groovy; urgency=medium

  [ John Johansen ]
  * d/p/fix-parser-to-emit-proc-attr-access-for-all-situations.patch:
    fix-automatic-adding-of-rule-for-change-hat-iface.patch fixed the
    parser to emit rules needed for change_hat in the hat profiles but
    broke the rule being emitted for the parent profile, this fixes it for
    both so that it is emitted for any profile that is a hat or that
    contains a hat.
  * d/p/fix-change-profile-stack-abstraction.patch: fix the change_profile
    abstraction so that it allows access to the apparmor attribute paths
    under LSM stacking.

apparmor (3.0.0~beta1-0ubuntu2) groovy; urgency=medium

  [ John Johansen ]
  * d/p/fix-automatic-adding-of-rule-for-change-hat-iface.patch: fix
    parser not adding a rule to profiles if they are a hat or contain hats
    granting write access to the kernel interfaces.

apparmor (3.0.0~beta1-0ubuntu1) groovy; urgency=medium

  [ John Johansen ]
  * New upstream release (LP: #1895060, LP: #1887577, LP: #1880841)
  * Drop all patches backported from upstream: applied in 3.0
  * d/p/policy-provide-example-and-base-abi-to-pin-pre-3.0-p.patch: provide
    example and base abi to pin pre 3.0 policy
  * d/p/ubuntu/enable-pinning-of-pre-AppArmor-3.x-poli.patch: enable pinning
    of pre AppArmor 3.x policy
  * drop d/p/debian/dont-include-site-local-with-dovecot.patch: no longer
    needed with upstream 'include if exists'

  [ Steve Beattie ]
  * d/p/parser-fix_cap_match.patch: fix cap match to work correctly, important
    now that groovy has a 5.8 kernel.
  * d/apparmor-profiles.install:
    + adjust for renamed postfix profiles
    + add usr.bin.dumpcap and usr.bin.mlmmj-receive to extra-profiles
    + remove usr.sbin.nmbd and usr.sbin.smbd from extra-profiles (already in
      apparmor-profiles)
  * d/apparmor.install: include abi/ directory and tunables/etc.
  * d/apparmor.manpages: add apparmor_xattrs.7 manpage
  * d/control:
    + apparmor-utils: no more shipped perl tools, drop perl dependency
    + apparmor-notify: aa-notify was converted to python3 from perl; adjust
      -notify dependencies to compensate
  * d/p/fix-tests-regression-apparmor-prologue-inc-settest.patch:
    fix sed expression in settest()

  [ Emilia Torino ]
  * Removing Ubuntu specific chromium-browser profile. This is safe to do
    since groovy's chromium-browser deb installs the snap. If apparmor3
    is backported to 18.04 or earlier, the profile will need to be taken
    into consideration
    - d/profiles/chromium-browser: remove chromium-browser profile
    - d/apparmor-profiles.postinst: remove postinst script as it only
      contains chromium-browser related functionallity.
    - d/apparmor-profiles.postrm: remove postrm script as it only
      contains chromium-browser related functionallity.
    - d/apparmor-profiles.install: remove ubuntu-specific
      chromium-browser abstraction and profile
    - d/apparmor-profiles.lintian-overrides: remove chromium-browser
      profile lintian overrides
    - d/p/ubuntu/add-chromium-browser.patch: remove patch which added
      chrome-browser

  [ Alex Murray ]
  * d/p/policy-provide-example-and-base-abi-to-pin-pre-3.0-p.patch: refresh
    this patch with the official upstream version
  * d/p/ubuntu/enable-pinning-of-pre-AppArmor-3.x-poli.patch: refresh this
    patch to match the above
  * d/p/parser-add-abi-warning-flags.patch: enable parser warnings
    to be silenced or to be treated as errors

  [ Jamie Strandboge ]
  * d/p/adjust-for-ibus-1.5.22.patch: update ibus abstract path for ibus
    1.5.22. This can be dropped with AppArmor 3.0 final.
  * d/p/parser-add-abi-warning-flags.patch: refresh to avoid lintian warnings
  * d/p/ubuntu/lp1891338.patch: adjust ubuntu-integration to use
    abstractions/exo-open (LP: #1891338)
  * d/p/ubuntu/lp1889699.patch: adjust to support brave in ubuntu
    abstractions. Patch thanks to Fran├žois Marier (LP: #1889699)
  * d/p/ubuntu/lp1881357.patch: adjust for new ICEauthority path in /run
    (LP: #1881357)

Date: Tue, 22 Sep 2020 15:10:33 +0000
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/apparmor/3.0.0~beta1-0ubuntu6
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 22 Sep 2020 15:10:33 +0000
Source: apparmor
Architecture: source
Version: 3.0.0~beta1-0ubuntu6
Distribution: groovy
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Launchpad-Bugs-Fixed: 1880841 1881357 1887577 1889699 1891338 1895060 1895967
Changes:
 apparmor (3.0.0~beta1-0ubuntu6) groovy; urgency=medium
 .
   * Drop d/p/lp1824812.patch: this patch was only needed with 2.13 and not
     3.0. With AppArmor 3, the patch ends up setting SFS_MOUNTPOINT to the
     wrong directory in is_container_with_internal_policy(), which causes
     policy to always fail to load in containers. Thanks to Christian Ehrhardt
     for the analysis. (LP: #1895967)
 .
 apparmor (3.0.0~beta1-0ubuntu5) groovy; urgency=medium
 .
   [ John Johansen ]
   * d/p/fix-parser-to-emit-proc-attr-access-for-all-situations.patch:
     fix-automatic-adding-of-rule-for-change-hat-iface.patch fixed the
     parser to emit rules needed for change_hat in the hat profiles but
     broke the rule being emitted for the parent profile, this fixes it for
     both so that it is emitted for any profile that is a hat or that
     contains a hat.
   * d/p/fix-change-profile-stack-abstraction.patch: fix the change_profile
     abstraction so that it allows access to the apparmor attribute paths
     under LSM stacking.
 .
 apparmor (3.0.0~beta1-0ubuntu2) groovy; urgency=medium
 .
   [ John Johansen ]
   * d/p/fix-automatic-adding-of-rule-for-change-hat-iface.patch: fix
     parser not adding a rule to profiles if they are a hat or contain hats
     granting write access to the kernel interfaces.
 .
 apparmor (3.0.0~beta1-0ubuntu1) groovy; urgency=medium
 .
   [ John Johansen ]
   * New upstream release (LP: #1895060, LP: #1887577, LP: #1880841)
   * Drop all patches backported from upstream: applied in 3.0
   * d/p/policy-provide-example-and-base-abi-to-pin-pre-3.0-p.patch: provide
     example and base abi to pin pre 3.0 policy
   * d/p/ubuntu/enable-pinning-of-pre-AppArmor-3.x-poli.patch: enable pinning
     of pre AppArmor 3.x policy
   * drop d/p/debian/dont-include-site-local-with-dovecot.patch: no longer
     needed with upstream 'include if exists'
 .
   [ Steve Beattie ]
   * d/p/parser-fix_cap_match.patch: fix cap match to work correctly, important
     now that groovy has a 5.8 kernel.
   * d/apparmor-profiles.install:
     + adjust for renamed postfix profiles
     + add usr.bin.dumpcap and usr.bin.mlmmj-receive to extra-profiles
     + remove usr.sbin.nmbd and usr.sbin.smbd from extra-profiles (already in
       apparmor-profiles)
   * d/apparmor.install: include abi/ directory and tunables/etc.
   * d/apparmor.manpages: add apparmor_xattrs.7 manpage
   * d/control:
     + apparmor-utils: no more shipped perl tools, drop perl dependency
     + apparmor-notify: aa-notify was converted to python3 from perl; adjust
       -notify dependencies to compensate
   * d/p/fix-tests-regression-apparmor-prologue-inc-settest.patch:
     fix sed expression in settest()
 .
   [ Emilia Torino ]
   * Removing Ubuntu specific chromium-browser profile. This is safe to do
     since groovy's chromium-browser deb installs the snap. If apparmor3
     is backported to 18.04 or earlier, the profile will need to be taken
     into consideration
     - d/profiles/chromium-browser: remove chromium-browser profile
     - d/apparmor-profiles.postinst: remove postinst script as it only
       contains chromium-browser related functionallity.
     - d/apparmor-profiles.postrm: remove postrm script as it only
       contains chromium-browser related functionallity.
     - d/apparmor-profiles.install: remove ubuntu-specific
       chromium-browser abstraction and profile
     - d/apparmor-profiles.lintian-overrides: remove chromium-browser
       profile lintian overrides
     - d/p/ubuntu/add-chromium-browser.patch: remove patch which added
       chrome-browser
 .
   [ Alex Murray ]
   * d/p/policy-provide-example-and-base-abi-to-pin-pre-3.0-p.patch: refresh
     this patch with the official upstream version
   * d/p/ubuntu/enable-pinning-of-pre-AppArmor-3.x-poli.patch: refresh this
     patch to match the above
   * d/p/parser-add-abi-warning-flags.patch: enable parser warnings
     to be silenced or to be treated as errors
 .
   [ Jamie Strandboge ]
   * d/p/adjust-for-ibus-1.5.22.patch: update ibus abstract path for ibus
     1.5.22. This can be dropped with AppArmor 3.0 final.
   * d/p/parser-add-abi-warning-flags.patch: refresh to avoid lintian warnings
   * d/p/ubuntu/lp1891338.patch: adjust ubuntu-integration to use
     abstractions/exo-open (LP: #1891338)
   * d/p/ubuntu/lp1889699.patch: adjust to support brave in ubuntu
     abstractions. Patch thanks to Fran├žois Marier (LP: #1889699)
   * d/p/ubuntu/lp1881357.patch: adjust for new ICEauthority path in /run
     (LP: #1881357)
Checksums-Sha1:
 203442d390e880132ebb5574333992f50b0b70f5 3346 apparmor_3.0.0~beta1-0ubuntu6.dsc
 22c21a280fb5ddcd67f8eeab206997a977e5f114 99656 apparmor_3.0.0~beta1-0ubuntu6.debian.tar.xz
 0da18be9ff40d6da126e01a76b5b704364272a94 8533 apparmor_3.0.0~beta1-0ubuntu6_source.buildinfo
Checksums-Sha256:
 6e8b98813f1e5f4ea7aa3ee5192e49ecafc8dc890e84fd11da9ccd9010c99a9b 3346 apparmor_3.0.0~beta1-0ubuntu6.dsc
 01f4624face165b53ea89a3cd9a2e4aa4a0178631c942fe30654e0eaab74ca94 99656 apparmor_3.0.0~beta1-0ubuntu6.debian.tar.xz
 5f25d4bc7a5a5046bbab580910b6c0c2abcc573cb1c7ac6607f99ef9fcb5b57e 8533 apparmor_3.0.0~beta1-0ubuntu6_source.buildinfo
Files:
 bbd91661df7db21e40c9727684d51337 3346 admin optional apparmor_3.0.0~beta1-0ubuntu6.dsc
 41fe764d6b38d697968e9afa0e4ccf68 99656 admin optional apparmor_3.0.0~beta1-0ubuntu6.debian.tar.xz
 4da41f28b81166cd46d995cad229f8c4 8533 admin optional apparmor_3.0.0~beta1-0ubuntu6_source.buildinfo
Original-Maintainer: Debian AppArmor Team <pkg-apparmor-team at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEETCDAa12L3miIVNKKUdvcWMxVlXMFAl9qU88ACgkQUdvcWMxV
lXMnJhAAniw2VIORTG6e+LhhtvXllStfZFf2iAPh9fhIK/WOyz1qZr0uVhHVx0di
U9qSVTMt8X3QwlrSdeu3ejhLoYdHelcyHEmNr9Ah85HZY+iAvZtQ+FPaLoHVsquV
v2csVRQgz2fB8eBFJeNEVmN6QpKVBDgNQMm+OlCPqPAjegOuETB7x2BxdwQQHwjm
phrN+wTTmzS6dj3R56Zco8VDiO67g0Q92AzAPkyIekdodzc1eV7PTJdbHloBQ13c
qfRJQCSZw4kdvBkyWZymDN7XnQC7d/mk4k4h0VaIAl917856m6S6pTXE+pKZMbtY
InqT9plCjo7VzifXsOcKL9sPNftOj9WEHo7s27m9qGzNnrtAbdevpUQminwKy06a
jHUzqJHuYZA9jTvWb+XZj4x3fAQCvVUOiU204e2fYRT/BsBeqZu5Vk9CUH4HEeSz
zEVuA80jL5z27XsmV5fyhytCC5xMDh14xJOq7DMhPS4Llsl94IorjGcnCGhKEFOa
DohUwQ6yeU+J+60VI2rjVbrG+5/z28XF4RGT/8MWim/Gu3PENEjQcyLjELxDTkct
ZJZ5ontrM7RfixbBJG91yAD+4LeoLPwQtVmHEA4rr+i/fxoguvQInMvlwaidj1ta
okce2d+xJFEDAZcVylbWRpo2NKBnDBzmOS+dAv6smosxvrxz6bs=
=vzv6
-----END PGP SIGNATURE-----


More information about the Groovy-changes mailing list