[Bug 660077] Re: update AppArmor to 2.5.1 (for upstream and backported maverick kernels)

Launchpad Bug Tracker 660077 at bugs.launchpad.net
Wed Dec 15 11:50:58 GMT 2010


This bug was fixed in the package apparmor - 2.5.1-0ubuntu0.10.04.1

---------------
apparmor (2.5.1-0ubuntu0.10.04.1) lucid-proposed; urgency=low

  * Backport 2.5.1-0ubuntu0.10.10.1 from maverick for userspace tools to work
    with newer kernels (LP: #660077)
    NOTE: user-tmp now uses 'owner' match, so non-default profiles will have
    to be adjusted when 2 separately confined applications that both use the
    user-tmp abstraction depend on being able to cooperatively share files
    with each other in /tmp or /var/tmp.
  * remove the following patches (features not appropriate for SRU):
    - 0002-add-chromium-browser.patch
    - 0003-local-includes.patch
    - 0004-ubuntu-abstractions-updates.patch
  * debian/rules (this makes it the same as what was shipped in 10.04 LTS
    release):
    - don't ship aa-update-browser and its man page (requires
      0004-ubuntu-abstractions-updates.patch)
    - don't ship apparmor.d/local/ (requires 0003-local-includes.patch)
    - don't use dh_apparmor (not in Ubuntu 10.04 LTS)
    - don't ship chromium profile
  * remove debian/profiles/chromium-browser
  * remove debian/aa-update-browser*
  * debian/apparmor-profiles.postinst: revert to that in lucid release
    (requires dh_apparmor and 0002-add-chromium-browser.patch)
  * remove debian/apparmor-profiles.postrm: doesn't make sense without
    0002-add-chromium-browser.patch
  * debian/control:
    - revert Build-Depends on debhelper (>= 5)
    - revert Standards-Version to 3.8.4
    - revert Vcs-Bzr
    - use Conflicts/Replaces version that was in Ubuntu 10.04 LTS
  * debian/patches/0011-lucid-compat-dbus.patch: move /var/lib/dbus/machine-id
    back into dbus, since profiles on 10.04 LTS expect it there
  * debian/patches/0012-lucid-compat-kde.patch: add kde4-config to kde
    abstraction, since the firefox profile on Ubuntu 10.04 LTS expects it to
    be there

apparmor (2.5.1-0ubuntu0.10.10.2) maverick-proposed; urgency=low

  * New upstream release (LP: #660077)
    - The following patches were refreshed:
      + 0001-fix-release.patch
      + 0003-local-includes.patch
      + 0004-ubuntu-abstractions-updates.patch
      + 0008-lp648900.patch: renamed as 0005-lp648900.patch
    - The following patches were dropped (included upstream):
      + 0005-lp601583.patch
      + 0006-network-interface-enumeration.patch
      + 0007-gnome-updates.patch
  * debian/patches/0006-testsuite-fixes.patch: testsuite fixes from head
    of 2.5 branch. These are needed for QRT and SRU testing (LP: #652211)
  * debian/patches/0007-honor-cflags.patch: have the parser makefile honor
    CFLAGS environment variable. Brings back missing symbols for the retracer
  * debian/patches/0008-lp652674.patch: fix warnings for messages without
    denied or requested masks (LP: #652674)
  * debian/apparmor.init: fix path to aa-status (LP: #654841)
  * debian/apport/source_apparmor.py: apport hook should use
    root_command_hook() for running apparmor_status (LP: #655529)
  * debian/apport/source_apparmor.py: use ProcKernelCmdline and don't clobber
    cmdline details (LP: #657091)
  * debian/{rules,control}: move apache2 abstractions into the base package
    so we can put apache2 profiles into the -profiles package without
    aa-logprof bailing out. Patch by Marc Deslauriers.
    (LP: #539441)
  * debian/patches/0009-sensible-browser-pix.patch: use Pix with
    sensible-browser
  * debian/patches/0010-ubuntu-buildd.patch: skip parser caching test if
    the AppArmor securityfs introspection directory is not mounted, as
    is the case on Ubuntu buildds.

apparmor (2.5.1~rc1-0ubuntu2) maverick; urgency=low

  * abstractions/ubuntu-email: adjustment for ever-changing thunderbird path
    (LP: #648900)

apparmor (2.5.1~rc1-0ubuntu1) maverick; urgency=low

  [ Jamie Strandboge ]
  * New upstream RC release (revision 1413). In addition to getting the tools
    to work with the maverick kernel, this update fixes:
    - LP: #619521
    - LP: #633369
    - LP: #626451
    - LP: #581525
    - LP: #623467 (link and unlink still need to be addressed)
  * Dropped the following patches, included upstream:
    - 0002-lp615177.patch
    - 0004-ubuntu-pux.patch
    - 0006-kde4-config-pux.patch
    - 0007-lp605835.patch
    - 0012-lp625041.patch
    - 0013-lp623586.patch
  * Update the following patches:
    - rename 0010-fix-release.patch as 0001-fix-release.patch since this will
      likely always need to be here
    - rename 0005-add-chromium-browser.patch as
      0002-add-chromium-browser.patch
    - rename 0001-local-includes.patch as 0003-local-includes.patch and update
      to use r1493 (from trunk) of local/README file. This can be dropped in
      2.6.
    - collect the ubuntu abstractions updates pulled from trunk into
      0004-ubuntu-abstractions-updates.patch. This can be dropped in 2.6.
    - rename 0008-lp601583.patch as 0005-lp601583.patch. This can be dropped
      in 2.5.1 final.
  * fix up some lintian warnings:
    - debian/control:
      + don't use 'Section' in apparmor-notify, since it is the same as the
        source
      + updates Standards-Version to 3.9.1
      + add ${misc:Depends} to libapparmor-dev and apparmor-notify
    - add debian/source/format
    - debian/libapache2-mod-apparmor.postrm: use #DEBHELPER#
    - debian/libapache2-mod-apparmor.preinst: use #DEBHELPER#
    - add debian/watch
  * debian/notify/notify.conf: set show_notifications="yes" by default
  * debian/patches/0006-network-interface-enumeration.patch: allow network
    interface enumeration. This can be dropped in 2.5.1 final.
  * debian/patches/0007-gnome-updates.patch: update for font/icon/mime
    locations in current gnome. This can be dropped in 2.5.1 final.

  [ Kees Cook ]
  * debian/apparmor.init: rename "stop" to "teardown", drop caches on
    "stop" and warn about the dangers of "teardown".

apparmor (2.5.1~pre1393-0ubuntu6) maverick; urgency=low

  * debian/profiles/chromium-browser: updated to have the proper path to
    local/
  * debian/patches/0011-lp514356+573344+593413.patch: browser abstraction
    updates for /net, kmozillahelper and gnome-appearance-properties
    (LP: #593413, LP: #514356, LP: #573344)
  * debian/patches/0012-lp625041.patch: add sensible-browser (LP: #625041)
  * debian/patches/0013-lp623586.patch: allow access to ghostscript fonts when
    not using defoma (LP: #623586)

apparmor (2.5.1~pre1393-0ubuntu5) maverick; urgency=low

  * debian/patches/0007-lp605835.patch: allow ca-certificates in ssl_certs
    abstraction (LP: #605835)
  * debian/patches/0008-lp601583.patch: adjust X abstraction for newer gdm
    (LP: #601583)
  * debian/patches/0009-lp565753.patch: add ubuntu-feed-readers abstraction
    and have ubuntu-browsers.d/multimedia use it (LP: #565753)
  * debian/apparmor.config: don't try to read in the existing value from
    /etc/apparmor.d/tunables/home.d/ubuntu, but instead always use what is
    in debconf. (LP: #561694)
  * add aa-update-browser for giving a programmatic way to update browser
    profiles to use browser abstractions
    - add debian/aa-update-browser
    - add debian/aa-update-browser.8
    - debian/rules: install aa-update-browser*
  * debian/patches/0003-ubuntu-browsers-d.patch: updated to generalize java
    child profile names
  * debian/patches/0010-fix-release.patch: update common/Make.rules to use
    lsb_release

apparmor (2.5.1~pre1393-0ubuntu4) maverick; urgency=low

  * debian/patches/0001-local-includes.patch: updated to adjust local/README
    to have upstream clarifications
  * debian/patches/0003-ubuntu-browsers-d.patch: add ubuntu-browsers.d/*
    abstractions
  * debian/patches/0004-ubuntu-pux.patch: use 'PUx' instead of 'Ux' in
    abstractions/ubuntu-*
  * add chromium-browser profile. All this can be removed once
    chromium-browser ships its own profile:
    - debian/patches/0005-add-chromium-browser.patch: add preliminary
      profiles/apparmor.d/usr.bin.chromium-browser
    - debian/profiles/chromium-browser: added for use with ubuntu-browsers.d
    - debian/rules: ship debian/profiles/chromium-browser in apparmor-profiles
  * don't make /etc/apparmor.d/local/* from apparmor-profiles conffiles
    - debian/control: Build-Depends on debhelper 7.4.20ubuntu5
    - debian/rules: use dh_apparmor instead of shipping the files as conffiles
    - debian/apparmor-profiles.postinst: move DEBHELPER before initscript
      reload
    - debian/apparmor-profiles.postrm: added to remove chromium-browser config
      file
  * debian/patches/0006-kde4-config-pux.patch: remove kde4-config from kde
    abstraction and add it to kde ubuntu-browsers abstraction

apparmor (2.5.1~pre1393-0ubuntu3) maverick; urgency=low

  * debian/patches/0002-lp615177.patch: 'owner' match in commit 1406 too
    strict for /tmp/ and /var/tmp/ (LP: #615177)

apparmor (2.5.1~pre1393-0ubuntu2) maverick; urgency=low

  * debian/rules: move local/usr.lib.apache2.mpm-prefork.apache2 to
    libapache2-mod-apparmor

apparmor (2.5.1~pre1393-0ubuntu1) maverick; urgency=low

  * Update to upstream bzr revision 1393 from lp:apparmor/2.5.
    * add dbus-session abstraction (LP: #566207)
    * require owner in user-tmp abstraction (LP: #578922)
    * don't use uninitialized $opt_s (LP: #582075)
    * allow thunderbird 3 in abstractions/ubuntu-email (LP: #590462)
    * allow gmplayer in abstractions/ubuntu-media-players (LP: #591421)
  * debian/control: updated branches.
  * debian/patches/0001-local-includes.patch: backported patch from trunk to
    allow local administrators to customize their profiles without modifying
    a shipped profile
  * debian/rules:
    - don't pass RELEASE to libapparmor's 'make install' as it breaks the
      build and isn't used by the Makfile anyway
    - install apparmor.d/local/README in apparmor, not apparmor-profiles
    - don't install apparmor.d/local/usr.sbin.ntpd
  * Drop the following patches already included upstream:
    - 0001-lp538561.patch
    - 0002-aalogprof-warnings.patch
    - 0003-fix-memleaks.patch
    - 0004-lp549557.patch
    - 0005-lp538661.patch
    - 0006-lp611248.patch

apparmor (2.5-0ubuntu4) maverick; urgency=low

  * debian/patches/0006-lp611248.patch: allow access to gdk-pixbuf loaders
    LP: #611248
 -- Jamie Strandboge <jamie at ubuntu.com>   Tue, 02 Nov 2010 13:33:15 -0500

** Changed in: apparmor (Ubuntu Lucid)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Package Archive Administrators, which is a direct subscriber.
https://bugs.launchpad.net/bugs/660077

Title:
  update AppArmor to 2.5.1 (for upstream and backported maverick kernels)



More information about the ubuntu-archive mailing list