apparmor (4.1.0-1) unstable; urgency=medium
* Import new upstream release
* Drop backported patches that are now obsolete.
-- intrigeri <intrigeri@debian.org> Thu, 10 Apr 2025 15:06:25 +0000
apparmor (4.1.0~beta5-6) unstable; urgency=medium
[ Alban Browaeys ]
* Fix usr.bin.chromium-browser rm_conffile versioning (Closes: #1101071)
* Fix zgrep rm_conffile versioning (Closes: #1100007)
-- intrigeri <intrigeri@debian.org> Wed, 02 Apr 2025 16:15:24 +0000
apparmor (4.1.0~beta5-5) unstable; urgency=medium
* Cleanup obsolete /etc/apparmor.d/usr.bin.chromium-browser conffile
(Closes: #1100546)
-- intrigeri <intrigeri@debian.org> Thu, 20 Mar 2025 11:00:01 +0000
apparmor (4.1.0~beta5-4) unstable; urgency=medium
* Remove obsolete /etc/apparmor.d/zgrep conffile (Closes: #1100007)
* Don't ship the podman stub profile (Closes: #1100135)
-- intrigeri <intrigeri@debian.org> Mon, 17 Mar 2025 11:15:38 +0000
apparmor (4.1.0~beta5-3) unstable; urgency=medium
* upstream-mr-1558-avoid-blhc-false-positive.patch: new patch
* upstream-mr-1567-fix-riscv64.patch: new patch (Closes: #1099085).
Thanks to Bo YU for the patch.
-- intrigeri <intrigeri@debian.org> Tue, 04 Mar 2025 10:52:41 +0000
apparmor (4.1.0~beta5-2) unstable; urgency=medium
* Revert "gbp.conf: set debian-branch to debian/experimental"
* Add test-only build-dep on net-tools: utils test needs netstat
-- intrigeri <intrigeri@debian.org> Thu, 20 Feb 2025 20:41:37 +0000
apparmor (4.1.0~beta5-1) unstable; urgency=medium
* Import new upstream release
* gbp.conf: set debian-branch to debian/experimental
* debian/watch: track all releases, not only 3.x
* Drop backported patches that are now obsolete
* Refresh remaining patches
* Install aa-load and its man page
* Install new profiles and abstractions
* Stop installing etc/apparmor.d/local/usr.sbin.apache2, no longer needed;
accordingly, remove this obsolete conffile on upgrades
* d/control: add build-dependency on autoconf-archive
* d/apparmor-notify.install: install etc/apparmor/default_unconfined.template
and usr/share/polkit-1/actions/com.ubuntu.pkexec.aa-notify.policy
* apparmor-notify: add new dependencies on python3-tk, python3-ttkthemes,
and python3-gi
* Test libapparmor in override_dh-auto-test before the parser and binutils
* Run utils upstream tests during build and add the corresponding
build-dependencies annotated with !nocheck
* Add new symbols
* Remove obsolete Lintian overrides for false positives
* put-all-profiles-in-complain-mode.sh: skip profiles that have
the unconfined flag
* put-all-profiles-in-complain-mode.sh: improve code robustness
* put-all-profiles-in-complain-mode.sh, autopkgtests: use consistent
4-spaces indentation
-- intrigeri <intrigeri@debian.org> Thu, 20 Feb 2025 16:18:31 +0000
apparmor (3.1.7-4) unstable; urgency=medium
* Remove obsolete conffile
/etc/apparmor.d/abstractions/ubuntu-browsers.d/chromium-browser
(Closes: #1074408)
-- intrigeri <intrigeri@debian.org> Mon, 17 Feb 2025 14:27:37 +0000
apparmor (3.1.7-3) unstable; urgency=medium
* Pin the Linux 6.12 feature set
* autopkgtests:
- warn if a rule is not enforced or downgraded
- update list of tested profiles
-- intrigeri <intrigeri@debian.org> Mon, 17 Feb 2025 11:38:56 +0000
apparmor (3.1.7-2) unstable; urgency=medium
[ Carles Pina i Estany ]
* Update Catalan translation (Closes: #1094958)
[ intrigeri ]
* Make cgitb optional; cherry-picked from upstream
(Closes: #1084647, #1095405)
* Add upstream-commit-a84bcec4b5600b0fef28bb196e5150874029f58f-fix-ping.patch
(Closes: #1082190)
* Declare compliance with Policy 4.7.0
-- intrigeri <intrigeri@debian.org> Mon, 10 Feb 2025 11:36:39 +0000
apparmor (3.1.7-1) unstable; urgency=medium
* Import new upstream release (Closes: #988204, #1057787, #1003158)
* debian/watch: track any 3.x release
* Fix DEP-3 metadata syntax on 2 patches
* Only include /usr/share/dpkg/architecture.mk once
* New patch: honor global CFLAGS when building Python library.
- This fixes missing hardening flags, spotted by blhc.
- Accordingly, refresh context of another patch.
* GitLab CI: don't vary the build path in reprotest
-- intrigeri <intrigeri@debian.org> Thu, 13 Jun 2024 16:18:06 +0000
apparmor (3.0.13-2) unstable; urgency=medium
* Revert "Vcs-* control fields: track the debian/experimental branch"
* Revert "gbp.conf: set debian-branch to debian/experimental"
* Upload to unstable
-- intrigeri <intrigeri@debian.org> Mon, 25 Mar 2024 10:52:20 +0000
apparmor (3.0.13-1) experimental; urgency=medium
[ intrigeri ]
* Don't install
/etc/apparmor.d/abstractions/ubuntu-browsers.d/chromium-browser
(Closes: #1039668)
* Declare compliance with Policy 4.6.2
* Update build dependency: pkg-config → pkgconf
* Fix spelling error in README.source
* autopkgtests: enforce "set -u" in scripts
* autopkgtests: make scripts ShellCheck-compliant
* Import new upstream release (Closes: #1057453)
[ Helmut Grohne ]
* Fix FTCBFS: Fix confusion of compiler flags for python extension
(Closes: #1057188)
[ Michael Biebl ]
* Install PAM module, binaries and helper scripts into /usr.
(Closes: #1064151)
[ Remus-Gabriel Chelu ]
* Add Romanian translation of debconf templates (Closes: #1031142)
-- intrigeri <intrigeri@debian.org> Wed, 28 Feb 2024 17:21:10 +0000
apparmor (3.0.12-1) unstable; urgency=medium
* New upstream releases: 3.0.9, 3.0.10, 3.0.11, and 3.0.12
(Closes: #929990, #1037578, #1040481)
* Drop patches that are part of new upstream releases
* Adjust to profiles renamed upstream
* Refresh remaining patches
* Install new profiles
* Don't install new clamd profile: clamav-daemon ships one
* Adjust to profile renamed upstream
-- intrigeri <intrigeri@debian.org> Sun, 16 Jul 2023 14:39:37 +0000
apparmor (3.0.8-3) unstable; urgency=medium
* Cherry-pick a few small, targeted fixes from upstream 3.0 branch
-- intrigeri <intrigeri@debian.org> Tue, 14 Feb 2023 11:49:15 +0000
apparmor (3.0.8-2) unstable; urgency=medium
* Only pin the policy ABI, not the kernel ABI.
This brings back the desired behavior that we had on Bullseye.
Fixes regression introduced in 3.0.3-1.
* Drop obsolete dependency on lsb-base: it's transitional
and provided by sysvinit-utils, which is essential
-- intrigeri <intrigeri@debian.org> Wed, 18 Jan 2023 11:10:22 +0000
apparmor (3.0.8-1) unstable; urgency=medium
* New upstream release
* debian/watch: only track the 3.0 series for now
* Add upstream patch to fix test suite
-- intrigeri <intrigeri@debian.org> Sat, 10 Dec 2022 17:54:51 +0000
apparmor (3.0.7-1) unstable; urgency=medium
* New upstream release
-- intrigeri <intrigeri@debian.org> Tue, 16 Aug 2022 14:09:22 +0000
apparmor (3.0.6-1) unstable; urgency=medium
* New upstream release (Closes: #1015354)
* Drop patch that was applied upstream
* Enable LTO
* Declare compliance with Policy 4.6.1
-- intrigeri <intrigeri@debian.org> Tue, 02 Aug 2022 09:15:54 +0000
apparmor (3.0.5-1) unstable; urgency=medium
* New upstream release
* Drop patches that were applied upstream
* Drop profile-load script: part of upstream 3.0.5
* Install newly upstreamed aa-notify.desktop instead of the custom Debian one
* Rename debian/master branch to debian/unstable
* New patch, to fix new upstream "dirtest" test
* Install new samba-* profiles
-- intrigeri <intrigeri@debian.org> Mon, 25 Jul 2022 13:46:44 +0000
apparmor (3.0.4-3) unstable; urgency=medium
* Cherry-pick 7 patches from upstream apparmor-3.0 branch (Closes: #1003153)
* Adjust overrides for recent Lintian
* Override Lintian false positives
-- intrigeri <intrigeri@debian.org> Wed, 06 Jul 2022 07:48:25 +0000
apparmor (3.0.4-2) unstable; urgency=medium
* Add upstream commit that makes the test suite compatible with Python 3.10
-- intrigeri <intrigeri@debian.org> Wed, 23 Feb 2022 09:48:59 +0000
apparmor (3.0.4-1) unstable; urgency=medium
* New upstream release
* apparmor-profiles: install new samba-bgqd profile
* Drop backported patches that are now obsolete
* debian/allow-access-to-ibus-socket.patch: drop support for pre-Bullseye
ibus path
* Declare compliance with Policy 4.6.0.1
* Drop XS- prefix for adopted Python-Version control field
* Add new symbols
-- intrigeri <intrigeri@debian.org> Sat, 12 Feb 2022 12:34:23 +0000
apparmor (3.0.3-6) unstable; urgency=medium
* debian/rules: let "set -e" take effect (Closes: #998843)
* Add support for Python 3.10 (Closes: #998686):
- upstream-ab4cfb5e-replace-distutils-with-setuptools.patch: new patch,
edited to drop changes to upstream .gitignore.
- Add build-dependency on python3-setuptools
-- intrigeri <intrigeri@debian.org> Thu, 18 Nov 2021 09:15:55 +0000
apparmor (3.0.3-5) unstable; urgency=medium
[ Debian Janitor ]
* Remove constraints unnecessary since stretch.
[ Helmut Grohne ]
* Make the package cross-buildable (Closes: #984582):
- Multiarchify python Build-Depends
- Let dh_auto_build pass cross tools to make
- Annotate perl build-dependency with !nocheck
[ intrigeri ]
* Remove obsolete libapparmor-perl on upgrade
-- intrigeri <intrigeri@debian.org> Sat, 23 Oct 2021 10:22:04 +0000
apparmor (3.0.3-4) unstable; urgency=medium
* Merge apparmor-easyprof into apparmor-utils (Closes: #972880)
* Make apparmor-utils and python3-apparmor arch:all (Closes: #972881)
-- intrigeri <intrigeri@debian.org> Sun, 17 Oct 2021 17:23:17 +0000
apparmor (3.0.3-3) unstable; urgency=medium
* Adjust gbp.conf and Vcs-* control fields for 3.0.x now being in sid.
* Stop building the libapparmor-perl binary package (Closes: #993565)
* Update Lintian overrides
* Add B-D on dh-sequence-python3, to workaround #996089 in Lintian
* B-D: python3-all → python3-all:any, to appease Lintian
-- intrigeri <intrigeri@debian.org> Wed, 13 Oct 2021 05:56:16 +0000
apparmor (3.0.3-2) unstable; urgency=medium
* Upload to unstable
-- intrigeri <intrigeri@debian.org> Fri, 03 Sep 2021 08:23:30 +0000
apparmor (3.0.3-1) experimental; urgency=medium
* New upstream release
* Drop debian/Revert-libapparmor-fixing-setup.py-call-when-crosscompili.patch:
obsolete
* Refresh patches
* Merge changes from sid, up to 2.13.6-10
* upstream-6cfc6eee-python-3.10.patch: new patch,
for compatibility with Python 3.10
-- intrigeri <intrigeri@debian.org> Mon, 23 Aug 2021 18:25:14 +0000
apparmor (3.0.1-6) experimental; urgency=medium
* autopkgtest: use hint-testsuite-triggers to ensure dummy test is not run
-- intrigeri <intrigeri@debian.org> Fri, 02 Apr 2021 11:38:16 +0000
apparmor (3.0.1-5) experimental; urgency=medium
* Merge changes from sid, up to 2.13.6-9
-- intrigeri <intrigeri@debian.org> Fri, 12 Feb 2021 14:37:24 +0000
apparmor (3.0.1-4) experimental; urgency=medium
* apparmor: drop obsolete dependency on python3 (#981442)
* Merge changes from sid, up to 2.13.6-7
-- intrigeri <intrigeri@debian.org> Fri, 05 Feb 2021 06:48:41 +0000
apparmor (3.0.1-3) experimental; urgency=medium
* Supersede failed, incomplete dgit upload
-- intrigeri <intrigeri@debian.org> Sun, 27 Dec 2020 10:44:24 +0000
apparmor (3.0.1-2) experimental; urgency=medium
* Supersede failed, incomplete dgit upload
-- intrigeri <intrigeri@debian.org> Sun, 27 Dec 2020 10:16:16 +0000
apparmor (3.0.1-1) experimental; urgency=medium
* New upstream release
* Vcs-* control fields: track the debian/experimental branch
* Drop upstream-commit-*.patch: included in 3.0.1
* Refresh patches
* Add aa_features_new_from_file to symbols file
* Pin the Linux 5.9 feature set
* Only pin the policy ABI, not the kernel ABI
-- intrigeri <intrigeri@debian.org> Sun, 27 Dec 2020 09:23:01 +0000
apparmor (3.0.0-1) experimental; urgency=medium
* New upstream release (Closes: #930031)
* Merge ubuntu/3.0.0-0ubuntu1:
- Drop upstreamed patches
- d/apparmor.install:
+ install new aa-features-abi binary to /usr/bin
+ include abi/ directory and tunables/etc.
- d/apparmor.manpages:
+ install new aa-features-abi.1 manpage
+ install apparmor_xattrs.7 manpage
- d/apparmor-profiles.install:
+ install new usr.lib.dovecot.script-login
+ adjust for renamed postfix profiles
+ add usr.bin.dumpcap to extra-profiles
+ remove usr.sbin.nmbd and usr.sbin.smbd from extra-profiles
(already in apparmor-profiles)
- d/control:
+ apparmor-utils: drop perl dependency
+ Update apparmor-notify dependencies: it was ported to Python
- d/tests/test-installed:
+ include libraries/ in workdir so tests have access to private
headers
- New patches:
+ d/p/u/parser-Fix-warning-message-when-complain-mode-is-for.patch:
Provide better message about caching not happening due to a profile
being in force-complain mode. (LP: #1899218)
+ d/p/ubuntu/lp1891338.patch: adjust ubuntu-integration to use
abstractions/exo-open (LP: #1891338)
+ d/p/ubuntu/lp1889699.patch: adjust to support brave in ubuntu
abstractions (LP: #1889699)
+ d/p/ubuntu/lp1881357.patch: adjust for new ICEauthority path in /run
(LP: #1881357)
* Drop another already upstreamed patch
* Upstream the patches added by Ubuntu
* New patches:
- upstream-commit-9350038-add-CAP_CHECKPOINT_RESTORE.patch:
fixes FTBFS on Linux 5.9
- upstream-commit-5958930-add-_aa_asprintf-to-private-symbols.patch:
fixes symbols discrepancy
- upstream-commit-51144b5-apparmor_xattrs.7-fix-whatis-entry.patch
- upstream-commit-11d1f38-Fix-typos.patch
- debian/Revert-libapparmor-fixing-setup.py-call-when-crosscompili.patch:
fixes passing hardening LDFLAGS to Python build
* apparmor-profiles: install new php-fpm profile
* Tell dh_missing that we purposely don't ship the chromium-browser profile
* Override a Lintian false positive
-- intrigeri <intrigeri@debian.org> Sun, 25 Oct 2020 12:03:26 +0000
apparmor (3.0.0-0ubuntu1) groovy; urgency=medium
[ Alex Murray ]
* Update to the final AppArmor 3.0 upstream release
- d/apparmor.install:
+ install new aa-features-abi binary to /usr/bin
- d/apparmor.manpages:
+ install new aa-features-abi.1 man page
- d/apparmor-profiles.install:
+ install new usr.lib.dovecot.script-login
+ adjust for renamed postfix profiles
- d/tests/test-installed:
+ include libraries/ in workdir so tests have access to private
headers
- Drop the following patches that were originally backported from
upstream but are now incorporated in the final release:
+ d/p/parser-fix_cap_match.patch
+ d/p/policy-provide-example-and-base-abi-to-pin-pre-3.0-p.patch
+ d/p/parser-add-abi-warning-flags.patch
+ d/p/fix-tests-regression-apparmor-prologue-inc-settest.patch
+ d/p/fix-automatic-adding-of-rule-for-change-hat-iface.patch
+ d/p/fix-parser-to-emit-proc-attr-access-for-all-situations.patch
+ d/p/fix-change-profile-stack-abstraction.patch
+ d/p/ubuntu/stop-loading-snapd-profiles.patch
[ Emilia Torino ]
* d/control: adjust apparmor-notify to depends on python3-psutil and
python3-apparmor (LP: #1899046)
[ Steve Beattie ]
* d/p/u/parser-Fix-warning-message-when-complain-mode-is-for.patch:
Provide better message about caching not happening due to a profile
being in force-complain mode. (LP: #1899218)
-- Alex Murray <alex.murray@canonical.com> Sun, 11 Oct 2020 16:26:32 -0700
apparmor (3.0.0~beta1-0ubuntu6) groovy; urgency=medium
* Drop d/p/lp1824812.patch: this patch was only needed with 2.13 and not
3.0. With AppArmor 3, the patch ends up setting SFS_MOUNTPOINT to the
wrong directory in is_container_with_internal_policy(), which causes
policy to always fail to load in containers. Thanks to Christian Ehrhardt
for the analysis. (LP: #1895967)
-- Jamie Strandboge <jamie@ubuntu.com> Tue, 22 Sep 2020 15:10:33 +0000
apparmor (3.0.0~beta1-0ubuntu5) groovy; urgency=medium
[ John Johansen ]
* d/p/fix-parser-to-emit-proc-attr-access-for-all-situations.patch:
fix-automatic-adding-of-rule-for-change-hat-iface.patch fixed the
parser to emit rules needed for change_hat in the hat profiles but
broke the rule being emitted for the parent profile, this fixes it for
both so that it is emitted for any profile that is a hat or that
contains a hat.
* d/p/fix-change-profile-stack-abstraction.patch: fix the change_profile
abstraction so that it allows access to the apparmor attribute paths
under LSM stacking.
-- Alex Murray <alex.murray@canonical.com> Fri, 18 Sep 2020 11:58:59 +0930
apparmor (3.0.0~beta1-0ubuntu2) groovy; urgency=medium
[ John Johansen ]
* d/p/fix-automatic-adding-of-rule-for-change-hat-iface.patch: fix
parser not adding a rule to profiles if they are a hat or contain hats
granting write access to the kernel interfaces.
-- Emilia Torino <emilia.torino@canonical.com> Thu, 17 Sep 2020 12:40:09 -0300
apparmor (3.0.0~beta1-0ubuntu1) groovy; urgency=medium
[ John Johansen ]
* New upstream release (LP: #1895060, LP: #1887577, LP: #1880841)
* Drop all patches backported from upstream: applied in 3.0
* d/p/policy-provide-example-and-base-abi-to-pin-pre-3.0-p.patch: provide
example and base abi to pin pre 3.0 policy
* d/p/ubuntu/enable-pinning-of-pre-AppArmor-3.x-poli.patch: enable pinning
of pre AppArmor 3.x policy
* drop d/p/debian/dont-include-site-local-with-dovecot.patch: no longer
needed with upstream 'include if exists'
[ Steve Beattie ]
* d/p/parser-fix_cap_match.patch: fix cap match to work correctly, important
now that groovy has a 5.8 kernel.
* d/apparmor-profiles.install:
+ adjust for renamed postfix profiles
+ add usr.bin.dumpcap and usr.bin.mlmmj-receive to extra-profiles
+ remove usr.sbin.nmbd and usr.sbin.smbd from extra-profiles (already in
apparmor-profiles)
* d/apparmor.install: include abi/ directory and tunables/etc.
* d/apparmor.manpages: add apparmor_xattrs.7 manpage
* d/control:
+ apparmor-utils: no more shipped perl tools, drop perl dependency
+ apparmor-notify: aa-notify was converted to python3 from perl; adjust
-notify dependencies to compensate
* d/p/fix-tests-regression-apparmor-prologue-inc-settest.patch:
fix sed expression in settest()
[ Emilia Torino ]
* Removing Ubuntu specific chromium-browser profile. This is safe to do
since groovy's chromium-browser deb installs the snap. If apparmor3
is backported to 18.04 or earlier, the profile will need to be taken
into consideration
- d/profiles/chromium-browser: remove chromium-browser profile
- d/apparmor-profiles.postinst: remove postinst script as it only
contains chromium-browser related functionallity.
- d/apparmor-profiles.postrm: remove postrm script as it only
contains chromium-browser related functionallity.
- d/apparmor-profiles.install: remove ubuntu-specific
chromium-browser abstraction and profile
- d/apparmor-profiles.lintian-overrides: remove chromium-browser
profile lintian overrides
- d/p/ubuntu/add-chromium-browser.patch: remove patch which added
chrome-browser
[ Alex Murray ]
* d/p/policy-provide-example-and-base-abi-to-pin-pre-3.0-p.patch: refresh
this patch with the official upstream version
* d/p/ubuntu/enable-pinning-of-pre-AppArmor-3.x-poli.patch: refresh this
patch to match the above
* d/p/parser-add-abi-warning-flags.patch: enable parser warnings
to be silenced or to be treated as errors
[ Jamie Strandboge ]
* d/p/adjust-for-ibus-1.5.22.patch: update ibus abstract path for ibus
1.5.22. This can be dropped with AppArmor 3.0 final.
* d/p/parser-add-abi-warning-flags.patch: refresh to avoid lintian warnings
* d/p/ubuntu/lp1891338.patch: adjust ubuntu-integration to use
abstractions/exo-open (LP: #1891338)
* d/p/ubuntu/lp1889699.patch: adjust to support brave in ubuntu
abstractions. Patch thanks to François Marier (LP: #1889699)
* d/p/ubuntu/lp1881357.patch: adjust for new ICEauthority path in /run
(LP: #1881357)
-- Jamie Strandboge <jamie@ubuntu.com> Wed, 09 Sep 2020 21:48:17 +0000
apparmor (2.13.6-10) unstable; urgency=medium
* autopkgtest: use hint-testsuite-triggers to ensure dummy test is not run
(Closes: #954655)
-- intrigeri <intrigeri@debian.org> Sat, 03 Apr 2021 06:09:19 +0000
apparmor (2.13.6-9) unstable; urgency=medium
* usr.lib.dovecot.script-login: don't include non-existent local override file
(Closes: #982112)
* Declare compliance with Policy 4.5.1
-- intrigeri <intrigeri@debian.org> Sat, 06 Feb 2021 17:07:35 +0000
apparmor (2.13.6-8) unstable; urgency=medium
* Backport patch from upstream 3.0 series, which ports aa-status to C
(upstream-commit-8f9046b-port-aa-status-to-c.patch), then
drop obsolete dependency from the apparmor binary package
on python3 (Closes: #981442)
* Annotate test dependencies <!nocheck> (Closes: #981205).
Thanks to Helmut Grohne <helmut@subdivi.de> for the patch!
-- intrigeri <intrigeri@debian.org> Fri, 05 Feb 2021 11:24:57 +0000
apparmor (2.13.6-7) unstable; urgency=medium
* Supersede failed dgit upload.
-- intrigeri <intrigeri@debian.org> Fri, 15 Jan 2021 13:16:37 +0000
apparmor (2.13.6-6) unstable; urgency=medium
* New patch:
upstream-commit-1ba978b6-adjust-for-new-ICEauthority-path-in-run.patch
(Closes: #980154)
-- intrigeri <intrigeri@debian.org> Fri, 15 Jan 2021 12:30:06 +0000
apparmor (2.13.6-5) unstable; urgency=medium
* Supersede failed dgit upload.
-- intrigeri <intrigeri@debian.org> Mon, 11 Jan 2021 08:33:53 +0000
apparmor (2.13.6-4) unstable; urgency=medium
* autopkgtest: update tcpdump profile name
-- intrigeri <intrigeri@debian.org> Mon, 11 Jan 2021 08:15:55 +0000
apparmor (2.13.6-3) unstable; urgency=medium
* Only pin the policy ABI, not the kernel ABI.
I hope this fixes the regressions, on older kernels, caused by pinning
the Linux 5.9 feature set, that I guess is the reason behind the
several autokpgtest regressions caused by 2.13.6-2 (debci runs
on Linux 4.19.x).
-- intrigeri <intrigeri@debian.org> Mon, 28 Dec 2020 11:41:02 +0000
apparmor (2.13.6-2) unstable; urgency=medium
* Pin the Linux 5.9 feature set
-- intrigeri <intrigeri@debian.org> Sun, 27 Dec 2020 10:24:57 +0000
apparmor (2.13.6-1) unstable; urgency=medium
* New upstream release (Closes: #969114, #930031)
* Improve long descriptions:
- apparmor-utils: fix typos
- libapparmor1, libapparmor-dev: don't try to list all functionality
* autopkgtest: don't try to compile kopano policies (kopanocore is not
in testing and was orphaned)
* Adjust to the fact 3.0.x was released upstream and packaged in experimental:
- debian/watch: use the Launchpad page with all downloads
- gbp: use upstream/2.13.x as the upstream branch
* Drop obsolete patches
* apparmor-profiles: install usr.lib.dovecot.script-login (Closes: #972883)
* Drop dh_perl custom invocation
-- intrigeri <intrigeri@debian.org> Sun, 27 Dec 2020 08:00:50 +0000
apparmor (2.13.5-1) unstable; urgency=medium
* New upstream release (Closes: #868563, #934869, #969267)
* Drop patches now included upstream
* Refresh patches
* d/apparmor.install: Install new file 'tunables/run' under '/etc/apparmor.d'
* upstream-commit-145136f-fix-2.13-libapparmor-so-version.patch: new patch
* Stop building on non-Linux architectures (Closes: #972049).
Thanks to Laurent Bigonville <bigon@debian.org> for the suggestion.
* Drop obsolete Lintian overrides
* Update Lintian override name
* Bump debhelper compat level to 13
* Update symbols list
* Install gettext translations
* apparmor-profiles: install a few more profiles (usr.bin.mlmmj-receive,
usr.lib.postfix.dnsblog, usr.lib.postfix.postscreen)
* debian/not-installed: list files not installed on purpose
* Adjust *.install source files to appease dh_missing
* autopkgtests: don't try to test disabled Thunderbird profile
* Merge ubuntu/2.13.3-7ubuntu6. Remaining included changes after resolving
conflicts and dropping patches included in 2.13.{4,5}:
- debian/control: add Breaks on snapd < 2.44.3+20.04~ since prior snapd
versions assume that apparmor will load the snapd policy on boot
-- intrigeri <intrigeri@debian.org> Sat, 24 Oct 2020 17:15:28 +0000
apparmor (2.13.4-3) unstable; urgency=medium
* apparmor-profiles: provide (upstream) bug reporting instructions
* upstream-commit-1f319c3-systemd-userdbd-compat.patch: new patch
(Closes: #962405)
-- intrigeri <intrigeri@debian.org> Tue, 16 Jun 2020 13:09:13 +0000
apparmor (2.13.4-2) unstable; urgency=medium
* apparmor-profiles: don't ship redundant freshclam profile (Closes: #959915)
* Apply upstream !465: fix the build with make 4.3
* Drop unused Lintian override
* GitLab CI:
- allow reprotest to fail without failing the whole pipeline
- enable diffoscope for reprotest
-- intrigeri <intrigeri@debian.org> Mon, 25 May 2020 09:23:21 +0000
apparmor (2.13.4-1) unstable; urgency=medium
* New upstream release
* Switch to HTTPS for upstream homepage URL
* apparmor-profiles: install missing usr.lib.dovecot.stats profile
(Closes: #953268)
* Drop backported patches that are now obsolete.
* Cherry-picked from Ubuntu:
- Update ibus abstract path for ibus 1.5.22
- debian/control: drop Breaks that were only needed for upgrades to bionic
* Drop obsolete Lintian overrides
* Add python3-all to Build-Depends
* Override Lintian false positive
* Declare compliance with Policy 4.5.0
* Apply upstream !464: let Mesa check if the kernel supports
the i915 perf interface
-- intrigeri <intrigeri@debian.org> Tue, 31 Mar 2020 08:45:58 +0000
apparmor (2.13.3-7ubuntu6) groovy; urgency=medium
* Add missing "boot_id" rule to abstractions/nameservice. (LP: #1872564)
- d/p/upstream-commit-454fca7-Add-run-variable.patch: Add the
definition for the "@{run}" variable.
- d/p/upstream-commit-ef591a67-Add-trailing-slash-to-the-run-variable-definition.patch:
Add trailing slash to the "@{run}" variable.
- d/p/upstream-commit-1f319c3870-abstractions-nameservice-allow-accessing-run-systemd-user.patch:
Add a missing rule to allow systemd to access
@{PROC}/sys/kernel/random/boot_id and @{run}/systemd/userdb.
- d/apparmor.install: Install new file 'tunables/run' under '/etc/apparmor.d'.
-- Sergio Durigan Junior <sergio.durigan@canonical.com> Mon, 11 May 2020 09:55:16 -0400
apparmor (2.13.3-7ubuntu5) focal; urgency=medium
* snapd 2.44.3+20.04 introduced an apparmor unit of its own to load snap
policy in /var/lib/snapd/apparmor/profiles. As such, don't load snapd
policy twice by not loading it in the apparmor unit (LP: 1871148)
- ubuntu/stop-loading-snapd-profiles.patch: stop loading snapd profiles
- debian/control: add Breaks on snapd < 2.44.3+20.04~ since prior snapd
versions assume that apparmor will load the snapd policy on boot
- debian/apparmor.service: remove the now unneeded RequiresMountsFor on
/var/lib/snapd/apparmor/profiles
* drop ubuntu/parser-conf-no-expr-simplify.patch: Optimize=no-expr-simplify
was added to parser.conf to mitigate slow snap policy compiles on 32bit
ARM. These days, snapd calls apparmor_parser with "-O no-expr-simplify"
and loads its snap policy, so drop this delta with upstream and Debian.
-- Jamie Strandboge <jamie@ubuntu.com> Sun, 12 Apr 2020 16:11:31 +0000
apparmor (2.13.3-7ubuntu4) focal; urgency=medium
* debian/apparmor.service: add /var/lib/snapd/apparmor/profiles to
RequiresMountsFor since Ubuntu's rc.apparmor.functions looks for it
(LP: #1871148)
* libnss-systemd.patch: allow accessing the libnss-systemd VarLink sockets
and DBus APIs. Patch partially based on work by Simon Deziel.
(LP: #1796911, LP: #1869024)
* upstream-mr-424-kerberos-dot-dirs.patch: abstractions/kerberosclient:
allow reading /etc/krb5.conf.d/
* upstream-mr-442-gnome-user-themes.patch: gnome abstraction: allow reading
per-user themes from $XDG_DATA_HOME (Closes: #930031)
* upstream-mr-443-ecryptfs-dirs.patch: abstractions/base: allow read access
to top-level ecryptfs directories (LP: #1848919)
* upstream-mr-445-uuidd-request.patch: abstractions/base: allow read access
to /run/uuidd/request
* upstream-mr-464-Mesa_i915_perf_interface.patch: let Mesa check if the
kernel supports the i915 perf interface. Patch from Debian
-- Jamie Strandboge <jamie@ubuntu.com> Mon, 06 Apr 2020 17:47:20 +0000
apparmor (2.13.3-7ubuntu3) focal; urgency=medium
* Add upstream-abstractions-add-etc-mdns.allow-to-etc-apparmor.d-ab.patch
(LP: #1869629)
-- John Johansen <john.johansen@canonical.com> Wed, 01 Apr 2020 01:05:30 -0700
apparmor (2.13.3-7ubuntu2) focal; urgency=medium
* No-change rebuild to drop python3.7.
-- Matthias Klose <doko@ubuntu.com> Tue, 18 Feb 2020 10:42:36 +0100
apparmor (2.13.3-7ubuntu1) focal; urgency=medium
* Merge from Debian. Remaining changes:
- Ubuntu-specific patches:
+ ubuntu/add-chromium-browser.patch
+ ubuntu/communitheme-snap-support.patch
+ ubuntu/mimeinfo-snap-support.patch
+ ubuntu/parser-conf-no-expr-simplify.patch
+ ubuntu/profiles-grant-access-to-systemd-resolved.patch
+ upstream-dont-allow-fontconfig-cache-write.patch
+ upstream-tests-mult-mount-bump-size-of-created-disk.patch
- debian/apparmor.{install,maintscript}: feature pinning is not used in
Ubuntu
- debian/apparmor.preinst: remove cache files on upgrade to 2.13
- debian/apparmor-profiles.install: install Ubuntu chromium-browser
profile and abstraction
- debian/apparmor-profiles.lintian-overrides: update for chromium-browser
profile having read access to dpkg database for lsb-release
- debian/apparmor-profiles.postinst: ubuntu-browsers.d/chromium-browser
abstraction if it doesn't exist
- debian/control: adjust the Vcs-{Browser,Git} control fields to reflect
the branch where the Ubuntu packaging is maintained.
- debian/gbp.conf: use ubuntu/master as the debian-branch
- debian/patches/series: comment out debian-only patches
- debian/tests/control and debian/tests/compile-policy: don't test
thunderbird since the Ubuntu packaging doesn't ship a profile
* Drop the following patches, no longer needed:
- python3.8-ac.diff
* debian/control: drop Breaks on media-hub, mediascanner2.0, messaging-app,
and webbrowser-app which was needed for upgrades to bionic (LP: #1797242)
* upstream-adjust-for-ibus-1.5.22.patch: update ibus abstract path for ibus
1.5.22
* upstream-adjust-gnome-for-mimeapps.patch: abstractions/gnome: also allow
/etc/xdg/mimeapps.list (LP: #1792027)
-- Jamie Strandboge <jamie@ubuntu.com> Tue, 17 Dec 2019 15:50:00 +0000
apparmor (2.13.3-7) unstable; urgency=medium
* Add explicit build dependency on dh-python, so that this package
can built with python3-defaults 3.7.5-3.
-- intrigeri <intrigeri@debian.org> Fri, 15 Nov 2019 10:37:05 +0000
apparmor (2.13.3-6) unstable; urgency=medium
[ Matthias Klose ]
* debian/rules: ensure "set -e" is honored (Closes: #943649).
* Add upstream-mr-430-Fix-a-Python-3.8-autoconf-check.patch (Closes: #943657).
-- intrigeri <intrigeri@debian.org> Tue, 29 Oct 2019 18:57:51 +0000
apparmor (2.13.3-5ubuntu5) focal; urgency=medium
* Don't ignore exit status in debian/rules.
* Fix a Python 3.8 autoconf check.
-- Matthias Klose <doko@ubuntu.com> Sun, 27 Oct 2019 16:38:00 +0200
apparmor (2.13.3-5ubuntu2) focal; urgency=medium
* No-change rebuild for the perl update.
-- Matthias Klose <doko@ubuntu.com> Fri, 18 Oct 2019 19:26:58 +0000
apparmor (2.13.3-5ubuntu1) eoan; urgency=medium
* Merge new upstream release from Debian. Remaining changes:
- Ubuntu-specific patches:
+ ubuntu/add-chromium-browser.patch
+ ubuntu/communitheme-snap-support.patch
+ ubuntu/mimeinfo-snap-support.patch
+ ubuntu/parser-conf-no-expr-simplify.patch
+ ubuntu/profiles-grant-access-to-systemd-resolved.patch
- debian/apparmor.{install,maintscript}: feature pinning is not used in
Ubuntu
- debian/apparmor.preinst: remove cache files on upgrade to 2.13
- debian/apparmor-profiles.install: install Ubuntu chromium-browser
profile and abstraction
- debian/apparmor-profiles.lintian-overrides: update for chromium-browser
profile having read access to dpkg database for lsb-release
- debian/apparmor-profiles.postinst: ubuntu-browsers.d/chromium-browser
abstraction if it doesn't exist
- debian/control: adjust the Vcs-{Browser,Git} control fields to reflect
the branch where the Ubuntu packaging is maintained.
- debian/gbp.conf: use ubuntu/master as the debian-branch
- debian/patches/series: comment out debian-only patches
- debian/tests/control and debian/tests/compile-policy: don't test
thunderbird since the Ubuntu packaging doesn't ship a profile
* Drop the following patches, no longer needed:
- ubuntu/dont-include-site-local-with-dovecot.patch
- lp1820068.patch
- upstream-commit-fix-segfault-in-overlaydirat_for_each.patch
- upstream-commit-add-option-to-dump-policy-cache-with-libapparmor.patch
- upstream-commit-teach-aa_policy_cache_sh-about-the-new-cache.patch
- upstream-commit-fix-segfault-when-loading-policy-cache-files.patch
- upstream-commit-fix-variable-name-overlap-in-merge-macro.patch
* upstream-dont-allow-fontconfig-cache-write.patch: don't allow write of
fontconfig cache files
* upstream-tests-mult-mount-bump-size-of-created-disk.patch: regression
tests/mult_mount: bump size of created disk image
-- Jamie Strandboge <jamie@ubuntu.com> Mon, 09 Sep 2019 19:13:22 +0000
apparmor (2.13.3-5) unstable; urgency=medium
* upstream-mr-419-Xwayland-vs-recent-mutter.patch: new patch (Closes: #935058)
-- intrigeri <intrigeri@debian.org> Sun, 08 Sep 2019 08:00:56 +0000
apparmor (2.13.3-4) unstable; urgency=medium
* New patch, cherry-picked and adapted from Ubuntu: don't include local/
snippets in the Dovecot profiles. These inclusions of non-existing files
break aa-genprof (Closes: #928160).
* Merge ubuntu/2.13.2-9ubuntu7, which turns out to be a no-op, because
we essentially revert all changes brought by this merge:
- Drop lp1820068.patch, introduced in 2.13.2-9ubuntu7: it's included
in the 2.13.3 upstream release already.
- Don't enable ubuntu/parser-conf-no-expr-simplify.patch, that Ubuntu just
re-enabled: in Debian we don't disable expression tree simplification,
because we've cherry-picked an upstream patch that improves its
performance sufficiently.
-- intrigeri <intrigeri@debian.org> Sat, 27 Jul 2019 17:18:43 +0000
apparmor (2.13.3-3) unstable; urgency=medium
[ Michael Biebl ]
* Move libraries back to /usr/lib
[ intrigeri ]
* Remove Lintian override made obsolete by the move to /usr/lib/apparmor/
* Avoid-blhc-CPPFLAGS-missing-false-positive.patch: new patch.
* Revert "debian/control: Breaks on snapd < 2.38~"
Jamie Strandboge explained in details on #932815 the rationale behind this
Breaks relationship. The user impact seems non-critical and the risk of the
problem happening in practice is very low, so for now let's remove this
Breaks, that prevents apparmor from migrating to testing (we don't have
snapd 2.38+ in Debian yet).
-- intrigeri <intrigeri@debian.org> Tue, 23 Jul 2019 22:19:02 +0000
apparmor (2.13.3-2) unstable; urgency=medium
* Install the lsb_release profile.
-- intrigeri <intrigeri@debian.org> Wed, 17 Jul 2019 19:41:32 +0000
apparmor (2.13.3-1) unstable; urgency=medium
* Import new 2.13.3 upstream release and accordingly:
- Update dev-pkg-without-shlib-symlink Lintian override: soname
was bumped to 1.6.1.
- Drop patches that were applied upstream.
* Merge ubuntu/2.13.2-9ubuntu6, dropping the Ubuntu delta (Closes: #926015):
- lp1824812.patch: set SFS_MOUNTPOINT in is_container_with_internal_policy()
since it is sometimes called independently of is_apparmor_loaded()
(LP: #1824812)
- debian/apparmor.postrm: remove parser-created subdirs
- debian/tests/control: try Ubuntu kernel but mark skip-not-installable
- regression testsuite fixes:
upstream-commit-add-option-to-dump-policy-cache-with-libapparmor.patch,
upstream-commit-teach-aa_policy_cache_sh-about-the-new-cache.patch,
upstream-commit-fix-variable-name-overlap-in-merge-macro.patch
- debian/debhelper/postrm-apparmor: also remove cache files
- debian/control: Breaks on snapd < 2.38~ (the cache forest breaks snap
remove)
* Declare compatibility with Debian Policy 4.4.0.
* Bump debhelper compatibility level to 12. Accordingly:
- dh_installinit: replace --no-restart-on-upgrade with its new
--no-stop-on-upgrade name
- Add override_dh_installsystemd that mimics our override_dh_installinit
* tests/compile-policy: check syntax of kopano profiles (implements
#923313 except kopano-search, until giraffe-team/kopanocore!4 is merged
and uploaded)
-- intrigeri <intrigeri@debian.org> Wed, 17 Jul 2019 17:55:09 +0000
# Older entries have been removed from this changelog.
# To read the complete changelog use `apt changelog apparmor-utils`.
Generated by dwww version 1.16 on Tue Dec 16 07:10:38 CET 2025.