-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 03 Sep 2021 08:23:30 +0000 Source: apparmor Architecture: source Version: 3.0.3-2 Distribution: unstable Urgency: medium Maintainer: Debian AppArmor Team <pkg-apparmor-team@lists.alioth.debian.org> Changed-By: intrigeri <intrigeri@debian.org> Closes: 930031 Changes: apparmor (3.0.3-2) unstable; urgency=medium . * Upload to unstable . apparmor (3.0.3-1) experimental; urgency=medium . * New upstream release * Drop debian/Revert-libapparmor-fixing-setup.py-call-when-crosscompili.patch: obsolete * Refresh patches * Merge changes from sid, up to 2.13.6-10 * upstream-6cfc6eee-python-3.10.patch: new patch, for compatibility with Python 3.10 . apparmor (3.0.1-6) experimental; urgency=medium . * autopkgtest: use hint-testsuite-triggers to ensure dummy test is not run . apparmor (3.0.1-5) experimental; urgency=medium . * Merge changes from sid, up to 2.13.6-9 . apparmor (3.0.1-4) experimental; urgency=medium . * apparmor: drop obsolete dependency on python3 (#981442) * Merge changes from sid, up to 2.13.6-7 . apparmor (3.0.1-3) experimental; urgency=medium . * Supersede failed, incomplete dgit upload . apparmor (3.0.1-2) experimental; urgency=medium . * Supersede failed, incomplete dgit upload . apparmor (3.0.1-1) experimental; urgency=medium . * New upstream release * Vcs-* control fields: track the debian/experimental branch * Drop upstream-commit-*.patch: included in 3.0.1 * Refresh patches * Add aa_features_new_from_file to symbols file * Pin the Linux 5.9 feature set * Only pin the policy ABI, not the kernel ABI . apparmor (3.0.0-1) experimental; urgency=medium . * New upstream release (Closes: #930031) * Merge ubuntu/3.0.0-0ubuntu1: - Drop upstreamed patches - d/apparmor.install: + install new aa-features-abi binary to /usr/bin + include abi/ directory and tunables/etc. - d/apparmor.manpages: + install new aa-features-abi.1 manpage + install apparmor_xattrs.7 manpage - d/apparmor-profiles.install: + install new usr.lib.dovecot.script-login + adjust for renamed postfix profiles + add usr.bin.dumpcap to extra-profiles + remove usr.sbin.nmbd and usr.sbin.smbd from extra-profiles (already in apparmor-profiles) - d/control: + apparmor-utils: drop perl dependency + Update apparmor-notify dependencies: it was ported to Python - d/tests/test-installed: + include libraries/ in workdir so tests have access to private headers - New patches: + d/p/u/parser-Fix-warning-message-when-complain-mode-is-for.patch: Provide better message about caching not happening due to a profile being in force-complain mode. (LP: #1899218) + d/p/ubuntu/lp1891338.patch: adjust ubuntu-integration to use abstractions/exo-open (LP: #1891338) + d/p/ubuntu/lp1889699.patch: adjust to support brave in ubuntu abstractions (LP: #1889699) + d/p/ubuntu/lp1881357.patch: adjust for new ICEauthority path in /run (LP: #1881357) * Drop another already upstreamed patch * Upstream the patches added by Ubuntu * New patches: - upstream-commit-9350038-add-CAP_CHECKPOINT_RESTORE.patch: fixes FTBFS on Linux 5.9 - upstream-commit-5958930-add-_aa_asprintf-to-private-symbols.patch: fixes symbols discrepancy - upstream-commit-51144b5-apparmor_xattrs.7-fix-whatis-entry.patch - upstream-commit-11d1f38-Fix-typos.patch - debian/Revert-libapparmor-fixing-setup.py-call-when-crosscompili.patch: fixes passing hardening LDFLAGS to Python build * apparmor-profiles: install new php-fpm profile * Tell dh_missing that we purposely don't ship the chromium-browser profile * Override a Lintian false positive . apparmor (3.0.0-0ubuntu1) groovy; urgency=medium . [ Alex Murray ] * Update to the final AppArmor 3.0 upstream release - d/apparmor.install: + install new aa-features-abi binary to /usr/bin - d/apparmor.manpages: + install new aa-features-abi.1 man page - d/apparmor-profiles.install: + install new usr.lib.dovecot.script-login + adjust for renamed postfix profiles - d/tests/test-installed: + include libraries/ in workdir so tests have access to private headers - Drop the following patches that were originally backported from upstream but are now incorporated in the final release: + d/p/parser-fix_cap_match.patch + d/p/policy-provide-example-and-base-abi-to-pin-pre-3.0-p.patch + d/p/parser-add-abi-warning-flags.patch + d/p/fix-tests-regression-apparmor-prologue-inc-settest.patch + d/p/fix-automatic-adding-of-rule-for-change-hat-iface.patch + d/p/fix-parser-to-emit-proc-attr-access-for-all-situations.patch + d/p/fix-change-profile-stack-abstraction.patch + d/p/ubuntu/stop-loading-snapd-profiles.patch . [ Emilia Torino ] * d/control: adjust apparmor-notify to depends on python3-psutil and python3-apparmor (LP: #1899046) . [ Steve Beattie ] * d/p/u/parser-Fix-warning-message-when-complain-mode-is-for.patch: Provide better message about caching not happening due to a profile being in force-complain mode. (LP: #1899218) . apparmor (3.0.0~beta1-0ubuntu6) groovy; urgency=medium . * Drop d/p/lp1824812.patch: this patch was only needed with 2.13 and not 3.0. With AppArmor 3, the patch ends up setting SFS_MOUNTPOINT to the wrong directory in is_container_with_internal_policy(), which causes policy to always fail to load in containers. Thanks to Christian Ehrhardt for the analysis. (LP: #1895967) . apparmor (3.0.0~beta1-0ubuntu5) groovy; urgency=medium . [ John Johansen ] * d/p/fix-parser-to-emit-proc-attr-access-for-all-situations.patch: fix-automatic-adding-of-rule-for-change-hat-iface.patch fixed the parser to emit rules needed for change_hat in the hat profiles but broke the rule being emitted for the parent profile, this fixes it for both so that it is emitted for any profile that is a hat or that contains a hat. * d/p/fix-change-profile-stack-abstraction.patch: fix the change_profile abstraction so that it allows access to the apparmor attribute paths under LSM stacking. . apparmor (3.0.0~beta1-0ubuntu2) groovy; urgency=medium . [ John Johansen ] * d/p/fix-automatic-adding-of-rule-for-change-hat-iface.patch: fix parser not adding a rule to profiles if they are a hat or contain hats granting write access to the kernel interfaces. . apparmor (3.0.0~beta1-0ubuntu1) groovy; urgency=medium . [ John Johansen ] * New upstream release (LP: #1895060, LP: #1887577, LP: #1880841) * Drop all patches backported from upstream: applied in 3.0 * d/p/policy-provide-example-and-base-abi-to-pin-pre-3.0-p.patch: provide example and base abi to pin pre 3.0 policy * d/p/ubuntu/enable-pinning-of-pre-AppArmor-3.x-poli.patch: enable pinning of pre AppArmor 3.x policy * drop d/p/debian/dont-include-site-local-with-dovecot.patch: no longer needed with upstream 'include if exists' . [ Steve Beattie ] * d/p/parser-fix_cap_match.patch: fix cap match to work correctly, important now that groovy has a 5.8 kernel. * d/apparmor-profiles.install: + adjust for renamed postfix profiles + add usr.bin.dumpcap and usr.bin.mlmmj-receive to extra-profiles + remove usr.sbin.nmbd and usr.sbin.smbd from extra-profiles (already in apparmor-profiles) * d/apparmor.install: include abi/ directory and tunables/etc. * d/apparmor.manpages: add apparmor_xattrs.7 manpage * d/control: + apparmor-utils: no more shipped perl tools, drop perl dependency + apparmor-notify: aa-notify was converted to python3 from perl; adjust -notify dependencies to compensate * d/p/fix-tests-regression-apparmor-prologue-inc-settest.patch: fix sed expression in settest() . [ Emilia Torino ] * Removing Ubuntu specific chromium-browser profile. This is safe to do since groovy's chromium-browser deb installs the snap. If apparmor3 is backported to 18.04 or earlier, the profile will need to be taken into consideration - d/profiles/chromium-browser: remove chromium-browser profile - d/apparmor-profiles.postinst: remove postinst script as it only contains chromium-browser related functionallity. - d/apparmor-profiles.postrm: remove postrm script as it only contains chromium-browser related functionallity. - d/apparmor-profiles.install: remove ubuntu-specific chromium-browser abstraction and profile - d/apparmor-profiles.lintian-overrides: remove chromium-browser profile lintian overrides - d/p/ubuntu/add-chromium-browser.patch: remove patch which added chrome-browser . [ Alex Murray ] * d/p/policy-provide-example-and-base-abi-to-pin-pre-3.0-p.patch: refresh this patch with the official upstream version * d/p/ubuntu/enable-pinning-of-pre-AppArmor-3.x-poli.patch: refresh this patch to match the above * d/p/parser-add-abi-warning-flags.patch: enable parser warnings to be silenced or to be treated as errors . [ Jamie Strandboge ] * d/p/adjust-for-ibus-1.5.22.patch: update ibus abstract path for ibus 1.5.22. This can be dropped with AppArmor 3.0 final. * d/p/parser-add-abi-warning-flags.patch: refresh to avoid lintian warnings * d/p/ubuntu/lp1891338.patch: adjust ubuntu-integration to use abstractions/exo-open (LP: #1891338) * d/p/ubuntu/lp1889699.patch: adjust to support brave in ubuntu abstractions. Patch thanks to François Marier (LP: #1889699) * d/p/ubuntu/lp1881357.patch: adjust for new ICEauthority path in /run (LP: #1881357) Checksums-Sha1: 39c5a89325920e4a6551757c351e1f0cb4a6f3b3 3059 apparmor_3.0.3-2.dsc ca83641cc77a6e89df266ddfcb0fd7ebfd75eae4 91428 apparmor_3.0.3-2.debian.tar.xz Checksums-Sha256: 12a7d9ddbe00c490632dabceaa77e5ed5aba30f03c5264031b79c898c6481634 3059 apparmor_3.0.3-2.dsc 274bea61812947fca4bed88ed1e9cb86b9dc1d54a4f962b0c0cecfe980c10010 91428 apparmor_3.0.3-2.debian.tar.xz Files: 1705f5bb9fe33213da95019452f5f35c 3059 admin optional apparmor_3.0.3-2.dsc 27482ba7609879e6edb8573d434436a5 91428 admin optional apparmor_3.0.3-2.debian.tar.xz -----BEGIN PGP SIGNATURE----- iIsEARYKADMWIQRhtDRcZu/HkP7YWcafj6cvaVTDowUCYTHlkxUcaW50cmlnZXJp QGRlYmlhbi5vcmcACgkQn4+nL2lUw6MrgAEAm9Zr/aKrb/kRdAZwzlyzLcOMvdjz 9wZ/R4T6eAXE3+wBAL4Z6PHNjco0s9D1iTupp+jSxCGiTTvgR7VMi4gSxcAJ =fKJQ -----END PGP SIGNATURE-----
