diff -Nru apparmor-2.8.0/debian/changelog apparmor-2.8.0/debian/changelog
--- apparmor-2.8.0/debian/changelog	2013-10-31 13:23:58.000000000 -0700
+++ apparmor-2.8.0/debian/changelog	2013-11-04 15:57:58.000000000 -0800
@@ -1,3 +1,24 @@
+apparmor (2.8.0-0ubuntu34) trusty; urgency=low
+
+  [ Tyler Hicks ]
+  * 0078-parser-check-for-dbus-kernel-support.patch: The parser should not
+    include D-Bus rules in the binary policy that it loads into the kernel if
+    the kernel does not support D-Bus rules (LP: #1231778)
+  * 0079-utils-ignore-unsupported-log-events.patch: aa-logprof should ignore
+    audit events that it does not yet support instead of treating them as
+    errors (LP: #1243932)
+  * 0080-tests-use-ldconfig-for-library-detection.patch: Fix libapparmor
+    detection in regression tests after the multiarch changes
+
+  [ Jamie Strandboge ]
+  * 0081-python-abstraction-updates.patch: Add rules in support of Python 3.3
+
+  [ Chad Miller ]
+  * debian/patches/0001-add-chromium-browser.patch: Follow new chromium-browser
+    sandbox name.  Keep old name for now to allow transition. LP: #1247269
+
+ -- Tyler Hicks <tyhicks@canonical.com>  Mon, 04 Nov 2013 15:57:30 -0800
+
 apparmor (2.8.0-0ubuntu33) trusty; urgency=low
 
   * Convert to dh.
diff -Nru apparmor-2.8.0/debian/patches/0001-add-chromium-browser.patch apparmor-2.8.0/debian/patches/0001-add-chromium-browser.patch
--- apparmor-2.8.0/debian/patches/0001-add-chromium-browser.patch	2013-10-29 18:08:49.000000000 -0700
+++ apparmor-2.8.0/debian/patches/0001-add-chromium-browser.patch	2013-11-04 00:27:00.000000000 -0800
@@ -2,11 +2,11 @@
 Description: chromium-browser profile
 Forwarded: yes
 
-Index: apparmor-2.8.0/profiles/apparmor.d/usr.bin.chromium-browser
+Index: apparmor/profiles/apparmor.d/usr.bin.chromium-browser
 ===================================================================
---- /dev/null	1970-01-01 00:00:00.000000000 +0000
-+++ apparmor-2.8.0/profiles/apparmor.d/usr.bin.chromium-browser	2013-04-08 14:51:55.000000000 -0500
-@@ -0,0 +1,219 @@
+--- /dev/null
++++ apparmor/profiles/apparmor.d/usr.bin.chromium-browser
+@@ -0,0 +1,221 @@
 +# Author: Jamie Strandboge <jamie@canonical.com>
 +#include <tunables/global>
 +
@@ -130,6 +130,7 @@
 +  # Allow transitions to ourself and our sandbox
 +  /usr/lib/chromium-browser/chromium-browser ix,
 +  /usr/lib/chromium-browser/chromium-browser-sandbox cx -> chromium_browser_sandbox,
++  /usr/lib/chromium-browser/chrome-sandbox cx -> chromium_browser_sandbox,
 +
 +  /bin/ps Uxr,
 +  /usr/lib/chromium-browser/xdg-settings Cxr -> xdgsettings,
@@ -220,6 +221,7 @@
 +    /usr/bin/chromium-browser r,
 +    /usr/lib/chromium-browser/chromium-browser Px,
 +    /usr/lib/chromium-browser/chromium-browser-sandbox r,
++    /usr/lib/chromium-browser/chrome-sandbox r,
 +
 +    /dev/null rw,
 +
diff -Nru apparmor-2.8.0/debian/patches/0078-parser-check-for-dbus-kernel-support.patch apparmor-2.8.0/debian/patches/0078-parser-check-for-dbus-kernel-support.patch
--- apparmor-2.8.0/debian/patches/0078-parser-check-for-dbus-kernel-support.patch	1969-12-31 16:00:00.000000000 -0800
+++ apparmor-2.8.0/debian/patches/0078-parser-check-for-dbus-kernel-support.patch	2013-11-01 18:17:05.000000000 -0700
@@ -0,0 +1,88 @@
+Description: Check for kernel support prior to processing dbus entries
+ .
+ When a parser that is aware of dbus rules is running under a kernel
+ that is unaware of dbus rules, the parser should ignore the dbus rules
+ instead of attempting to load them into the kernel. Otherwise, the
+ kernel will reject the entire profile, leaving the application
+ unconfined.
+ .
+ Similar to what is done for mount rules, the features listed in
+ apparmorfs should be checked to see if dbus is supported under the
+ current kernel.
+ .
+ Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
+ Acked-by: John Johansen <john.johansen@canonical.com>
+Origin: backport, revision id: tyhicks@canonical.com-20131030000323-s9gvhv02e5b83lml
+Author: Tyler Hicks <tyhicks@canonical.com>
+Bug: https://launchpad.net/bugs/1231778
+Last-Update: 2013-10-30
+X-Bzr-Revision-Id: tyhicks@canonical.com-20131030000323-s9gvhv02e5b83lml
+
+Index: apparmor-2.8.0/parser/parser.h
+===================================================================
+--- apparmor-2.8.0.orig/parser/parser.h	2013-10-29 17:11:21.018325063 -0700
++++ apparmor-2.8.0/parser/parser.h	2013-10-29 17:11:20.998325063 -0700
+@@ -268,6 +268,7 @@ extern int net_af_max_override;
+ extern int kernel_load;
+ extern int kernel_supports_network;
+ extern int kernel_supports_mount;
++extern int kernel_supports_dbus;
+ extern int flag_changehat_version;
+ extern int conf_verbose;
+ extern int conf_quiet;
+Index: apparmor-2.8.0/parser/parser_common.c
+===================================================================
+--- apparmor-2.8.0.orig/parser/parser_common.c	2013-10-29 17:11:21.018325063 -0700
++++ apparmor-2.8.0/parser/parser_common.c	2013-10-29 17:11:21.002325063 -0700
+@@ -28,6 +28,7 @@ int net_af_max_override = -1;
+ int kernel_load = 1;
+ int kernel_supports_network = 1;        /* kernel supports network rules */
+ int kernel_supports_mount = 0;	        /* kernel supports mount rules */
++int kernel_supports_dbus = 0;		/* kernel supports dbus rules */
+ int flag_changehat_version = FLAG_CHANGEHAT_1_5;
+ int conf_verbose = 0;
+ int conf_quiet = 0;
+Index: apparmor-2.8.0/parser/parser_main.c
+===================================================================
+--- apparmor-2.8.0.orig/parser/parser_main.c	2013-10-29 17:11:21.018325063 -0700
++++ apparmor-2.8.0/parser/parser_main.c	2013-10-29 17:11:21.006325063 -0700
+@@ -805,6 +805,8 @@ static void get_match_string(void) {
+ 			kernel_supports_network = 0;
+ 		if (strstr(flags_string, "mount"))
+ 			kernel_supports_mount = 1;
++		if (strstr(flags_string, "dbus"))
++			kernel_supports_dbus = 1;
+ 		return;
+ 	}
+ 
+Index: apparmor-2.8.0/parser/parser_regex.c
+===================================================================
+--- apparmor-2.8.0.orig/parser/parser_regex.c	2013-10-29 17:11:21.018325063 -0700
++++ apparmor-2.8.0/parser/parser_regex.c	2013-10-29 18:08:00.790308545 -0700
+@@ -1172,15 +1172,19 @@ static int post_process_mnt_ents(struct
+ static int post_process_dbus_ents(struct codomain *cod)
+ {
+ 	int ret = TRUE;
+-	struct dbus_entry *entry;
+ 	int count = 0;
+ 
+-	list_for_each(cod->dbus_ents, entry) {
+-		if (regex_type == AARE_DFA &&
+-		    !process_dbus_entry(cod->policy_rules, entry))
+-			ret = FALSE;
+-		count++;
+-	}
++	if (cod->dbus_ents && kernel_supports_dbus) {
++		struct dbus_entry *entry;
++
++		list_for_each(cod->dbus_ents, entry) {
++			if (regex_type == AARE_DFA &&
++			    !process_dbus_entry(cod->policy_rules, entry))
++				ret = FALSE;
++			count++;
++		}
++	} else if (cod->dbus_ents && !kernel_supports_dbus)
++		pwarn("profile %s dbus rules not enforced\n", cod->name);
+ 
+ 	cod->policy_rule_count += count;
+ 	return ret;
diff -Nru apparmor-2.8.0/debian/patches/0079-utils-ignore-unsupported-log-events.patch apparmor-2.8.0/debian/patches/0079-utils-ignore-unsupported-log-events.patch
--- apparmor-2.8.0/debian/patches/0079-utils-ignore-unsupported-log-events.patch	1969-12-31 16:00:00.000000000 -0800
+++ apparmor-2.8.0/debian/patches/0079-utils-ignore-unsupported-log-events.patch	2013-11-01 18:17:05.000000000 -0700
@@ -0,0 +1,34 @@
+Description: utils: Ignore unsupported log events
+ .
+ The log parsing in the Immunix::AppArmor perl module has fallen behind
+ when it comes to audit events from some of the newer rule types
+ supported by apparmor_parser.
+ .
+ When an unsupported event is found, it causes aa-logprof to error out.
+ This patch creates a list of valid, but unsupported, event operations
+ that should be ignored by the perl module when parsing logs.
+ .
+ Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
+ Acked-by: John Johansen <john.johansen@canonical.com>
+Origin: commit, revision id: tyhicks@canonical.com-20131030000428-jo1qnycxt0kyokeu
+Author: Tyler Hicks <tyhicks@canonical.com>
+Bug: https://launchpad.net/bugs/1243932
+Last-Update: 2013-10-30
+X-Bzr-Revision-Id: tyhicks@canonical.com-20131030000428-jo1qnycxt0kyokeu
+
+=== modified file 'utils/Immunix/AppArmor.pm'
+--- apparmor-2.8.0.orig/utils/Immunix/AppArmor.pm	2013-08-26 23:53:01 +0000
++++ apparmor-2.8.0/utils/Immunix/AppArmor.pm	2013-10-30 00:04:28 +0000
+@@ -6714,6 +6714,11 @@
+ 
+     LibAppArmor::free_record($event);
+ 
++    if ($ev{'operation'} && $ev{'operation'} =~ /^(capable|dbus|mount|pivotroot|umount)/) {
++       $DEBUGGING && debug("parser_event: previous event IGNORED");
++       return( undef );
++    }
++
+     #map new c and d to w as logprof doesn't support them yet
+     if ($rmask) {
+         $rmask =~ s/c/w/g;
+
diff -Nru apparmor-2.8.0/debian/patches/0080-tests-use-ldconfig-for-library-detection.patch apparmor-2.8.0/debian/patches/0080-tests-use-ldconfig-for-library-detection.patch
--- apparmor-2.8.0/debian/patches/0080-tests-use-ldconfig-for-library-detection.patch	1969-12-31 16:00:00.000000000 -0800
+++ apparmor-2.8.0/debian/patches/0080-tests-use-ldconfig-for-library-detection.patch	2013-11-04 13:27:45.000000000 -0800
@@ -0,0 +1,32 @@
+Description: tests: Use ldconfig for library detection in Makefile
+ .
+ The multiarch filesystem layout for Ubuntu uses directories such as
+ /usr/lib/{i386-linux-gnu,x86_64-linux-gnu,arm-linux-gnueabihf} so
+ peeking into /usr/{lib,lib64} is no longer sufficient.
+ .
+ This patch uses ldconfig to print out the libraries that it knows about
+ and grep that output for libapparmor.so or libimmunix.so.
+ .
+ Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
+ Acked-by: Steve Beattie <steve@nxnw.org>
+Origin: commit, revision id: tyhicks@canonical.com-20131104165317-tvpup6y703rkurs0
+Author: Tyler Hicks <tyhicks@canonical.com>
+Last-Update: 2013-11-04
+X-Bzr-Revision-Id: tyhicks@canonical.com-20131104165317-tvpup6y703rkurs0
+
+Index: apparmor-2.8.0/tests/regression/apparmor/Makefile
+===================================================================
+--- apparmor-2.8.0.orig/tests/regression/apparmor/Makefile	2013-11-04 13:27:22.895109265 -0800
++++ apparmor-2.8.0/tests/regression/apparmor/Makefile	2013-11-04 13:27:22.887109265 -0800
+@@ -101,9 +101,9 @@ CHANGEHAT_FLAGS=$(shell if [ ! -f /usr/i
+ 	  			fi ;\
+ 			fi )
+ 
+-LIBIMMUNIX:=$(shell	if [ -f /usr/lib/libapparmor.so -o -f /usr/lib64/libapparmor.so ] ; then \
++LIBIMMUNIX:=$(shell	if ldconfig -p | grep -q libapparmor\.so ; then \
+ 				echo -lapparmor ; \
+-			elif [ -f /lib/libimmunix.so.1 -o -f /lib64/libimmunix.so ] ; then \
++			elif ldconfig -p | grep -q libimmunix\.so ; then \
+ 				echo -limmunix ; \
+ 			fi )
+ 
diff -Nru apparmor-2.8.0/debian/patches/0081-python-abstraction-updates.patch apparmor-2.8.0/debian/patches/0081-python-abstraction-updates.patch
--- apparmor-2.8.0/debian/patches/0081-python-abstraction-updates.patch	1969-12-31 16:00:00.000000000 -0800
+++ apparmor-2.8.0/debian/patches/0081-python-abstraction-updates.patch	2013-11-04 15:25:58.000000000 -0800
@@ -0,0 +1,27 @@
+Author: Jamie Strandboge <jamie@canonical.com>
+Description: python abstraction updates for Ubuntu 14.04
+Forwarded: https://lists.ubuntu.com/archives/apparmor/2013-November/004636.html
+
+--- apparmor.orig/profiles/apparmor.d/abstractions/python	2012-01-06 10:37:57.000000000 -0600
++++ apparmor/profiles/apparmor.d/abstractions/python	2013-11-04 09:44:27.376962291 -0600
+@@ -13,10 +13,12 @@
+   /usr/lib{,32,64}/python2.[4567]/**.{pyc,so}           mr,
+   /usr/lib{,32,64}/python2.[4567]/**.{egg,py,pth}       r,
+   /usr/lib{,32,64}/python2.[4567]/{site,dist}-packages/ r,
++  /usr/lib{,32,64}/python3.3/lib-dynload/*.so           mr,
+ 
+   /usr/local/lib{,32,64}/python2.[4567]/**.{pyc,so}           mr,
+   /usr/local/lib{,32,64}/python2.[4567]/**.{egg,py,pth}       r,
+   /usr/local/lib{,32,64}/python2.[4567]/{site,dist}-packages/ r,
++  /usr/local/lib{,32,64}/python3.3/lib-dynload/*.so           mr,
+ 
+   # Site-wide configuration
+   /etc/python2.[4567]/** r,
+@@ -26,6 +28,7 @@
+   /{var,usr}/lib/{pyshared,pycentral,python-support}/**  r,
+   /usr/lib/{pyshared,pycentral,python-support}/**.so     mr,
+   /var/lib/{pyshared,pycentral,python-support}/**.pyc    mr,
++  /usr/lib/python3/dist-packages/**.so                   mr,
+ 
+   # wx paths
+   /usr/lib/wx/python/*.pth r,
diff -Nru apparmor-2.8.0/debian/patches/series apparmor-2.8.0/debian/patches/series
--- apparmor-2.8.0/debian/patches/series	2013-10-29 18:08:49.000000000 -0700
+++ apparmor-2.8.0/debian/patches/series	2013-11-04 15:24:32.000000000 -0800
@@ -70,3 +70,7 @@
 0075-lp1211380.patch
 0076_sanitized_helper_dbus_access.patch
 0077_aa-status-is-bilingual.patch
+0078-parser-check-for-dbus-kernel-support.patch
+0079-utils-ignore-unsupported-log-events.patch
+0080-tests-use-ldconfig-for-library-detection.patch
+0081-python-abstraction-updates.patch