Update apparmor python utils to 2.9.2 version in trusty

Bug #1449769 reported by Steve Beattie on 2015-04-28
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apparmor (Ubuntu)
High
Steve Beattie

Bug Description

[impact]

Leading up to the release of 14.04, we decided to pull in a pre-release
version of the python utils, because we did not want to continue
supporting the out of date perl tools for the 5 years of the 14.04
release support lifetime. There were a number of issues with the
python tools that prevent users from using them effectively that
have subsequently been addressed by upstream releases, as well as
the addition of a significant number of tests.

Specific bugs that should be addressed by this include:
bug 1294797: aa-genprof traceback with apparmor 2.8.95
bug 1319829: aa-genprof will crash when selecting scan
bug 1317176: aa-logprof attempts to read program binary instead of profile
bug 1324154: aa-logprof is trying to process a binary instead of the profile
bug 1310598: AppArmor python tools fail to parse mounts with UTF-8 non-ascii characters
bug 1378095: aa-complain traceback when marking multiple profiles

[steps to reproduce]

1) attempt to use the aa-genprof/aa-logprof to generate or update policy

[regression potential]

It's possible that the simple management tools, aa-enforce,
aa-complain, and aa-disable could be broken by this
large update. However, the test-apparmor.py script from
lp:qa-regression-testing attempts to exercise those scripts
to ensure they still function. Regressions could be introduced
in aa-genprof and aa-logprof, but they would need to be pretty
substantial to outweigh the improvement in quality that the 2.9.2
tools represent. Furthermore, a number of testcases have been added
(and again are driven by lp:qa-regression-testing) to try to prevent
the introduction of regressions.

Tyler Hicks (tyhicks) on 2015-05-15
Changed in apparmor (Ubuntu):
status: New → In Progress
assignee: nobody → Steve Beattie (sbeattie)
importance: Undecided → High
Steve Beattie (sbeattie) wrote :

This will have been addressed in wily in apparmor 2.9.2-0ubuntu1. Attached is the (large) patch to update the python utils in trusty to the 2.9.2 version as part of an SRU.

description: updated
Steve Beattie (sbeattie) wrote :

Here is the full debdiff for the trusty SRU, incorporating this fix and several others.

The attachment "utils-update_to_2.9.2.patch" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

tags: added: patch
Steve Beattie (sbeattie) on 2015-05-18
description: updated
Steve Beattie (sbeattie) wrote :

I have gone through and verified each of the individual linked bug reports are fixed in the version of apparmor-utils/python3-apparmor in trusty-proposed. I've also gone through and ran the lp:qa-regression-testing test-apparmor.py script against the version in trusty-proposed on both i386 and amd64 and with 3.13, 3.16 and 3.19 kernels, and did not see any test failures. Also, while going through and verifying the bug reports, I did not see any regressions in behavior and note that the behavior of the tools is significantly improved. Based on this, I'm marking verification-done for this bug report.

tags: added: verification-done
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apparmor - 2.8.95~2430-0ubuntu5.2

---------------
apparmor (2.8.95~2430-0ubuntu5.2) trusty-proposed; urgency=medium

  * debian/patches/php5-Zend_semaphore-lp1401084.patch: allow php5
    abstraction access to Zend opcache files (LP: #1401084)
  * debian/patches/dnsmasq-lxc_networking-lp1403468.patch: update
    profile for lxc support (LP: #1403468)
  * debian/patches/profiles-texlive_font_generation-lp1010909.patch:
    allow generation of texlive fonts by sanitized-helpers
    (LP: #1010909)
  * debian/apport/source_apparmor.py: fix the apparmor apport hook
    so it does not raise an exception if a non-unicode character is
    found in /var/log/kern.log or in /var/log/syslog. This should
    work under python3 or python2.7 (LP: #1304447)
  * debian/patches/profiles-dovecot-updates-lp1296667.patch: update
    dovecot profiles to address several missing permissions.
    (LP: #1296667)
  * debian/patches/profiles-adjust_X_for_lightdm-lp1339727.patch:
    adjust X abstraction for LightDM xauthority location (LP: #1339727)
  * debian/patches/libapparmor-fix_memory_leaks-lp1340927.patch; fix
    memory leaks in log parsing component of libapparmor (LP: #1340927)
  * debian/patches/libapparmor-another_audit_format-lp1399027.patch:
    add support for another log format style (LP: #1399027)
  * debian/patches/tests-workaround_for_unix_socket_change-lp1425398.patch:
    work around apparmor kernel behavioral change in regression tests
    (LP: #1425398)
  * debian/control: add breaks on python3-apparmor against older
    apparmor-utils that used to be where python bits lived
    (LP: #1373259)
  * debian/patches/utils-update_to_2.9.2.patch: update the python
    utilities to the upstream 2.9.2 (LP: #1449769, incorporating a
    large number of fixes and improvements, including:
    - fix aa-genprof traceback with apparmor 2.8.95 (LP: #1294797)
    - fix aa-genprof crashing when selecting scan on Ubuntu 14.04 server
      (LP: #1319829)
    - make aa-logprof read profile instead of program binary
      (LP: #1317176, LP: #1324154)
    - aa-complain: don't traceback when marking multiple profiles
      (LP: #1378095)
    - make python tools able to parse mounts with UTF-8 non-ascii
      characters (LP: #1310598)

 -- Steve Beattie <email address hidden> Thu, 30 Apr 2015 12:18:08 -0700

Changed in apparmor (Ubuntu):
status: In Progress → Fix Released

The verification of the Stable Release Update for apparmor has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers