diff -Naurp apparmor-2.5.1~rc1/debian/apparmor.init apparmor-2.5.1/debian/apparmor.init --- apparmor-2.5.1~rc1/debian/apparmor.init 2010-10-13 16:20:01.000000000 -0500 +++ apparmor-2.5.1/debian/apparmor.init 2010-10-14 08:27:52.000000000 -0500 @@ -136,8 +136,8 @@ EOM ;; status) securityfs - if [ -x /usr/bin/aa-status ]; then - /usr/bin/aa-status --verbose + if [ -x /usr/sbin/aa-status ]; then + /usr/sbin/aa-status --verbose else cat "$AA_SFS"/profiles fi diff -Naurp apparmor-2.5.1~rc1/debian/apport/source_apparmor.py apparmor-2.5.1/debian/apport/source_apparmor.py --- apparmor-2.5.1~rc1/debian/apport/source_apparmor.py 2010-10-13 16:20:01.000000000 -0500 +++ apparmor-2.5.1/debian/apport/source_apparmor.py 2010-10-14 08:27:52.000000000 -0500 @@ -27,7 +27,7 @@ def recent_kernlog(pattern): def add_info(report): attach_file(report, '/proc/version_signature', 'ProcVersionSignature') - attach_file(report, '/proc/cmdline', 'ProcCmdline') + attach_file(report, '/proc/cmdline', 'ProcKernelCmdline') sec_re = re.compile('audit\(|apparmor|selinux|security', re.IGNORECASE) report['KernLog'] = recent_kernlog(sec_re) @@ -49,6 +49,6 @@ def add_info(report): report['ApparmorPackages'] = versions # These need to be run as root - report['ApparmorStatusOutput'] = command_output('/usr/sbin/apparmor_status') + report['ApparmorStatusOutput'] = root_command_output(['/usr/sbin/apparmor_status']) report['PstreeP'] = command_output(['/usr/bin/pstree', '-p']) attach_file_if_exists(report, '/var/log/audit/audit.log', 'audit.log') diff -Naurp apparmor-2.5.1~rc1/debian/changelog apparmor-2.5.1/debian/changelog --- apparmor-2.5.1~rc1/debian/changelog 2010-10-13 16:20:01.000000000 -0500 +++ apparmor-2.5.1/debian/changelog 2010-10-15 10:00:49.000000000 -0500 @@ -1,3 +1,28 @@ +apparmor (2.5.1-0ubuntu0.10.10.1) maverick-proposed; urgency=low + + * New upstream release (LP: #660077) + - The following patches were refreshed: + + 0001-fix-release.patch + + 0003-local-includes.patch + + 0008-lp648900.patch: renamed as 0005-lp648900.patch + - The following patches were dropped (included upstream): + + 0005-lp601583.patch + + 0006-network-interface-enumeration.patch + + 0007-gnome-updates.patch + * debian/patches/0006-testsuite-fixes.patch: testsuite fixes from head + of 2.5 branch. These are needed for QRT and SRU testing (LP: #652211) + * debian/patches/0007-honor-cflags.patch: have the parser makefile honor + CFLAGS environment variable. Brings back missing symbols for the retracer + * debian/patches/0008-lp652674.patch: fix warnings for messages without + denied or requested masks (LP: #652674) + * debian/apparmor.init: fix path to aa-status (LP: #654841) + * debian/apport/source_apparmor.py: apport hook should use + root_command_hook() for running apparmor_status (LP: #655529) + * debian/apport/source_apparmor.py: use ProcKernelCmdline and don't clobber + cmdline details (LP: #657091) + + -- Jamie Strandboge Wed, 13 Oct 2010 16:54:51 -0500 + apparmor (2.5.1~rc1-0ubuntu2) maverick; urgency=low * abstractions/ubuntu-email: adjustment for ever-changing thunderbird path diff -Naurp apparmor-2.5.1~rc1/debian/patches/0001-fix-release.patch apparmor-2.5.1/debian/patches/0001-fix-release.patch --- apparmor-2.5.1~rc1/debian/patches/0001-fix-release.patch 2010-10-13 16:20:01.000000000 -0500 +++ apparmor-2.5.1/debian/patches/0001-fix-release.patch 2010-10-14 08:27:52.000000000 -0500 @@ -2,11 +2,11 @@ Author: Jamie Strandboge } -Index: apparmor-2.5.1~rc1/profiles/apparmor.d/local/README +Index: apparmor-2.5.1/profiles/apparmor.d/local/README =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ apparmor-2.5.1~rc1/profiles/apparmor.d/local/README 2010-09-10 11:26:27.000000000 -0500 ++++ apparmor-2.5.1/profiles/apparmor.d/local/README 2010-10-13 16:58:01.000000000 -0500 @@ -0,0 +1,24 @@ +# This directory is intended to contain profile additions and overrides for +# inclusion by distributed profiles to aid in packaging AppArmor for @@ -124,10 +124,10 @@ Index: apparmor-2.5.1~rc1/profiles/appar +# Keep in mind that 'deny' rules are evaluated after allow rules, so you won't +# be able to allow access to files that are explicitly denied by the shipped +# profile using this mechanism. -Index: apparmor-2.5.1~rc1/profiles/apparmor.d/sbin.klogd +Index: apparmor-2.5.1/profiles/apparmor.d/sbin.klogd =================================================================== ---- apparmor-2.5.1~rc1.orig/profiles/apparmor.d/sbin.klogd 2010-09-10 11:06:47.000000000 -0500 -+++ apparmor-2.5.1~rc1/profiles/apparmor.d/sbin.klogd 2010-09-10 11:25:31.000000000 -0500 +--- apparmor-2.5.1.orig/profiles/apparmor.d/sbin.klogd 2008-11-21 05:51:01.000000000 -0600 ++++ apparmor-2.5.1/profiles/apparmor.d/sbin.klogd 2010-10-13 16:58:01.000000000 -0500 @@ -1,7 +1,7 @@ -# $Id$ # ------------------------------------------------------------------ @@ -145,10 +145,10 @@ Index: apparmor-2.5.1~rc1/profiles/appar + # Site-specific additions and overrides. See local/README for details. + #include } -Index: apparmor-2.5.1~rc1/profiles/apparmor.d/sbin.syslog-ng +Index: apparmor-2.5.1/profiles/apparmor.d/sbin.syslog-ng =================================================================== ---- apparmor-2.5.1~rc1.orig/profiles/apparmor.d/sbin.syslog-ng 2010-09-10 11:06:47.000000000 -0500 -+++ apparmor-2.5.1~rc1/profiles/apparmor.d/sbin.syslog-ng 2010-09-10 11:25:31.000000000 -0500 +--- apparmor-2.5.1.orig/profiles/apparmor.d/sbin.syslog-ng 2008-11-05 08:53:00.000000000 -0600 ++++ apparmor-2.5.1/profiles/apparmor.d/sbin.syslog-ng 2010-10-13 16:58:01.000000000 -0500 @@ -1,8 +1,8 @@ -# $Id$ # ------------------------------------------------------------------ @@ -168,10 +168,10 @@ Index: apparmor-2.5.1~rc1/profiles/appar + #include } - -Index: apparmor-2.5.1~rc1/profiles/apparmor.d/sbin.syslogd +Index: apparmor-2.5.1/profiles/apparmor.d/sbin.syslogd =================================================================== ---- apparmor-2.5.1~rc1.orig/profiles/apparmor.d/sbin.syslogd 2010-09-10 11:06:47.000000000 -0500 -+++ apparmor-2.5.1~rc1/profiles/apparmor.d/sbin.syslogd 2010-09-10 11:25:31.000000000 -0500 +--- apparmor-2.5.1.orig/profiles/apparmor.d/sbin.syslogd 2008-06-11 15:19:36.000000000 -0500 ++++ apparmor-2.5.1/profiles/apparmor.d/sbin.syslogd 2010-10-13 16:58:01.000000000 -0500 @@ -1,7 +1,7 @@ -# $Id$ # ------------------------------------------------------------------ @@ -190,10 +190,10 @@ Index: apparmor-2.5.1~rc1/profiles/appar + # Site-specific additions and overrides. See local/README for details. + #include } -Index: apparmor-2.5.1~rc1/profiles/apparmor.d/usr.lib.apache2.mpm-prefork.apache2 +Index: apparmor-2.5.1/profiles/apparmor.d/usr.lib.apache2.mpm-prefork.apache2 =================================================================== ---- apparmor-2.5.1~rc1.orig/profiles/apparmor.d/usr.lib.apache2.mpm-prefork.apache2 2010-09-10 11:06:46.000000000 -0500 -+++ apparmor-2.5.1~rc1/profiles/apparmor.d/usr.lib.apache2.mpm-prefork.apache2 2010-09-10 11:25:31.000000000 -0500 +--- apparmor-2.5.1.orig/profiles/apparmor.d/usr.lib.apache2.mpm-prefork.apache2 2010-01-03 15:16:38.000000000 -0600 ++++ apparmor-2.5.1/profiles/apparmor.d/usr.lib.apache2.mpm-prefork.apache2 2010-10-13 16:58:01.000000000 -0500 @@ -1,10 +1,9 @@ -# Last Modified: Wed Sep 16 11:58:00 2009 # Author: Marc Deslauriers @@ -214,10 +214,10 @@ Index: apparmor-2.5.1~rc1/profiles/appar + # Site-specific additions and overrides. See local/README for details. + #include } -Index: apparmor-2.5.1~rc1/profiles/apparmor.d/usr.lib.dovecot.deliver +Index: apparmor-2.5.1/profiles/apparmor.d/usr.lib.dovecot.deliver =================================================================== ---- apparmor-2.5.1~rc1.orig/profiles/apparmor.d/usr.lib.dovecot.deliver 2010-09-10 11:06:47.000000000 -0500 -+++ apparmor-2.5.1~rc1/profiles/apparmor.d/usr.lib.dovecot.deliver 2010-09-10 11:25:31.000000000 -0500 +--- apparmor-2.5.1.orig/profiles/apparmor.d/usr.lib.dovecot.deliver 2009-11-11 13:55:29.000000000 -0600 ++++ apparmor-2.5.1/profiles/apparmor.d/usr.lib.dovecot.deliver 2010-10-13 16:58:01.000000000 -0500 @@ -1,5 +1,5 @@ -# Last Modified: Wed Jun 10 00:20:56 2009 # Author: Dulmandakh Sukhbaatar @@ -233,10 +233,10 @@ Index: apparmor-2.5.1~rc1/profiles/appar + # Site-specific additions and overrides. See local/README for details. + #include } -Index: apparmor-2.5.1~rc1/profiles/apparmor.d/usr.lib.dovecot.dovecot-auth +Index: apparmor-2.5.1/profiles/apparmor.d/usr.lib.dovecot.dovecot-auth =================================================================== ---- apparmor-2.5.1~rc1.orig/profiles/apparmor.d/usr.lib.dovecot.dovecot-auth 2010-09-10 11:06:47.000000000 -0500 -+++ apparmor-2.5.1~rc1/profiles/apparmor.d/usr.lib.dovecot.dovecot-auth 2010-09-10 11:25:31.000000000 -0500 +--- apparmor-2.5.1.orig/profiles/apparmor.d/usr.lib.dovecot.dovecot-auth 2009-11-11 13:55:29.000000000 -0600 ++++ apparmor-2.5.1/profiles/apparmor.d/usr.lib.dovecot.dovecot-auth 2010-10-13 16:58:01.000000000 -0500 @@ -1,5 +1,5 @@ -# Last Modified: Fri Oct 10 17:19:26 2008 # Author: Kees Cook @@ -252,10 +252,10 @@ Index: apparmor-2.5.1~rc1/profiles/appar + # Site-specific additions and overrides. See local/README for details. + #include } -Index: apparmor-2.5.1~rc1/profiles/apparmor.d/usr.lib.dovecot.imap +Index: apparmor-2.5.1/profiles/apparmor.d/usr.lib.dovecot.imap =================================================================== ---- apparmor-2.5.1~rc1.orig/profiles/apparmor.d/usr.lib.dovecot.imap 2010-09-10 11:06:47.000000000 -0500 -+++ apparmor-2.5.1~rc1/profiles/apparmor.d/usr.lib.dovecot.imap 2010-09-10 11:25:31.000000000 -0500 +--- apparmor-2.5.1.orig/profiles/apparmor.d/usr.lib.dovecot.imap 2009-11-11 13:55:29.000000000 -0600 ++++ apparmor-2.5.1/profiles/apparmor.d/usr.lib.dovecot.imap 2010-10-13 16:58:01.000000000 -0500 @@ -1,5 +1,5 @@ -# Last Modified: Sat Oct 11 09:17:38 2008 # Author: Kees Cook @@ -271,10 +271,10 @@ Index: apparmor-2.5.1~rc1/profiles/appar + # Site-specific additions and overrides. See local/README for details. + #include } -Index: apparmor-2.5.1~rc1/profiles/apparmor.d/usr.lib.dovecot.imap-login +Index: apparmor-2.5.1/profiles/apparmor.d/usr.lib.dovecot.imap-login =================================================================== ---- apparmor-2.5.1~rc1.orig/profiles/apparmor.d/usr.lib.dovecot.imap-login 2010-09-10 11:06:47.000000000 -0500 -+++ apparmor-2.5.1~rc1/profiles/apparmor.d/usr.lib.dovecot.imap-login 2010-09-10 11:25:31.000000000 -0500 +--- apparmor-2.5.1.orig/profiles/apparmor.d/usr.lib.dovecot.imap-login 2009-11-11 13:55:29.000000000 -0600 ++++ apparmor-2.5.1/profiles/apparmor.d/usr.lib.dovecot.imap-login 2010-10-13 16:58:01.000000000 -0500 @@ -1,5 +1,5 @@ -# Last Modified: Wed Oct 8 00:20:56 2008 # Author: Kees Cook @@ -290,10 +290,10 @@ Index: apparmor-2.5.1~rc1/profiles/appar + # Site-specific additions and overrides. See local/README for details. + #include } -Index: apparmor-2.5.1~rc1/profiles/apparmor.d/usr.lib.dovecot.managesieve-login +Index: apparmor-2.5.1/profiles/apparmor.d/usr.lib.dovecot.managesieve-login =================================================================== ---- apparmor-2.5.1~rc1.orig/profiles/apparmor.d/usr.lib.dovecot.managesieve-login 2010-09-10 11:06:47.000000000 -0500 -+++ apparmor-2.5.1~rc1/profiles/apparmor.d/usr.lib.dovecot.managesieve-login 2010-09-10 11:25:31.000000000 -0500 +--- apparmor-2.5.1.orig/profiles/apparmor.d/usr.lib.dovecot.managesieve-login 2009-11-11 13:55:29.000000000 -0600 ++++ apparmor-2.5.1/profiles/apparmor.d/usr.lib.dovecot.managesieve-login 2010-10-13 16:58:01.000000000 -0500 @@ -1,5 +1,5 @@ -# Last Modified: Wed Jun 10 00:20:56 2009 # Author: Dulmandakh Sukhbaatar @@ -309,10 +309,10 @@ Index: apparmor-2.5.1~rc1/profiles/appar + # Site-specific additions and overrides. See local/README for details. + #include } -Index: apparmor-2.5.1~rc1/profiles/apparmor.d/usr.lib.dovecot.pop3 +Index: apparmor-2.5.1/profiles/apparmor.d/usr.lib.dovecot.pop3 =================================================================== ---- apparmor-2.5.1~rc1.orig/profiles/apparmor.d/usr.lib.dovecot.pop3 2010-09-10 11:06:47.000000000 -0500 -+++ apparmor-2.5.1~rc1/profiles/apparmor.d/usr.lib.dovecot.pop3 2010-09-10 11:25:31.000000000 -0500 +--- apparmor-2.5.1.orig/profiles/apparmor.d/usr.lib.dovecot.pop3 2009-11-11 13:55:29.000000000 -0600 ++++ apparmor-2.5.1/profiles/apparmor.d/usr.lib.dovecot.pop3 2010-10-13 16:58:01.000000000 -0500 @@ -1,5 +1,5 @@ -# Last Modified: Wed Oct 8 00:21:56 2008 # Author: Kees Cook @@ -328,10 +328,10 @@ Index: apparmor-2.5.1~rc1/profiles/appar + # Site-specific additions and overrides. See local/README for details. + #include } -Index: apparmor-2.5.1~rc1/profiles/apparmor.d/usr.lib.dovecot.pop3-login +Index: apparmor-2.5.1/profiles/apparmor.d/usr.lib.dovecot.pop3-login =================================================================== ---- apparmor-2.5.1~rc1.orig/profiles/apparmor.d/usr.lib.dovecot.pop3-login 2010-09-10 11:06:47.000000000 -0500 -+++ apparmor-2.5.1~rc1/profiles/apparmor.d/usr.lib.dovecot.pop3-login 2010-09-10 11:25:31.000000000 -0500 +--- apparmor-2.5.1.orig/profiles/apparmor.d/usr.lib.dovecot.pop3-login 2009-11-11 13:55:29.000000000 -0600 ++++ apparmor-2.5.1/profiles/apparmor.d/usr.lib.dovecot.pop3-login 2010-10-13 16:58:01.000000000 -0500 @@ -1,5 +1,5 @@ -# Last Modified: Wed Oct 8 00:20:57 2008 # Author: Kees Cook @@ -347,10 +347,10 @@ Index: apparmor-2.5.1~rc1/profiles/appar + # Site-specific additions and overrides. See local/README for details. + #include } -Index: apparmor-2.5.1~rc1/profiles/apparmor.d/usr.sbin.avahi-daemon +Index: apparmor-2.5.1/profiles/apparmor.d/usr.sbin.avahi-daemon =================================================================== ---- apparmor-2.5.1~rc1.orig/profiles/apparmor.d/usr.sbin.avahi-daemon 2010-09-10 11:06:47.000000000 -0500 -+++ apparmor-2.5.1~rc1/profiles/apparmor.d/usr.sbin.avahi-daemon 2010-09-10 11:25:31.000000000 -0500 +--- apparmor-2.5.1.orig/profiles/apparmor.d/usr.sbin.avahi-daemon 2008-11-06 23:52:01.000000000 -0600 ++++ apparmor-2.5.1/profiles/apparmor.d/usr.sbin.avahi-daemon 2010-10-13 16:58:01.000000000 -0500 @@ -1,4 +1,3 @@ -# Last Modified: Wed Aug 15 10:55:46 2007 #include @@ -364,10 +364,10 @@ Index: apparmor-2.5.1~rc1/profiles/appar + # Site-specific additions and overrides. See local/README for details. + #include } -Index: apparmor-2.5.1~rc1/profiles/apparmor.d/usr.sbin.dnsmasq +Index: apparmor-2.5.1/profiles/apparmor.d/usr.sbin.dnsmasq =================================================================== ---- apparmor-2.5.1~rc1.orig/profiles/apparmor.d/usr.sbin.dnsmasq 2010-09-10 11:06:47.000000000 -0500 -+++ apparmor-2.5.1~rc1/profiles/apparmor.d/usr.sbin.dnsmasq 2010-09-10 11:25:31.000000000 -0500 +--- apparmor-2.5.1.orig/profiles/apparmor.d/usr.sbin.dnsmasq 2009-11-04 14:30:43.000000000 -0600 ++++ apparmor-2.5.1/profiles/apparmor.d/usr.sbin.dnsmasq 2010-10-13 16:58:01.000000000 -0500 @@ -1,4 +1,5 @@ # Author: John Dong + @@ -382,10 +382,10 @@ Index: apparmor-2.5.1~rc1/profiles/appar + # Site-specific additions and overrides. See local/README for details. + #include } -Index: apparmor-2.5.1~rc1/profiles/apparmor.d/usr.sbin.dovecot +Index: apparmor-2.5.1/profiles/apparmor.d/usr.sbin.dovecot =================================================================== ---- apparmor-2.5.1~rc1.orig/profiles/apparmor.d/usr.sbin.dovecot 2010-09-10 11:06:47.000000000 -0500 -+++ apparmor-2.5.1~rc1/profiles/apparmor.d/usr.sbin.dovecot 2010-09-10 11:25:31.000000000 -0500 +--- apparmor-2.5.1.orig/profiles/apparmor.d/usr.sbin.dovecot 2009-11-11 13:55:29.000000000 -0600 ++++ apparmor-2.5.1/profiles/apparmor.d/usr.sbin.dovecot 2010-10-13 16:58:01.000000000 -0500 @@ -1,5 +1,5 @@ -# Last Modified: Fri Oct 10 17:20:34 2008 # Author: Kees Cook @@ -401,10 +401,10 @@ Index: apparmor-2.5.1~rc1/profiles/appar + # Site-specific additions and overrides. See local/README for details. + #include } -Index: apparmor-2.5.1~rc1/profiles/apparmor.d/usr.sbin.identd +Index: apparmor-2.5.1/profiles/apparmor.d/usr.sbin.identd =================================================================== ---- apparmor-2.5.1~rc1.orig/profiles/apparmor.d/usr.sbin.identd 2010-09-10 11:06:46.000000000 -0500 -+++ apparmor-2.5.1~rc1/profiles/apparmor.d/usr.sbin.identd 2010-09-10 11:25:31.000000000 -0500 +--- apparmor-2.5.1.orig/profiles/apparmor.d/usr.sbin.identd 2007-05-24 21:09:30.000000000 -0500 ++++ apparmor-2.5.1/profiles/apparmor.d/usr.sbin.identd 2010-10-13 16:58:01.000000000 -0500 @@ -1,7 +1,7 @@ -# $Id$ # ------------------------------------------------------------------ @@ -423,10 +423,10 @@ Index: apparmor-2.5.1~rc1/profiles/appar + # Site-specific additions and overrides. See local/README for details. + #include } -Index: apparmor-2.5.1~rc1/profiles/apparmor.d/usr.sbin.mdnsd +Index: apparmor-2.5.1/profiles/apparmor.d/usr.sbin.mdnsd =================================================================== ---- apparmor-2.5.1~rc1.orig/profiles/apparmor.d/usr.sbin.mdnsd 2010-09-10 11:06:47.000000000 -0500 -+++ apparmor-2.5.1~rc1/profiles/apparmor.d/usr.sbin.mdnsd 2010-09-10 11:25:31.000000000 -0500 +--- apparmor-2.5.1.orig/profiles/apparmor.d/usr.sbin.mdnsd 2007-05-24 21:09:30.000000000 -0500 ++++ apparmor-2.5.1/profiles/apparmor.d/usr.sbin.mdnsd 2010-10-13 16:58:01.000000000 -0500 @@ -1,8 +1,7 @@ -# $Id$ -# vim:syntax=apparmor @@ -446,10 +446,10 @@ Index: apparmor-2.5.1~rc1/profiles/appar + # Site-specific additions and overrides. See local/README for details. + #include } -Index: apparmor-2.5.1~rc1/profiles/apparmor.d/usr.sbin.nmbd +Index: apparmor-2.5.1/profiles/apparmor.d/usr.sbin.nmbd =================================================================== ---- apparmor-2.5.1~rc1.orig/profiles/apparmor.d/usr.sbin.nmbd 2010-09-10 11:06:47.000000000 -0500 -+++ apparmor-2.5.1~rc1/profiles/apparmor.d/usr.sbin.nmbd 2010-09-10 11:25:31.000000000 -0500 +--- apparmor-2.5.1.orig/profiles/apparmor.d/usr.sbin.nmbd 2009-11-11 13:55:29.000000000 -0600 ++++ apparmor-2.5.1/profiles/apparmor.d/usr.sbin.nmbd 2010-10-13 16:58:01.000000000 -0500 @@ -1,5 +1,3 @@ -# vim:syntax=apparmor -# Last Modified: Wed Jun 20 13:22:50 2007 @@ -464,10 +464,10 @@ Index: apparmor-2.5.1~rc1/profiles/appar + # Site-specific additions and overrides. See local/README for details. + #include } -Index: apparmor-2.5.1~rc1/profiles/apparmor.d/usr.sbin.nscd +Index: apparmor-2.5.1/profiles/apparmor.d/usr.sbin.nscd =================================================================== ---- apparmor-2.5.1~rc1.orig/profiles/apparmor.d/usr.sbin.nscd 2010-09-10 11:06:46.000000000 -0500 -+++ apparmor-2.5.1~rc1/profiles/apparmor.d/usr.sbin.nscd 2010-09-10 11:25:31.000000000 -0500 +--- apparmor-2.5.1.orig/profiles/apparmor.d/usr.sbin.nscd 2009-11-04 14:25:42.000000000 -0600 ++++ apparmor-2.5.1/profiles/apparmor.d/usr.sbin.nscd 2010-10-13 16:58:01.000000000 -0500 @@ -1,8 +1,7 @@ -# $Id# # ------------------------------------------------------------------ @@ -486,10 +486,10 @@ Index: apparmor-2.5.1~rc1/profiles/appar + # Site-specific additions and overrides. See local/README for details. + #include } -Index: apparmor-2.5.1~rc1/profiles/apparmor.d/usr.sbin.ntpd +Index: apparmor-2.5.1/profiles/apparmor.d/usr.sbin.ntpd =================================================================== ---- apparmor-2.5.1~rc1.orig/profiles/apparmor.d/usr.sbin.ntpd 2010-09-10 11:06:47.000000000 -0500 -+++ apparmor-2.5.1~rc1/profiles/apparmor.d/usr.sbin.ntpd 2010-09-10 11:25:31.000000000 -0500 +--- apparmor-2.5.1.orig/profiles/apparmor.d/usr.sbin.ntpd 2008-11-05 08:23:25.000000000 -0600 ++++ apparmor-2.5.1/profiles/apparmor.d/usr.sbin.ntpd 2010-10-13 16:58:01.000000000 -0500 @@ -1,8 +1,7 @@ -# Last Modified: Thu Aug 2 14:37:03 2007 -# $Id$ @@ -512,10 +512,10 @@ Index: apparmor-2.5.1~rc1/profiles/appar + # Site-specific additions and overrides. See local/README for details. + #include } -Index: apparmor-2.5.1~rc1/profiles/apparmor.d/usr.sbin.smbd +Index: apparmor-2.5.1/profiles/apparmor.d/usr.sbin.smbd =================================================================== ---- apparmor-2.5.1~rc1.orig/profiles/apparmor.d/usr.sbin.smbd 2010-09-10 11:06:47.000000000 -0500 -+++ apparmor-2.5.1~rc1/profiles/apparmor.d/usr.sbin.smbd 2010-09-10 11:25:31.000000000 -0500 +--- apparmor-2.5.1.orig/profiles/apparmor.d/usr.sbin.smbd 2010-09-14 14:17:53.000000000 -0500 ++++ apparmor-2.5.1/profiles/apparmor.d/usr.sbin.smbd 2010-10-13 16:58:53.000000000 -0500 @@ -1,5 +1,3 @@ -# vim:syntax=apparmor -# Last Modified: Wed Jun 20 13:34:25 2007 @@ -525,15 +525,15 @@ Index: apparmor-2.5.1~rc1/profiles/appar @@ -35,4 +33,7 @@ /var/spool/samba/** rw, - @{HOMEDIRS}/** lrw, + @{HOMEDIRS}/** lrwk, + + # Site-specific additions and overrides. See local/README for details. + #include } -Index: apparmor-2.5.1~rc1/profiles/apparmor.d/usr.sbin.traceroute +Index: apparmor-2.5.1/profiles/apparmor.d/usr.sbin.traceroute =================================================================== ---- apparmor-2.5.1~rc1.orig/profiles/apparmor.d/usr.sbin.traceroute 2010-09-10 11:06:47.000000000 -0500 -+++ apparmor-2.5.1~rc1/profiles/apparmor.d/usr.sbin.traceroute 2010-09-10 11:25:31.000000000 -0500 +--- apparmor-2.5.1.orig/profiles/apparmor.d/usr.sbin.traceroute 2007-08-17 16:46:56.000000000 -0500 ++++ apparmor-2.5.1/profiles/apparmor.d/usr.sbin.traceroute 2010-10-13 16:58:01.000000000 -0500 @@ -1,8 +1,7 @@ -# Last Modified: Thu Aug 2 13:33:43 2007 -# $Id$ diff -Naurp apparmor-2.5.1~rc1/debian/patches/0005-lp601583.patch apparmor-2.5.1/debian/patches/0005-lp601583.patch --- apparmor-2.5.1~rc1/debian/patches/0005-lp601583.patch 2010-10-13 16:20:01.000000000 -0500 +++ apparmor-2.5.1/debian/patches/0005-lp601583.patch 1969-12-31 18:00:00.000000000 -0600 @@ -1,18 +0,0 @@ -Origin: http://bazaar.launchpad.net/~apparmor-dev/apparmor/master/revision/1467 -Description: allow /var/run/gdm/*/database in X abstraction -Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/601583 - -Index: apparmor-2.5.1~pre1393/profiles/apparmor.d/abstractions/X -=================================================================== ---- apparmor-2.5.1~pre1393.orig/profiles/apparmor.d/abstractions/X 2010-08-11 10:00:17.000000000 -0500 -+++ apparmor-2.5.1~pre1393/profiles/apparmor.d/abstractions/X 2010-08-11 10:00:55.000000000 -0500 -@@ -17,7 +17,8 @@ - @{HOME}/.ICEauthority r, - - # .Xauthority files required for X connections, per user -- @{HOME}/.Xauthority r, -+ @{HOME}/.Xauthority r, -+ owner /var/run/gdm/*/database r, - - # the unix socket to use to connect to the display - /tmp/.X11-unix/* w, diff -Naurp apparmor-2.5.1~rc1/debian/patches/0005-lp648900.patch apparmor-2.5.1/debian/patches/0005-lp648900.patch --- apparmor-2.5.1~rc1/debian/patches/0005-lp648900.patch 1969-12-31 18:00:00.000000000 -0600 +++ apparmor-2.5.1/debian/patches/0005-lp648900.patch 2010-10-14 08:27:52.000000000 -0500 @@ -0,0 +1,16 @@ +Origin: http://bazaar.launchpad.net/~apparmor-dev/apparmor/release-2.5/revision/1433 +Description: update path for thunderbird, which is sometimes executed as + thunderbird or thunderbird.sh under different circumstances. +Bug-Ubuntu: https://launchpad.net/bugs/648900 + +Index: apparmor-2.5.1~rc1/profiles/apparmor.d/abstractions/ubuntu-email +=================================================================== +--- apparmor-2.5.1~rc1.orig/profiles/apparmor.d/abstractions/ubuntu-email 2010-09-27 08:52:49.000000000 -0500 ++++ apparmor-2.5.1~rc1/profiles/apparmor.d/abstractions/ubuntu-email 2010-09-27 08:52:56.000000000 -0500 +@@ -15,5 +15,5 @@ + /usr/bin/tkrat PUx, + + /usr/lib/thunderbird/thunderbird PUx, +- /usr/lib/thunderbird-3*/thunderbird PUx, ++ /usr/lib/thunderbird-3*/thunderbird{,.sh} PUx, + diff -Naurp apparmor-2.5.1~rc1/debian/patches/0006-network-interface-enumeration.patch apparmor-2.5.1/debian/patches/0006-network-interface-enumeration.patch --- apparmor-2.5.1~rc1/debian/patches/0006-network-interface-enumeration.patch 2010-10-13 16:20:01.000000000 -0500 +++ apparmor-2.5.1/debian/patches/0006-network-interface-enumeration.patch 1969-12-31 18:00:00.000000000 -0600 @@ -1,13 +0,0 @@ -Origin: http://bazaar.launchpad.net/~apparmor-dev/apparmor/master/revision/1411 -Description: allow network interface enumeration - -Index: apparmor-2.5.1~rc1/profiles/apparmor.d/abstractions/nameservice -=================================================================== ---- apparmor-2.5.1~rc1.orig/profiles/apparmor.d/abstractions/nameservice 2010-09-10 14:38:23.000000000 -0500 -+++ apparmor-2.5.1~rc1/profiles/apparmor.d/abstractions/nameservice 2010-09-10 14:38:37.000000000 -0500 -@@ -77,3 +77,5 @@ - network inet dgram, - network inet6 dgram, - -+ # interface details -+ @{PROC}/*/net/route r, diff -Naurp apparmor-2.5.1~rc1/debian/patches/0006-testsuite-fixes.patch apparmor-2.5.1/debian/patches/0006-testsuite-fixes.patch --- apparmor-2.5.1~rc1/debian/patches/0006-testsuite-fixes.patch 1969-12-31 18:00:00.000000000 -0600 +++ apparmor-2.5.1/debian/patches/0006-testsuite-fixes.patch 2010-10-14 08:27:52.000000000 -0500 @@ -0,0 +1,313 @@ +Origin: r1434, r1436-1438 of 2.5 branch +Description: subdomain regression testsuite fixes + +Index: apparmor-2.5.1/tests/regression/subdomain/changehat_misc.sh +=================================================================== +--- apparmor-2.5.1.orig/tests/regression/subdomain/changehat_misc.sh 2010-10-13 17:11:07.000000000 -0500 ++++ apparmor-2.5.1/tests/regression/subdomain/changehat_misc.sh 2010-10-13 17:11:40.000000000 -0500 +@@ -64,7 +64,7 @@ + echo "*** A 'Killed' message from bash is expected for the following test" + runchecktest "CHANGEHAT (subprofile->subprofile w/ bad magic)" signal9 $subtest $subtest2 badmagic $file + +-# 1. ATTEMPT TO CHANGEGAT TO AN INVALUD PROFILE, SHOULD PUT US INTO A NULL ++# 1. ATTEMPT TO CHANGEHAT TO AN INVALID PROFILE, SHOULD PUT US INTO A NULL + # PROFILE + # 2. ATTEMPT TO CHANGEHAT OUT WITH BAD TOKEN + settest changehat_fail +Index: apparmor-2.5.1/tests/regression/subdomain/deleted.c +=================================================================== +--- apparmor-2.5.1.orig/tests/regression/subdomain/deleted.c 2010-10-13 17:11:08.000000000 -0500 ++++ apparmor-2.5.1/tests/regression/subdomain/deleted.c 2010-10-13 17:11:40.000000000 -0500 +@@ -90,7 +90,7 @@ + } + + /* test that we can create the file. Not necessarily a (deleted) +- * case but lets use flush out other combinations ++ * case but lets us flush out other combinations. + */ + fd2=creat(argv[2], S_IRUSR | S_IWUSR); + if (fd2 == -1){ +Index: apparmor-2.5.1/tests/regression/subdomain/deleted.sh +=================================================================== +--- apparmor-2.5.1.orig/tests/regression/subdomain/deleted.sh 2010-10-13 17:11:08.000000000 -0500 ++++ apparmor-2.5.1/tests/regression/subdomain/deleted.sh 2010-10-13 17:11:40.000000000 -0500 +@@ -1,7 +1,7 @@ + #! /bin/bash +-# $Id$ +- ++# + # Copyright (C) 2002-2005 Novell/SUSE ++# Copyright (C) 2010 Canonical, Ltd + # + # This program is free software; you can redistribute it and/or + # modify it under the terms of the GNU General Public License as +@@ -10,7 +10,7 @@ + + #=NAME deleted + #=DESCRIPTION +-# Test subdomain is properly working around a kernel in which the kernel ++# Test AppArmor is properly working around a kernel in which the kernel + # appends (deleted) to deleted files verifies that the d_path appending + # (deleted) fix is working + #=END +@@ -24,6 +24,7 @@ + + file=$tmpdir/file + file2="$tmpdir/file (deleted)" ++file3="$tmpdir/unavailable" + okperm=rwl + + subtest=sub +@@ -40,8 +41,8 @@ + # NO CHANGEHAT TEST - doesn't force revalidation + + genprofile $file:$okperm +- + runchecktest "NO CHANGEHAT (access file)" pass nochange $file ++runchecktest "NO CHANGEHAT (cannot access unavailable)" fail nochange $file3 + + genprofile "$file2":$okperm + runchecktest "NO CHANGEHAT (access file (delete))" pass nochange "$file2" +@@ -49,6 +50,7 @@ + # CHANGEHAT TEST - force revalidation using changehat + genprofile $file:$okperm hat:$subtest $file:$okperm + runchecktest "CHANGEHAT (access file)" pass $subtest $file ++runchecktest "CHANGEHAT (cannot access unavailable)" fail $subtest $file3 + + genprofile "$file2":$okperm hat:$subtest "$file2":$okperm + runchecktest "CHANGEHAT (access file (deleted))" pass $subtest "$file2" +@@ -115,7 +117,7 @@ + # FAIL - confined client, w access to the file + + genprofile $file:$okperm $socket:rw $fd_client:px -- image=$fd_client $file:$badperm $socket:rw +-runchecktest "fd passing; confined client w/ w only" pass $file $socket $fd_client "delete_file" ++runchecktest "fd passing; confined client w/ w only" fail $file $socket $fd_client "delete_file" + + sleep 1 + rm -f ${socket} +Index: apparmor-2.5.1/tests/regression/subdomain/mkprofile.pl +=================================================================== +--- apparmor-2.5.1.orig/tests/regression/subdomain/mkprofile.pl 2010-10-13 17:11:09.000000000 -0500 ++++ apparmor-2.5.1/tests/regression/subdomain/mkprofile.pl 2010-10-13 17:11:40.000000000 -0500 +@@ -5,7 +5,7 @@ + # + # Gawd, I hate writing perl. It shows, too. + # +-my $__VERSION__='$Id$'; ++my $__VERSION__=$0; + + use strict; + use Getopt::Long; +Index: apparmor-2.5.1/tests/regression/subdomain/prologue.inc +=================================================================== +--- apparmor-2.5.1.orig/tests/regression/subdomain/prologue.inc 2010-10-13 17:10:58.000000000 -0500 ++++ apparmor-2.5.1/tests/regression/subdomain/prologue.inc 2010-10-13 17:11:30.000000000 -0500 +@@ -93,8 +93,10 @@ + + while [ -h ${link} ] + do +- if [ -x /usr/bin/readlink ] ; then +- target=$(/usr/bin/readlink ${link}) ++ if [ -x /usr/bin/readlink ] ; then ++ target=$(/usr/bin/readlink -f ${link}) ++ elif [ -x /bin/readlink ] ; then ++ target=$(/bin/readlink -f ${link}) + else + # I'm sure there's a more perlish way to do this + target=$( perl -e "printf (\"%s\n\", readlink(\"${link}\"));") +Index: apparmor-2.5.1/tests/regression/subdomain/pwrite.sh +=================================================================== +--- apparmor-2.5.1.orig/tests/regression/subdomain/pwrite.sh 2010-10-13 17:11:09.000000000 -0500 ++++ apparmor-2.5.1/tests/regression/subdomain/pwrite.sh 2010-10-13 17:11:40.000000000 -0500 +@@ -27,7 +27,7 @@ + + genprofile $file:$okperm + +-runtestbg "PWRITE with w" pass $file ++runtestbg "PREAD/PWRITE with rw" pass $file + + sleep 2 + +Index: apparmor-2.5.1/tests/regression/subdomain/swap.sh +=================================================================== +--- apparmor-2.5.1.orig/tests/regression/subdomain/swap.sh 2010-10-13 17:11:09.000000000 -0500 ++++ apparmor-2.5.1/tests/regression/subdomain/swap.sh 2010-10-13 17:11:40.000000000 -0500 +@@ -32,7 +32,7 @@ + swap_file=$tmpdir/swapfile + + dd if=/dev/zero of=${swap_file} bs=1024 count=512 2> /dev/null +-/sbin/mkswap ${swap_file} > /dev/null ++/sbin/mkswap -f ${swap_file} > /dev/null + + # TEST 1. Make sure can enable and disable swap unconfined + +Index: apparmor-2.5.1/tests/regression/subdomain/syscall.sh +=================================================================== +--- apparmor-2.5.1.orig/tests/regression/subdomain/syscall.sh 2010-10-13 17:11:10.000000000 -0500 ++++ apparmor-2.5.1/tests/regression/subdomain/syscall.sh 2010-10-13 17:11:40.000000000 -0500 +@@ -1,7 +1,7 @@ + #! /bin/bash +-# $Id$ +- ++# + # Copyright (C) 2002-2005 Novell/SUSE ++# Copyright (C) 2010 Canonical, Ltd. + # + # This program is free software; you can redistribute it and/or + # modify it under the terms of the GNU General Public License as +@@ -114,9 +114,9 @@ + runchecktest "MKNOD sock (permissions)" fail s $mknod_file + + ## +-## D. SETHOSTNAME ++## C. SYSCTL + ## +-sh syscall_sysctl.sh ++bash syscall_sysctl.sh + + ## + ## D. SETHOSTNAME +Index: apparmor-2.5.1/tests/regression/subdomain/unix_fd_server.c +=================================================================== +--- apparmor-2.5.1.orig/tests/regression/subdomain/unix_fd_server.c 2010-10-13 17:11:10.000000000 -0500 ++++ apparmor-2.5.1/tests/regression/subdomain/unix_fd_server.c 2010-10-13 17:11:40.000000000 -0500 +@@ -2,6 +2,7 @@ + + /* + * Copyright (C) 2002-2005 Novell/SUSE ++ * Copyright (C) 2010 Canonical, Ltd. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as +@@ -134,6 +135,7 @@ + } + + /* Check for info re: reading the file */ ++ memset(inbound_buffer, 0, sizeof(inbound_buffer)); + if (recv(in_sock, inbound_buffer, 16,0) == -1 ) { + fprintf(stderr, "FAIL - recv %s\n", + strerror(errno)); +Index: apparmor-2.5.1/tests/regression/subdomain/xattrs.sh +=================================================================== +--- apparmor-2.5.1.orig/tests/regression/subdomain/xattrs.sh 2010-10-13 17:11:10.000000000 -0500 ++++ apparmor-2.5.1/tests/regression/subdomain/xattrs.sh 2010-10-13 17:11:40.000000000 -0500 +@@ -38,41 +38,59 @@ + + . $bin/prologue.inc + +-file=$tmpdir/testfile +-link=$tmpdir/testlink +-dir=$tmpdir/testdir/ ++tmpmount=$tmpdir/mountpoint ++diskimg=$tmpdir/disk.img ++file=$tmpmount/testfile ++link=$tmpmount/testlink ++dir=$tmpmount/testdir/ + okperm=rw + badperm=r + ++# guarantee fs supports user_xattrs ++dd if=/dev/zero of=${diskimg} bs=4096 count=4096 2> /dev/null ++mkfs.ext3 -q -F ${diskimg} ++mkdir ${tmpmount} ++mount -o loop,user_xattr ${diskimg} ${tmpmount} ++ + touch $file + ln -s $file $link + mkdir $dir + ++add_attrs() ++{ ++ #set the xattr for thos that passed above again so we can test removing it ++ setfattr -h -n security.sdtest -v hello "$1" ++ setfattr -h -n trusted.sdtest -v hello "$1" ++ if [ "$1" != $link ] ; then ++ setfattr -h -n user.sdtest -v hello "$1" ++ fi ++} ++ + for var in $file $link $dir ; do + #write xattr + genprofile $var:$badperm + xattrtest $var $badperm write security fail + #xattrtest $var $badperm write system fail + xattrtest $var $badperm write trusted fail +- if [ $var != $link ] ; then xattrtest $var $badperm write user fail ; fi ++ if [ $var != $link ] ; then xattrtest $var $badperm write user xfail ; fi + + genprofile $var:$badperm capability:sys_admin + xattrtest $var "$badperm+cap SYS_ADMIN" write security xfail + #xattrtest $var "$badperm+cap SYS_ADMIN" write system fail + xattrtest $var "$badperm+cap SYS_ADMIN" write trusted xfail +- if [ $var != $link ] ; then xattrtest $var "$badperm+cap SYS_ADMIN" write user fail ; fi ++ if [ $var != $link ] ; then xattrtest $var "$badperm+cap SYS_ADMIN" write user xfail ; fi + + genprofile $var:$okperm + xattrtest $var $okperm write security xpass + #xattrtest $var $okperm write system fail + xattrtest $var $okperm write trusted fail +- if [ $var != $link ] ; then xattrtest $var $okperm write user xpass ; fi ++ if [ $var != $link ] ; then xattrtest $var $okperm write user pass ; fi + + genprofile $var:$okperm capability:sys_admin + xattrtest $var "$okperm+cap SYS_ADMIN" write security pass + #xattrtest $var "$okperm+cap SYS_ADMIN" write system pass + xattrtest $var "$okperm+cap SYS_ADMIN" write trusted pass +- if [ $var != $link ] ; then xattrtest $var "$okperm+cap SYS_ADMIN" write user xpass ; fi ++ if [ $var != $link ] ; then xattrtest $var "$okperm+cap SYS_ADMIN" write user pass ; fi + + + #read xattr +@@ -80,13 +98,13 @@ + xattrtest $var $badperm read security pass + #xattrtest $var $badperm read system fail + xattrtest $var $badperm read trusted fail +- if [ $var != $link ] ; then xattrtest $var $badperm read user xpass ; fi ++ if [ $var != $link ] ; then xattrtest $var $badperm read user pass ; fi + + genprofile $var:$badperm capability:sys_admin + xattrtest $var "$badperm+cap SYS_ADMIN" read security pass + #xattrtest $var "$badperm+cap SYS_ADMIN" read system pass + xattrtest $var "$badperm+cap SYS_ADMIN" read trusted pass +- if [ $var != $link ] ; then xattrtest $var "$badperm+cap SYS_ADMIN" read user xpass ; fi ++ if [ $var != $link ] ; then xattrtest $var "$badperm+cap SYS_ADMIN" read user pass ; fi + + + #remove xattr +@@ -94,23 +112,25 @@ + xattrtest $var $badperm remove security fail + #xattrtest $var $badperm remove system fail + xattrtest $var $badperm remove trusted fail +- if [ $var != $link ] ; then xattrtest $var $badperm remove user fail ; fi ++ if [ $var != $link ] ; then xattrtest $var $badperm remove user xfail ; fi ++ ++ add_attrs $var + + genprofile $var:$badperm capability:sys_admin + xattrtest $var "$badperm+cap SYS_ADMIN" remove security xfail + #xattrtest $var "$badperm+cap SYS_ADMIN" remove system fail + xattrtest $var "$badperm+cap SYS_ADMIN" remove trusted xfail +- if [ $var != $link ] ; then xattrtest $var "$badperm+cap SYS_ADMIN" remove user fail ; fi ++ if [ $var != $link ] ; then xattrtest $var "$badperm+cap SYS_ADMIN" remove user xfail ; fi ++ ++ add_attrs $var + + genprofile $var:$okperm + xattrtest $var $okperm remove security xpass + #xattrtest $var $okperm remove system fail + xattrtest $var $okperm remove trusted fail +- if [ $var != $link ] ; then xattrtest $var $okperm remove user xpass ; fi ++ if [ $var != $link ] ; then xattrtest $var $okperm remove user pass ; fi + +- #set the xattr for thos that passed above again so we can test removing it +- setfattr -h -n security.sdtest -v hello $var +- if [ $var != $link ] ; then setfattr -h -n user.sdtest -v hello $var ; fi ++ add_attrs $var + + genprofile $var:$okperm capability:sys_admin + xattrtest $var "$okperm+cap SYS_ADMIN" remove security pass +@@ -120,3 +140,4 @@ + + done + ++umount ${tmpmount} diff -Naurp apparmor-2.5.1~rc1/debian/patches/0007-gnome-updates.patch apparmor-2.5.1/debian/patches/0007-gnome-updates.patch --- apparmor-2.5.1~rc1/debian/patches/0007-gnome-updates.patch 2010-10-13 16:20:01.000000000 -0500 +++ apparmor-2.5.1/debian/patches/0007-gnome-updates.patch 1969-12-31 18:00:00.000000000 -0600 @@ -1,27 +0,0 @@ -Origin: http://bazaar.launchpad.net/~apparmor-dev/apparmor/master/revision/1410 -Description: update for font/icon/mime locations in current gnome - -Index: apparmor-2.5.1~rc1/profiles/apparmor.d/abstractions/fonts -=================================================================== ---- apparmor-2.5.1~rc1.orig/profiles/apparmor.d/abstractions/fonts 2010-09-10 14:40:57.000000000 -0500 -+++ apparmor-2.5.1~rc1/profiles/apparmor.d/abstractions/fonts 2010-09-10 14:41:12.000000000 -0500 -@@ -15,6 +15,7 @@ - - /usr/lib/xorg/modules/fonts/**.so* mr, - -+ /usr/share/fonts/ r, - /usr/share/fonts/** r, - - /etc/fonts/** r, -Index: apparmor-2.5.1~rc1/profiles/apparmor.d/abstractions/freedesktop.org -=================================================================== ---- apparmor-2.5.1~rc1.orig/profiles/apparmor.d/abstractions/freedesktop.org 2010-09-10 14:41:00.000000000 -0500 -+++ apparmor-2.5.1~rc1/profiles/apparmor.d/abstractions/freedesktop.org 2010-09-10 14:41:12.000000000 -0500 -@@ -27,3 +27,7 @@ - @{HOME}/.icons/ r, - @{HOME}/.recently-used.xbel* rw, - @{HOME}/.config/user-dirs.dirs r, -+ @{HOME}/.local/share/icons/ r, -+ @{HOME}/.local/share/icons/** r, -+ @{HOME}/.local/share/mime/ r, -+ @{HOME}/.local/share/mime/** r, diff -Naurp apparmor-2.5.1~rc1/debian/patches/0007-honor-cflags.patch apparmor-2.5.1/debian/patches/0007-honor-cflags.patch --- apparmor-2.5.1~rc1/debian/patches/0007-honor-cflags.patch 1969-12-31 18:00:00.000000000 -0600 +++ apparmor-2.5.1/debian/patches/0007-honor-cflags.patch 2010-10-14 08:27:52.000000000 -0500 @@ -0,0 +1,33 @@ +Origin: r1439 of 2.5 branch +Description: Merge from trunk rev 1514: Have the parser makefile honor CFLAGS + environment variable. + +Index: apparmor-2.5.1/parser/Makefile +=================================================================== +--- apparmor-2.5.1.orig/parser/Makefile 2010-10-13 17:16:19.000000000 -0500 ++++ apparmor-2.5.1/parser/Makefile 2010-10-13 17:19:59.000000000 -0500 +@@ -45,11 +45,14 @@ + echo "$${warning}"; \ + fi ; \ + done) +-CFLAGS = -O2 -pipe ++ifndef CFLAGS ++CFLAGS = -g -O2 -pipe + + ifdef DEBUG + CFLAGS = -g + endif ++endif #CFLAGS ++ + EXTRA_CFLAGS = ${CFLAGS} ${WARNINGS} -D_GNU_SOURCE + + #LEXLIB := -lfl +@@ -224,7 +227,7 @@ + .SILENT: $(AAREOBJECTS) + .PHONY: $(AAREOBJECTS) + $(AAREOBJECTS): +- make -C $(AAREDIR) ++ make -C $(AAREDIR) CFLAGS="$(CFLAGS)" + + .SILENT: $(PCREOBJECTS) + .PHONY: $(PCREOBJECTS) diff -Naurp apparmor-2.5.1~rc1/debian/patches/0008-lp648900.patch apparmor-2.5.1/debian/patches/0008-lp648900.patch --- apparmor-2.5.1~rc1/debian/patches/0008-lp648900.patch 2010-10-13 16:20:01.000000000 -0500 +++ apparmor-2.5.1/debian/patches/0008-lp648900.patch 1969-12-31 18:00:00.000000000 -0600 @@ -1,16 +0,0 @@ -Origin: http://bazaar.launchpad.net/~apparmor-dev/apparmor/release-2.5/revision/1433 -Description: update path for thunderbird, which is sometimes executed as - thunderbird or thunderbird.sh under different circumstances. -Bug-Ubuntu: https://launchpad.net/bugs/648900 - -Index: apparmor-2.5.1~rc1/profiles/apparmor.d/abstractions/ubuntu-email -=================================================================== ---- apparmor-2.5.1~rc1.orig/profiles/apparmor.d/abstractions/ubuntu-email 2010-09-27 08:52:49.000000000 -0500 -+++ apparmor-2.5.1~rc1/profiles/apparmor.d/abstractions/ubuntu-email 2010-09-27 08:52:56.000000000 -0500 -@@ -15,5 +15,5 @@ - /usr/bin/tkrat PUx, - - /usr/lib/thunderbird/thunderbird PUx, -- /usr/lib/thunderbird-3*/thunderbird PUx, -+ /usr/lib/thunderbird-3*/thunderbird{,.sh} PUx, - diff -Naurp apparmor-2.5.1~rc1/debian/patches/0008-lp652674.patch apparmor-2.5.1/debian/patches/0008-lp652674.patch --- apparmor-2.5.1~rc1/debian/patches/0008-lp652674.patch 1969-12-31 18:00:00.000000000 -0600 +++ apparmor-2.5.1/debian/patches/0008-lp652674.patch 2010-10-14 08:27:52.000000000 -0500 @@ -0,0 +1,27 @@ +Origin: r1440 of 2.5 branch +Description: fix warnings for messages without denied or requested masks +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/652674 + +Index: apparmor-2.5.1/utils/SubDomain.pm +=================================================================== +--- apparmor-2.5.1.orig/utils/SubDomain.pm 2010-10-13 17:21:30.000000000 -0500 ++++ apparmor-2.5.1/utils/SubDomain.pm 2010-10-13 17:21:36.000000000 -0500 +@@ -6622,10 +6622,14 @@ + LibAppArmor::free_record($event); + + #map new c and d to w as logprof doesn't support them yet +- $rmask =~ s/c/w/g; +- $rmask =~ s/d/w/g; +- $dmask =~ s/c/w/g; +- $dmask =~ s/d/w/g; ++ if ($rmask) { ++ $rmask =~ s/c/w/g; ++ $rmask =~ s/d/w/g; ++ } ++ if ($dmask) { ++ $dmask =~ s/c/w/g; ++ $dmask =~ s/d/w/g; ++ } + + if ($rmask && !validate_log_mode(hide_log_mode($rmask))) { + fatal_error(sprintf(gettext('Log contains unknown mode %s.'), diff -Naurp apparmor-2.5.1~rc1/debian/patches/series apparmor-2.5.1/debian/patches/series --- apparmor-2.5.1~rc1/debian/patches/series 2010-10-13 16:20:01.000000000 -0500 +++ apparmor-2.5.1/debian/patches/series 2010-10-14 08:27:52.000000000 -0500 @@ -2,7 +2,7 @@ 0002-add-chromium-browser.patch 0003-local-includes.patch 0004-ubuntu-abstractions-updates.patch -0005-lp601583.patch -0006-network-interface-enumeration.patch -0007-gnome-updates.patch -0008-lp648900.patch +0005-lp648900.patch +0006-testsuite-fixes.patch +0007-honor-cflags.patch +0008-lp652674.patch