apparmor 2.10.95-0ubuntu1 source package in Ubuntu

Changelog

apparmor (2.10.95-0ubuntu1) xenial; urgency=medium

  * Update to apparmor 2.10.95 (2.11 Beta 1) (LP: #1561762)
    - Allow Apache prefork profile to chown(2) files (LP: #1210514)
    - Allow deluge-gtk and deluge-console to handle torrents opened in
      browsers (LP: #1501913)
    - Allow file accesses needed by some programs using libnl-3-200
      (Closes: #810888)
    - Allow file accesses needed on systems that use NetworkManager without
      resolvconf (Closes: #813835)
    - Adjust aa-status(8) to work without python3-apparmor (LP: #1480492)
    - Fix aa-logprof(8) crash when operating on files containing multiple
      profiles with certain rules (LP: #1528139)
    - Fix log parsing crashes, in the Python utilities, caused by certain file
      related events (LP: #1525119, LP: #1540562)
    - Fix log parsing crasher, in the Python utilities, caused by certain
      change_hat events (LP: #1523297)
    - Improve Python 2 support of the utils by fixing an aa-logprof(8) crasher
      when Python 3 is not available (LP: #1513880)
    - Send aa-easyprof(8) error messages to stderr instead of stdout
      (LP: #1521400)
    - Fix aa-autodep(8) failure when the shebang line of a script contained
      parameters (LP: #1505775)
    - Don't depend on the system logprof.conf when running utils/ build tests
      (LP: #1393979)
    - Fix apparmor_parser(8) bugs when parsing profiles that use policy
      namespaces in the profile declaration or profile transition targets
      (LP: #1540666, LP: #1544387)
    - Regression fix for apparmor_parser(8) bug that resulted in the
      --namespace-string commandline option being ignored causing profiles to
      be loaded into the root policy namespace (LP: #1526085)
    - Fix crasher regression in apparmor_parser(8) when the parser was asked
      to process a directory (LP: #1534405)
    - Fix bug in apparmor_parser(8) to honor the specified bind flags remount
      rules (LP: #1272028)
    - Support tarball generation for Coverity scans and fix a number of issues
      discovered by Coverity
    - Fix regression test failures on s390x systems (LP: #1531325)
    - Adjust expected errno values in changeprofile regression test
      (LP: #1559705)
    - The Python utils gained support for ptrace and signal rules
    - aa-exec(8) received a rewrite in C
    - apparmor_parser(8) gained support for stacking multiple profiles, as
      supported by the Xenial kernel (LP: #1379535)
    - libapparmor gained new public interfaces, aa_stack_profile(2) and
      aa_stack_onexec(2), allowing applications to utilize the new kernel
      stacking support (LP: #1379535)
  * Drop the following patches since they've been incorporated upstream:
    - aa-status-dont_require_python3-apparmor.patch
    - r3209-dnsmasq-allow-dash
    - r3227-locale-indep-capabilities-sorting.patch
    - r3277-update-python-abstraction.patch
    - r3366-networkd.patch,
    - tests-fix_sysctl_test.patch
    - parser-fix-cache-file-mtime-regression.patch
    - parser-verify-cache-file-mtime.patch
    - parser-run-caching-tests-without-apparmorfs.patch
    - parser-do-cleanup-when-test-was-skipped.patch
    - parser-allow-unspec-in-network-rules.patch
  * debian/rules, debian/apparmor.install, debian/apparmor.manpages: Update
    for new upstream binutils directory and aa-enabled binary
    - Continue installing aa-exec into /usr/sbin/ for now since
      click-apparmor's aa-exec-click autopkgtest expects it to be there
  * debian/libapparmor-dev.manpages: Include the new aa_stack_profile.2 man
    page
  * debian/patches/r3424-nscd-profile-allow-paranoia-mode.patch: Allow file
    access needed for nscd's paranoia mode
  * debian/patches/r3425-adjust-stacking-tests-version-check.patch: Adjust the
    regression test build time checks, for libapparmor stacking support, to
    look for the 2.10.95 versioning rather than 2.11
  * debian/patches/r3426-allow-debugedit-to-work-on-apparmor-parser.patch:
    Remove extra slash in the parser Makefile so that debugedit(8) can work on
    apparmor_parser(8) (LP: #1561939)
  * debian/patches/allow-stacking-tests-to-use-system.patch: Adjust the file
    rules of the new stacking tests so that the generated profiles allow the
    system binaries and libraries to be tested
  * debian/libapparmor1.symbols: update symbols file for added symbols
    in libapparmor

 -- Tyler Hicks <email address hidden>  Sat, 09 Apr 2016 01:35:25 -0500

Upload details

Uploaded by:
Tyler Hicks
Uploaded to:
Xenial
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
admin
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
apparmor_2.10.95.orig.tar.gz 4.3 MiB 3f659a599718f4a5e2a33140916715f574a5cb3634a6b9ed6d29f7b0617e4d1a
apparmor_2.10.95-0ubuntu1.debian.tar.xz 71.5 KiB a74daeffc079f851e04109d42ddc44dd7e3c8f34ce914c846a3ae1457a723a07
apparmor_2.10.95-0ubuntu1.dsc 3.2 KiB 0669fe139808449dcc48dad0918bd365120d96338bb52e85c951188cc266a26b

Available diffs

View changes file

Binary packages built by this source

apparmor: user-space parser utility for AppArmor

 This provides the system initialization scripts needed to use the
 AppArmor Mandatory Access Control system, including the AppArmor Parser
 which is required to convert AppArmor text profiles into machine-readable
 policies that are loaded into the kernel for use with the AppArmor Linux
 Security Module.

apparmor-dbgsym: debug symbols for package apparmor

 This provides the system initialization scripts needed to use the
 AppArmor Mandatory Access Control system, including the AppArmor Parser
 which is required to convert AppArmor text profiles into machine-readable
 policies that are loaded into the kernel for use with the AppArmor Linux
 Security Module.

apparmor-docs: documentation for AppArmor

 This package provides some technical documentation for the AppArmor
 Mandatory Access Control system. Currently this is only a single
 PDF covering basic operation, written some time ago.

apparmor-easyprof: AppArmor easyprof profiling tool

 This provides the aa-easyprof utility which is an easy to use interface for
 AppArmor policy generation. aa-easyprof supports the use of templates and
 policy groups to quickly profile an application.

apparmor-notify: AppArmor notification system

 This package provides a utility to display AppArmor denial messages via
 desktop notifications. The utility can also be used to generate summary
 reports.

apparmor-profiles: profiles for AppArmor Security policies

 This provides various AppArmor profiles that have not been shipped by
 the packages they provide confinement for. By default, they ship in
 complain mode so that users can test and choose which are desired.

apparmor-utils: utilities for controlling AppArmor

 This provides the utilities to operate on AppArmor profiles. Profiles
 can be created, updated, enforced, set to complain mode, and disabled
 with tools such as aa-genprof, aa-enforce, aa-complain and aa-disabled.

dh-apparmor: AppArmor debhelper routines

 This provides the debhelper tools used to install and migrate AppArmor
 profiles. This is normally used from package maintainer scripts during
 install and removal.

libapache2-mod-apparmor: changehat AppArmor library as an Apache module

 This provides the Apache module needed to declare various differing
 confinement policies when running virtual hosts in the webserver
 by using the changehat abilities exposed through libapparmor.

libapache2-mod-apparmor-dbgsym: debug symbols for package libapache2-mod-apparmor

 This provides the Apache module needed to declare various differing
 confinement policies when running virtual hosts in the webserver
 by using the changehat abilities exposed through libapparmor.

libapparmor-dev: AppArmor development libraries and header files

 This package provides the development libraries and header files needed to
 link against the AppArmor changehat and log parsing functions. Also
 includes the manpages for library functions.

libapparmor-perl: AppArmor library Perl bindings

 This provides the Perl module that contains the language bindings
 for the AppArmor library, libapparmor, which were autogenerated via
 SWIG.

libapparmor-perl-dbgsym: debug symbols for package libapparmor-perl

 This provides the Perl module that contains the language bindings
 for the AppArmor library, libapparmor, which were autogenerated via
 SWIG.

libapparmor1: changehat AppArmor library

 This package provides the shared library used for making use of the
 AppArmor profile and changehat functionality, as well as common log
 parsing routines.

libapparmor1-dbgsym: debug symbols for package libapparmor1

 This package provides the shared library used for making use of the
 AppArmor profile and changehat functionality, as well as common log
 parsing routines.

libpam-apparmor: changehat AppArmor library as a PAM module

 This provides the PAM module needed to declare various differing
 confinement policies when starting PAM sessions by using the
 changehat abilities exposed through libapparmor.

libpam-apparmor-dbgsym: debug symbols for package libpam-apparmor

 This provides the PAM module needed to declare various differing
 confinement policies when starting PAM sessions by using the
 changehat abilities exposed through libapparmor.

python-apparmor: AppArmor Python utility library

 This provides the Python modules that implement the higher-level AppArmor
 applications.

python-libapparmor: AppArmor library Python bindings

 This provides the Python module that contains the language bindings
 for the AppArmor library, libapparmor, which were autogenerated via
 SWIG.

python3-apparmor: AppArmor Python3 utility library

 This provides the Python3 modules that implement the higher-level AppArmor
 applications.

python3-libapparmor: AppArmor library Python3 bindings

 This provides the Python3 module that contains the language bindings
 for the AppArmor library, libapparmor, which were autogenerated via
 SWIG.