diff -u tcpdump-4.0.0/debian/rules tcpdump-4.0.0/debian/rules
--- tcpdump-4.0.0/debian/rules
+++ tcpdump-4.0.0/debian/rules
@@ -37,6 +37,7 @@
 	dh_installdirs
 
 	$(MAKE) install prefix=$(dstdir)/usr
+	dh_install --sourcedir=$(CURDIR)/debian
 
 binary-indep: build install
 # We have nothing to do by default.
diff -u tcpdump-4.0.0/debian/control tcpdump-4.0.0/debian/control
--- tcpdump-4.0.0/debian/control
+++ tcpdump-4.0.0/debian/control
@@ -1,7 +1,8 @@
 Source: tcpdump
 Section: net
 Priority: optional
-Maintainer: Romain Francoise <rfrancoise@debian.org>
+Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss@lists.ubuntu.com>
+XSBC-Original-Maintainer: Romain Francoise <rfrancoise@debian.org>
 Build-Depends: debhelper (>= 5), libpcap0.8-dev (>= 0.9.3), quilt (>= 0.40), libssl-dev, autotools-dev
 Standards-Version: 3.8.3
 Homepage: http://www.tcpdump.org/
@@ -11,6 +12,7 @@
 Package: tcpdump
 Architecture: any
 Depends: ${shlibs:Depends}, ${misc:Depends}
+Suggests: apparmor (>= 2.3)
 Description: A powerful tool for network monitoring and data acquisition
  This program allows you to dump the traffic on a network. tcpdump 
  is able to examine IPv4, ICMPv4, IPv6, ICMPv6, UDP, TCP, SNMP, AFS
diff -u tcpdump-4.0.0/debian/tcpdump.dirs tcpdump-4.0.0/debian/tcpdump.dirs
--- tcpdump-4.0.0/debian/tcpdump.dirs
+++ tcpdump-4.0.0/debian/tcpdump.dirs
@@ -1,0 +2 @@
+etc/apparmor.d/force-complain
diff -u tcpdump-4.0.0/debian/changelog tcpdump-4.0.0/debian/changelog
--- tcpdump-4.0.0/debian/changelog
+++ tcpdump-4.0.0/debian/changelog
@@ -1,3 +1,20 @@
+tcpdump (4.0.0-4ubuntu1) karmic; urgency=low
+
+  * Merge from debian unstable, remaining changes:
+    - add enforcing apparmor profile
+      - create debian/usr.sbin.tcpdump
+      - debian/control: suggest apparmor >= 2.3
+      - debian/postinst: reload apparmor
+      - debian/postrm: remove force-complain link
+      - debian/tcpdump.install: add profile
+      - debian/rules: install the profile
+      - debian/README.Debian: give information on Apparmor
+      - debian/postinst: reload individual tcpdump profile, not all of apparmor
+      - debian/postrm: also remove any symlinks in the /etc/apparmor.d/disable
+        directory on purge 
+
+ -- Nicolas Valcárcel Scerpella (Canonical) <nvalcarcel@canonical.com>  Tue, 03 Nov 2009 14:47:48 -0500
+
 tcpdump (4.0.0-4) unstable; urgency=low
 
   * debian/control:
@@ -16,6 +33,29 @@
 
  -- Romain Francoise <rfrancoise@debian.org>  Tue, 16 Jun 2009 11:51:14 +0200
 
+tcpdump (4.0.0-2ubuntu2) karmic; urgency=low
+
+  * debian/postinst: reload individual tcpdump profile, not all of apparmor
+    (LP: #412749)
+  * debian/postrm: also remove any symlinks in the /etc/apparmor.d/disable
+    directory on purge
+
+ -- Jamie Strandboge <jamie@ubuntu.com>  Wed, 12 Aug 2009 16:58:28 -0500
+
+tcpdump (4.0.0-2ubuntu1) karmic; urgency=low
+
+  * Merge from debian unstable, remaining changes:
+    - add enforcing apparmor profile
+      - create debian/usr.sbin.tcpdump
+      - debian/control: suggest apparmor >= 2.3
+      - debian/postinst: reload apparmor
+      - debian/postrm: remove force-complain link
+      - debian/tcpdump.install: add profile
+      - debian/rules: install the profile
+      - debian/README.Debian: give information on Apparmor
+
+ -- Jamie Strandboge <jamie@ubuntu.com>  Thu, 14 May 2009 12:58:52 -0500
+
 tcpdump (4.0.0-2) unstable; urgency=low
 
   * debian/patches/30_tcp_seq.diff: Patch from Ilpo Järvinen adding back
@@ -40,6 +80,25 @@
 
  -- Romain Francoise <rfrancoise@debian.org>  Sun, 30 Nov 2008 22:55:39 +0100
 
+tcpdump (3.9.8-4ubuntu2) jaunty; urgency=low
+
+  * debian/usr.sbin.tcpdump: use 'audit deny' instead of 'deny' (LP: #348592)
+
+ -- Jamie Strandboge <jamie@ubuntu.com>  Wed, 25 Mar 2009 13:33:28 -0500
+
+tcpdump (3.9.8-4ubuntu1) jaunty; urgency=low
+
+  * add enforcing apparmor profile
+    - create debian/usr.sbin.tcpdump
+    - debian/control: suggest apparmor >= 2.3
+    - debian/postinst: reload apparmor
+    - debian/postrm: remove force-complain link
+    - debian/tcpdump.install: add profile
+    - debian/rules: install the profile
+    - debian/README.Debian: give information on Apparmor
+
+ -- Jamie Strandboge <jamie@ubuntu.com>  Tue, 03 Feb 2009 01:54:34 +0100
+
 tcpdump (3.9.8-4) unstable; urgency=low
 
   * debian/control: Build-Depend on libpcap0.8-dev (>= 0.9.3),
@@ -468,7 +527,6 @@
 
  -- Peter Tobias <tobias@et-inf.fho-emden.de>  Mon, 30 Mar 1998 02:28:39 +0200
 
-
 tcpdump (3.4a6-2) frozen unstable; urgency=low
 
   * rebuild with latest debmake, fixes #19415
@@ -477,7 +535,6 @@
 
  -- Peter Tobias <tobias@et-inf.fho-emden.de>  Mon, 30 Mar 1998 00:28:39 +0200
 
-
 tcpdump (3.4a6-1) unstable; urgency=low
 
   * updated to latest upstream version, fixes: Bug#17163
@@ -485,7 +542,6 @@
 
  -- Peter Tobias <tobias@et-inf.fho-emden.de>  Sun,  1 Feb 1998 00:08:31 +0100
 
-
 tcpdump (3.4a4-1) unstable; urgency=low
 
   * updated to latest upstream version
@@ -496,22 +552,18 @@
-
 tcpdump (3.3.1a2-1) frozen stable unstable; urgency=medium
 
   * updated to latest upstream version (works with new libpcap now)
 
  -- Peter Tobias <tobias@et-inf.fho-emden.de>  Sat, 24 May 1997 00:49:17 +0200
 
-
 tcpdump (3.3-2) unstable; urgency=low
 
   * fixed SLIP support
 
  -- Peter Tobias <tobias@et-inf.fho-emden.de>  Sun, 16 Feb 1997 21:06:51 +0100
 
-
 tcpdump (3.3-1) unstable; urgency=low
 
   * updated to latest upstream version
 
  -- Peter Tobias <tobias@et-inf.fho-emden.de>  Thu, 16 Jan 1997 01:34:00 +0100
 
-
only in patch2:
unchanged:
--- tcpdump-4.0.0.orig/debian/tcpdump.install
+++ tcpdump-4.0.0/debian/tcpdump.install
@@ -0,0 +1 @@
+usr.sbin.tcpdump etc/apparmor.d
only in patch2:
unchanged:
--- tcpdump-4.0.0.orig/debian/README.Debian
+++ tcpdump-4.0.0/debian/README.Debian
@@ -0,0 +1,7 @@
+Apparmor Profile
+----------------
+If your system uses apparmor, please note that the shipped enforcing profile
+works with the default installation, and changes in your configuration may
+require changes to the installed apparmor profile. Please see
+https://wiki.ubuntu.com/DebuggingApparmor before filing a bug against this
+software.
only in patch2:
unchanged:
--- tcpdump-4.0.0.orig/debian/postinst
+++ tcpdump-4.0.0/debian/postinst
@@ -0,0 +1,10 @@
+#!/bin/sh -e
+
+if [ "$1" = "configure" ]; then
+    # Reload AppArmor profile
+    APP_PROFILE="/etc/apparmor.d/usr.sbin.tcpdump"
+    if [ -f "$APP_PROFILE" ] && aa-status --enabled 2>/dev/null; then
+        apparmor_parser -r "$APP_PROFILE" || true
+    fi
+fi
+
only in patch2:
unchanged:
--- tcpdump-4.0.0.orig/debian/usr.sbin.tcpdump
+++ tcpdump-4.0.0/debian/usr.sbin.tcpdump
@@ -0,0 +1,33 @@
+# vim:syntax=apparmor
+# Last Modified: Wed Feb  3 07:58:30 2009
+# Author: Jamie Strandboge <jamie@canonical.com>
+#include <tunables/global>
+
+/usr/sbin/tcpdump {
+  #include <abstractions/base>
+  #include <abstractions/nameservice>
+  #include <abstractions/user-tmp>
+
+  capability net_raw,
+  capability setuid,
+  capability setgid,
+  capability dac_override,
+  network raw,
+  network packet,
+
+  # for -D
+  capability sys_module,
+  @{PROC}/bus/usb/ r,
+  @{PROC}/bus/usb/** r,
+
+  # for -F and -w
+  audit deny @{HOME}/.* mrwkl,
+  audit deny @{HOME}/.*/ rw,
+  audit deny @{HOME}/.*/** mrwkl,
+  audit deny @{HOME}/bin/ rw,
+  audit deny @{HOME}/bin/** mrwkl,
+  @{HOME}/ r,
+  @{HOME}/** rw,
+
+  /usr/sbin/tcpdump r,
+}
only in patch2:
unchanged:
--- tcpdump-4.0.0.orig/debian/postrm
+++ tcpdump-4.0.0/debian/postrm
@@ -0,0 +1,6 @@
+#!/bin/sh -e
+
+if [ "$1" = "purge" ]; then
+    rm -f /etc/apparmor.d/force-complain/usr.sbin.tcpdump >/dev/null 2>&1 || true
+    rm -f /etc/apparmor.d/disable/usr.sbin.tcpdump >/dev/null 2>&1 || true
+fi