lp://qastaging/ubuntu/trusty-security/apparmor
- Get this branch:
- bzr branch lp://qastaging/ubuntu/trusty-security/apparmor
Branch merges
Branch information
Recent revisions
- 73. By Tyler Hicks
-
* SECURITY UPDATE: An AppArmor profile compilation bug may result in
applications being confined in a way that is inconsistent with the profile
author's intent. The compilation bug is specific to certain combinations
of AppArmor rule types and conditionals of those rule types.
(LP: #1390592)
- debian/patches/ fix-esc- seq-interp. patch: Fix the profile compilation bug
by limiting the number of bytes that are consumed when interpreting
hexadecimal, octal, and decimal escape sequences
- debian/patches/ tests-allow- arbitrary- profile- names.patch,
debian/patches/ tests-add- ptrace- tests-for- lp1390592. patch: Add
regression tests for the profile compilation bug
- CVE-2014-1424 - 72. By Jamie Strandboge
-
debian/control: add versioned Breaks to apparmor for lxc, libvirt-bin,
lightdm and apparmor-easyprof- ubuntu - 71. By Tyler Hicks
-
[ Jamie Strandboge ]
* debian/lib/apparmor/ functions: properly calculate number of profiles in
/var/lib/apparmor/ profiles (LP: #1295816)
* autostart aa-notify via /etc/xdg/autostart instead of /etc/X11/Xsession.d
(LP: #1288241)
- remove debian/notify/ 90apparmor- notify
- add debian/notify/ apparmor- notify. desktop
- debian/apparmor- notify. install: adjust for the above
- add debian/apparmor- notify. maintscript to remove 90apparmor-notify
* debian/notify/ notify. conf: use_group should be set to "sudo" instead of
"admin" (LP: #1009666)[ Tyler Hicks ]
* debian/patches/ initialize- mount-flags. patch: Initialize the variables
containing mount rule flags to zero. Otherwise, the parser may set
unexpected bits in the mount flags field for rules that do not specify
mount flags. The uninitialized mount flag variables may have caused
unexpected AppArmor denials during mount mediation. (LP: #1296459)
* debian/patches/ fix-typo- in-dbus_ write.patch: Fix a bug in the
apparmor/aa.py module that caused the utilities in the apparmor-utils
package to write out network rules instead of dbus rules
* debian/patches/ limited- mount-rule- support. patch: Fix a bug in the
apparmor/aa.py module that caused the utilities in the apparmor-utils
package to traceback when encountering a mount rule (LP: #1294825)
* debian/patches/ bare-capability -rule-support. patch: Fix a bug in the
apparmor/aa.py module that caused the utilities in the apparmor-utils
package to traceback when encountering a bare capability rule
(LP: #1294819)
* debian/patches/ check-config- for-sysctl. patch,
debian/patches/ increase- swap-size. patch: Fix bugs in the regression test
suite that caused errors when running on ppc64el
* debian/patches/ test-v6- policy. patch,
debian/patches/ test-mount- mediation. patch: Improve the regression tests
by increasing the mount rule test coverage - 70. By Jamie Strandboge
-
debian/control: Depends on python-
pkg-resources for python-apparmor and
python3-pkg-resources for python3-apparmor to fix autopkgtests in
click-apparmor and apparmor-easyprof- ubuntu - 69. By Seth Arnold
-
[ Jamie Strandboge ]
* debian/
debhelper/ dh_apparmor: exit with error if aa-easyprof does not
exist
* debian/control: drop Depends on apparmor-easyprof to Suggests for
dh-apparmor[ Seth Arnold, Jamie Strandboge, Steve Beattie, John Johansen, Tyler Hicks ]
* New upstream snapshot (LP: #1278702, #1061693, #1285653) dropping very
large Ubuntu delta and fixing the following bugs:
- Adjust fonts abstraction for libthai (LP: #1278702)
- Support translated XDG user directories (LP: #1061693)
- Adjust abstractions/web-data to include /var/www/html (LP: #1285653)
Refresh 0002-add-debian- integration- to-lighttpd. patch to include
/etc/lighttpd/ conf-available/ *.conf
- Adjust debian/libapparmor1. symbols to reflect new upstream versioning
for the aa_query_label() function
- Raise exceptions in Python bindings when something fails
* ship new Python replacements for previous Perl-based tools
- debian/apparmor- utils.install: remove usr/share/ perl5/Immunix/ *.pm and
add usr/sbin/aa-autodep, usr/sbin/ aa-cleanprof and usr/sbin/ aa-mergeprof
- debian/control:
+ remove various Perl dependencies
+ add python-apparmor and python3-apparmor
+ python3-apparmor Breaks: apparmor-easyprof to move the file since it
ships dist-packages/apparmor/ __init_ _.py now
- debian/apparmor- utils.manpages: ship new manpages for aa-cleanprof and
aa-mergeprof
- debian/rules: build and install Python tools
* debian/apparmor. install:
- install apparmorfs, dovecot, kernelvars, securityfs, sys,
and xdg-user-dirs tunables and xdg-user-dirs.d directory
* debian/apparmor. dirs:
- install /etc/apparmor.d/tunables/ xdg-user- dirs.d
* debian/rules: delete upstream-provided xdg-user-dirs.d/ site.local
* debian/apparmor. postinst: create xdg-user- dirs.d/ site.local
* debian/apparmor. postrm: remove xdg-user-dirs.d
* Remaining patches:
- add-chromium-browser. patch
- add-debian-integration- to-lighttpd. patch
- ubuntu-manpage- updates. patch
- libapparmor-layout- deb.patch
- libapparmor-mention- dbus-method- in-getcon- man.patch
- etc-writable.patch
- aa-utils_are_bilingual. patch
* New patches:
- convert-to-rules. patch
- list-fns.patch
- parse-mode.patch
- add-decimal-interp. patch
- policy_mediates. patch
- fix-failpath.patch
- feature_file.patch
- fix-network.patch
- aare-to-class.patch
- add-mediation-unix.patch
- parser_version. patch
- caching.patch
- label-class.patch
- fix-lexer-debug.patch
- use-diff-encode. patch
- fix-serialize.patch
- fix-ppc-endian- ftbfs.patch
- opt_arg.patch
- tests-cond-dbus.patch
* Move manpages from libapparmor1 to libapparmor-dev
- debian/libapparmor- dev.manpages: install aa_change_hat.2,
aa_change_ profile. 2, aa_find_ mountpoint. 2, aa_getcon.2
- debian/control: libapparmor-dev Replaces: and Breaks: libapparmor1
* Move /usr/lib/python3/ dist-packages/ apparmor/ __init_ _.py from
apparmor-easyprof to python3-apparmor
- debian/control: python3-apparmor Breaks: apparmor-easyprof
- debian/apparmor- easyprof. install: remove
usr/lib/python* .*/site- packages/ apparmor*
* New profiles and abstractions:
- debian/apparmor. install: tunables/dovecot, tunables/ kernelvars,
tunables/xdg-user- dirs, tunables/ xdg-user- dirs.d - 68. By Tyler Hicks
-
[ Tyler Hicks ]
* 0084-parser-add-dbus- eavesdrop- perm.patch: Add an eavesdrop permission to
the dbus rule type, allowing confined applications to eavesdrop. The only
valid conditional for eavesdrop rules is 'bus'. See the apparmor.d(5) man
page for more information. (LP: #1262440)[ Steve Beattie ]
* 0085-push-normalize- tree-ops- into-expr- tree-classes. patch: Improve
parser performance in some cases[ John Johansen ]
* 0086-add-diff-state- compression- to-dfa. patch: Implement differential
state compression in the parser
* 0087-fix-dfa-minimizatio n.patch: Fix a parser bug that caused some DFAs to
not be fully minimized (LP: #1262938)
* 0088-fix-pol-generation- for-small- dfas.patch: Fixes bugs in the parser
when generating policy for some small DFAs - 67. By Tyler Hicks
-
[ Jan Rękorajski ]
* 0082-parser-fix-FTBFS- with-bison- 3.patch: Fix parser FTBFS with bison 3 [ Steve Beattie ]
* 0083-libapparmor-require- libtoolize. patch: Fix FTBFS by switching
the autogen.sh script to use libtoolize instead of libtool - 64. By Tyler Hicks
-
[ Tyler Hicks ]
* 0078-parser-check-for- dbus-kernel- support. patch: The parser should not
include D-Bus rules in the binary policy that it loads into the kernel if
the kernel does not support D-Bus rules (LP: #1231778)
* 0079-utils-ignore- unsupported- log-events. patch: aa-logprof should ignore
audit events that it does not yet support instead of treating them as
errors (LP: #1243932)
* 0080-tests-use-ldconfig- for-library- detection. patch: Fix libapparmor
detection in regression tests after the multiarch changes[ Jamie Strandboge ]
* 0081-python-abstraction- updates. patch: Add rules in support of Python 3.3 [ Chad Miller ]
* debian/patches/ 0001-add- chromium- browser. patch: Follow new chromium-browser
sandbox name. Keep old name for now to allow transition. LP: #1247269
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp://qastaging/ubuntu/vivid/apparmor