apparmor (3.0.4-2ubuntu2.4) jammy-security; urgency=medium
* SECURITY UPDATE: Excessive permissions with mount rules (LP: #1597017)
- d/p/CVE-2016-1585/Merge-Fix-mount-rules-encoding.patch: fix mount
rules encoding in parser/mount.cc, parser/mount.h, parser/parser.h
and fix multiple test cases in parser/tst/simple_tests/mount/*.
- d/p/CVE-2016-1585/Support-rule-qualifiers-in-regression-tests.patch:
update rule qualifiers in regression tests in
tests/regression/apparmor/mkprofile.pl and
tests/regression/apparmor/capabilities.sh.
- d/p/CVE-2016-1585/Merge-expand-mount-tests.patch: expand mount
regression tests in tests/regression/apparmor/mount.c,
tests/regression/apparmor/mount.sh and
tests/regression/apparmor/mkprofile.pl.
- d/p/CVE-2016-1585/Check-for-newer-mount-options-in-regression-test.patch:
add check for newer mount options in regression tests in
tests/regression/apparmor/Makefile, tests/regression/apparmor/mount.c
and tests/regression/apparmor/mount.sh.
- d/p/CVE-2016-1585/Merge-Issue-312-added-missing-kernel-mount-options.patch:
add missing kernel mount options flag in parser/apparmor.d.pod,
parser/mount.cc, parser/mount.h, tests/regression/apparmor/mount.sh
and parser/tst/simple_tests/mount/*.
- d/p/CVE-2016-1585/Merge-extend-test-profiles-for-mount.patch: update
test profiles in parser/tst/simple_tests/mount/*.
- d/p/CVE-2016-1585/Merge-parser-fix-parsing-of-source-as-mount-point-fo.patch:
update gen_policy_change_mount_type() in parser/mount.cc and also
updated tests on parser/tst/simple_tests/mount/* and
tests/regression/apparmor/mount.sh.
- d/p/CVE-2016-1585/parser-Deprecation-warning-should-not-have-been-back.patch:
remove deprecation warning message in parser/mount.cc.
- d/p/CVE-2016-1585/parser-fix-rule-flag-generation-change_mount-type-ru.patch:
add device checks in gen_flag_rules() in parser/mount.cc and tests
in parser/tst/simple_tests/mount/*, parser/tst/equality.sh,
tests/regression/apparmor/mount.sh and
utils/test/test-parser-simple-tests.py.
- CVE-2016-1585
-- Rodrigo Figueiredo Zaiden <rodrigo.zaiden@canonical.com> Tue, 06 Mar 2024 15:35:00 -0300
apparmor (3.0.4-2ubuntu2.3) jammy; urgency=medium
* Add support for applications like evince opening browsers
distributed as snaps (LP: #1794064)
- d/p/u/add-snap-browsers-profile-lp1794064.patch: add
a snap-browsers abstraction profile to let applications like
evince spawn browsers distributed as snaps
- d/p/u/update-snap-browsers-permissions-lp1794064.patch: update
snap-browsers abstraction with missing permissions
-- Georgia Garcia <georgia.garcia@canonical.com> Mon, 05 Jun 2023 15:58:43 -0300
apparmor (3.0.4-2ubuntu2.2) jammy; urgency=medium
* Add mqueue patches. LP: #1993353
- u/mqueue1-parser-add-parser-support-for-message-queue-mediatio.patch:
add parser support for mqueue mediation
- u/mqueue2-tests-add-posix-message-queue-regression-tests.patch: add
posix mqueue regression tests
- u/mqueue3-utils-add-message-queue-rules-parsing-in-python-tool.patch:
add support in python tools to parse mqueue rules
- u/mqueue4-parser-add-parser-simple-tests-for-mqueue-rules.patch: add
parser simple tests for mqueue
- u/mqueue5-parser-Add-a-set-of-debug-flags-that-can-be-passed-t.patch:
add debug flags that can be passed to the kernel
- u/mqueue6-parser-Set-the-DEBUG1-flag-on-profiles-that-use-mque.patch:
set DEBUG1 on mqueue rules
- u/mqueue7-parser-place-perm-on-name-as-well-as-name-label-comb.patch:
add permissions on name and also on name + label
- u/mqueue8-libapparmor-add-support-for-requested-and-denied-on-.patch:
add parsing support for "denied" and "requested" from audit logs
- u/mqueue9-libapparmor-add-support-for-class-in-logparsing.patch: add
parsing support for "class" from audit logs
- u/mqueue10-utils-add-logparser-support-for-mqueue.patch: add logparser
support for mqueue rules
- u/mqueue11-tests-add-sysv-message-queue-regression-tests.patch: add
sysv mqueue regression tests
- debian/rules: create mqueue testcase empty files for libapparmor tests.
* Closes LP: #1994146
-- Georgia Garcia <georgia.garcia@canonical.com> Wed, 19 Oct 2022 11:52:00 -0300
apparmor (3.0.4-2ubuntu2.1) jammy; urgency=medium
* Add upstream commit to remove dbus deny rule from exo-open abstraction
to fix evince startup (LP: #1969896)
- d/p/u/abstraction-exo-open-Remove-dbus-deny-rule.patch
-- Alex Murray <alex.murray@canonical.com> Tue, 21 Jun 2022 14:16:01 +0930
apparmor (3.0.4-2ubuntu2) jammy; urgency=medium
* Update abstractions/nss-systemd to add support for systemd-machined
(LP: #1964325)
- d/p/u/ubuntu/abstractions-nss-systemd-Allow-access-for-systemd-ma.patch
* Drop unnecessary libnss-systemd patch as this is already present in
the nss-systemd abstraction
- d/p/u/libnss-systemd.patch (dropped)
-- Alex Murray <alex.murray@canonical.com> Thu, 10 Mar 2022 12:05:06 +1030
apparmor (3.0.4-2ubuntu1) jammy; urgency=medium
* Merge from Debian unstable; remaining changes:
- Ubuntu specific changes:
- d/p/u/communitheme-snap-support.patch
- d/p/u/enable-pinning-of-pre-AppArmor-3.x-poli.patch
- d/p/u/libnss-systemd.patch
- d/p/u/mimeinfo-snap-support.patch
- d/p/u/profiles-grant-access-to-systemd-resolved.patch
- d/p/u/regression-tests-fix-aa_policy_cache-when-using-syst.patch
- d/p/u/samba-systemd-interaction.patch
- d/{control,gbp.conf}:
- Update Vcs / git branch for ubuntu
- d/apparmor.install:
- Disable debian feature pinning
- d/rules:
- Disable lto builds
* Dropped changes:
- d/p/ubuntu/fix-test-aa-notify.patch
-- Alex Murray <alex.murray@canonical.com> Thu, 24 Feb 2022 12:05:11 +1030
apparmor (3.0.4-2) unstable; urgency=medium
* Add upstream commit that makes the test suite compatible with Python 3.10
-- intrigeri <intrigeri@debian.org> Wed, 23 Feb 2022 09:48:59 +0000
apparmor (3.0.4-1ubuntu1) jammy; urgency=medium
* Merge from Debian unstable; remaining changes:
- Drop the following patches that have been included in the upstream
release or which Debian has also included:
- d/p/ubuntu/adjust-for-ibus-1.5.22.patch
- d/p/ubuntu/0011-add-mctp-network-protocol.patch
- Refresh
d/p/regression-tests-fix-aa_policy_cache-when-using-syst.patch to the
official version from upstream
- d/p/u/samba-systemd-interaction.patch: allow smbd to interact with
systemd
- d/p/u/libnss-systemd.patch: allow accessing the libnss-systemd
VarLink sockets and DBus APIs
- Disable lto builds
- Fix autotest test-aa-notify.py
- d/p/ubuntu/fix-test-aa-notify.patch
- Drop outdated lintian-overrides
-- Alex Murray <alex.murray@canonical.com> Tue, 22 Feb 2022 10:13:44 +1030
apparmor (3.0.4-1) unstable; urgency=medium
* New upstream release
* apparmor-profiles: install new samba-bgqd profile
* Drop backported patches that are now obsolete
* debian/allow-access-to-ibus-socket.patch: drop support for pre-Bullseye
ibus path
* Declare compliance with Policy 4.6.0.1
* Drop XS- prefix for adopted Python-Version control field
* Add new symbols
-- intrigeri <intrigeri@debian.org> Sat, 12 Feb 2022 12:34:23 +0000
apparmor (3.0.3-6) unstable; urgency=medium
* debian/rules: let "set -e" take effect (Closes: #998843)
* Add support for Python 3.10 (Closes: #998686):
- upstream-ab4cfb5e-replace-distutils-with-setuptools.patch: new patch,
edited to drop changes to upstream .gitignore.
- Add build-dependency on python3-setuptools
-- intrigeri <intrigeri@debian.org> Thu, 18 Nov 2021 09:15:55 +0000
# For older changelog entries, run 'apt-get changelog apparmor'
Generated by dwww version 1.14 on Fri Jan 24 21:00:41 CET 2025.