-
Tyler Hicks authored
- Allow Apache prefork profile to chown(2) files (LP: #1210514) - Allow deluge-gtk and deluge-console to handle torrents opened in browsers (LP: #1501913) - Allow file accesses needed by some programs using libnl-3-200 (Closes: #810888) - Allow file accesses needed on systems that use NetworkManager without resolvconf (Closes: #813835) - Adjust aa-status(8) to work without python3-apparmor (LP: #1480492) - Fix aa-logprof(8) crash when operating on files containing multiple profiles with certain rules (LP: #1528139) - Fix log parsing crashes, in the Python utilities, caused by certain file related events (LP: #1525119, LP: #1540562) - Fix log parsing crasher, in the Python utilities, caused by certain change_hat events (LP: #1523297) - Improve Python 2 support of the utils by fixing an aa-logprof(8) crasher when Python 3 is not available (LP: #1513880) - Send aa-easyprof(8) error messages to stderr instead of stdout (LP: #1521400) - Fix aa-autodep(8) failure when the shebang line of a script contained parameters (LP: #1505775) - Don't depend on the system logprof.conf when running utils/ build tests (LP: #1393979) - Fix apparmor_parser(8) bugs when parsing profiles that use policy namespaces in the profile declaration or profile transition targets (LP: #1540666, LP: #1544387) - Regression fix for apparmor_parser(8) bug that resulted in the --namespace-string commandline option being ignored causing profiles to be loaded into the root policy namespace (LP: #1526085) - Fix crasher regression in apparmor_parser(8) when the parser was asked to process a directory (LP: #1534405) - Fix bug in apparmor_parser(8) to honor the specified bind flags remount rules (LP: #1272028) - Support tarball generation for Coverity scans and fix a number of issues discovered by Coverity - Fix regression test failures on s390x systems (LP: #1531325) - Adjust expected errno values in changeprofile regression test (LP: #1559705) - The Python utils gained support for ptrace and signal rules - aa-exec(8) received a rewrite in C - apparmor_parser(8) gained support for stacking multiple profiles, as supported by the Xenial kernel (LP: #1379535) - libapparmor gained new public interfaces, aa_stack_profile(2) and aa_stack_onexec(2), allowing applications to utilize the new kernel stacking support (LP: #1379535) * Drop the following patches since they've been incorporated upstream: - aa-status-dont_require_python3-apparmor.patch - r3209-dnsmasq-allow-dash - r3227-locale-indep-capabilities-sorting.patch - r3277-update-python-abstraction.patch - r3366-networkd.patch, - tests-fix_sysctl_test.patch - parser-fix-cache-file-mtime-regression.patch - parser-verify-cache-file-mtime.patch - parser-run-caching-tests-without-apparmorfs.patch - parser-do-cleanup-when-test-was-skipped.patch - parser-allow-unspec-in-network-rules.patch * debian/rules, debian/apparmor.install, debian/apparmor.manpages: Update for new upstream binutils directory and aa-enabled binary - Continue installing aa-exec into /usr/sbin/ for now since click-apparmor's aa-exec-click autopkgtest expects it to be there * debian/libapparmor-dev.manpages: Include the new aa_stack_profile.2 man page * debian/patches/r3424-nscd-profile-allow-paranoia-mode.patch: Allow file access needed for nscd's paranoia mode * debian/patches/r3425-adjust-stacking-tests-version-check.patch: Adjust the regression test build time checks, for libapparmor stacking support, to look for the 2.10.95 versioning rather than 2.11 * debian/patches/r3426-allow-debugedit-to-work-on-apparmor-parser.patch: Remove extra slash in the parser Makefile so that debugedit(8) can work on apparmor_parser(8) (LP: #1561939) * debian/patches/allow-stacking-tests-to-use-system.patch: Adjust the file rules of the new stacking tests so that the generated profiles allow the system binaries and libraries to be tested * debian/libapparmor1.symbols: update symbols file for added symbols in libapparmor5f58d7f1