« back to all changes in this revision
Viewing changes to utils/aa-mergeprof
- Committer: Jamie Strandboge
- Date: 2016-01-05 19:14:44 UTC
- Revision ID: jamie@ubuntu.com-20160105191444-4cxbegq4ru62ri2n
* debian/patches/lp1529074.patch: for systems using networkd, add read on
/run/systemd/resolve/resolv.conf (LP: #1529074)
* No change rebuild for perl 5.22
* debian/patches/fix-abstraction-for-python3.5.patch: adjust python
abstraction for python 3.5
* debian/apparmor.init,apparmor.upstart: clear only the system cache if
apparmor version has changed on snappy flavors since snappy will handle
the app's cache itself
* debian/lib/apparmor/functions:
- compile /var/lib/snappy/apparmor/profiles policy
- add compare_previous_version()
- refactor clear_cache()
- compare_and_save_debsums() checks if $PROFILES_VAR exists
* debian/libapparmor-dev.manpages: add 5 missing libapparmor manpages
(LP: #1491147, LP: #1384431)
* Rebuild against python3.5.
* debian/patches/parser-fix-cache-file-mtime-regression.patch: Fix a bug
that resulted in the mtime of generate policy cache files to be set
incorrectly. The mtime of cache files should be the newest mtime detected
on the profile and abstraction files used to generate the policy cache
file. However, the bug caused the mtime of the policy cache file to either
not be updated or to be updated to an incorrect time. (LP: #1484178)
* debian/patches/parser-verify-cache-file-mtime.patch: Add tests to verify
that the policy cache file's mtime is being set correctly and that cache
handling is correct when the profile or abstraction files are newer than
the policy cache file.
* debian/patches/parser-run-caching-tests-without-apparmorfs.patch,
debian/patches/parser-do-cleanup-when-test-was-skipped.patch: Enable the
caching tests to run on the buildds even though apparmorfs isn't mounted.
* debian/patches/aa-status-dont_require_python3-apparmor.patch:
make aa-status(8) work even when python3-apparmor is not installed,
otherwise dh_apparmor postinst snippets can fail (LP: #1480492)
* debian/control: make apparmor-utils depend on the same package
version of python3-apparmor
* Update to apparmor 2.10
- libapparmor added functions to ease loading profile cache files to
help support systemd on-demand load of policy (LP: #1385414)
- apparmor parser: fixed policy generation to allow matching
embedded NULs in abstract unix socket names (LP: #1413410)
- aa-status: don't traceback when not permitted to read current
set of apparmor policy (LP: #1466768)
- aa-logprof: don't crash on policies that have an #include of a
directory (LP: #1471425)
- aa-logprof: fix crash when network rejections occur when file
operations are performed on network sockets (LP: #1466812)
* dropped reproducible-pdf.patch, incorporated upstream
* debian/patches/tests-fix_sysctl_test.patch: fix sysctl test failure
with 4.1 kernel and newer.
* debian/control: add alternate dependency on linux-initramfs-tool
(LP: #1109029)
* debian/libapparmor1.symbols: update symbols file for added symbols
in libapparmor
* No-change rebuild for python3.5 transition
* Update to apparmor 2.9.2
- Fix minitools to work with multiple profiles at once (LP: #1378095)
- Parse mounts that have non-ascii UTF-8 chars (LP: #1310598)
- Update dovecot profiles (LP: #1296667)
- Allow ubuntu-helpers to build texlive fonts (LP: #1010909)
* dropped patches incorporated upstream:
add-mir-abstraction-lp1422521.patch, systemd-dev-log-lp1413232.patch
parser-fix_modifier_compilation_+_tests.patch,
tests-fix_systemd_breakage_in_pivot_root-lp1436109.patch,
GDM_X_authority-lp1432126.patch, and
debian/patches/easyprof-framework-policy.patch
* Partial merge with debian apparmor package:
- debian/rules: enable the bindnow hardening flag during build.
- debian/upstream/signing-key.asc: add new upstream public
signing key
- debian/watch: fix watch file, add gpg signature checking
- install libapparmor.so dev symlink under /usr not /lib
- debian/patches/reproducible-pdf.patch: make techdoc.pdf
reproducible even in face of timezone variations.
- debian/control: sync fields
- debian/debhelper/postrm-apparmor: remove
/etc/apparmor.d/{disable,} on package purge
- debian/libapache2-mod-apparmor.postrm: on package purge, delete
/etc/apparmor.d/{,disable} if empty
- debian/libapparmor1.symbols: Use Build-Depends-Package in the
symbols file.
- debian/copyright: sync
* Make debian/lib/apparmor/profile-load executable.
/run/systemd/resolve/resolv.conf (LP: #1529074)
* No change rebuild for perl 5.22
* debian/patches/fix-abstraction-for-python3.5.patch: adjust python
abstraction for python 3.5
* debian/apparmor.init,apparmor.upstart: clear only the system cache if
apparmor version has changed on snappy flavors since snappy will handle
the app's cache itself
* debian/lib/apparmor/functions:
- compile /var/lib/snappy/apparmor/profiles policy
- add compare_previous_version()
- refactor clear_cache()
- compare_and_save_debsums() checks if $PROFILES_VAR exists
* debian/libapparmor-dev.manpages: add 5 missing libapparmor manpages
(LP: #1491147, LP: #1384431)
* Rebuild against python3.5.
* debian/patches/parser-fix-cache-file-mtime-regression.patch: Fix a bug
that resulted in the mtime of generate policy cache files to be set
incorrectly. The mtime of cache files should be the newest mtime detected
on the profile and abstraction files used to generate the policy cache
file. However, the bug caused the mtime of the policy cache file to either
not be updated or to be updated to an incorrect time. (LP: #1484178)
* debian/patches/parser-verify-cache-file-mtime.patch: Add tests to verify
that the policy cache file's mtime is being set correctly and that cache
handling is correct when the profile or abstraction files are newer than
the policy cache file.
* debian/patches/parser-run-caching-tests-without-apparmorfs.patch,
debian/patches/parser-do-cleanup-when-test-was-skipped.patch: Enable the
caching tests to run on the buildds even though apparmorfs isn't mounted.
* debian/patches/aa-status-dont_require_python3-apparmor.patch:
make aa-status(8) work even when python3-apparmor is not installed,
otherwise dh_apparmor postinst snippets can fail (LP: #1480492)
* debian/control: make apparmor-utils depend on the same package
version of python3-apparmor
* Update to apparmor 2.10
- libapparmor added functions to ease loading profile cache files to
help support systemd on-demand load of policy (LP: #1385414)
- apparmor parser: fixed policy generation to allow matching
embedded NULs in abstract unix socket names (LP: #1413410)
- aa-status: don't traceback when not permitted to read current
set of apparmor policy (LP: #1466768)
- aa-logprof: don't crash on policies that have an #include of a
directory (LP: #1471425)
- aa-logprof: fix crash when network rejections occur when file
operations are performed on network sockets (LP: #1466812)
* dropped reproducible-pdf.patch, incorporated upstream
* debian/patches/tests-fix_sysctl_test.patch: fix sysctl test failure
with 4.1 kernel and newer.
* debian/control: add alternate dependency on linux-initramfs-tool
(LP: #1109029)
* debian/libapparmor1.symbols: update symbols file for added symbols
in libapparmor
* No-change rebuild for python3.5 transition
* Update to apparmor 2.9.2
- Fix minitools to work with multiple profiles at once (LP: #1378095)
- Parse mounts that have non-ascii UTF-8 chars (LP: #1310598)
- Update dovecot profiles (LP: #1296667)
- Allow ubuntu-helpers to build texlive fonts (LP: #1010909)
* dropped patches incorporated upstream:
add-mir-abstraction-lp1422521.patch, systemd-dev-log-lp1413232.patch
parser-fix_modifier_compilation_+_tests.patch,
tests-fix_systemd_breakage_in_pivot_root-lp1436109.patch,
GDM_X_authority-lp1432126.patch, and
debian/patches/easyprof-framework-policy.patch
* Partial merge with debian apparmor package:
- debian/rules: enable the bindnow hardening flag during build.
- debian/upstream/signing-key.asc: add new upstream public
signing key
- debian/watch: fix watch file, add gpg signature checking
- install libapparmor.so dev symlink under /usr not /lib
- debian/patches/reproducible-pdf.patch: make techdoc.pdf
reproducible even in face of timezone variations.
- debian/control: sync fields
- debian/debhelper/postrm-apparmor: remove
/etc/apparmor.d/{disable,} on package purge
- debian/libapache2-mod-apparmor.postrm: on package purge, delete
/etc/apparmor.d/{,disable} if empty
- debian/libapparmor1.symbols: Use Build-Depends-Package in the
symbols file.
- debian/copyright: sync
* Make debian/lib/apparmor/profile-load executable.
- debian/upstream
- parser/tst/simple_tests/bare_include_tests
- parser/tst/simple_tests/bare_include_tests/ignored_suffix
- parser/tst/simple_tests/bare_include_tests/ignored_suffix_2
- utils/apparmor/rule
- files removed:
- debian/patches/GDM_X_authority-lp1432126.patch
- files modified:
- Makefile
- debian/lib/apparmor/profile-load *
added
removed
utils/aa-mergeprof
