1483
|
|
|
Steve Langasek |
|
10 years ago
|
|
|
1482
|
|
|
Steve Langasek |
|
10 years ago
|
|
|
1481
|
|
|
Jamie Strandboge |
2.8.0-0ubuntu32 |
10 years ago
|
|
|
1480
|
|
|
Jamie Strandboge |
2.8.0-0ubuntu31 |
10 years ago
|
|
|
1479
|
|
Bring tree up to date with 2.8.0-0ubuntu30
[ Tyler Hicks ] * debian/patches/0059-dbus-rules-for-dbus-abstractions.patch: Add an abstraction for the accessibility bus. It is currently very permissive, like the dbus and dbus-session abstractions, and grants all permissions on the accessibility bus. (LP: #1226141) * debian/patches/0071-lp1226356.patch: Fix issues in parsing D-Bus and mount rules. Both rule classes suffered from unexpected auditing behavior when using the 'deny' and 'audit deny' rule modifiers. The 'deny' modifier resulting in accesses being audited and the 'audit deny' modifier resulting in accesses not being audited. (LP: #1226356) * debian/patches/0072-lp1229393.patch: Fix cache location for .features file, which was not being written to the proper location if the parameter --cache-loc= is passed to apparmor_parser. This bug resulted in using the .features file from /etc/apparmor.d/cache or always recompiling policy. Patch thanks to John Johansen. (LP: #1229393) * debian/patches/0073-lp1208988.patch: Update AppArmor file rules of UNIX domain sockets to include read and write permissions. Both permissions are required when a process connects to a UNIX domain socket. Also include new tests for mediation of UNIX domain sockets. Thanks to Jamie Strandboge for helping with the policy updates and testing. (LP: #1208988) * debian/patches/0075-lp1211380.patch: Adjust the audio abstraction to only grant access to specific pulseaudio files in the pulse runtime directory to remove access to potentially dangerous files (LP: #1211380) [ Jamie Strandboge ] * debian/patches/0074-lp1228882.patch: typo in ubuntu-browsers.d/multimedia (LP: #1228882) * 0076_sanitized_helper_dbus_access.patch: allow applications run under sanitized_helper to connect to DBus * Add 0070-etc-writable.patch: Allow reading time configuration from /etc/writable, as we have it on the phone. (LP: #1227520) [ Tyler Hicks ] * Move the aa-exec man page out of apparmor-utils into apparmor, since aa-exec is now in apparmor - debian/control: adjust Breaks/Replaces to use apparmor-utils (<< 2.8.0-0ubuntu28) - debian/apparmor.manpages: install the aa-exec man page - debian/apparmor-utils.manpages: don't install the aa-exec man page * debian/patches/0065-lp1220861.patch: Always NUL-terminate confinement context strings returned from libapparmor (LP: #1220861) * debian/patches/0066-lp1196880.patch: Don't assign mode pointer in aa_getprocattr() if caller passed in NULL (LP: #1196880) * debian/patches/0067-libapparmor-mode-strings-are-not-to-be-freed.patch: Update man page and code comments to make it clear that freeing the *con string returned from libapparmor's getcon functions also frees the *mode string * debian/patches/0068-libapparmor-mention-dbus-method-in-getcon-man.patch: Document the D-Bus method, in the aa_getcon man page, that returns the AppArmor task confinement string of a D-Bus connection [ Jamie Strandboge ] * debian/patches/0069-p11kit-abstraction.patch: p11-kit needs access to /usr/share/p11-kit/modules * debian/apport/source_apparmor.py: AppArmor logs DBus messages to syslog, adjust apport hook to also search there for denials * debian/patches/0064-lp1218099.patch: add support for variable expansion in dbus rules (LP: #1218099) [ Tyler Hicks ] * Add support for mediation of D-Bus messages and services. AppArmor D-Bus rules are described in the apparmor.d(5) man page. dbus-daemon will use libapparmor to perform queries against the AppArmor policies to determine if a connection should be able to send messages to another connection, if a connection should be able to receive messages from another connection, and if a connection should be able to bind to a well-known name. - 0042-Fix-mount-rule-preprocessor-output.patch, 0043-libapparmor-Safeguard-aa_getpeercon-buffer-reallocat.patch, 0044-libapparmor-fix-return-value-of-aa_getpeercon_raw.patch, 0045-libapparmor-Move-mode-parsing-into-separate-function.patch, 0046-libapparmor-Parse-mode-from-confinement-string-in-ge.patch, 0047-libapparmor-Make-aa_getpeercon_raw-similar-to-aa_get.patch, 0048-libapparmor-Update-aa_getcon-man-page-to-reflect-get.patch: Backport parser and libapparmor pre-requisites for D-Bus mediation - 0049-parser-Update-man-page-for-DBus-rules.patch: Update apparmor.d man page - 0050-parser-Add-support-for-DBus-rules.patch, 0051-parser-Regression-tests-for-DBus-rules.patch, 0052-parser-Binary-profile-equality-tests-for-DBus-rules.patch: Add apparmor_parser support for D-Bus mediation rules - 0053-libapparmor-Export-a-label-based-query-interface.patch, debian/libapparmor1.symbols: Provide the libapparmor interface necessary for trusted helpers to make security decisions based upon AppArmor policy - 0054-libaalogparse-Parse-dbus-daemon-audit-messages.patch, 0055-libaalogparse-Regression-tests-for-dbus-daemon-audit.patch: Allow applications to parse denials, generated by dbus-daemon, using libaalogparse and add a set of regression tests - 0056-tests-Add-an-optional-final-check-to-checktestfg.patch, 0057-tests-Add-required-features-check.patch, 0058-tests-Add-regression-tests-for-dbus.patch: Add regression tests which start their own dbus-daemon, load profiles containing D-Bus rules, and confine simple D-Bus service and client applications - 0059-dbus-rules-for-dbus-abstractions.patch: Add bus-specific, but otherwise permissive, D-Bus rules to the dbus and dbus-session abstractions. Confined applications that use D-Bus should already be including these abstractions in their profiles so this should be a seamless transition for those profiles. * 0060-utils-make_clean_fixup.patch: Clean up the Python cache in the AppArmor tests directory * 0061-profiles-dnsmasq-needs-dbus-abstraction.patch: Dnsmasq uses the system D-Bus when it is started with --enable-dbus, so its AppArmor profile needs to include the system bus abstraction * 0062-fix-clone-test-on-arm.patch: Fix compiler error when building regression tests on ARM * 0063-utils-ignore-unsupported-rules.patch: Utilities that use the Immunix::AppArmor perl module, such as aa-logprof and aa-genprof, error out when they encounter rules unsupported by the perl module. This patch ignores unsupported rules. [ Jamie Strandboge ] * debian/control: don't have easyprof Depends on apparmor-easyprof-ubuntu * 0040-libapparmor-support-pkg-config.patch: Make it easier for other sources to build against libapparmor with pkg-config - debian/control: Add pkg-config as a Build-Depends - debian/libapparmor-dev.install: Install libapparmor pkg-config file * 0041-parser-fix-flags.patch: Minimal fix for cache failures when the feature file is larger than the feature buffer used for cache version comparison * debian/patches/0038-lp1200392.patch: allow mmap of fglrx dri libraries (LP: #1200392) * debian/patches/0039-fix-parser-cache-loc.patch: fix apparmor cache tempfile location to use passed arg * debian/lib/apparmor/functions: update to also load from /var/lib/apparmor/profiles and write cache to /var/cache/apparmor * debian/apparmor.dirs: create /var/cache/apparmor and /var/lib/apparmor/profiles
|
Jamie Strandboge |
2.8.0-0ubuntu30 |
10 years ago
|
|
|
1478
|
|
|
jdstrand |
2.8.0-0ubuntu22 |
10 years ago
|
|
|
1477
|
|
|
jdstrand |
2.8.0-0ubuntu21 |
10 years ago
|
|
|
1476
|
|
|
jdstrand |
2.8.0-0ubuntu11 |
10 years ago
|
|
|
1475
|
|
|
Jamie Strandboge |
|
11 years ago
|
|
|
1474
|
|
|
Jamie Strandboge |
|
11 years ago
|
|
|
1473
|
|
|
Jamie Strandboge |
|
11 years ago
|
|
|
1472
|
|
|
Dmitrijs Ledkovs |
2.8.0-0ubuntu6 |
11 years ago
|
|
|
1471
|
|
|
Dmitrijs Ledkovs |
|
11 years ago
|
|
|
1470
|
|
|
Jamie Strandboge |
|
11 years ago
|
|
|
1469
|
|
|
Micah Gersten |
|
11 years ago
|
|
|
1468
|
|
|
Micah Gersten |
|
11 years ago
|
|
|
1467
|
|
|
Micah Gersten |
|
11 years ago
|
|
|
1466
|
|
|
Stéphane Graber |
2.8.0-0ubuntu4 |
11 years ago
|
|
|
1465
|
|
|
Stéphane Graber |
|
11 years ago
|
|
|
1464
|
|
|
Jamie Strandboge |
|
11 years ago
|
|
|