Package "apparmor"
| Name: |
apparmor
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description.
Description samples from packages in group:
- AppArmor easyprof profiling tool
- AppArmor debhelper routines
|
| Latest version: |
2.13.3-7ubuntu5.4 |
| Release: |
focal (20.04) |
| Level: |
updates |
| Repository: |
universe |
Links
Other versions of "apparmor" in Focal
Packages in group
Deleted packages are displayed in grey.
Changelog
|
apparmor (2.13.3-7ubuntu5.4) focal-security; urgency=medium
* SECURITY UPDATE: Excessive permissions with mount rules (LP: #1597017)
- d/p/CVE-2016-1585/parser-Fix-expansion-of-variables-in-unix-rules-addr.patch:
add calls to filter_slashes() in parser/af_unix.cc, make it external
in parser/parser.h and change it to void in parser/parser_regex.c.
- d/p/CVE-2016-1585/parser-enable-variable-expansion-for-mount-type-and-.patch:
add variable expansion with expand_entry_variables() in
parser/mount.cc.
- d/p/CVE-2016-1585/parser-call-filter-slashes-for-mount-conditionals.patch:
add calls to filter_slashes() in parser/mount.cc.
- d/p/CVE-2016-1585/Support-rule-qualifiers-in-regression-tests.patch:
update rule qualifiers in regression tests in
tests/regression/apparmor/mkprofile.pl and
tests/regression/apparmor/capabilities.sh.
- d/p/CVE-2016-1585/Merge-Fix-mount-rules-encoding.patch: fix mount
rules encoding in parser/mount.cc, parser/mount.h, parser/parser.h
and fix multiple test cases in parser/tst/simple_tests/mount/*.
- d/p/CVE-2016-1585/Merge-expand-mount-tests.patch: expand mount
regression tests in tests/regression/apparmor/Makefile,
tests/regression/apparmor/mount.c,
tests/regression/apparmor/mount.sh and
tests/regression/apparmor/mkprofile.pl.
- d/p/CVE-2016-1585/Merge-Issue-312-added-missing-kernel-mount-options.patch:
add missing kernel mount options flag in parser/apparmor.d.pod,
parser/mount.cc, parser/mount.h, tests/regression/apparmor/mount.sh
and parser/tst/simple_tests/mount/*.
- d/p/CVE-2016-1585/Merge-extend-test-profiles-for-mount.patch: update
test profiles in parser/tst/simple_tests/mount/*.
- d/p/CVE-2016-1585/Merge-parser-fix-parsing-of-source-as-mount-point-fo.patch:
update gen_policy_change_mount_type() in parser/mount.cc and also
updated tests on parser/tst/simple_tests/mount/* and
tests/regression/apparmor/mount.sh.
- d/p/CVE-2016-1585/parser-fix-rule-flag-generation-change_mount-type-ru.patch:
add device checks in gen_flag_rules() in parser/mount.cc and tests
in parser/tst/simple_tests/mount/*, parser/tst/equality.sh,
tests/regression/apparmor/mount.sh and
utils/test/test-parser-simple-tests.py.
- d/p/CVE-2016-1585/Fix-build-failure-in-df4ed537e-allow-reading-of-etc-.patch:
remove the WARN_DEPRECATED flag in pwarn call in parser/mount.cc.
- d/p/CVE-2016-1585/parser-Deprecation-warning-should-not-have-been-back.patch:
remove deprecation warning message in parser/mount.cc.
- CVE-2016-1585
-- Rodrigo Figueiredo Zaiden <email address hidden> Tue, 06 Mar 2024 15:40:00 -0300
|
| Source diff to previous version |
| 1597017 |
mount rules grant excessive permissions |
| CVE-2016-1585 |
In all versions of AppArmor mount rules are accidentally widened when compiled. |
|
|
apparmor (2.13.3-7ubuntu5.3build2) focal-security; urgency=medium
* No-change re-build upload for the focal-security pocket as part
of the preparation for addressing CVE-2016-1585 (LP: #1597017)
-- Steve Beattie <email address hidden> Tue, 27 Aug 2024 14:51:30 -0700
|
| Source diff to previous version |
| 1597017 |
mount rules grant excessive permissions |
| CVE-2016-1585 |
In all versions of AppArmor mount rules are accidentally widened when compiled. |
|
|
apparmor (2.13.3-7ubuntu5.3) focal; urgency=medium
* apparmor.preinst: recursively remove cache directories during a
upgrade. (LP: #2032851)
-- Georgia Garcia <email address hidden> Tue, 10 Oct 2023 09:20:12 -0300
|
| Source diff to previous version |
| 2032851 |
package apparmor 2.12-4ubuntu5.3 failed to install/upgrade: new apparmor package pre-installation script subprocess returned error exit status 1 |
|
|
apparmor (2.13.3-7ubuntu5.2) focal; urgency=medium
* Add capability upstream patches to fix LP: #1964636
- u/cap1-Generate-CAPABILITIES-in-a-script-due-to-make-4.3.patch: move
code that generates a list of capabilities to a script in common/
- u/cap2-parser-Move-to-a-pre-generated-cap_names.h.patch: use a
pre-generated list of capabilities so that all capabilities are
supported even when building against older kernels.
- u/cap3-parser-cleanup-capability_table-generation-by-droppi.patch: drop
sys_log static declaration because it's already in the generated list.
- u/cap4-parser-unify-capability-name-handling.patch: drop internal
hardcoded capability table.
- u/cap5-parser-Makefile-use-LC_ALL-C-when-invoking-sed.patch: use
LC_ALL=C when invoking sed.
- u/cap6-parser-Add-warning-to-capability_table-about-the-nee.patch: add
warning to capability_table about the need to update the Makefile.
- u/cap7-Add-CAP_BPF-and-CAP_PERFMON-to-severity.db.patch: add
support for cap_bpf and cap_perfmon
- u/cap8-parser-Makefile-fix-generated-cap-comparison-against.patch: fix
generated cap comparison against known list
* Add upstream patches for abi support. LP: #1728130
- u/abi1-parser-feature-abi-setup-parser-to-intersect-policy-.patch: add
the ability to intersect parser and kernel features in the parser.
- u/abi2-parser-add-basic-support-for-feature-abis.patch: add support
to specify a feature abi.
- u/abi3-pin-abi-2.13.patch: add and pin a policy abi for 2.13
- u/abi4-parser-fix-abi-rule-and-pinned-feature-file-interact.patch: fix
abi rule and pinned feature file interaction
- apparmor.install: add 2.13 abi file to be installed in /etc/apparmor.d/abi/
* Add mqueue patches. LP: #1993353
- u/mqueue1-parser-add-parser-support-for-message-queue-mediatio.patch:
add parser support for mqueue mediation
- u/mqueue2-tests-add-posix-message-queue-regression-tests.patch: add
posix mqueue regression tests
- u/mqueue3-utils-add-message-queue-rules-parsing-in-python-tool.patch:
add support in python tools to parse mqueue rules
- u/mqueue4-parser-add-parser-simple-tests-for-mqueue-rules.patch: add
parser simple tests for mqueue
- u/mqueue5-parser-place-perm-on-name-as-well-as-name-label-comb.patch:
add permissions on name and also on name + label
- u/mqueue6-libapparmor-add-support-for-requested-and-denied-on-.patch:
add parsing support for "denied" and "requested" from audit logs
- u/mqueue7-libapparmor-add-support-for-class-in-logparsing.patch: add
parsing support for "class" from audit logs
- u/mqueue8-utils-add-logparser-support-for-mqueue.patch: add logparser
support for mqueue rules
- u/mqueue9-tests-add-sysv-message-queue-regression-tests.patch: add
sysv mqueue regression tests
- u/mqueue10-parser-enable-mqueue-rules-when-abi-is-not-set.patch:
override pinned features for mqueue rules when abi is not set in policy.
- debian/rules: create mqueue testcase empty files for libapparmor tests.
* Closes LP: #1994146
-- Georgia Garcia <email address hidden> Mon, 10 Oct 2022 17:52:45 -0300
|
| Source diff to previous version |
| 1964636 |
Incorrect handling of apparmor `bpf` capability |
| 1728130 |
Policy needs improved feature versioning to ensure it is correctly being applied |
| 1993353 |
Add posix message queue IPC mediation |
| 1994146 |
[SRU] apparmor - Focal, Jammy |
|
|
apparmor (2.13.3-7ubuntu5.1) focal-proposed; urgency=medium
* upstream-lp1872564.patch: adjust nameservice abstraction for nss-systemd
- LP: #1872564
-- Jamie Strandboge <email address hidden> Tue, 19 May 2020 16:59:49 +0000
|
| 1872564 |
/proc/sys/kernel/random/boot_id rule missing from abstractions/nameservice |
|
About
-
Send Feedback to @ubuntu_updates
