Package "apparmor"

  apparmor (2.10.95-0ubuntu2) xenial; urgency=medium

  * debian/patches/r3435-allow-dnsmasq-access-to-lxd-bridge.patch: Grant
    access to the new default bridge configuration in LXD 2.0.0 (LP: #1566944)
  * debian/patches/r3437-add-attach-disconnected-to-dnsmasq.patch: Add the
    attach_disconnected flag to the dnsmasq profile in order to prevent a
    disconnected path denial triggered by the latest network-manager upload
    (LP: #1569316)
  * debian/lib/apparmor/functions: Reference the new path used for snapd
    AppArmor profiles to fix a bug which left those profiles unloaded after
    booting (LP: #1569573)

 -- Tyler Hicks <email address hidden> Tue, 12 Apr 2016 16:59:46 -0500

  apparmor (2.10.95-0ubuntu1) xenial; urgency=medium

  * Update to apparmor 2.10.95 (2.11 Beta 1) (LP: #1561762)
    - Allow Apache prefork profile to chown(2) files (LP: #1210514)
    - Allow deluge-gtk and deluge-console to handle torrents opened in
      browsers (LP: #1501913)
    - Allow file accesses needed by some programs using libnl-3-200
      (Closes: #810888)
    - Allow file accesses needed on systems that use NetworkManager without
      resolvconf (Closes: #813835)
    - Adjust aa-status(8) to work without python3-apparmor (LP: #1480492)
    - Fix aa-logprof(8) crash when operating on files containing multiple
      profiles with certain rules (LP: #1528139)
    - Fix log parsing crashes, in the Python utilities, caused by certain file
      related events (LP: #1525119, LP: #1540562)
    - Fix log parsing crasher, in the Python utilities, caused by certain
      change_hat events (LP: #1523297)
    - Improve Python 2 support of the utils by fixing an aa-logprof(8) crasher
      when Python 3 is not available (LP: #1513880)
    - Send aa-easyprof(8) error messages to stderr instead of stdout
      (LP: #1521400)
    - Fix aa-autodep(8) failure when the shebang line of a script contained
      parameters (LP: #1505775)
    - Don't depend on the system logprof.conf when running utils/ build tests
      (LP: #1393979)
    - Fix apparmor_parser(8) bugs when parsing profiles that use policy
      namespaces in the profile declaration or profile transition targets
      (LP: #1540666, LP: #1544387)
    - Regression fix for apparmor_parser(8) bug that resulted in the
      --namespace-string commandline option being ignored causing profiles to
      be loaded into the root policy namespace (LP: #1526085)
    - Fix crasher regression in apparmor_parser(8) when the parser was asked
      to process a directory (LP: #1534405)
    - Fix bug in apparmor_parser(8) to honor the specified bind flags remount
      rules (LP: #1272028)
    - Support tarball generation for Coverity scans and fix a number of issues
      discovered by Coverity
    - Fix regression test failures on s390x systems (LP: #1531325)
    - Adjust expected errno values in changeprofile regression test
      (LP: #1559705)
    - The Python utils gained support for ptrace and signal rules
    - aa-exec(8) received a rewrite in C
    - apparmor_parser(8) gained support for stacking multiple profiles, as
      supported by the Xenial kernel (LP: #1379535)
    - libapparmor gained new public interfaces, aa_stack_profile(2) and
      aa_stack_onexec(2), allowing applications to utilize the new kernel
      stacking support (LP: #1379535)
  * Drop the following patches since they've been incorporated upstream:
    - aa-status-dont_require_python3-apparmor.patch
    - r3209-dnsmasq-allow-dash
    - r3227-locale-indep-capabilities-sorting.patch
    - r3277-update-python-abstraction.patch
    - r3366-networkd.patch,
    - tests-fix_sysctl_test.patch
    - parser-fix-cache-file-mtime-regression.patch
    - parser-verify-cache-file-mtime.patch
    - parser-run-caching-tests-without-apparmorfs.patch
    - parser-do-cleanup-when-test-was-skipped.patch
    - parser-allow-unspec-in-network-rules.patch
  * debian/rules, debian/apparmor.install, debian/apparmor.manpages: Update
    for new upstream binutils directory and aa-enabled binary
    - Continue installing aa-exec into /usr/sbin/ for now since
      click-apparmor's aa-exec-click autopkgtest expects it to be there
  * debian/libapparmor-dev.manpages: Include the new aa_stack_profile.2 man
    page
  * debian/patches/r3424-nscd-profile-allow-paranoia-mode.patch: Allow file
    access needed for nscd's paranoia mode
  * debian/patches/r3425-adjust-stacking-tests-version-check.patch: Adjust the
    regression test build time checks, for libapparmor stacking support, to
    look for the 2.10.95 versioning rather than 2.11
  * debian/patches/r3426-allow-debugedit-to-work-on-apparmor-parser.patch:
    Remove extra slash in the parser Makefile so that debugedit(8) can work on
    apparmor_parser(8) (LP: #1561939)
  * debian/patches/allow-stacking-tests-to-use-system.patch: Adjust the file
    rules of the new stacking tests so that the generated profiles allow the
    system binaries and libraries to be tested
  * debian/libapparmor1.symbols: update symbols file for added symbols
    in libapparmor

 -- Tyler Hicks <email address hidden> Sat, 09 Apr 2016 01:35:25 -0500