apparmor 2.13.3-5ubuntu1 source package in Ubuntu

Changelog

apparmor (2.13.3-5ubuntu1) eoan; urgency=medium

  * Merge new upstream release from Debian. Remaining changes:
    - Ubuntu-specific patches:
      + ubuntu/add-chromium-browser.patch
      + ubuntu/communitheme-snap-support.patch
      + ubuntu/mimeinfo-snap-support.patch
      + ubuntu/parser-conf-no-expr-simplify.patch
      + ubuntu/profiles-grant-access-to-systemd-resolved.patch
    - debian/apparmor.{install,maintscript}: feature pinning is not used in
      Ubuntu
    - debian/apparmor.preinst: remove cache files on upgrade to 2.13
    - debian/apparmor-profiles.install: install Ubuntu chromium-browser
      profile and abstraction
    - debian/apparmor-profiles.lintian-overrides: update for chromium-browser
      profile having read access to dpkg database for lsb-release
    - debian/apparmor-profiles.postinst: ubuntu-browsers.d/chromium-browser
      abstraction if it doesn't exist
    - debian/control: adjust the Vcs-{Browser,Git} control fields to reflect
      the branch where the Ubuntu packaging is maintained.
    - debian/gbp.conf: use ubuntu/master as the debian-branch
    - debian/patches/series: comment out debian-only patches
    - debian/tests/control and debian/tests/compile-policy: don't test
      thunderbird since the Ubuntu packaging doesn't ship a profile
  * Drop the following patches, no longer needed:
    - ubuntu/dont-include-site-local-with-dovecot.patch
    - lp1820068.patch
    - upstream-commit-fix-segfault-in-overlaydirat_for_each.patch
    - upstream-commit-add-option-to-dump-policy-cache-with-libapparmor.patch
    - upstream-commit-teach-aa_policy_cache_sh-about-the-new-cache.patch
    - upstream-commit-fix-segfault-when-loading-policy-cache-files.patch
    - upstream-commit-fix-variable-name-overlap-in-merge-macro.patch
  * upstream-dont-allow-fontconfig-cache-write.patch: don't allow write of
    fontconfig cache files
  * upstream-tests-mult-mount-bump-size-of-created-disk.patch: regression
    tests/mult_mount: bump size of created disk image

apparmor (2.13.3-5) unstable; urgency=medium

  * upstream-mr-419-Xwayland-vs-recent-mutter.patch: new patch (Closes: #935058)

apparmor (2.13.3-4) unstable; urgency=medium

  * New patch, cherry-picked and adapted from Ubuntu: don't include local/
    snippets in the Dovecot profiles. These inclusions of non-existing files
    break aa-genprof (Closes: #928160).
  * Merge ubuntu/2.13.2-9ubuntu7, which turns out to be a no-op, because
    we essentially revert all changes brought by this merge:
    - Drop lp1820068.patch, introduced in 2.13.2-9ubuntu7: it's included
      in the 2.13.3 upstream release already.
    - Don't enable ubuntu/parser-conf-no-expr-simplify.patch, that Ubuntu just
      re-enabled: in Debian we don't disable expression tree simplification,
      because we've cherry-picked an upstream patch that improves its
      performance sufficiently.

apparmor (2.13.3-3) unstable; urgency=medium

  [ Michael Biebl ]
  * Move libraries back to /usr/lib

  [ intrigeri ]
  * Remove Lintian override made obsolete by the move to /usr/lib/apparmor/
  * Avoid-blhc-CPPFLAGS-missing-false-positive.patch: new patch.
  * Revert "debian/control: Breaks on snapd < 2.38~"
    Jamie Strandboge explained in details on #932815 the rationale behind this
    Breaks relationship. The user impact seems non-critical and the risk of the
    problem happening in practice is very low, so for now let's remove this
    Breaks, that prevents apparmor from migrating to testing (we don't have
    snapd 2.38+ in Debian yet).

apparmor (2.13.3-2) unstable; urgency=medium

  * Install the lsb_release profile.

apparmor (2.13.3-1) unstable; urgency=medium

  * Import new 2.13.3 upstream release and accordingly:
    - Update dev-pkg-without-shlib-symlink Lintian override: soname
      was bumped to 1.6.1.
    - Drop patches that were applied upstream.
  * Merge ubuntu/2.13.2-9ubuntu6, dropping the Ubuntu delta (Closes: #926015):
    - lp1824812.patch: set SFS_MOUNTPOINT in is_container_with_internal_policy()
      since it is sometimes called independently of is_apparmor_loaded()
      (LP: #1824812)
    - debian/apparmor.postrm: remove parser-created subdirs
    - debian/tests/control: try Ubuntu kernel but mark skip-not-installable
    - regression testsuite fixes:
      upstream-commit-add-option-to-dump-policy-cache-with-libapparmor.patch,
      upstream-commit-teach-aa_policy_cache_sh-about-the-new-cache.patch,
      upstream-commit-fix-variable-name-overlap-in-merge-macro.patch
    - debian/debhelper/postrm-apparmor: also remove cache files
    - debian/control: Breaks on snapd < 2.38~ (the cache forest breaks snap
      remove)
  * Declare compatibility with Debian Policy 4.4.0.
  * Bump debhelper compatibility level to 12. Accordingly:
    - dh_installinit: replace --no-restart-on-upgrade with its new
      --no-stop-on-upgrade name
    - Add override_dh_installsystemd that mimics our override_dh_installinit
  * tests/compile-policy: check syntax of kopano profiles (implements
    #923313 except kopano-search, until giraffe-team/kopanocore!4 is merged
    and uploaded)

 -- Jamie Strandboge <email address hidden>  Mon, 09 Sep 2019 19:13:22 +0000