FFe for apparmor 2.8beta1

AppArmor 2.8beta1 (upstream tarball version is 2.7.99) has various improvements to support the server team's LXC work. This release completes the non-documentation parts of https://blueprints.launchpad.net/ubuntu/+spec/security-p-apparmor-containers, which is essential for the security team. The following blueprints are dependent on this important server team work:
https://blueprints.launchpad.net/ubuntu/+spec/servercloud-p-lxc
https://blueprints.launchpad.net/ubuntu/+spec/topic-precise-servercloud-infrastructure-deployment

In terms of upstream work, the only new feature over what we have in Ubuntu is that the parser now can handle mount rules (the apparmor in precise pulled in all the trunk bits except the items in support of these mount rules). All upstream and distribution (QRT) tests pass on the current 12.04 kernel (excepting the mount rules test, which requires the pending 12.04 kernel with mount rules support).

This upload disables minimization support (bug #940362) and this will be re-enabled in the next apparmor bug fix upload. Disabling minimization does not adversely affect the system or boot performance under normal circumstances.

Other changes include merging with Debian, which fixes minor packaging bugs and introduce a new dh-apparmor package which allows us to drop the apparmor delta in the Ubuntu debhelper package (in other words, code moved from debhelper to apparmor, but otherwise is identical). In terms of this FFe, the additional dh-apparmor package brings no risk on its own.

apparmor (2.7.99-0ubuntu1) precise; urgency=low

  * New upstream release which also pulls in 2.7.0-1 changes from Debian.
    For the sake of simplicity, I have added the 2.7.0-1 changelog entry after
    2.7.0-0ubuntu7 even though chronologically it appeared in Debian between
    2.7.0-0ubuntu4 and 2.7.0-0ubuntu5.
    - LP: #940422 (FFe)
  * Drop the following patches, included upstream:
    - 0003-commits-through-r1882.patch
    - 0004-lp887992.patch
    - 0005-lp884748.patch
    - 0006-lp870992.patch
    - 0007-lp860856.patch
    - 0008-lp852062.patch
    - 0009-lp851977.patch
    - 0010-lp890894.patch
    - 0011-lp817956.patch
    - 0012-lp458922.patch
    - 0013-lp769148.patch
    - 0014-lp904548.patch
    - 0015-lp712584.patch
    - 0016-lp562831.patch
    - 0017-lp662906.patch
    - 0018-deny-home-pki-so.patch
    - 0019-lp899963.patch
    - 0020-lp912754a.patch
    - 0021-lp912754b.patch
    - 0022-workaround-lp851986.patch
    - 0023-syslog-ng-needs-dac-read-search.patch
    - 0024-fix-python-and-ruby-autogeneration.patch
    - 0025-lp914184.patch
    - 0026-lp914190.patch
    - 0027-lp914386.patch
    - 0028-testsuite-fixes.patch
    - 0029-lp917628.patch
    - 0030-lp916285.patch
    - 0031-lp917639.patch
    - 0032-lp917641.patch
    - 0033-add-ubuntu-helpers-to-plugins-common.patch
    - 0034-lp917859.patch
    - 0035-kde-should-use-kde4.patch
    - 0036-lp929531.patch
    - 0036-fix-manpage-errors.patch
  * Rename 0037-add-aa-easyprof.patch 0003-add-aa-easyprof.patch
  * debian/apparmor-profiles.postrm: clean out autogenerated files created by
    apparmor-profiles.postinst (Closes: 656451)
  * debian/patches/0004-lp918879.patch: allow /etc/drirc in the X abstraction
    (LP: #918879)
  * debian/patches/0005-disable-minimization.patch: do to LP: 940362,
    minimization is not working correctly. Disable it for now.

 -- Jamie Strandboge <email address hidden> Fri, 24 Feb 2012 09:04:45 -0600

apparmor (2.7.0-1) unstable; urgency=low

  * debian/po/pt.po add new Portuguese translation, thanks to Pedro Ribeiro,
    (Closes: 651434).
  * debian/control: do not require initramfs-tools on !linux-any
    (Closes: 651297).
  * debian/{control,rules,debhelper/*}: move dh_apparmor into separate
    binary package, out of debhelper (Closes: 649784).
  * debian/{control,rules}: fix up lack of real build-indep.
  * debian/patches/0036-fix-manpage-errors.patch: minor man page cleanups.
  * merge changes from Ubuntu (r1443).

 -- Kees Cook <email address hidden> Thu, 09 Feb 2012 15:24:08 -0800