Debian

Available patches from Ubuntu

To see Ubuntu differences wrt. to Debian, write down a grep-dctrl query identifying the packages you're interested in:
grep-dctrl -n -sPackage Sources.Debian
(e.g. -FPackage linux-ntfs or linux-ntfs)

Modified packages are listed below:

Debian ( Changelog | PTS | Bugs ) Ubuntu ( Changelog | txt | LP | Bugs ) | Diff from Ubuntu

Source: apparmor

apparmor (2.13.3-7ubuntu2) focal; urgency=medium * No-change rebuild to drop python3.7. -- Matthias Klose <doko@ubuntu.com> Tue, 18 Feb 2020 10:42:36 +0100 apparmor (2.13.3-7ubuntu1) focal; urgency=medium * Merge from Debian. Remaining changes: - Ubuntu-specific patches: + ubuntu/add-chromium-browser.patch + ubuntu/communitheme-snap-support.patch + ubuntu/mimeinfo-snap-support.patch + ubuntu/parser-conf-no-expr-simplify.patch + ubuntu/profiles-grant-access-to-systemd-resolved.patch + upstream-dont-allow-fontconfig-cache-write.patch + upstream-tests-mult-mount-bump-size-of-created-disk.patch - debian/apparmor.{install,maintscript}: feature pinning is not used in Ubuntu - debian/apparmor.preinst: remove cache files on upgrade to 2.13 - debian/apparmor-profiles.install: install Ubuntu chromium-browser profile and abstraction - debian/apparmor-profiles.lintian-overrides: update for chromium-browser profile having read access to dpkg database for lsb-release - debian/apparmor-profiles.postinst: ubuntu-browsers.d/chromium-browser abstraction if it doesn't exist - debian/control: adjust the Vcs-{Browser,Git} control fields to reflect the branch where the Ubuntu packaging is maintained. - debian/gbp.conf: use ubuntu/master as the debian-branch - debian/patches/series: comment out debian-only patches - debian/tests/control and debian/tests/compile-policy: don't test thunderbird since the Ubuntu packaging doesn't ship a profile * Drop the following patches, no longer needed: - python3.8-ac.diff * debian/control: drop Breaks on media-hub, mediascanner2.0, messaging-app, and webbrowser-app which was needed for upgrades to bionic (LP: #1797242) * upstream-adjust-for-ibus-1.5.22.patch: update ibus abstract path for ibus 1.5.22 * upstream-adjust-gnome-for-mimeapps.patch: abstractions/gnome: also allow /etc/xdg/mimeapps.list (LP: #1792027) -- Jamie Strandboge <jamie@ubuntu.com> Tue, 17 Dec 2019 15:50:00 +0000

Modifications :
  1. Download patch debian/patches/upstream-tests-mult-mount-bump-size-of-created-disk.patch

    --- 2.13.3-7/debian/patches/upstream-tests-mult-mount-bump-size-of-created-disk.patch 1970-01-01 00:00:00.000000000 +0000 +++ 2.13.3-7ubuntu2/debian/patches/upstream-tests-mult-mount-bump-size-of-created-disk.patch 2019-09-09 19:13:22.000000000 +0000 @@ -0,0 +1,42 @@ +Origin: 515cb80901640be5a6ba87b0f89145427e592962 +Description: regression tests/mult_mount: bump size of created disk image + +commit 515cb80901640be5a6ba87b0f89145427e592962 +Author: Steve Beattie <steve.beattie@canonical.com> +Date: Tue Jun 25 17:00:12 2019 -0700 + + regression tests/mult_mount: bump size of created disk image + + The mult_mount test creates a small disk image, formats it, and mounts + it in multiple locations in preparation for the tests. However, the + created raw file (80KB) is too small to make a working file system if + 4K blocks are used by mkfs. In Ubuntu 19.10, the default was recently + changed for mkfs to default to always using 4K blocks, causing the + script to fail. + + We could force mkfs to use 1K blocks, but instead, in case some future + version of mkfs decides not to support 1K blocks at all, we bump up the + size of the disk image to 512KB; large enough to work with 4K blocks + yet small enough to be workable in small scale test environments. + + Signed-off-by: Steve Beattie <steve.beattie@canonical.com> + Acked-by: John Johansen <john.johansen@canonical.com> + Acked-by: Seth Arnold <seth.arnold@canonical.com> + Bug: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1834192 + MR: https://gitlab.com/apparmor/apparmor/merge_requests/396 + (cherry picked from commit 7c7a4bc5311d983f2c4316252b830c52a5a0930b) + Signed-off-by: Steve Beattie <steve.beattie@canonical.com> + +diff --git a/tests/regression/apparmor/mult_mount.sh b/tests/regression/apparmor/mult_mount.sh +index 2189c314..ae4749a3 100644 +--- a/tests/regression/apparmor/mult_mount.sh ++++ b/tests/regression/apparmor/mult_mount.sh +@@ -55,7 +55,7 @@ mkdirperm_fail=r + linkperm=rl + readperm=r + +-dd if=/dev/zero of=$image bs=4096 count=20 > /dev/null 2>&1 ++dd if=/dev/zero of=$image bs=4096 count=128 > /dev/null 2>&1 + mkfs.ext2 -F -m 0 -N 10 $image > /dev/null 2>&1 + + mkdir $mp1 $mp2
  2. Download patch debian/tests/compile-policy

    --- 2.13.3-7/debian/tests/compile-policy 2019-11-15 10:37:05.000000000 +0000 +++ 2.13.3-7ubuntu2/debian/tests/compile-policy 2019-09-09 19:13:22.000000000 +0000 @@ -9,7 +9,6 @@ PROFILES_NAMES="lsb_release \ usr.bin.man \ usr.bin.onioncircuits \ usr.bin.pidgin \ - usr.bin.thunderbird \ usr.bin.totem \ usr.bin.totem-previewers \ usr.lib.libreoffice.program.oosplash \
  3. Download patch debian/tests/control

    --- 2.13.3-7/debian/tests/control 2019-11-15 10:37:05.000000000 +0000 +++ 2.13.3-7ubuntu2/debian/tests/control 2019-09-09 19:13:22.000000000 +0000 @@ -1,5 +1,5 @@ Tests: compile-policy -Depends: apparmor, apparmor-profiles-extra, bind9, cups-browsed, cups-daemon, evince, haveged, kopano-dagent, kopano-server, libreoffice-common, libvirt-daemon-system, man-db, ntp, onioncircuits, tcpdump, thunderbird, tor +Depends: apparmor, apparmor-profiles-extra, bind9, cups-browsed, cups-daemon, evince, haveged, kopano-dagent, kopano-server, libreoffice-common, libvirt-daemon-system, man-db, ntp, onioncircuits, tcpdump, tor Restrictions: allow-stderr Tests: test-installed
  4. Download patch debian/apparmor.preinst

    --- 2.13.3-7/debian/apparmor.preinst 2019-11-15 10:37:05.000000000 +0000 +++ 2.13.3-7ubuntu2/debian/apparmor.preinst 2019-09-09 19:13:22.000000000 +0000 @@ -11,6 +11,9 @@ case "$1" in if [ "$1" = "upgrade" ] && dpkg --compare-versions "$2" lt-nl "2.12-4ubuntu2"; then rm -f /var/lib/apparmor/profiles/.*.md5sums fi + if [ "$1" = "upgrade" ] && dpkg --compare-versions "$2" lt-nl "2.13"; then + rm -f /etc/apparmor.d/cache/.features /etc/apparmor.d/cache/* + fi ;; *)
  5. Download patch debian/apparmor.maintscript

    --- 2.13.3-7/debian/apparmor.maintscript 2019-11-15 10:37:05.000000000 +0000 +++ 2.13.3-7ubuntu2/debian/apparmor.maintscript 2019-09-09 19:13:22.000000000 +0000 @@ -1,5 +1,6 @@ rm_conffile /etc/apparmor.d/abstractions/launchpad-integration 2.13.1-2~ rm_conffile /etc/apparmor.d/abstractions/ubuntu-sdk-base 2.8.0-0ubuntu20~ -rm_conffile /etc/apparmor/features 2.11.1-4~ +# Feature pinning is not used in Ubuntu +#rm_conffile /etc/apparmor/features 2.11.1-4~ rm_conffile /etc/apparmor/subdomain.conf 2.13.2-2~ rm_conffile /etc/init/apparmor.conf 2.11.0-11~
  6. Download patch debian/apparmor-profiles.install

    --- 2.13.3-7/debian/apparmor-profiles.install 2019-11-15 10:37:05.000000000 +0000 +++ 2.13.3-7ubuntu2/debian/apparmor-profiles.install 2019-09-09 19:13:22.000000000 +0000 @@ -1,8 +1,12 @@ +# Install Ubuntu-specific chromium-browser abstraction +debian/profiles/chromium-browser usr/share/apparmor/extra-profiles/abstractions/ubuntu-browsers.d/ etc/apparmor.d/apache2.d/phpsysinfo etc/apparmor.d/bin.ping etc/apparmor.d/sbin.klogd etc/apparmor.d/sbin.syslog-ng etc/apparmor.d/sbin.syslogd +# Install Ubuntu-specific chromium-browser profile +etc/apparmor.d/usr.bin.chromium-browser etc/apparmor.d/usr.lib.dovecot.anvil /usr/share/apparmor/extra-profiles/ etc/apparmor.d/usr.lib.dovecot.auth /usr/share/apparmor/extra-profiles/ etc/apparmor.d/usr.lib.dovecot.config /usr/share/apparmor/extra-profiles/
  7. Download patch debian/patches/ubuntu/mimeinfo-snap-support.patch

    --- 2.13.3-7/debian/patches/ubuntu/mimeinfo-snap-support.patch 1970-01-01 00:00:00.000000000 +0000 +++ 2.13.3-7ubuntu2/debian/patches/ubuntu/mimeinfo-snap-support.patch 2019-02-26 19:55:55.000000000 +0000 @@ -0,0 +1,21 @@ +Author: Jamie Strandboge <jamie@canonical.com> +Description: allow reading /var/lib/snapd/desktop/applications/*.desktop and + /var/lib/snapd/desktop/applications/mimeinfo.cache +Bug-Ubuntu: https://launchpad.net/bugs/1712039 +Forwarded: no + +Index: apparmor-2.13.2/profiles/apparmor.d/abstractions/freedesktop.org +=================================================================== +--- apparmor-2.13.2.orig/profiles/apparmor.d/abstractions/freedesktop.org ++++ apparmor-2.13.2/profiles/apparmor.d/abstractions/freedesktop.org +@@ -18,6 +18,10 @@ + /snap/communitheme/*/share/icons/ r, + /snap/communitheme/*/share/icons/** r, + ++ # mimeinfo and desktop files for snaps ++ /var/lib/snapd/desktop/applications/mimeinfo.cache r, ++ /var/lib/snapd/desktop/applications/{,*.desktop} r, ++ + # this should probably go elsewhere + @{system_share_dirs}/mime/** r, +
  8. Download patch debian/control

    --- 2.13.3-7/debian/control 2019-11-15 10:37:05.000000000 +0000 +++ 2.13.3-7ubuntu2/debian/control 2019-12-17 15:50:00.000000000 +0000 @@ -1,5 +1,6 @@ Source: apparmor -Maintainer: Debian AppArmor Team <pkg-apparmor-team@lists.alioth.debian.org> +Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com> +XSBC-Original-Maintainer: Debian AppArmor Team <pkg-apparmor-team@lists.alioth.debian.org> Uploaders: intrigeri <intrigeri@debian.org> Section: admin Priority: optional @@ -24,8 +25,8 @@ Build-Depends: apache2-dev, python3-all-dev, swig Standards-Version: 4.4.0 -Vcs-Browser: https://salsa.debian.org/apparmor-team/apparmor/tree/debian/master -Vcs-Git: https://salsa.debian.org/apparmor-team/apparmor.git -b debian/master +Vcs-Browser: https://salsa.debian.org/apparmor-team/apparmor/tree/ubuntu/master +Vcs-Git: https://salsa.debian.org/apparmor-team/apparmor.git -b ubuntu/master Homepage: http://apparmor.net/ Rules-Requires-Root: no @@ -40,11 +41,7 @@ Suggests: apparmor-profiles-extra, apparmor-utils Pre-Depends: ${misc:Pre-Depends} Breaks: apparmor-profiles-extra (<< 1.21), - fcitx-data (<< 1:4.2.9.1-1ubuntu2), - media-hub, - mediascanner2.0, - messaging-app, - webbrowser-app + fcitx-data (<< 1:4.2.9.1-1ubuntu2) Replaces: fcitx-data (<< 1:4.2.9.1-1ubuntu2) Description: user-space parser utility for AppArmor apparmor provides the system initialization scripts needed to use the
  9. Download patch debian/apparmor-profiles.lintian-overrides

    --- 2.13.3-7/debian/apparmor-profiles.lintian-overrides 2019-11-15 10:37:05.000000000 +0000 +++ 2.13.3-7ubuntu2/debian/apparmor-profiles.lintian-overrides 2019-09-09 19:13:22.000000000 +0000 @@ -8,3 +8,7 @@ apparmor-profiles binary: package-contai # If phpsysinfo uses that database directly, then it's a bug in phpsysinfo, # and this AppArmor profile can't do much about it. apparmor-profiles binary: uses-dpkg-database-directly etc/apparmor.d/apache2.d/phpsysinfo + +# False positive: this merely grants lsb-release as called by chromium-browser +# read access to the dpkg database via dpkg-query +apparmor-profiles: uses-dpkg-database-directly etc/apparmor.d/usr.bin.chromium-browser
  10. Download patch debian/patches/ubuntu/profiles-grant-access-to-systemd-resolved.patch

    --- 2.13.3-7/debian/patches/ubuntu/profiles-grant-access-to-systemd-resolved.patch 1970-01-01 00:00:00.000000000 +0000 +++ 2.13.3-7ubuntu2/debian/patches/ubuntu/profiles-grant-access-to-systemd-resolved.patch 2019-02-26 20:27:19.000000000 +0000 @@ -0,0 +1,59 @@ +From: Tyler Hicks <tyhicks@canonical.com> +Date: Mon, 29 Jan 2018 12:45:10 +0000 +Subject: profiles: Grant access to systemd-resolved in the nameservice + abstraction + +https://launchpad.net/bugs/1598759 + +Profiles that rely on the nameservice abstraction are experiencing +denials on systems configured to use systemd-resolved via the +libnss-resolve plugin. + +libnss-resolve talks to systemd-resolved over D-Bus and this patch +attempts to only grant access to the safe members of the D-Bus API. + +Special considerations need to be made when applying this patch to most +Linux distributions as many of them do not have the ability to perform +fine-grained AppArmor mediation of D-Bus traffic. In those cases, any +users of the nameservice abstraction (such as tcpdump or ntpd) will have +full access to the D-Bus system bus once this change is applied to the +nameservice abstraction. + +Signed-off-by: Tyler Hicks <tyhicks@canonical.com> +Acked-by: Seth Arnold <seth.arnold@canonical.com> +Forwarded: https://lists.ubuntu.com/archives/apparmor/2016-October/010130.html +Bug: https://launchpad.net/bugs/1598759 +--- + profiles/apparmor.d/abstractions/nameservice | 19 +++++++++++++++++++ + 1 file changed, 19 insertions(+) + +diff --git a/profiles/apparmor.d/abstractions/nameservice b/profiles/apparmor.d/abstractions/nameservice +index e6dcb76..6e678fb 100644 +--- a/profiles/apparmor.d/abstractions/nameservice ++++ b/profiles/apparmor.d/abstractions/nameservice +@@ -87,6 +87,25 @@ + # kerberos + #include <abstractions/kerberosclient> + ++ # resolve ++ # ++ # Allow access to the safe members of the systemd-resolved D-Bus API: ++ # ++ # https://www.freedesktop.org/wiki/Software/systemd/resolved/ ++ # ++ # This API may be used directly over the D-Bus system bus or it may be used ++ # indirectly via the nss-resolve plugin: ++ # ++ # https://www.freedesktop.org/software/systemd/man/nss-resolve.html ++ # ++ #include <abstractions/dbus-strict> ++ dbus send ++ bus=system ++ path="/org/freedesktop/resolve1" ++ interface="org.freedesktop.resolve1.Manager" ++ member="Resolve{Address,Hostname,Record,Service}" ++ peer=(name="org.freedesktop.resolve1"), ++ + # TCP/UDP network access + network inet stream, + network inet6 stream,
  11. Download patch debian/patches/ubuntu/parser-conf-no-expr-simplify.patch

    --- 2.13.3-7/debian/patches/ubuntu/parser-conf-no-expr-simplify.patch 1970-01-01 00:00:00.000000000 +0000 +++ 2.13.3-7ubuntu2/debian/patches/ubuntu/parser-conf-no-expr-simplify.patch 2019-02-26 22:00:56.000000000 +0000 @@ -0,0 +1,22 @@ +Author: Jamie Strandboge <jamie@canonical.com> +Description: disable expr tree simplification to greatly speed up armhf. We + might consider making this change armhf specific and/or limiting it to only + the snapd policy in the future. +Bug-Ubuntu: https://launchpad.net/bugs/1383858 + +Index: apparmor-2.13.2/parser/parser.conf +=================================================================== +--- apparmor-2.13.2.orig/parser/parser.conf ++++ apparmor-2.13.2/parser/parser.conf +@@ -52,6 +52,11 @@ + + ## Turn off expr tree simplification + #Optimize=no-expr-simplify ++# ++# Ubuntu LP: #1383858 - expr tree simplification is too slow for some policy on ++# 32bit ARM, so disable it for now. When the parser supports it, make this ++# specific to the snapd policy ++Optimize=no-expr-simplify + + ## Turn off DFA minimization + #Optimize=no-minimize
  12. Download patch debian/patches/upstream-adjust-gnome-for-mimeapps.patch

    --- 2.13.3-7/debian/patches/upstream-adjust-gnome-for-mimeapps.patch 1970-01-01 00:00:00.000000000 +0000 +++ 2.13.3-7ubuntu2/debian/patches/upstream-adjust-gnome-for-mimeapps.patch 2019-12-17 15:50:00.000000000 +0000 @@ -0,0 +1,17 @@ +Author: Jamie Strandboge <jamie@canonical.com> +Description: abstractions/gnome: also allow /etc/xdg/mimeapps.list +Bug-Ubuntu: https://launchpad.net/bugs/1792027 +Forwarded: yes +Index: apparmor-2.13.3/profiles/apparmor.d/abstractions/gnome +=================================================================== +--- apparmor-2.13.3.orig/profiles/apparmor.d/abstractions/gnome ++++ apparmor-2.13.3/profiles/apparmor.d/abstractions/gnome +@@ -100,7 +100,7 @@ + + # mime-types + /etc/gnome/defaults.list r, +- /etc/xdg/*-mimeapps.list r, ++ /etc/xdg/{,*-}mimeapps.list r, + /usr/share/gnome/applications/ r, + /usr/share/gnome/applications/mimeinfo.cache r, +
  13. Download patch debian/patches/ubuntu/add-chromium-browser.patch
  14. Download patch debian/patches/ubuntu/communitheme-snap-support.patch

    --- 2.13.3-7/debian/patches/ubuntu/communitheme-snap-support.patch 1970-01-01 00:00:00.000000000 +0000 +++ 2.13.3-7ubuntu2/debian/patches/ubuntu/communitheme-snap-support.patch 2019-02-26 19:46:14.000000000 +0000 @@ -0,0 +1,36 @@ +From: Didier Roche <didier.roche@canonical.com> +Date: Wed, 11 Apr 2018 10:25:10 +0000 +Subject: add communitheme snap support +Bug-Ubuntu: https://launchpad.net/bugs/1762983 + +Forwarded: no +Index: apparmor-2.13.2/profiles/apparmor.d/abstractions/freedesktop.org +=================================================================== +--- apparmor-2.13.2.orig/profiles/apparmor.d/abstractions/freedesktop.org ++++ apparmor-2.13.2/profiles/apparmor.d/abstractions/freedesktop.org +@@ -14,6 +14,10 @@ + @{system_share_dirs}/icons/{**,} r, + @{system_share_dirs}/pixmaps/{**,} r, + ++ # communitheme snap ++ /snap/communitheme/*/share/icons/ r, ++ /snap/communitheme/*/share/icons/** r, ++ + # this should probably go elsewhere + @{system_share_dirs}/mime/** r, + +Index: apparmor-2.13.2/profiles/apparmor.d/abstractions/gnome +=================================================================== +--- apparmor-2.13.2.orig/profiles/apparmor.d/abstractions/gnome ++++ apparmor-2.13.2/profiles/apparmor.d/abstractions/gnome +@@ -27,6 +27,10 @@ + /usr/share/themes/ r, + /usr/share/themes/** r, + ++ # communitheme snap ++ /snap/communitheme/*/share/themes/ r, ++ /snap/communitheme/*/share/themes/** r, ++ + # for gnome 1 applications + /etc/orbitrc r, +
  15. Download patch debian/patches/series

    --- 2.13.3-7/debian/patches/series 2019-11-15 10:37:05.000000000 +0000 +++ 2.13.3-7ubuntu2/debian/patches/series 2019-12-17 15:50:00.000000000 +0000 @@ -17,6 +17,15 @@ debian/Enable-writing-cache.patch debian/Make-the-systemd-unit-a-no-op-in-containers-with-no-inter.patch debian/smbd-include-snippet-generated-at-runtime.patch debian/dont-include-site-local-with-dovecot.patch -debian-only/pin-feature-set.patch -debian-only/aa-notify-point-to-Debian-documentation.patch -debian-only/Document-which-AppArmor-features-are-not-supported-on-Deb.patch +#debian-only/pin-feature-set.patch +#debian-only/aa-notify-point-to-Debian-documentation.patch +#debian-only/Document-which-AppArmor-features-are-not-supported-on-Deb.patch +ubuntu/add-chromium-browser.patch +ubuntu/communitheme-snap-support.patch +ubuntu/mimeinfo-snap-support.patch +ubuntu/profiles-grant-access-to-systemd-resolved.patch +ubuntu/parser-conf-no-expr-simplify.patch +upstream-dont-allow-fontconfig-cache-write.patch +upstream-tests-mult-mount-bump-size-of-created-disk.patch +upstream-adjust-for-ibus-1.5.22.patch +upstream-adjust-gnome-for-mimeapps.patch
  16. Download patch debian/patches/upstream-dont-allow-fontconfig-cache-write.patch

    --- 2.13.3-7/debian/patches/upstream-dont-allow-fontconfig-cache-write.patch 1970-01-01 00:00:00.000000000 +0000 +++ 2.13.3-7ubuntu2/debian/patches/upstream-dont-allow-fontconfig-cache-write.patch 2019-09-09 19:13:22.000000000 +0000 @@ -0,0 +1,32 @@ +Origin: https://gitlab.com/apparmor/apparmor/merge_requests/420 +Description: abstractions/fonts: don't allow write of fontconfig cache files + +commit c5968c70d0f1bd3da9ed1a19b5a79748adbfd566 +Author: Jamie Strandboge <jamie@ubuntu.com> +Date: Mon Sep 9 15:48:05 2019 -0500 + + abstractions/fonts: don't allow write of fontconfig cache files + + 879531b36ec3dfc7f9b72475c68c30e4f4b7b6af changed access for + @{HOME}/.{,cache/}fontconfig/** to include 'w'rite. Fontconfig has been + a source of CVEs. Confined applications should absolutely have read + access, but write access could lead to breaking out of the sandbox if a + confined application can write a malformed font cache file since + unconfined applications could then pick them up and be controlled via + the malformed cache. The breakout is dependent on the fontconfig + vulnerability, but this is the sort of thing AppArmor is meant to help + guard against. + +diff --git a/profiles/apparmor.d/abstractions/fonts b/profiles/apparmor.d/abstractions/fonts +index 56185846..2cf6bfe2 100644 +--- a/profiles/apparmor.d/abstractions/fonts ++++ b/profiles/apparmor.d/abstractions/fonts +@@ -45,7 +45,7 @@ + owner @{HOME}/.local/share/fonts/** r, + owner @{HOME}/.fonts.cache-2 mr, + owner @{HOME}/.{,cache/}fontconfig/ rw, +- owner @{HOME}/.{,cache/}fontconfig/** mrwl, ++ owner @{HOME}/.{,cache/}fontconfig/** mrl, + owner @{HOME}/.fonts.conf.d/ r, + owner @{HOME}/.fonts.conf.d/** r, + owner @{HOME}/.config/fontconfig/ r,
  17. Download patch debian/patches/upstream-adjust-for-ibus-1.5.22.patch

    --- 2.13.3-7/debian/patches/upstream-adjust-for-ibus-1.5.22.patch 1970-01-01 00:00:00.000000000 +0000 +++ 2.13.3-7ubuntu2/debian/patches/upstream-adjust-for-ibus-1.5.22.patch 2019-12-17 15:50:00.000000000 +0000 @@ -0,0 +1,27 @@ +Author: Jamie Strandboge <jamie@canonical.com> +Description: update ibus abstract path for ibus 1.5.22. Due to LP: #1856738 + this has not been pushed upstream. Once LP: #1856738 is fixed, this can be + upstreamed and the workaround rule removed. +Bug-Ubuntu: https://launchpad.net/bugs/1580463 +Forwarded: no +Index: apparmor-2.13.3/profiles/apparmor.d/abstractions/ibus +=================================================================== +--- apparmor-2.13.3.orig/profiles/apparmor.d/abstractions/ibus ++++ apparmor-2.13.3/profiles/apparmor.d/abstractions/ibus +@@ -14,6 +14,16 @@ + owner @{HOME}/.config/ibus/bus/ rw, + owner @{HOME}/.config/ibus/bus/* rw, + ++ # abstract path in ibus < 1.5.22 uses /tmp + unix (connect, receive, send) + type=stream + peer=(addr="@/tmp/ibus/dbus-*"), ++ ++ # abstract path in ibus >= 1.5.22 uses $XDG_CACHE_HOME (ie, @{HOME}/.cache) ++ # This should use this, but due to LP: #1856738 we cannot ++ #unix (connect, receive, send) ++ # type=stream ++ # peer=(addr="@@{HOME}/.cache/ibus/dbus-*"), ++ unix (connect, receive, send) ++ type=stream ++ peer=(addr="@/home/*/.cache/ibus/dbus-*"),
  18. Download patch debian/gbp.conf

    --- 2.13.3-7/debian/gbp.conf 2019-11-15 10:37:05.000000000 +0000 +++ 2.13.3-7ubuntu2/debian/gbp.conf 2019-09-09 19:13:22.000000000 +0000 @@ -1,6 +1,6 @@ [DEFAULT] pristine-tar = True -debian-branch = debian/master +debian-branch = ubuntu/master upstream-branch = upstream/latest upstream-vcs-tag = v%(version)s patch-numbers = False
  19. Download patch debian/apparmor-profiles.postinst

    --- 2.13.3-7/debian/apparmor-profiles.postinst 2019-11-15 10:37:05.000000000 +0000 +++ 2.13.3-7ubuntu2/debian/apparmor-profiles.postinst 2019-09-09 19:13:22.000000000 +0000 @@ -20,6 +20,14 @@ set -e # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. +case "$1" in + configure) + if [ ! -e /etc/apparmor.d/abstractions/ubuntu-browsers.d/chromium-browser ]; then + cp /usr/share/apparmor/extra-profiles/abstractions/ubuntu-browsers.d/chromium-browser /etc/apparmor.d/abstractions/ubuntu-browsers.d || true + fi + ;; +esac + #DEBHELPER# exit 0
  20. Download patch debian/apparmor.install

    --- 2.13.3-7/debian/apparmor.install 2019-11-15 10:37:05.000000000 +0000 +++ 2.13.3-7ubuntu2/debian/apparmor.install 2019-09-09 19:13:22.000000000 +0000 @@ -1,5 +1,6 @@ debian/apport/source_apparmor.py /usr/share/apport/package-hooks/ -debian/features /usr/share/apparmor-features/ +# Feature pinning is not used in Ubuntu +#debian/features /usr/share/apparmor-features/ debian/lib/apparmor/profile-load /lib/apparmor/ etc/apparmor.d/abstractions/* etc/apparmor.d/local/README
  1. apparmor