AppArmor 2.13.8 was released 2023-05-24.
Introduction
AppArmor 2.13.8 is a maintenance release of the user space components of the AppArmor security project. The kernel portion of the project is maintained and pushed separately.
This version of the userspace should work with all kernel versions from 2.6.15 and later (some earlier version of the kernel if they have the apparmor patches applied).
The kernel portion of the project is maintained and pushed separately.
Important Note
This release fixes CVE-2016-1585. If you are looking at back porting individual patches instead of pulling in the whole release the critical patches were back ported from MR:333, please contact the apparmor mailing list or if communications must be private security@apparmor.net if you need assistance.
Obtaining the Release
There are two ways to obtain this release either through gitlab or a tarball in launchpad.
Important note: the gitlab release tarballs differ from the launchpad release tarballs. The launchpad release tarball has a couple processing steps already performed:
- libapparmor
autogen.sh
is already done, meaning distros only need to use ./configure in their build setup - the docs for everything but libapparmor have already been built
gitlab
Launchpad
- https://launchpad.net/apparmor/2.13/2.13.8/+download/apparmor-2.13.8.tar.gz
- sha256sum: 220fe639e9f755c091e21c718766a87c17634a18c4b52b887a8b907475c1626c
- signature: https://launchpad.net/apparmor/2.13/2.13.8/+download/apparmor-2.13.8.tar.gz.asc
- sha256sum: 4e084502bd1324b5888963e5f00c575ef2be9a6b55efc799d66c277c7d8a6133
Changes in this Release
These release notes cover all changes between 2.13.7 (b51a2d27) and 2.13.8 (027faf20) on apparmor-2.13 branch.
Library
Policy Compiler (a.k.a apparmor_parser)
- added missing kernel mount options (MR:1005, MR:1034)
- Fix mount rules encoding (MR:1029, MR:333, LP:1597017)
- Fix mode not being printed when debugging AF_UNIX socket rules. (MR:979)
- Fix spacing when printing out AF_UNIX addresses (MR:978)
Utils
- Fix error when choosing named exec with plain profile names (MR:1013, AABUG:314)
- log parsing fixes (MR:959)
Policy
abstractions
- base
- allow reading tzdata ICU zoneinfo DB (MR:1007)
- freedesktop.org
- allow custom cursors (MR:1008)
- openssl
- allow reading /etc/ssl/openssl-*.cnf (MR:984, BOO:1207911)
- nvidia
profiles
- nscd
- syslogd
- nvidia_modprobe
- update for driver families and /sys path (MR:983)
- postfix-tlsmgr
- allow reading openssl.cnf (MR:981)
- smbd
- allow reading /var/lib/nscd/netgroup (MR:948)
- lsb_release
- allow cat and cut (MR:953)