Comment 7 for bug 660077

Uploaded 2.5.1-0ubuntu0.10.04.1 to lucid-proposed. Attached is a diff between profiles/ on 2.5-0ubuntu3 and 2.5.1. I will also attach the diff between the debian/ directories.

For the most part, I have removed features when they were implemented in packaging. Ie:
* I have dropped the backported from 2.6 local/ and ubuntu-browsers.d/ changes
* I have dropped the chromium-browser profile in apparmor-profiles (it depends on the above)
* I have dropped the aa-update-browser tool (also depends on the above)
* I removed use of dh_apparmor

In terms of abstractions, there are many abstraction bug fixes allowing additional access. There were three changes that were noteworthy:
1. machine-id moved from dbus to dbus-session. I added 0009-lucid-compat-dbus.patch to move it back
2. kde4-config was removed from the kde abstraction. I added 0010-lucid-compat-kde.patch to put it back (with PUx instead of Ux)
3. user-tmp uses 'owner' match in 2.5.1. This is a highly desirable security improvement (see bug #578922) for an LTS, and should not affect any applications in the default Ubuntu install. I have added text to the changelog to explain this in detail.

I also made sure that shipped profiles/abstractions shipped in the same package (eg, the apache2* abstraction shipped in apparmor in Lucid, but libapache2-mod-apparmor in Maverick. I reverted that change.

I have tested locally on a default amd64 install against QRT (which includes package test, initscript tests, apport, non-build testsuites, and more) and it passes. Once the packages build in -proposed, I will retest them on i386 and amd64, and will test all packages that ship a confined binary. I also tested linux-image-generic-lts-backport-maverick against QRT on amd64 and it works great. I plan to coordinate more testing with the kernel-team once the packages are in -proposed.