Revisions of apparmor
Dominique Leuenberger (dimstar_suse)
accepted
request 560031
from
Christian Boltz (cboltz)
(revision 109)
- add 32-bit-no-uid.diff to fix handling of log events without ouid on 32 bit systems (forwarded request 560030 from cboltz)
Dominique Leuenberger (dimstar_suse)
accepted
request 547738
from
Christian Boltz (cboltz)
(revision 108)
bsc#1069346 (forwarded request 546471 from goldwynr)
Dominique Leuenberger (dimstar_suse)
accepted
request 536621
from
Christian Boltz (cboltz)
(revision 107)
apparmor: - update to AppArmor 2.11.1 - add permissions to several profiles and abstractions (including lp#1650827 and boo#1057900) - several fixes in the aa-* tools (including lp#1689667, lp#1628286, lp#1661766 and boo#1062667) - fix downgrading/converting of 'unix' rules (will be supported in kernel 4.15) to 'network unix' rules in apparmor_parser (boo#1061195) - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_11_1 for upstream changelog - remove upstream(ed) patches - upstream-changes-r3616..3628.diff - upstream-changes-r3629..3648.diff - parser-tests-dbus-duplicated-conditionals.diff - apparmor-fix-podsyntax.patch - sshd-profile-drop-local-include-r3615.diff - refresh apparmor-yast-cleanup.patch - add utils-fix-sorted-save_profiles-regression.diff to fix a regression in displaying the "changed profiles" list in aa-logprof Also add bugzilla reference to the previous change: - add nameservice-libtirpc.diff to fix NIS/YP logins (boo#1062244) libapparmor: - update to AppArmor 2.11.1 - mostly test-related changes in libapparmor - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_11_1 for upstream changelog (forwarded request 536620 from cboltz)
Dominique Leuenberger (dimstar_suse)
accepted
request 534597
from
Christian Boltz (cboltz)
(revision 106)
- add nameservice-libtirpc.diff to fix NIS/YP logins (forwarded request 534596 from cboltz)
Dominique Leuenberger (dimstar_suse)
accepted
request 531184
from
Christian Boltz (cboltz)
(revision 105)
- profiles-sockets-temporary-fix.patch to cater to nameservices with the new sockets mediation, until unix rules are upstreamed (boo#1061195)
Dominique Leuenberger (dimstar_suse)
accepted
request 528520
from
Christian Boltz (cboltz)
(revision 104)
- add apparmor-fix-podsyntax.patch from mailing list to fix compilation with perl 5.26 (forwarded request 528495 from coolo)
Dominique Leuenberger (dimstar_suse)
accepted
request 517044
from
Christian Boltz (cboltz)
(revision 103)
- do not require exact X.Y version of "python3" - require also matching python(abi) which is arguably more important (forwarded request 517036 from matejcik)
Dominique Leuenberger (dimstar_suse)
accepted
request 511329
from
Christian Boltz (cboltz)
(revision 102)
- don't rely on implementation details for reload in %post - add JSON support. Required for FATE#323380. (apparmor-yast-cleanup.patch, apparmor-json-support.patch)
Yuchen Lin (maxlin_factory)
accepted
request 482776
from
Christian Boltz (cboltz)
(revision 101)
- add upstream-changes-r3629..3648.diff: - preserve unknown profiles when reloading apparmor.service (CVE-2017-6507, lp#1668892, boo#1029696) - add aa-remove-unknown utility to unload unknown profiles (lp#1668892) - update nvidia abstraction for newer nvidia drivers - don't enforce ordering of dbus rule attributes in utils (lp#1628286) - add --parser, --base and --Include option to aa-easyprof to allow non-standard paths (useful for tests) (lp#1521031) - move initialization code in apparmor.aa to init_aa(). This allows to run all utils tests even if /etc/apparmor.d/ or /sbin/apparmor_parser don't exist. - several improvements in the utils tests - drop upstreamed python3-drop-re-locale.patch - no longer delete/skip some of the utils tests (to allow this, add parser-tests-dbus-duplicated-conditionals.diff) - add var.mount dependeny to apparmor.service (boo#1016259#c34)
Dominique Leuenberger (dimstar_suse)
accepted
request 481186
from
Christian Boltz (cboltz)
(revision 100)
- Cleanup spec file: - don't use insserv if we afterwards call systemd, this can have bad side effects - remove dead code - remove now obsolete 'distro' checks - Replace init.d script with new wrapper working with systemd (forwarded request 480782 from kukuk)
Dominique Leuenberger (dimstar_suse)
accepted
request 458843
from
Christian Boltz (cboltz)
(revision 99)
- add python3-drop-re-locale.patch: remove deprecated re.LOCALE flag in Python UI as it was dropped from Python 3.6 (lp#1661766) - Fix RPM groups
Dominique Leuenberger (dimstar_suse)
accepted
request 453537
from
Christian Boltz (cboltz)
(revision 98)
TL;DR: update AppArmor to 2.11, split off libapparmor package/spec, move libapparmor to /usr Details: - add upstream-changes-r3616..3628.diff: - update abstractions/base, abstractions/apache2-common and dovecot profiles - merge ask_the_questions() of aa-logprof and aa-mergeprof - pass LDFLAGS when building parser, libapparmor perl bindings and pam_apparmor - adjust deleting the cache in profiles %post to the new cache location - silence errors when deleting the cache (boo#976914) - split libapparmor into separate spec to get rid of build loop involving mariadb, systemd, apparmor, libapr and mariadb again (see the discussion in SR 448871 for details) - libapparmor.spec is based on the AppArmor 2.11 apparmor.spec, but with minimum BuildRequires - update to AppArmor 2.11.0 - apparmor_parser now supports parallel compiles and loads - add full support for dbus, ptrace and signal rules and events to the utils - full rewrite of the file rule handling in the utils - lots of improvements and fixes - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_11 for the detailed changelog - patches: - add sshd-profile-drop-local-include-r3615.diff to fix 'make check' - drop aa-unconfined-fix-netstat-call-2.10r3380.diff, no longer needed - refresh apparmor-abstractions-no-multiline.diff - refresh apparmor-samba-include-permissions-for-shares.diff - spec changes: - aa-unconfined switched to using ss (from iproute2), adjust Recommends: - move libapparmor to /usr/lib*/ - drop %if %suse_version checks for 12.x - change several Obsoletes from %version to < 2.9. Those package names weren't used since years, and 2.9 is still a careful choice - include apparmor.service independent of %suse_version - techdoc.pdf is now shipped in upstream tarball to reduce BuildRequires - drop latex2html, texlive-* and w3m BuildRequires - techdoc.txt and techdoc.html not included, drop them from the package - run most of utils/ make check (some tests expect /etc/apparmor.d/ and /sbin/apparmor_parser to exist, skip them) - BuildRequires python3-pyflakes (utils tests) and dejagnu (libapparmor tests) - drop sed'ing python3 into aa-* shebang (upstreamed) - build binutils - aa-exec is now written in C and lives in /usr/bin/, move it to the apparmor_parser package and create a compability symlink in /usr/sbin/ - aa-exec manpage moved to section 1 - aa-enabled is a small new tool to find out if AppArmor is enabled - package new aa_stack_profile(2) manpage
Dominique Leuenberger (dimstar_suse)
accepted
request 452189
from
Christian Boltz (cboltz)
(revision 97)
[New attemp with /var/lib/apparmor/cache as cache location, as discussed with DimStar on IRC. No other differences compared to SR 449669.] - change /etc/apparmor.d/cache symlink to /var/lib/apparmor/cache/. This is part of the root partition (at least with default partitioning) and should be available earlier than /var/cache/apparmor/ (boo#1015249, boo#980081, bsc#1016259) - add dependency on var-lib.mount to apparmor.service as safety net - update to AppArmor 2.10.2 maintenance release - lots of bugfixes and profile updates (including boo#1000201, boo#1009964, boo#1014463) - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_10_2 for details - add aa-unconfined-fix-netstat-call-2.10r3380.diff to fix a regression in aa-unconfined - drop upstream(ed) patches: - changes-since-2.10.1--r3326..3346.diff - changes-since-2.10.1--r3347..3353.diff - libapparmor-fix-import-path.diff (upstream fix is slightly different) - nscd-var-lib.diff - refresh apparmor-abstractions-no-multiline.diff
Dominique Leuenberger (dimstar_suse)
accepted
request 436985
from
Christian Boltz (cboltz)
(revision 96)
- add nscd-var-lib.diff to allow /var/lib/nscd/ in the nscd profile and abstractions/nameservice (path changed in latest nscd in Tumbleweed) Note: The glibc/nscd package that needs this change was already released with the 20161020 snapshot, so it would be a good idea to get the AppArmor profile updates released quickly ;-) (forwarded request 436984 from cboltz)
Dominique Leuenberger (dimstar_suse)
accepted
request 435009
from
Christian Boltz (cboltz)
(revision 95)
- add changes-since-2.10.1--r3347..3353.diff with upstream changes and fixes in the 2.10 branch, including - allow writing *.qf files (for disk-based buffering) in syslog-ng profile - add several permissions to the dovecot profiles (deb#835826) - add a missing path in the traceroute profile (forwarded request 435008 from cboltz)
Dominique Leuenberger (dimstar_suse)
accepted
request 423554
from
Christian Boltz (cboltz)
(revision 94)
really delete profiles-ping-inet6-r3449.diff (forwarded request 423553 from cboltz)
Dominique Leuenberger (dimstar_suse)
accepted
request 397705
from
Christian Boltz (cboltz)
(revision 93)
- add profiles-ping-inet6-r3449.diff - latest ping also does IPv6 (boo#980596) Please accept this SR before accepting SR 397541 (iputils).
Dominique Leuenberger (dimstar_suse)
accepted
request 391406
from
Christian Boltz (cboltz)
(revision 92)
- update to AppArmor 2.10.1 (2.10 branch r3326): - fix incorrect output of child profile names (apparmor_parser -N) which caused 'rcapparmor reload' to remove child profiles and hats (lp#1551950) - fix a crash in aa-logprof / logparser.py for change_hat log events (lp#1523297) and log events that look like file events, but aren't (lp#1540562, lp#1525119, lp#1466812) - write unix rules when saving a profile (lp#1522938, boo#954104#c3) - several fixes for variable handling in aa-logprof - map c (create) log events to w instead of a - add python to the "no Px rule" list in logprof.conf - let aa-logprof check for duplicate profiles - let aa-status work without the apparmor.fail python module (boo#971917, lp#1480492) - add permissions in several profiles (including boo#948584, boo#948753, boo#954959, boo#954958, boo#971790, boo#964971, boo#921098, boo#923201 and boo#921098#c15). - and many more fixes, see the full changelog at http://wiki.apparmor.net/index.php/ReleaseNotes_2_10_1 - drop upstream(ed) patches: - fix-initscript-aa_log_end_msg.diff - syslog-ng-profile-boo948584.diff - upstream-profile-updates-r3205-3241.diff - refresh patches: - apparmor-abstractions-no-multiline.diff - apparmor-samba-include-permissions-for-shares.diff - drop libapparmor autogen.sh call (broke the build) and remove libtool BR
Stephan Kulow (coolo)
accepted
request 337047
from
Christian Boltz (cboltz)
(revision 91)
- add syslog-ng-profile-boo948584.diff - add several permissions needed by latest syslog-ng (boo#948584, boo#948753) - add upstream-profile-updates-r3205-3241.diff with several profile updates: - add /usr/share/locale-bundle/** to abstractions/base - allow dnsmask to use /bin/sh (boo#940749) and /bin/dash - allow dovecot imap to read /run/dovecot/mounts - allow avahi-daemon to write to /run/systemd/notify - allow ntpd to read $PATH directory listings (boo#945592, boo#948752) - update dhclient profile - allow skype to read @{PROC}/@{pid}/net/dev (boo#939568) - and some other small updates - drop upstreamed apparmor-winbindd-r3213.diff (included in the upstream-profile-updates patch) (forwarded request 337046 from cboltz)
Stephan Kulow (coolo)
accepted
request 331543
from
Christian Boltz (cboltz)
(revision 90)
- netstat moved to net-tools-deprecated in Tumbleweed (boo#944904)
Displaying revisions 101 - 120 of 209