Overview

File _patchinfo of Package patchinfo.4972

<patchinfo incident="4972">
  <issue id="948584" tracker="bnc">AppArmor blocks the start of syslog-ng</issue>
  <issue id="964971" tracker="bnc">smbd fails when calling setxattr to update acls in the security.NTACL namespace</issue>
  <issue id="931792" tracker="bnc">Apparmor is missing profiles and enforcement of it</issue>
  <issue id="918787" tracker="bnc">logprof fails to parse audit.log (disconnected path)</issue>
  <issue id="971790" tracker="bnc">nscd paranoia mode impossible</issue>
  <issue id="906858" tracker="bnc">VUL-1: aaa_base: LESSOPEN=lessopen.sh uses various other binaries, creates a large attack surface</issue>
  <issue id="911001" tracker="bnc">dnsmasq apparmor profile prevents libvirt default network to start</issue>
  <issue id="945592" tracker="bnc">ntpd wants to read directories in $PATH</issue>
  <issue id="923201" tracker="bnc">nmb.service failed</issue>
  <issue id="853019" tracker="bnc">systemctl restart apparmor considered harmful (was: %restart_on_update boot.apparmor + systemd wrapper considered harmful)</issue>
  <issue id="954104" tracker="bnc">no messages written to logfiles  (systemd &lt;&gt; syslog-ng interaction ?)</issue>
  <issue id="939568" tracker="bnc">skype profile denies network access</issue>
  <issue id="940749" tracker="bnc">Apparmor prevents dnsmasq from executing /bin/bash</issue>
  <issue id="917577" tracker="bnc">security:apparmor/apparmor: Bug</issue>
  <issue id="921098" tracker="bnc">winbindd 4.2.0 panics on start-up when Apparmor is enabled</issue>
  <issue id="954958" tracker="bnc">dovecot sieve vacation</issue>
  <issue id="954959" tracker="bnc">dovecot /tmp/dovecot.lda.) Permission denied</issue>
  <issue id="948753" tracker="bnc">incomplete profile for /usr/sbin/syslog-ng</issue>
  <category>recommended</category>
  <rating>moderate</rating>
  <packager>cboltz</packager>
  <description>This update to apparmor 2.9.3 fixes the following issues:

- aa-complain, aa-enforce, aa-audit: change flags of hats, not only the main profile (+ some bugfixes)
- aa-notify: also display notifications for complain mode events
- add python to the "no Px rule" list in logprof.conf
- several bugfixes in the aa-* tools (including boo#954104 and several bugs on lp)
- parser: set cache file timestamp to mtime of most recent policy file timestamp (lp#1460152)
- add permissions in several profiles (including boo#948584, boo#948753, boo#939568, boo#954959, boo#954958, boo#940749, boo#971790, boo#945592, boo#964971, boo#921098, boo#923201 and boo#921098#c15)
- systemd-rpm-macros and %systemd_requires were at the wrong place, move them to the parser package (boo#931792)
- lots of bugfixes in the parser and the aa-* tools (including boo#918787)
- update dovecot and dnsmasq profiles and several abstractions (including boo#911001)
- make sure %service_del_postun doesn't call systemctl try-restart (boo#853019, bare systemd edition)
- update samba (winbindd and nmb) profiles for samba 4.2 (boo#921098, boo#923201)
- allow lessopen.sh to run /usr/bin/unzip-plain (boo#906858)
- add Requires: python3 to python3-apparmor package - readline isn't part of python3-base (boo#917577)
</description>
  <summary>Recommended update for apparmor</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places