Dominique Leuenberger (dimstar_suse) accepted request 970238 from Christian Boltz (cboltz) about 2 years ago (revision 168)

- Add samba-new-dcerpcd.patch, samba-4.16 has a new dcerpcd daemon
  which now will spawn new additional services on demand. We need to
  modify the existing smbd/winbind profiles and additionally add a
  new set of profiles to cater for the new functionality;
  (bnc#1198309);
  

- Add samba_deny_net_admin.patch to add new rule to deny
  noisy setsockopt calls from systemd; (bnc#1196850). (forwarded request 970229 from npower)

• Files Changed
• Browse Source

Dominique Leuenberger (dimstar_suse) accepted request 968253 from Christian Boltz (cboltz) about 2 years ago (revision 167)

- add profile for zgrep and xzgrep to prevent CVE-2022-1271
  (zgrep-profile-mr870.diff) (forwarded request 968252 from cboltz)

• Files Changed
• Browse Source

Dominique Leuenberger (dimstar_suse) accepted request 966667 from Christian Boltz (cboltz) about 2 years ago (revision 166)

- ensure precompiled cache files are newer than (text) profiles
- reload profiles in %posttrans instead of %post to ensure both
  -profiles and -abstractons package are updated before the cache
  in /var/cache/apparmor/ gets built (boo#1195463 #c20) (forwarded request 966666 from cboltz)

• Files Changed
• Browse Source

Dominique Leuenberger (dimstar_suse) accepted request 964948 from Christian Boltz (cboltz) about 2 years ago (revision 165)

- Add update-samba-bgqd.diff to add new rule to fix 'DENIED' open on
  /proc/{pid}/fd for samba-bgqd (bnc#1196850).
- Add update-usr-sbin-smbd.diff to add new rule to allow reading of
  openssl.cnf (bnc#1195463).

• Files Changed
• Browse Source

Dominique Leuenberger (dimstar_suse) accepted request 953284 from Christian Boltz (cboltz) over 2 years ago (revision 164)

- update to AppArmor 3.0.4
  - various fixes in profiles, abstractions, apparmor_parser and utils
    (some of them were already included as patches)
  - add support for mctp address family
  - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.4
    for the full upstream changelog
- remove upstream(ed) patches:
  - aa-notify-more-arch-mr809.diff
  - ruby-3.1-build-fix.diff
  - add-samba-bgqd.diff
  - openssl-engdef-mr818.diff
  - profiles-python-3.10-mr783.diff
  - update-samba-abstractions-ldb2.diff
- refresh patches:
  - apparmor-samba-include-permissions-for-shares.diff
  - ruby-2_0-mkmf-destdir.patch

AppArmor 3.0.4 also includes a fix for the issue with 'mctp' found via
https://build.opensuse.org/request/show/951354
so you might want to pick this SR into Staging:O (forwarded request 953283 from cboltz)

• Files Changed
• Browse Source

Dominique Leuenberger (dimstar_suse) accepted request 949320 from Christian Boltz (cboltz) over 2 years ago (revision 163)

- add ruby-3.1-build-fix.diff: fix build with ruby 3.1 (boo#1194221,
  MR 827) (forwarded request 949319 from cboltz)

• Files Changed
• Browse Source

Dominique Leuenberger (dimstar_suse) accepted request 947042 from Christian Boltz (cboltz) over 2 years ago (revision 162)

- add update-samba-abstractions-ldb2.diff: Cater for changes to ldb
  packaging to allow parallel installation with libldb;
  (bsc#1192684). (forwarded request 947009 from scabrero)

• Files Changed
• Browse Source

Dominique Leuenberger (dimstar_suse) accepted request 941697 from Christian Boltz (cboltz) over 2 years ago (revision 161)

-  Modify add-samba-bgqd.diff: Add new rule to fix new "DENIED
   operation="file_mmap" violation in SLE15-SP4; (bsc#1192336).

• Files Changed
• Browse Source

Dominique Leuenberger (dimstar_suse) accepted request 941547 from Christian Boltz (cboltz) over 2 years ago (revision 160)

- add openssl-engdef-mr818.diff: Allow reading /etc/ssl/engdef.d/ and
  /etc/ssl/engines.d/ in abstractions/openssl which were introduced
  with the latest openssl update

NOTE: Without this patch, dovecot is spamming the audit.log with denials. Please accept ASAP.

• Files Changed
• Browse Source

Dominique Leuenberger (dimstar_suse) accepted request 930527 from Christian Boltz (cboltz) over 2 years ago (revision 159)

- add aa-notify-more-arch-mr809.diff: Add support for reading s390x
  and aarch64 wtmp files (boo#1181155) (forwarded request 930526 from cboltz)

• Files Changed
• Browse Source

Dominique Leuenberger (dimstar_suse) accepted request 925557 from Christian Boltz (cboltz) over 2 years ago (revision 158)

- add add-samba-bgqd.diff: add profile for samba-bgqd (boo#1191532)

• Files Changed
• Browse Source

Dominique Leuenberger (dimstar_suse) accepted request 920054 from Christian Boltz (cboltz) over 2 years ago (revision 157)

- lessopen.sh profile: allow reading files that live on NFS over UDP
  (added to apparmor-lessopen-nfs-workaround.diff) (boo#1190552) (forwarded request 920053 from cboltz)

• Files Changed
• Browse Source

Richard Brown (RBrownSUSE) accepted request 911600 from Christian Boltz (cboltz) almost 3 years ago (revision 156)

- add profiles-python-3.10-mr783.diff: update abstractions/python and
  profiles for python 3.10 (forwarded request 911594 from cboltz)

• Files Changed
• Browse Source

Richard Brown (RBrownSUSE) accepted request 910591 from Christian Boltz (cboltz) almost 3 years ago (revision 155)

- update to AppArmor 3.0.3
  - fix a failure in the parser tests
  - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.3
    for the detailed upstream changelog

- update to AppArmor 3.0.2
  - add missing permissions to several profiles and abstractions
    (including boo#1188296)
  - bugfixes in utils and parser (including boo#1180766 and boo#1184779)
  - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.2
    for the detailed upstream changelog
- remove upstreamed patches:
  - apparmor-dovecot-stats-metrics.diff
  - abstractions-php8.diff
  - crypto-policies-mr720.diff (forwarded request 910590 from cboltz)

• Files Changed
• Browse Source

Dominique Leuenberger (dimstar_suse) accepted request 907196 from Christian Boltz (cboltz) almost 3 years ago (revision 154)

- added apparmor-dovecot-stats-metrics.diff to allow Prometheus metrics end-point

• Files Changed
• Browse Source

Dominique Leuenberger (dimstar_suse) accepted request 898187 from Christian Boltz (cboltz) almost 3 years ago (revision 153)

- move Requires: python3 back to the python3-apparmor subpackage -
  readline usage is in the python modules, not in apparmor-utils

- Remove python symbols (python means currently python2), work
  only with python3 ones (fallout from bsc#1185588).

• Files Changed
• Browse Source

Dominique Leuenberger (dimstar_suse) accepted request 894865 from Christian Boltz (cboltz) about 3 years ago (revision 152)

- add abstractions-php8.diff to support PHP8 in abstractions/php (boo#1186267) (forwarded request 894864 from cboltz)

• Files Changed
• Browse Source

Dominique Leuenberger (dimstar_suse) accepted request 888863 from Christian Boltz (cboltz) about 3 years ago (revision 151)

- add crypto-policies-mr720.diff to allow reading crypto policies
  in abstractions/ssl_certs (boo#1183597)

- replace %{?systemd_requires} with %{?systemd_ordering} to avoid dragging in
  systemd into containers just because apparmor-parser ships a *.service file (forwarded request 888862 from cboltz)

• Files Changed
• Browse Source

Richard Brown (RBrownSUSE) accepted request 874417 from Christian Boltz (cboltz) about 3 years ago (revision 150)

- avoid file listed twice error (forwarded request 874370 from lnussel)

• Files Changed
• Browse Source

Dominique Leuenberger (dimstar_suse) accepted request 871277 from Christian Boltz (cboltz) over 3 years ago (revision 149)

- merge libapparmor.changes into apparmor.changes (forwarded request 871276 from cboltz)

• Files Changed
• Browse Source