Revisions of apparmor
Dominique Leuenberger (dimstar_suse)
accepted
request 845533
from
Christian Boltz (cboltz)
(revision 145)
TL;DR: update AppArmor to 3.0.0 + some post-release fixes Long version: - add utils-fix-hotkey-conflict.diff to fix a hotkey conflict in de, id and sv translations (and fix the test) (MR 675) - add extra-profiles-fix-Pux.diff to fix an inactive profile - prevents a crash in aa-logprof and aa-genprof when creating a new profile (MR 676) - update to AppArmor 3.0.0 - introduce feature abi declaration in profiles to enable use of new rule types (for openSUSE: dbus and unix rules) - support xattr attachment conditionals - experimental support for kill and unconfined profile modes - rewritten aa-status (in C), including support for new profile modes - rewritten aa-notify (in python), finally dropping the perl requirement at runtime - new tool aa-features-abi for extracting feature abis from the kernel - update profiles to have profile names and to use 3.0 feature abi - introduce @{etc_ro} and @{etc_rw} profile variables - new profile for php-fpm - several updates to profiles and abstractions (including boo#1166007) - fully support 'include if exists' in the aa-* tools - rewrite handling of alias, include, link and variable rules in the aa-* tools - rewrite and simplify log handling in the aa-logprof and aa-genprof - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0 for the detailed upstream changelog - patches: - add changes-since-3.0.0.diff with upstream fixes since the 3.0.0 release up to 3e18c0785abc03ee42a022a67a27a085516a7921 - drop upstreamed usr-etc-abstractions-base-nameservice.diff - drop 2.13-only libapparmor-so-number.diff - refresh apparmor-enable-profile-cache.diff - partially upstreamed - update apparmor-samba-include-permissions-for-shares.diff and apparmor-lessopen-profile.patch - switch to "include if exists" - apparmor-lessopen-profile.patch: add abi rule to lessopen profile - refresh apparmor-lessopen-nfs-workaround.diff - move away very loose apache profile that doesn't even match the apache2 binary path in openSUSE to avoid confusion (boo#872984) - move rewritten aa-status from utils to parser subpackage - add aa-features-abi to parser subpackage - replace perl and libnotify-tools requires with requiring python3-notify2 and python3-psutil (needed by the rewritten aa-notify) - drop ancient cleanup for /etc/init.d/subdomain from parser %pre - drop (never enabled) conditionals to build with python2 and to build the python-apparmor subpackage (upstream dropped python2 support) - drop setting PYTHON and PYTHON_VERSIONS env variable, no longer needed - set PYFLAKES path for utils check - add precompiled_cache build conditional to allow faster local builds without using kvm - remove duplicated BuildRequires: swig libapparmor: - update to AppArmor 3.0.0 - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0 for the detailed upstream changelog - add changes-since-3.0.0.diff with upstream fixes since the 3.0.0 release up to 3e18c0785abc03ee42a022a67a27a085516a7921 - drop 2.13-only patch libapparmor-so-number.diff
Dominique Leuenberger (dimstar_suse)
accepted
request 842315
from
Christian Boltz (cboltz)
(revision 144)
- update to AppArmor 2.13.5 - add missing permissions to several profiles and abstractions - bugfixes in parser and tools - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_2.13.5 for the detailed upstream changelog - remove upstream(ed) patches - changes-since-2.13.4.diff - abstractions-X-xauth-mr582.diff - sevdb-caps-mr589.diff - libvirt-leaseshelper.patch - cap_checkpoint_restore.diff - add libapparmor-so-number.diff to fix libapparmor so version (!658) libapparmor: - update to AppArmor 2.13.5 - fix two potential build failures - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_2.13.5 for the detailed upstream changelog - add libapparmor-so-number.diff to fix libapparmor so version (!658) (forwarded request 842314 from cboltz)
Dominique Leuenberger (dimstar_suse)
accepted
request 841767
from
Christian Boltz (cboltz)
(revision 143)
- add CAP_CHECKPOINT_RESTORE to severity.db (MR 656, cap_checkpoint_restore.diff) - %service_del_postun_without_restart only works for Tumbleweed, keep using DISABLE_RESTART_ON_UPDATE for Leap 15.x
Dominique Leuenberger (dimstar_suse)
accepted
request 838608
from
Christian Boltz (cboltz)
(revision 142)
- Make use of %service_del_postun_without_restart And stop using DISABLE_RESTART_ON_UPDATE as this interface is obsolete. (forwarded request 835136 from fbui)
Dominique Leuenberger (dimstar_suse)
accepted
request 832593
from
Christian Boltz (cboltz)
(revision 141)
This needs to go upstream but hoping someone here more familiar with apparmor and its dev processes can do that. If not please let me know and I can give it a stab. - libvirt-leaseshelper.patch: add /usr/libexec as a path to the libvirt leaseshelper script (jsc#SLE-14253) (forwarded request 831960 from jfehlig)
Dominique Leuenberger (dimstar_suse)
accepted
request 824913
from
Christian Boltz (cboltz)
(revision 140)
- sevdb-caps-mr589.diff: add new capabilities CAP_BPF and CAP_PERFMON to severity.db (lp#1890547) (forwarded request 824912 from cboltz)
Dominique Leuenberger (dimstar_suse)
accepted
request 821972
from
Christian Boltz (cboltz)
(revision 139)
- add abstractions-X-xauth-mr582.diff to allow reading the xauth file from its new sddm location (boo#1174290, boo#1174293) (forwarded request 821970 from cboltz)
Dominique Leuenberger (dimstar_suse)
accepted
request 807999
from
Christian Boltz (cboltz)
(revision 138)
- add changes-since-2.13.4.diff with upstream changes and fixes since 2.13.4 up to 5f61bd4c: - add several abstractions related to xdg-open: dbus-network-manager-strict, exo-open, gio-open, gvfs-open, kde-open5, xdg-open - introduce @{run} variable - update dnsmasq and winbindd profile - update mdns, mesa and nameservice abstraction - some bugfixes in the aa-* tools, including a remote bugfix in the YaST AppArmor module (boo#1171315) - drop upstream(ed) patches (now part of changes-since-2.13.4.diff): - make-4.3-capabilities.diff - make-4.3-capabilities-vim.diff - make-4.3-fix-utils-network-test.diff - make-4.3-network.diff - abstractions-add-etc-mdns.allow-to-etc-apparmor.d-abstractions-mdns.patch - apply usr-etc-abstractions-base-nameservice.diff only for Tumbleweed, but not for Leap 15.x where it's not needed - refresh usr-etc-abstractions-base-nameservice.diff (forwarded request 807998 from cboltz)
Dominique Leuenberger (dimstar_suse)
accepted
request 792970
from
Christian Boltz (cboltz)
(revision 137)
bsc1168306 - Add /etc/mdns.allow (forwarded request 792967 from goldwynr)
Dominique Leuenberger (dimstar_suse)
accepted
request 789398
from
Christian Boltz (cboltz)
(revision 136)
- fix build with make 4.3 by backporting some commits from upstream master (boo#1167953): - make-4.3-capabilities.diff - make-4.3-capabilities-vim.diff - make-4.3-network.diff - make-4.3-fix-utils-network-test.diff Also fix a wrong patch filename in the previous .changes entry. The correct message about the refreshed patch is: - refresh usr-etc-abstractions-base-nameservice.diff (forwarded request 789397 from cboltz)
Dominique Leuenberger (dimstar_suse)
accepted
request 784421
from
Christian Boltz (cboltz)
(revision 135)
- update to AppArmor 2.13.4 - several abstraction updates (including boo#1153162) - disallow writing to fontconfig cache in abstractions/fonts - some bugfixes in the aa-* tools - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_2.13.4 for the detailed upstream changelog - drop upstreamed patches: - abstractions-ssl-certbot-paths.diff - apparmor-krb5-conf-d.diff - libapparmor-python3.8.diff - usr-etc-abstractions-authentification.diff - refresh usr-etc-abstractions-authentification.diff libapparmor: - update to AppArmor 2.13.4 - fix log parsing for logs with an embedded newline - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_2.13.4 for the detailed upstream changelog
Dominique Leuenberger (dimstar_suse)
accepted
request 767253
from
Christian Boltz (cboltz)
(revision 134)
- add usr-etc-abstractions-base-nameservice.diff to adjust abstractions/base and nameservice for /usr/etc/ (boo#1161756) (forwarded request 767252 from cboltz)
Dominique Leuenberger (dimstar_suse)
accepted
request 749291
from
Christian Boltz (cboltz)
(revision 133)
- Properly pull in full python3 interpreter (forwarded request 749270 from scarabeus_iv)
Dominique Leuenberger (dimstar_suse)
accepted
request 746670
from
Christian Boltz (cboltz)
(revision 132)
- add libapparmor-python3.8.diff to fix building the libapparmor python bindings (deb#943657) Note: the build with python 3.8 will still fail because of boo#1155839 - but at least we get a different build failure now ;-)
Dominique Leuenberger (dimstar_suse)
accepted
request 735945
from
Christian Boltz (cboltz)
(revision 131)
- add usr-etc-abstractions-authentification.diff to allow reading /usr/etc/pam.d/* and some other authentification-related files (boo#1153162) (forwarded request 735944 from cboltz)
Dominique Leuenberger (dimstar_suse)
accepted
request 733858
from
Christian Boltz (cboltz)
(revision 130)
- add abstractions-ssl-certbot-paths.diff - add certbot paths to abstractions/ssl_certs and abstractions/ssl_keys - add apparmor-krb5-conf-d.diff for kerberos client
Dominique Leuenberger (dimstar_suse)
accepted
request 710683
from
Christian Boltz (cboltz)
(revision 129)
- update to 2.13.3 - profile updates for dnsmasq, dovecot, identd, syslog-ng - new "lsb_release" profile (only used when using "Px -> lsb_release") - fix buggy syntax in tunables/share - several abstraction updates - parser: fix "Px -> foo-bar" (the "-" was rejected before) - several bugfixes in aa-genprof and aa-logprof - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13.3 for the detailed upstream changelog - drop upstream(ed) patches: - apparmor-nameservice-resolv-conf-link.patch - profile_filename_cornercase.diff - dnsmasq-libvirtd.diff - dnsmasq-revert-alternation.diff - usrmerge-fixes.diff - libapparmor-swig-4.diff - re-number remaining patches libapparmor: - update to AppArmor 2.13.1 - some fixes in cache handling - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13.3 for the detailed upstream changelog
Dominique Leuenberger (dimstar_suse)
accepted
request 707833
from
Christian Boltz (cboltz)
(revision 128)
- add upstream libapparmor-swig-4.diff: fix libapparmor tests with swig 4.0 (boo#1135751) (forwarded request 707832 from cboltz)
Dominique Leuenberger (dimstar_suse)
accepted
request 697782
from
Christian Boltz (cboltz)
(revision 127)
- Disable LTO (boo#1133091). (forwarded request 697748 from marxin)
Dominique Leuenberger (dimstar_suse)
accepted
request 694060
from
Christian Boltz (cboltz)
(revision 126)
- update lessopen.sh profile for usrMerge (bash and tar) (boo#1132350) (forwarded request 694059 from cboltz)
Displaying revisions 61 - 80 of 205