- add apparmor-abstractions-r2089-r2090.diff (from upstream 2.8 branch)
  - p11-kit needs access to /usr/share/p11-kit/modules
  - allow reading /etc/machine-id in the dbus-session abstraction
- add apparmor-init.py-gsoc.diff - make apparmor/__init__.py ready for
  the new tools developed in GSoC (forwarded request 198933 from cboltz)

• Files Changed
• Browse Source

- add apparmor-no-perl-smartmatch-r2088.diff: ~~ was marked as experimental
  in perl 5.18 again - use grep instead (upstream 2.8 branch r2088)
- fix ruby requires (forwarded request 196152 from cboltz)

• Files Changed
• Browse Source

- do not package directories as %config - especially not as noreplace

- add Requires: insserv to parser package (needed by initscript)

• Files Changed
• Browse Source

This time with better paperwork ;-)

- nscd profile: add missing permissions and deny capability block_suspend
  (bnc#807104, apparmor-profiles-nscd.diff)

Please also add this patch to openSUSE 12.3

The patch only adds permissions, which means it can't break anything.
Even "deny capability block_suspend" doesn't take away any permissions
(everything that is not allowed is denied by default). The deny rule
just disables the logging for capability block_suspend. (forwarded request 157429 from cboltz)

• Files Changed
• Browse Source

- Add missing files to SRPM (bnc#777471) (forwarded request 155632 from jengelh)

• Files Changed
• Browse Source

Split 12.3 from Factory

• Files Changed
• Browse Source

- update abstractions/mysql with correct paths and add MariaDB paths
  (bnc#798183) (forwarded request 148267 from cboltz)

• Files Changed
• Browse Source

- update to AppArmor 2.8.1 (=2.8 branch r2069)
  Bugfix release, http://wiki.apparmor.net/index.php/ReleaseNotes_2_8_1
  Most important changes are:
  - add various missing parts to profiles and abstractions
  - fix a possible x conflict with hats or child profiles in 
    apparmor_parser
  - fix and speedup stdin handling in aa-decode
  - various other bugfixes
  - add pkgconfig support to libapparmor
- remove upstream(ed) patches (forwarded request 147965 from cboltz)

• Files Changed
• Browse Source

- verify tarball with gpg-offline (forwarded request 144621 from cboltz)

• Files Changed
• Browse Source

- fix directory flags for /etc/apparmor.d to be in sync between
  -parser and -profiles subpackage

- remove %stop_on_removal for no longer existing aaeventd (bnc#781564)
- don't hide TeX output when building the parser and techdoc

• Files Changed
• Browse Source

- clear and update inconsistent profile cache (bnc#774529)
- fix wording in two older .changes entries (usrMove -> usrMerge)

• Files Changed
• Browse Source

- abstractions/bash: update /bin/ls to also match /usr/bin/ls (usrMove) (forwarded request 130008 from cboltz)

• Files Changed
• Browse Source

- Add required fonts for new TeXLive 2012 (forwarded request 129259 from WernerFink)

• Files Changed
• Browse Source

- update /bin/ping profile to also match /usr/bin/ping (usrMove)

Please forward this fix to 12.2 (without this patch, ping will run unprotected)

• Files Changed
• Browse Source

branched from openSUSE:Factory

• Files Changed
• Browse Source

- update to AppArmor 2.8.0 (= r2047)
  - new utility aa-easyprof - templated profile generation tool (the resulting
    profile may be less strict than profiles generated with genprof/logprof)
  - various small bugfixes
- removed upstreamed patches

• Files Changed
• Browse Source

Update AppArmor from 2.7.2 to 2.8 beta5

Details:

- add apparmor-techdoc.patch to remove traces of the build time in PDF files

- update to AppArmor 2.8 beta5 (= 2.7.103 / r2031)
  - new utility aa-exec to confine a program with the specified AppArmor profile
  - add support for mount rules
  - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_8 for full upstream
    changelog
- removed upstreamed and backported patches
- remove outdated autobuild and "disable repo" patches that were disabled since
  the AppArmor 2.7 package
- create the Immunix::SubDomain compat perl module only for openSUSE <= 12.1
  (bnc#720617 #c7)

• Files Changed
• Browse Source

- replace patch for dnsmasq profile with upstream patch (bnc#738905)

- add apparmor-r2022-log-parser-network-bnc755923.patch - logprof didn't
  create network rules because of changed log format (bnc#755923, lp#800826)
- add profile for samba winbindd (bnc#748499)

- fix dnsmasq profile (bnc#738905)

- add 0001-fix-for-lp929531.patch to allow reading 
  /sys/devices/system/cpu/online in abstractions/base (lp#929531)

• Files Changed
• Browse Source

- Update to AppArmor 2.7.2 (= 2.7 branch / r1894)
  - move various permissions from httpd2-prefork profile to
    abstractions/apache2-common. Backward-incompatible change: *.htaccess
    files are no longer allowed for ^HANDLING_UNTRUSTED_INPUT
  - allow access for more /usr/lib*/samba/ files for smbd (bnc#725967#c5)
  - allow various .conf files for dovecot (lp#458922)
  - disallow wl for *.so in @{HOME}/.pki/nssdb/ in abstractions/private-files
    and abstractions/private-files-strict (lp#911847)
  - update abstractions/kde, private-files* and ubuntu-browsers.d/user-files
    to use ~/.kde4, not only ~/.kde (bnc#741592)
  - block write access to ~/.kde{,4}/env in abstractions/private-files
    (lp#914190)
  - allow write access for personal dictionary etc. in abstractions/aspell
    (lp#917859)
  - when using genprof for a script, include read access to the script itsself
  - automatically include abstractions/python or abstractions/ruby for
    python/ruby scripts
  - add profile for smbldap-useradd and allow smbd to call it (bnc#738041)
  - allow creation of the .config directory in abstractions/enchant (lp#914184)
  - allow TFTP read-only access in dnsmasq profile (lp#905412)
  - allow capability dac_read_search for syslog-ng (bnc#731876)
  - add p11-kit abstraction and include it in abstractions/authentification
    (lp#912754, lp#912752)
  - add audacity to abstractions/ubuntu-media-players (lp#899963)
  - allow software-center, fireclam plugin, [tT]unar, exo-open, kate and
    /dev/nvidia* in abstractons/ubuntu-browsers.d/* (lp#662906, lp#562831,
    lp#890894, lp#890894, lp#884748)
  - fix typo for multiarch gconf-modules in abstractions/base (lp#904548)
  - allow avahi to do dbus introspection (lp#769148)
  - allow access to ~/.fonts.conf.d in abstractions/fonts (lp#870992)
  - allow transmission in abstractions/ubuntu-bittorrent-clients (lp#852062)
  - allow reading ~/.cups/client.conf and ~/.cups/lpoptions in
    abstractions/cups-client (lp#887992)
  - allow read access of /etc/python{2,3}.[0-7]*/sitecustomize.py in
    abstractions/python (lp#860856)
  - various updates to the sshd profile (lp#817956)
  - (and some more changes I already included in the apparmor-2.7-branch.diff)

• Files Changed
• Browse Source

- Update to AppArmor 2.7.0 (= r1858)
  - make traceroute6 work (bnc#733312)
  - allow access to pyconfig.h in abstractions/python (lp#840734)
  - fix logprof/genprof for hex-encoded program filenames (= filenames
    containing space etc.)
- add apparmor-2.7-branch.diff with some upstreamed fixes:
  - usr.sbin.smbd needs read access for /etc/netgroup (bnc#738041)
  - create /etc/apparmor.d/tunables/multiarch.d as directory, not as file
  - fix syntax error in abstractons/python

- changed a $ -> % (typo)

• Files Changed
• Browse Source