openSUSE Build Service

Dominique Leuenberger (dimstar_suse) accepted request 1055771 from

Goldwyn Rodrigues (goldwynr) over 1 year ago (revision 185)

Dominique Leuenberger (dimstar_suse) accepted request 1037411 from

Christian Boltz (cboltz) over 1 year ago (revision 184)

- update to AppArmor 3.1.2
  - lots of cleanups, improvements and bugfixes in all areas
  - rework internal profile storage and handling in the aa-* tools
  - support boolean variable definitions in the aa-* tools
  - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.1
    and https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.2
    for the detailed upstream changelog
- remove upstream(ed) patches:
  - apparmor-3.0.7-egrep.patch
  - dnsmasq.diff
  - profiles-permit-php-fpm-pid-files-directly-under-run.patch
  - zgrep-profile-mr870.diff
- no longer ship precompiled profile cache for Tumbleweed (boo#1205659)
- BuildRequire iproute2 (needed for aa-unconfined tests) (forwarded request 1037410 from cboltz)

Fabian Vogt (favogt_factory) accepted request 1008880 from

Christian Boltz (cboltz) over 1 year ago (revision 183)

- skip code linting for packaging
  * removes pyflakes from the build requirements and thus Ring1
  * see also https://gitlab.com/apparmor/apparmor/-/issues/121 (forwarded request 998222 from bnavigator)

Dominique Leuenberger (dimstar_suse) accepted request 1001316 from

Christian Boltz (cboltz) over 1 year ago (revision 182)

- aa-decode: use grep -E instead of deprecated egrep (boo#1203092) (forwarded request 1001150 from AndreasStieger)

Dominique Leuenberger (dimstar_suse) accepted request 999638 from

Christian Boltz (cboltz) over 1 year ago (revision 181)

- update to AppArmor 3.0.7
  - fix setuptools version detection in buildpath.py
  - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.7
    for the detailed upstream changelog
- add dnsmasq-cpu-possible.diff: allow reading /sys/devices/system/cpu/possible
  in dnsmasc//libvirt-leaseshelper profile (boo#1202849) (forwarded request 999637 from cboltz)

Dominique Leuenberger (dimstar_suse) accepted request 999414 from

Christian Boltz (cboltz) over 1 year ago (revision 180)

- add profiles-permit-php-fpm-pid-files-directly-under-run.patch
  https://gitlab.com/apparmor/apparmor/-/merge_requests/914 (bsc#1202344) (forwarded request 999408 from dmdiss)

Dominique Leuenberger (dimstar_suse) accepted request 993844 from

Christian Boltz (cboltz) almost 2 years ago (revision 179)

- add dnsmasq.diff: missing r permissions for dnsmasq//libvirt-leaseshelper
  (boo#1202161) (forwarded request 993843 from cboltz)

Dominique Leuenberger (dimstar_suse) accepted request 992100 from

Christian Boltz (cboltz) almost 2 years ago (revision 178)

- update to AppArmor 3.0.6
  - fix LTO build in the parser
  - remove dbus deny rule in abstractions/exo-open
  - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.6
    for the detailed upstream changelog
- drop upstream patch dirtest-sort-mr900.diff (forwarded request 992099 from cboltz)

Richard Brown (RBrownFactory) accepted request 991158 from

Christian Boltz (cboltz) almost 2 years ago (revision 177)

- update to AppArmor 3.0.5
  - several additions to profiles and abstractions
  - bugfixes in parser and utils
  - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.5
    for the detailed upstream changelog
- remove upstream(ed) patchs:
  - apparmor-setuptools61-mr897.patch
  - dovecot-profiles-boo1199535-mr881.diff
  - php8-fpm-mr876.patch
  - python310-help-mr848.patch
  - samba-new-dcerpcd.patch
  - samba_deny_net_admin.patch
  - update-samba-bgqd.diff
  - update-usr-sbin-smbd.diff
- apparmor-samba-include-permissions-for-shares.diff: remove
  upstreamed part
- add dirtest-sort-mr900.diff to fix random test failures
- change apache-extra-profile-include-if-exists.diff to the post-mv
  path (new quilt executes mv)
- stop disabling lto (fixed upstream) (boo#1133091)
- package profile-load script in -parser (forwarded request 991157 from cboltz)

Richard Brown (RBrownFactory) accepted request 990296 from

Christian Boltz (cboltz) almost 2 years ago (revision 176)

- Add apparmor-setuptools61-mr897.patch
  https://gitlab.com/apparmor/apparmor/-/merge_requests/897
- Add buildtime dependencies on python-rpm-macros and setuptools

Dominique Leuenberger (dimstar_suse) accepted request 985682 from

Christian Boltz (cboltz) almost 2 years ago (revision 175)

- update zgrep-profile-mr870.diff: allow zgrep to execute egrep and fgrep
  (poo#113108) (forwarded request 985681 from cboltz)

Dominique Leuenberger (dimstar_suse) accepted request 977392 from

Christian Boltz (cboltz) almost 2 years ago (revision 174)

- add dovecot-profiles-boo1199535-mr881.diff: update dovecot profiles
  for latest dovecot (boo#1199535) (forwarded request 977391 from cboltz)

Dominique Leuenberger (dimstar_suse) accepted request 976602 from

Christian Boltz (cboltz) almost 2 years ago (revision 173)

- Update samba-new-dcerpcd.patch for aarch64 which needs some
  additional rules; (bnc#1198309). (forwarded request 976576 from npower)

Dominique Leuenberger (dimstar_suse) accepted request 975636 from

Christian Boltz (cboltz) about 2 years ago (revision 172)

- Add python310-help-mr848.patch so that Tumbleweed can switch
  python3 to Python 3.10
  (https://gitlab.com/apparmor/apparmor/-/merge_requests/848) (forwarded request 975634 from bnavigator)

Dominique Leuenberger (dimstar_suse) accepted request 974768 from

Christian Boltz (cboltz) about 2 years ago (revision 171)

- add php8-fpm-mr876.patch so that php8 php-fpm can read its config
  (boo#1186267#c11)
- parser: add conflict with apparmor-utils < 3.0 to avoid aa-status
  file conflict on upgrade (boo#1198958)
- utils: add missing dependency on apparmor-parser (boo#1198958#c4)

Dominique Leuenberger (dimstar_suse) accepted request 973180 from

Christian Boltz (cboltz) about 2 years ago (revision 170)

- Enhance zgrep-profile-mr870.diff to also allow/support zstd
  (boo#1198922). (forwarded request 973084 from dimstar)

Dominique Leuenberger (dimstar_suse) accepted request 970466 from

Christian Boltz (cboltz) about 2 years ago (revision 169)

- update zgrep-profile-mr870.diff to allow executing 'expr' (boo#1198531) (forwarded request 970465 from cboltz)

Dominique Leuenberger (dimstar_suse) accepted request 970238 from

Christian Boltz (cboltz) about 2 years ago (revision 168)

- Add samba-new-dcerpcd.patch, samba-4.16 has a new dcerpcd daemon
  which now will spawn new additional services on demand. We need to
  modify the existing smbd/winbind profiles and additionally add a
  new set of profiles to cater for the new functionality;
  (bnc#1198309);
  

- Add samba_deny_net_admin.patch to add new rule to deny
  noisy setsockopt calls from systemd; (bnc#1196850). (forwarded request 970229 from npower)

Dominique Leuenberger (dimstar_suse) accepted request 968253 from

Christian Boltz (cboltz) about 2 years ago (revision 167)

- add profile for zgrep and xzgrep to prevent CVE-2022-1271
  (zgrep-profile-mr870.diff) (forwarded request 968252 from cboltz)

Dominique Leuenberger (dimstar_suse) accepted request 966667 from

Christian Boltz (cboltz) about 2 years ago (revision 166)

- ensure precompiled cache files are newer than (text) profiles
- reload profiles in %posttrans instead of %post to ensure both
  -profiles and -abstractons package are updated before the cache
  in /var/cache/apparmor/ gets built (boo#1195463 #c20) (forwarded request 966666 from cboltz)

Places

Revisions of apparmor

Places