Revisions of apparmor
Dominique Leuenberger (dimstar_suse)
accepted
request 1055771
from
Goldwyn Rodrigues (goldwynr)
(revision 185)
Dominique Leuenberger (dimstar_suse)
accepted
request 1037411
from
Christian Boltz (cboltz)
(revision 184)
- update to AppArmor 3.1.2 - lots of cleanups, improvements and bugfixes in all areas - rework internal profile storage and handling in the aa-* tools - support boolean variable definitions in the aa-* tools - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.1 and https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.2 for the detailed upstream changelog - remove upstream(ed) patches: - apparmor-3.0.7-egrep.patch - dnsmasq.diff - profiles-permit-php-fpm-pid-files-directly-under-run.patch - zgrep-profile-mr870.diff - no longer ship precompiled profile cache for Tumbleweed (boo#1205659) - BuildRequire iproute2 (needed for aa-unconfined tests) (forwarded request 1037410 from cboltz)
Fabian Vogt (favogt_factory)
accepted
request 1008880
from
Christian Boltz (cboltz)
(revision 183)
- skip code linting for packaging * removes pyflakes from the build requirements and thus Ring1 * see also https://gitlab.com/apparmor/apparmor/-/issues/121 (forwarded request 998222 from bnavigator)
Dominique Leuenberger (dimstar_suse)
accepted
request 1001316
from
Christian Boltz (cboltz)
(revision 182)
- aa-decode: use grep -E instead of deprecated egrep (boo#1203092) (forwarded request 1001150 from AndreasStieger)
Dominique Leuenberger (dimstar_suse)
accepted
request 999638
from
Christian Boltz (cboltz)
(revision 181)
- update to AppArmor 3.0.7 - fix setuptools version detection in buildpath.py - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.7 for the detailed upstream changelog - add dnsmasq-cpu-possible.diff: allow reading /sys/devices/system/cpu/possible in dnsmasc//libvirt-leaseshelper profile (boo#1202849) (forwarded request 999637 from cboltz)
Dominique Leuenberger (dimstar_suse)
accepted
request 999414
from
Christian Boltz (cboltz)
(revision 180)
- add profiles-permit-php-fpm-pid-files-directly-under-run.patch https://gitlab.com/apparmor/apparmor/-/merge_requests/914 (bsc#1202344) (forwarded request 999408 from dmdiss)
Dominique Leuenberger (dimstar_suse)
accepted
request 993844
from
Christian Boltz (cboltz)
(revision 179)
- add dnsmasq.diff: missing r permissions for dnsmasq//libvirt-leaseshelper (boo#1202161) (forwarded request 993843 from cboltz)
Dominique Leuenberger (dimstar_suse)
accepted
request 992100
from
Christian Boltz (cboltz)
(revision 178)
- update to AppArmor 3.0.6 - fix LTO build in the parser - remove dbus deny rule in abstractions/exo-open - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.6 for the detailed upstream changelog - drop upstream patch dirtest-sort-mr900.diff (forwarded request 992099 from cboltz)
Richard Brown (RBrownFactory)
accepted
request 991158
from
Christian Boltz (cboltz)
(revision 177)
- update to AppArmor 3.0.5 - several additions to profiles and abstractions - bugfixes in parser and utils - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.5 for the detailed upstream changelog - remove upstream(ed) patchs: - apparmor-setuptools61-mr897.patch - dovecot-profiles-boo1199535-mr881.diff - php8-fpm-mr876.patch - python310-help-mr848.patch - samba-new-dcerpcd.patch - samba_deny_net_admin.patch - update-samba-bgqd.diff - update-usr-sbin-smbd.diff - apparmor-samba-include-permissions-for-shares.diff: remove upstreamed part - add dirtest-sort-mr900.diff to fix random test failures - change apache-extra-profile-include-if-exists.diff to the post-mv path (new quilt executes mv) - stop disabling lto (fixed upstream) (boo#1133091) - package profile-load script in -parser (forwarded request 991157 from cboltz)
Richard Brown (RBrownFactory)
accepted
request 990296
from
Christian Boltz (cboltz)
(revision 176)
- Add apparmor-setuptools61-mr897.patch https://gitlab.com/apparmor/apparmor/-/merge_requests/897 - Add buildtime dependencies on python-rpm-macros and setuptools
Dominique Leuenberger (dimstar_suse)
accepted
request 985682
from
Christian Boltz (cboltz)
(revision 175)
- update zgrep-profile-mr870.diff: allow zgrep to execute egrep and fgrep (poo#113108) (forwarded request 985681 from cboltz)
Dominique Leuenberger (dimstar_suse)
accepted
request 977392
from
Christian Boltz (cboltz)
(revision 174)
- add dovecot-profiles-boo1199535-mr881.diff: update dovecot profiles for latest dovecot (boo#1199535) (forwarded request 977391 from cboltz)
Dominique Leuenberger (dimstar_suse)
accepted
request 976602
from
Christian Boltz (cboltz)
(revision 173)
- Update samba-new-dcerpcd.patch for aarch64 which needs some additional rules; (bnc#1198309). (forwarded request 976576 from npower)
Dominique Leuenberger (dimstar_suse)
accepted
request 975636
from
Christian Boltz (cboltz)
(revision 172)
- Add python310-help-mr848.patch so that Tumbleweed can switch python3 to Python 3.10 (https://gitlab.com/apparmor/apparmor/-/merge_requests/848) (forwarded request 975634 from bnavigator)
Dominique Leuenberger (dimstar_suse)
accepted
request 974768
from
Christian Boltz (cboltz)
(revision 171)
- add php8-fpm-mr876.patch so that php8 php-fpm can read its config (boo#1186267#c11) - parser: add conflict with apparmor-utils < 3.0 to avoid aa-status file conflict on upgrade (boo#1198958) - utils: add missing dependency on apparmor-parser (boo#1198958#c4)
Dominique Leuenberger (dimstar_suse)
accepted
request 973180
from
Christian Boltz (cboltz)
(revision 170)
- Enhance zgrep-profile-mr870.diff to also allow/support zstd (boo#1198922). (forwarded request 973084 from dimstar)
Dominique Leuenberger (dimstar_suse)
accepted
request 970466
from
Christian Boltz (cboltz)
(revision 169)
- update zgrep-profile-mr870.diff to allow executing 'expr' (boo#1198531) (forwarded request 970465 from cboltz)
Dominique Leuenberger (dimstar_suse)
accepted
request 970238
from
Christian Boltz (cboltz)
(revision 168)
- Add samba-new-dcerpcd.patch, samba-4.16 has a new dcerpcd daemon which now will spawn new additional services on demand. We need to modify the existing smbd/winbind profiles and additionally add a new set of profiles to cater for the new functionality; (bnc#1198309); - Add samba_deny_net_admin.patch to add new rule to deny noisy setsockopt calls from systemd; (bnc#1196850). (forwarded request 970229 from npower)
Dominique Leuenberger (dimstar_suse)
accepted
request 968253
from
Christian Boltz (cboltz)
(revision 167)
- add profile for zgrep and xzgrep to prevent CVE-2022-1271 (zgrep-profile-mr870.diff) (forwarded request 968252 from cboltz)
Dominique Leuenberger (dimstar_suse)
accepted
request 966667
from
Christian Boltz (cboltz)
(revision 166)
- ensure precompiled cache files are newer than (text) profiles - reload profiles in %posttrans instead of %post to ensure both -profiles and -abstractons package are updated before the cache in /var/cache/apparmor/ gets built (boo#1195463 #c20) (forwarded request 966666 from cboltz)
Displaying revisions 21 - 40 of 205