openSUSE Build Service

Overview Repositories Revisions Requests Users Attributes Meta

Revisions of apparmor

Dominique Leuenberger (dimstar_suse) accepted request 845533 from

Christian Boltz (cboltz) over 3 years ago (revision 145)

TL;DR: update AppArmor to 3.0.0 + some post-release fixes

Long version:

- add utils-fix-hotkey-conflict.diff to fix a hotkey conflict in
  de, id and sv translations (and fix the test) (MR 675)
- add extra-profiles-fix-Pux.diff to fix an inactive profile -
  prevents a crash in aa-logprof and aa-genprof when creating a new
  profile (MR 676)

- update to AppArmor 3.0.0
  - introduce feature abi declaration in profiles to enable use of
    new rule types (for openSUSE: dbus and unix rules)
  - support xattr attachment conditionals
  - experimental support for kill and unconfined profile modes
  - rewritten aa-status (in C), including support for new profile modes
  - rewritten aa-notify (in python), finally dropping the perl
    requirement at runtime
  - new tool aa-features-abi for extracting feature abis from the kernel
  - update profiles to have profile names and to use 3.0 feature abi
  - introduce @{etc_ro} and @{etc_rw} profile variables
  - new profile for php-fpm
  - several updates to profiles and abstractions (including boo#1166007)
  - fully support 'include if exists' in the aa-* tools
  - rewrite handling of alias, include, link and variable rules in
    the aa-* tools
  - rewrite and simplify log handling in the aa-logprof and aa-genprof
  - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0
    for the detailed upstream changelog
- patches:
  - add changes-since-3.0.0.diff with upstream fixes since the 3.0.0
    release up to 3e18c0785abc03ee42a022a67a27a085516a7921
  - drop upstreamed usr-etc-abstractions-base-nameservice.diff
  - drop 2.13-only libapparmor-so-number.diff
  - refresh apparmor-enable-profile-cache.diff - partially upstreamed
  - update apparmor-samba-include-permissions-for-shares.diff and
    apparmor-lessopen-profile.patch - switch to "include if exists"
  - apparmor-lessopen-profile.patch: add abi rule to lessopen profile
  - refresh apparmor-lessopen-nfs-workaround.diff
- move away very loose apache profile that doesn't even match the
  apache2 binary path in openSUSE to avoid confusion (boo#872984)
- move rewritten aa-status from utils to parser subpackage
- add aa-features-abi to parser subpackage
- replace perl and libnotify-tools requires with requiring
  python3-notify2 and python3-psutil (needed by the rewritten
  aa-notify)
- drop ancient cleanup for /etc/init.d/subdomain from parser %pre
- drop (never enabled) conditionals to build with python2 and to
  build the python-apparmor subpackage (upstream dropped python2
  support)
- drop setting PYTHON and PYTHON_VERSIONS env variable, no longer needed
- set PYFLAKES path for utils check
- add precompiled_cache build conditional to allow faster local
  builds without using kvm
- remove duplicated BuildRequires: swig

libapparmor:
- update to AppArmor 3.0.0
  - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0
    for the detailed upstream changelog
- add changes-since-3.0.0.diff with upstream fixes since the 3.0.0
  release up to 3e18c0785abc03ee42a022a67a27a085516a7921
- drop 2.13-only patch libapparmor-so-number.diff

Dominique Leuenberger (dimstar_suse) accepted request 842315 from

Christian Boltz (cboltz) over 3 years ago (revision 144)

- update to AppArmor 2.13.5
  - add missing permissions to several profiles and abstractions
  - bugfixes in parser and tools
  - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_2.13.5
    for the detailed upstream changelog
- remove upstream(ed) patches
  - changes-since-2.13.4.diff
  - abstractions-X-xauth-mr582.diff
  - sevdb-caps-mr589.diff
  - libvirt-leaseshelper.patch
  - cap_checkpoint_restore.diff
- add libapparmor-so-number.diff to fix libapparmor so version (!658)

libapparmor:
- update to AppArmor 2.13.5
  - fix two potential build failures
  - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_2.13.5
    for the detailed upstream changelog
- add libapparmor-so-number.diff to fix libapparmor so version (!658) (forwarded request 842314 from cboltz)

Dominique Leuenberger (dimstar_suse) accepted request 841767 from

Christian Boltz (cboltz) over 3 years ago (revision 143)

- add CAP_CHECKPOINT_RESTORE to severity.db (MR 656,
  cap_checkpoint_restore.diff)

- %service_del_postun_without_restart only works for Tumbleweed,
  keep using DISABLE_RESTART_ON_UPDATE for Leap 15.x

Dominique Leuenberger (dimstar_suse) accepted request 838608 from

Christian Boltz (cboltz) over 3 years ago (revision 142)

- Make use of %service_del_postun_without_restart
  And stop using DISABLE_RESTART_ON_UPDATE as this interface is
  obsolete. (forwarded request 835136 from fbui)

Dominique Leuenberger (dimstar_suse) accepted request 832593 from

Christian Boltz (cboltz) over 3 years ago (revision 141)

This needs to go upstream but hoping someone here more familiar with
apparmor and its dev processes can do that. If not please let me know
and I can give it a stab.

- libvirt-leaseshelper.patch: add /usr/libexec as a path to the
  libvirt leaseshelper script (jsc#SLE-14253) (forwarded request 831960 from jfehlig)

Dominique Leuenberger (dimstar_suse) accepted request 824913 from

Christian Boltz (cboltz) over 3 years ago (revision 140)

- sevdb-caps-mr589.diff: add new capabilities CAP_BPF and CAP_PERFMON
  to severity.db (lp#1890547) (forwarded request 824912 from cboltz)

Dominique Leuenberger (dimstar_suse) accepted request 821972 from

Christian Boltz (cboltz) almost 4 years ago (revision 139)

- add abstractions-X-xauth-mr582.diff to allow reading the xauth file
  from its new sddm location (boo#1174290, boo#1174293) (forwarded request 821970 from cboltz)

Dominique Leuenberger (dimstar_suse) accepted request 807999 from

Christian Boltz (cboltz) almost 4 years ago (revision 138)

- add changes-since-2.13.4.diff with upstream changes and fixes
  since 2.13.4 up to 5f61bd4c:
  - add several abstractions related to xdg-open:
    dbus-network-manager-strict, exo-open, gio-open, gvfs-open,
    kde-open5, xdg-open
  - introduce @{run} variable
  - update dnsmasq and winbindd profile
  - update mdns, mesa and nameservice abstraction
  - some bugfixes in the aa-* tools, including a remote bugfix in the
    YaST AppArmor module (boo#1171315)
- drop upstream(ed) patches (now part of changes-since-2.13.4.diff):
  - make-4.3-capabilities.diff
  - make-4.3-capabilities-vim.diff
  - make-4.3-fix-utils-network-test.diff
  - make-4.3-network.diff
  - abstractions-add-etc-mdns.allow-to-etc-apparmor.d-abstractions-mdns.patch
- apply usr-etc-abstractions-base-nameservice.diff only for
  Tumbleweed, but not for Leap 15.x where it's not needed
- refresh usr-etc-abstractions-base-nameservice.diff (forwarded request 807998 from cboltz)

Dominique Leuenberger (dimstar_suse) accepted request 792970 from

Christian Boltz (cboltz) about 4 years ago (revision 137)

bsc1168306 - Add /etc/mdns.allow (forwarded request 792967 from goldwynr)

Dominique Leuenberger (dimstar_suse) accepted request 789398 from

Christian Boltz (cboltz) about 4 years ago (revision 136)

- fix build with make 4.3 by backporting some commits from upstream
  master (boo#1167953):
  - make-4.3-capabilities.diff
  - make-4.3-capabilities-vim.diff
  - make-4.3-network.diff
  - make-4.3-fix-utils-network-test.diff

Also fix a wrong patch filename in the previous .changes entry.
The correct message about the refreshed patch is:
- refresh usr-etc-abstractions-base-nameservice.diff (forwarded request 789397 from cboltz)

Dominique Leuenberger (dimstar_suse) accepted request 784421 from

Christian Boltz (cboltz) about 4 years ago (revision 135)

- update to AppArmor 2.13.4
  - several abstraction updates (including boo#1153162)
  - disallow writing to fontconfig cache in abstractions/fonts
  - some bugfixes in the aa-* tools
  - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_2.13.4
    for the detailed upstream changelog
- drop upstreamed patches:
  - abstractions-ssl-certbot-paths.diff
  - apparmor-krb5-conf-d.diff
  - libapparmor-python3.8.diff
  - usr-etc-abstractions-authentification.diff
- refresh usr-etc-abstractions-authentification.diff

libapparmor:
- update to AppArmor 2.13.4
  - fix log parsing for logs with an embedded newline
  - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_2.13.4
    for the detailed upstream changelog

Dominique Leuenberger (dimstar_suse) accepted request 767253 from

Christian Boltz (cboltz) over 4 years ago (revision 134)

- add usr-etc-abstractions-base-nameservice.diff to adjust
  abstractions/base and nameservice for /usr/etc/ (boo#1161756) (forwarded request 767252 from cboltz)

Dominique Leuenberger (dimstar_suse) accepted request 749291 from

Christian Boltz (cboltz) over 4 years ago (revision 133)

- Properly pull in full python3 interpreter (forwarded request 749270 from scarabeus_iv)

Dominique Leuenberger (dimstar_suse) accepted request 746670 from

Christian Boltz (cboltz) over 4 years ago (revision 132)

- add libapparmor-python3.8.diff to fix building the libapparmor python
  bindings (deb#943657)

Note: the build with python 3.8 will still fail because of boo#1155839 - but at least we get a different build failure now ;-)

Dominique Leuenberger (dimstar_suse) accepted request 735945 from

Christian Boltz (cboltz) over 4 years ago (revision 131)

- add usr-etc-abstractions-authentification.diff to allow reading
  /usr/etc/pam.d/* and some other authentification-related files (boo#1153162) (forwarded request 735944 from cboltz)

Dominique Leuenberger (dimstar_suse) accepted request 733858 from

Christian Boltz (cboltz) over 4 years ago (revision 130)

- add abstractions-ssl-certbot-paths.diff - add certbot paths to
  abstractions/ssl_certs and abstractions/ssl_keys

- add apparmor-krb5-conf-d.diff for kerberos client

Dominique Leuenberger (dimstar_suse) accepted request 710683 from

Christian Boltz (cboltz) almost 5 years ago (revision 129)

- update to 2.13.3
  - profile updates for dnsmasq, dovecot, identd, syslog-ng
  - new "lsb_release" profile (only used when using "Px -> lsb_release")
  - fix buggy syntax in tunables/share
  - several abstraction updates
  - parser: fix "Px -> foo-bar" (the "-" was rejected before)
  - several bugfixes in aa-genprof and aa-logprof
  - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13.3
    for the detailed upstream changelog
- drop upstream(ed) patches:
  - apparmor-nameservice-resolv-conf-link.patch
  - profile_filename_cornercase.diff
  - dnsmasq-libvirtd.diff
  - dnsmasq-revert-alternation.diff
  - usrmerge-fixes.diff
  - libapparmor-swig-4.diff
- re-number remaining patches

libapparmor:
- update to AppArmor 2.13.1
  - some fixes in cache handling
  - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13.3
    for the detailed upstream changelog

Dominique Leuenberger (dimstar_suse) accepted request 707833 from

Christian Boltz (cboltz) almost 5 years ago (revision 128)

- add upstream libapparmor-swig-4.diff: fix libapparmor tests with swig
  4.0 (boo#1135751) (forwarded request 707832 from cboltz)

Dominique Leuenberger (dimstar_suse) accepted request 697782 from

Christian Boltz (cboltz) about 5 years ago (revision 127)

- Disable LTO (boo#1133091). (forwarded request 697748 from marxin)

Dominique Leuenberger (dimstar_suse) accepted request 694060 from

Christian Boltz (cboltz) about 5 years ago (revision 126)

- update lessopen.sh profile for usrMerge (bash and tar) (boo#1132350) (forwarded request 694059 from cboltz)

Displaying revisions 61 - 80 of 205

Places

Revisions of apparmor

Places