Overview Repositories Revisions Requests Users Attributes Meta

Revisions of apparmor

Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 682454 from Christian Boltz's avatar Christian Boltz (cboltz) (revision 125) 
- add usrmerge-fixes.diff: fix test failures when /bin/sh is handled by
  update-alternatives (boo#1127877) (forwarded request 682453 from cboltz)
Stephan Kulow's avatar Stephan Kulow (coolo) accepted request 679945 from Christian Boltz's avatar Christian Boltz (cboltz) (revision 124) 
- add dnsmasq-revert-alternation.diff: revert path alternation in
  dnsmasq profile and re-add peer=/usr/sbin/libvirtd rules to avoid
  breaking libvirtd (boo#1127073)
Stephan Kulow's avatar Stephan Kulow (coolo) accepted request 668473 from Christian Boltz's avatar Christian Boltz (cboltz) (revision 123) 
IMPORTANT: the dnsmasq profile update is needed by the updated libvirtd profile in SR 668191, so please include this SR in Staging:H.



- add dnsmasq-libvirtd.diff: allow peer=libvirtd in the dnsmasq profile
  to match the newly added libvirtd profile name (boo#1118952#c3)

- Use %license instead of %doc [bsc#1082318]
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 663646 from Christian Boltz's avatar Christian Boltz (cboltz) (revision 122) 
- add apparmor-lessopen-nfs-workaround.diff: allow network access in
  lessopen.sh for reading files on NFS (workaround for boo#1119937 /
  lp#1784499) (forwarded request 663645 from cboltz)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 662542 from Christian Boltz's avatar Christian Boltz (cboltz) (revision 121) 
- add profile_filename_cornercase.diff: drop check that lets aa-logprof
  error out in a corner-case (log event for a non-existing profile while
  a profile file with the default filename for that non-existing profile
  exists) (boo#1120472) (forwarded request 662541 from cboltz)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 660711 from Christian Boltz's avatar Christian Boltz (cboltz) (revision 120) 
Note: please accept before SR 660554 - or put this SR into Staging:F and accept them together.


- netconfig: write resolv.conf to /run with link to /etc (fate#325872,
  boo#1097370) [patch apparmor-nameservice-resolv-conf-link.patch]

- update to AppArmor 2.13.2
  - add profile names to most profiles
  - update dnsmasq profile (pid file and logfile path) (boo#1111342)
  - add vulkan abstraction
  - add letsencrypt certificate path to abstractions/ssl_*
  - ignore *.orig and *.rej files when loading profiles
  - fix aa-complain etc. to handle named profiles
  - several bugfixes and small profile improvements
  - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13.2
    for the detailed upstream changelog
- remove upstreamed fix-syntax-error-in-rc.apparmor.functions.patch

- update to 2.13.1
  - add qt5 and qt5-compose-cache-write abstractions
  - add @{uid} and @{uids} kernel var placeholders
  - several profile and abstraction updates
  - ignore "abi" rules in parser and tools (instead of erroring out)
  - utils: fix overwriting of child profile flags if they differ from
    the main profile
  - several bugfixes (including boo#1100779)
  - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13.1
    for the detailed upstream changelog
- remove upstream(ed) patches:
  - aa-teardown-path.diff
  - fix-apparmor-systemd-perms.diff
  - logprof-skip-cache-d.diff
  - fix-samba-profiles.patch
  - make-pyflakes-happy.diff
  - dnsmasq-Add-permission-to-open-log-files.patch
- refresh apparmor-samba-include-permissions-for-shares.diff
- add fix-syntax-error-in-rc.apparmor.functions.patch

- update to AppArmor 2.13.2
  - no changes in libapparmor
  - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13.2
    for the detailed upstream changelog

- update to AppArmor 2.13.1
  - several bug fixes
  - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13.1
    for the detailed upstream changelog
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 641133 from Christian Boltz's avatar Christian Boltz (cboltz) (revision 119) 
- update rpmlintrc:
  - whitelist .features file which is part of the pre-compiled cache
  - comment out filters for the disabled tomcat_apparmor subpackage

- Backport dnsmasq fix:
  025c7dc6 - dnsmasq-Add-permission-to-open-log-files.patch
  (boo#1111342)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 630976 from Christian Boltz's avatar Christian Boltz (cboltz) (revision 118) 
- add make-pyflakes-happy.diff to fix an unused variable (SR 629206)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 605723 from Christian Boltz's avatar Christian Boltz (cboltz) (revision 117) 
- add fix-samba-profiles.patch - smbd loads new shared libraries.
  Allow winbindd to access new kerberos credential cache location
  (boo#1092099) (forwarded request 605463 from scabrero)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 602408 from Christian Boltz's avatar Christian Boltz (cboltz) (revision 116) 
- exclude the /etc/apparmor.d/cache.d/ directory from aa-logprof parsing
  (logprof-skip-cache-d.diff) (forwarded request 602407 from cboltz)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 600115 from Christian Boltz's avatar Christian Boltz (cboltz) (revision 115) 
- add fix-apparmor-systemd-perms.diff:
  fix permissions of /lib/apparmor/apparmor.systemd (boo#1090545) (forwarded request 600114 from cboltz)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 598829 from Christian Boltz's avatar Christian Boltz (cboltz) (revision 114) 
- create and package precompiled cache (/usr/share/apparmor/cache,
  read-only) (boo#1069906, boo#1074429)
- change (writeable) cache directory to /var/cache/apparmor/ - with the
  new btrfs layout, the only reason for using /var/lib/apparmor/cache/
  (which was "it's part of the / subvolume") is gone, and /var/cache
  makes more sense for the cache
- adjust parser.conf (via apparmor-enable-profile-cache.diff) to use both
  cache locations
- clear cache also in %post of abstractions package
--------------------------------------------------------------------
- update to AppArmor 2.13
  - add support for multiple cache directories and cache overlays
    (boo#1069906, boo#1074429)
  - add support for conditional includes in policy
  - remove group restrictions from aa-notify (boo#1058787)
  - aa-complain etc.: set flags for profiles represented by a glob
  - aa-status: split profile from exec name
  - several profile and abstraction updates
  - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13
    for the detailed upstream changelog
- drop upstreamed patches and files:
  - aa-teardown
  - apparmor.service
  - apparmor.systemd
  - 32-bit-no-uid.diff
  - disable-cache-on-ro-fs.diff
  - dovecot-stats.diff
  - parser-write-cache-warn-only.diff
  - set-flags-for-profiles-represented-by-glob.patch
  - fix-regression-in-set-flags.patch
- drop spec code that handled installing aa-teardown, apparmor.service
  and apparmor.systemd (now part of upstream Makefile)
- simplify "make -C profiles parser-check" call (upstream Makefile bug
  that required to call "cd" was fixed)
- add aa-teardown-path.diff - install aa-teardown in /usr/sbin/
- move 'exec' symlink to parser package (belongs to aa-exec)
--------------------------------------------------------------------
- Set flags for profiles represented by glob (bsc#1086154)
   set-flags-for-profiles-represented-by-glob.patch
   fix-regression-in-set-flags.patch


libapparmor
- update to AppArmor 2.13
  - add support for multiple cache directories and cache overlays
    (boo#1069906, boo#1074429)
  - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13
    for the detailed upstream changelog
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 595790 from Christian Boltz's avatar Christian Boltz (cboltz) (revision 113) 
- add dovecot-stats.diff:
  - add dovecot/stats profile and allow dovecot to run it (boo#1088161)
  - allow dovecot/auth to write /run/dovecot/old-stats-user (part of boo#1087753)
- update 32-bit-no-uid.diff with upstream fix (forwarded request 595789 from cboltz)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 582183 from Christian Boltz's avatar Christian Boltz (cboltz) (revision 112) 
boo#1082956 (forwarded request 581986 from goldwynr)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 566495 from Christian Boltz's avatar Christian Boltz (cboltz) (revision 111) 
- add disable-cache-on-ro-fs.diff - disable write cache if filesystem is
  read-only and don't bail out (bsc#1069906, bsc#1074429)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 561675 from Christian Boltz's avatar Christian Boltz (cboltz) (revision 110) 
- add parser-write-cache-warn-only.diff to make cache write failures a
  warning instead of an error (boo#1069906, boo#1074429)
- reduce dependeny on libnotify-tools (used by aa-notify -p) to "Suggests"
  to avoid pulling in several Gnome packages on servers (boo#1067477) (forwarded request 561674 from cboltz)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 560031 from Christian Boltz's avatar Christian Boltz (cboltz) (revision 109) 
- add 32-bit-no-uid.diff to fix handling of log events without ouid on
  32 bit systems (forwarded request 560030 from cboltz)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 547738 from Christian Boltz's avatar Christian Boltz (cboltz) (revision 108) 
bsc#1069346 (forwarded request 546471 from goldwynr)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 536621 from Christian Boltz's avatar Christian Boltz (cboltz) (revision 107) 
apparmor:
- update to AppArmor 2.11.1
  - add permissions to several profiles and abstractions (including
    lp#1650827 and boo#1057900)
  - several fixes in the aa-* tools (including lp#1689667, lp#1628286,
    lp#1661766 and boo#1062667)
  - fix downgrading/converting of 'unix' rules (will be supported in
    kernel 4.15) to 'network unix' rules in apparmor_parser (boo#1061195)
  - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_11_1 for
    upstream changelog
- remove upstream(ed) patches
  - upstream-changes-r3616..3628.diff
  - upstream-changes-r3629..3648.diff
  - parser-tests-dbus-duplicated-conditionals.diff
  - apparmor-fix-podsyntax.patch
  - sshd-profile-drop-local-include-r3615.diff
- refresh apparmor-yast-cleanup.patch
- add utils-fix-sorted-save_profiles-regression.diff to fix a regression
  in displaying the "changed profiles" list in aa-logprof

Also add bugzilla reference to the previous change:
- add nameservice-libtirpc.diff to fix NIS/YP logins (boo#1062244)


libapparmor:
- update to AppArmor 2.11.1
  - mostly test-related changes in libapparmor
  - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_11_1 for
    upstream changelog (forwarded request 536620 from cboltz)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 534597 from Christian Boltz's avatar Christian Boltz (cboltz) (revision 106) 
- add nameservice-libtirpc.diff to fix NIS/YP logins (forwarded request 534596 from cboltz)
Displaying revisions 81 - 100 of 205
openSUSE Build Service is sponsored by
Places