pool/apparmor
SHA256
12
0
Fork 1
Code Issues Pull Requests Activity

Accepting request 196153 from security:apparmor

Browse Source 
- add apparmor-no-perl-smartmatch-r2088.diff: ~~ was marked as experimental
  in perl 5.18 again - use grep instead (upstream 2.8 branch r2088)
- fix ruby requires (forwarded request 196152 from cboltz)

OBS-URL: https://build.opensuse.org/request/show/196153
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=49
This commit is contained in:
Stephan Kulow
2013-08-27 18:32:38 +00:00
committed by Git OBS Bridge
parent 235b922f0e cdba64057c
commit 05d7ae7978
10 changed files with 202 additions and 91 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
apparmor-2.8.1.tar.gz
View File

@@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:875bc3b7c5f82f9d3310211ee5a52882f6d5860314bf529198312e49c22c0ae4
size 1520010

7
apparmor-2.8.1.tar.gz.asc
View File

@@ -1,7 +0,0 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEABECAAYFAlDuVU4ACgkQgTeYuayTEnHWuACglQEWIpCjhJWmyX2D7pJVZEhm
PE0AoJ91WwkljwgTS8jEr/AXanuHq4PO
=8Td8
-----END PGP SIGNATURE-----

3
apparmor-2.8.2.tar.gz Normal file
View File

@@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:742f3f776c5e1bf303fe2c4bca7607241593189a8c985f9f3acc01baa7dbd2bb
size 1507411

7
apparmor-2.8.2.tar.gz.asc Normal file
View File

@@ -0,0 +1,7 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEABECAAYFAlIOaXsACgkQgTeYuayTEnGiegCgp0f1WBTPyOrIOYHCYhmfxgFS
ESUAoK6sEDZbfBJtYR6fNSTu4E+DqfHA
=CKDr
-----END PGP SIGNATURE-----

21
apparmor-abstractions-mysql-path.diff
View File

@@ -1,21 +0,0 @@
=== modified file 'profiles/apparmor.d/abstractions/mysql'
--- profiles/apparmor.d/abstractions/mysql 2010-12-20 20:29:10 +0000
+++ profiles/apparmor.d/abstractions/mysql 2013-01-11 21:50:19 +0000
@@ -1,6 +1,7 @@
# ------------------------------------------------------------------
#
# Copyright (C) 2002-2006 Novell/SUSE
+# Copyright (C) 2013 Christian Boltz
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
@@ -9,5 +10,6 @@
# ------------------------------------------------------------------
/var/lib/mysql/mysql.sock rw,
- /usr/share/mysql/charsets/ r,
- /usr/share/mysql/charsets/*.xml r,
+ /{var/,}run/mysql/mysql.sock rw,
+ /usr/share/{mysql,mysql-community-server,mariadb}/charsets/ r,
+ /usr/share/{mysql,mysql-community-server,mariadb}/charsets/*.xml r,

22
apparmor-no-perl-smartmatch-r2088.diff Normal file
View File

@@ -0,0 +1,22 @@
=== modified file 'utils/Immunix/AppArmor.pm'
--- utils/Immunix/AppArmor.pm 2013-07-09 23:03:09 +0000
+++ utils/Immunix/AppArmor.pm 2013-08-23 20:01:35 +0000
@@ -3879,7 +3879,7 @@
$newpath =~ s/\/[^\/]+$/\/\*/;
}
}
- if (not $newpath ~~ @options) {
+ if (not grep { $newpath eq $_ } @options) {
push @options, $newpath;
$defaultoption = $#options + 1;
}
@@ -3896,7 +3896,7 @@
} else {
$newpath =~ s/\/[^\/]+(\.[^\/]+)$/\/\*$1/;
}
- if (not $newpath ~~ @options) {
+ if (not grep { $newpath eq $_ } @options) {
push @options, $newpath;
$defaultoption = $#options + 1;
}

32
apparmor-profiles-nscd.diff
View File

@@ -1,32 +0,0 @@
=== modified file 'profiles/apparmor.d/usr.sbin.nscd'
--- profiles/apparmor.d/usr.sbin.nscd 2011-08-23 22:57:42 +0000
+++ profiles/apparmor.d/usr.sbin.nscd 2013-03-05 17:45:49 +0000
@@ -16,6 +16,7 @@
#include <abstractions/nameservice>
#include <abstractions/ssl_certs>
+ deny capability block_suspend,
capability net_bind_service,
capability setgid,
capability setuid,
@@ -31,9 +32,9 @@
/{,var/}run/.nscd_socket wl,
/{,var/}run/avahi-daemon/socket w,
/{,var/}run/nscd/ rw,
- /{,var/}run/nscd/db* wl,
+ /{,var/}run/nscd/db* rwl,
/{,var/}run/nscd/socket wl,
- /var/{cache,run}/nscd/{passwd,group,services,hosts} rw,
+ /var/{cache,run}/nscd/{passwd,group,services,hosts,netgroup} rw,
/{,var/}run/{nscd/,}nscd.pid rwl,
/var/log/nscd.log rw,
@{PROC}/[0-9]*/fd/ r,
@@ -41,6 +42,7 @@
@{PROC}/[0-9]*/maps r,
@{PROC}/[0-9]*/mounts r,
@{PROC}/filesystems r,
+ @{PROC}/sys/vm/overcommit_memory r,
# Site-specific additions and overrides. See local/README for details.
#include <local/usr.sbin.nscd>

52
apparmor.changes
View File

@@ -1,8 +1,60 @@
-------------------------------------------------------------------
Fri Aug 23 20:09:59 UTC 2013 - opensuse@cboltz.de
- add apparmor-no-perl-smartmatch-r2088.diff: ~~ was marked as experimental
in perl 5.18 again - use grep instead (upstream 2.8 branch r2088)
- fix ruby requires
-------------------------------------------------------------------
Fri Aug 16 18:26:20 UTC 2013 - opensuse@cboltz.de
- update to AppArmor 2.8.2
- several fixes for python3 compability
- various profile improvements:
- various additions to abstractions/fonts
- move poppler's cMaps from gnome to fonts; gnome includes fonts
- deny @{HOME}/.gnome2/keyrings/** to abstractions/private-files-strict
- add read access to @{PROC}/sys/vm/overcommit_memory to abstractions/base
(bnc#824577)
- update pulseaudio directory and cookie file paths
- add missing permissions to the nscd profile (bnc#807104)
- deny capability block_suspend to nscd (bnc#807104)
- MariaDB compatability in abstractions/mysql (bnc#798183)
- see http://wiki.apparmor.net/index.php/ReleaseNotes_2_8_2 for all details
- removed upstream(ed) patches
- apparmor-abstractions-mysql-path.diff
- apparmor-profiles-nscd.diff
- apparmor-python3-r2052.diff
-------------------------------------------------------------------
Thu Aug 15 18:59:41 UTC 2013 - opensuse@cboltz.de
- swig for python3 is broken on openSUSE 12.2 - build python-apparmor
(for python2) instead on 12.2
-------------------------------------------------------------------
Thu Aug 15 00:01:46 UTC 2013 - opensuse@cboltz.de
- add python3-apparmor subpackage (currently py2 OR py3 package can be
build, but not both at the same time)
- add upstream apparmor-python3-r2052.diff to fix various python3 issues
-------------------------------------------------------------------
Tue Jun 4 13:06:37 UTC 2013 - kkaempf@suse.com
- Ruby 2.0 mkmf gets the path to ruby.h wrong (bnc#822277)
-------------------------------------------------------------------
Mon May 13 12:42:04 UTC 2013 - coolo@suse.com
- do not package directories as %config - especially not as noreplace
-------------------------------------------------------------------
Tue Apr 23 20:11:39 UTC 2013 - opensuse@cboltz.de
- enable python and ruby subpackages (using %bcond_without)
- update/fix paths in %files for python and ruby subpackages
-------------------------------------------------------------------
Tue Apr 2 18:56:56 UTC 2013 - opensuse@cboltz.de

127
apparmor.spec
View File

@@ -16,11 +16,29 @@
#
# warning - confusing syntax ahead ;-)
# bcond_with means "disable"
# bcond_without means "enable"
%bcond_with tomcat
%bcond_without pam
%bcond_without apache
%bcond_with python
%bcond_with ruby
%if 0%{?suse_version} > 0 && 0%{?suse_version} <= 1210
# disable python and ruby bindings on openSUSE <= 12.1 to avoid problems with rb_sitearch and python_sitearch
%bcond_with python
%bcond_with python3
%bcond_with ruby
%else
%if 0%{?suse_version} == 1220
# swig for python3 is broken on 12.2 - probably http://sourceforge.net/p/swig/bugs/1257/ - build python2 bindings instead
%bcond_without python
%bcond_with python3
%bcond_without ruby
%else
%bcond_with python
%bcond_without python3
%bcond_without ruby
%endif
%endif
%bcond_with gnome
%bcond_with dbus
%bcond_with editor
@@ -43,7 +61,7 @@ Name: apparmor
%if ! %{?distro:1}0
%define distro suse
%endif
Version: 2.8.1
Version: 2.8.2
Release: 0
Summary: AppArmor userlevel parser utility
License: GPL-2.0+
@@ -67,11 +85,8 @@ Patch1: apparmor-enable-profile-cache.diff
# include autogenerated profile sniplet for samba shares (bnc#688040)
Patch2: apparmor-samba-include-permissions-for-shares.diff
# changed paths for MySQL, add MariaDB support (bnc#798183, commited upstream 2013-01-13, trunk r2104, 2.8 branch r2070)
Patch3: apparmor-abstractions-mysql-path.diff
# nscd profile: add missing permissions and deny capability block_suspend (bnc#807104, commited upstream 2013-03-05, trunk r2109, 2.8 branch r2071)
Patch4: apparmor-profiles-nscd.diff
# use grep instead of ~~ (smartmatch) because ~~ was marked as experimental again in perl 5.18 (upstream trunk r2158, 2.8 r2088)
Patch3: apparmor-no-perl-smartmatch-r2088.diff
# split a long string in AppArmor.pm. Not accepted upstream because they want a solution without hardcoded width.
Patch5: apparmor-utils-string-split
@@ -82,6 +97,9 @@ Patch12: apparmor-2.5.1-edirectory-profile
# create Immunix::SubDomain perl module - only included for openSUSE <= 12.1 - bnc#720617 #c7
Patch21: apparmor-utils-subdomain-compat
# Ruby 2.0 mkmf prefixes everything with $(DESTDIR), bnc#822277, kkaempf@suse.de
Patch22: ruby-2_0-mkmf-destdir.patch
Url: https://launchpad.net/apparmor
PreReq: sed
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@@ -113,6 +131,11 @@ BuildRequires: python-devel
BuildRequires: swig
%endif
%if %{with python3}
BuildRequires: python3-devel
BuildRequires: swig
%endif
%if %{with ruby}
BuildRequires: ruby-devel
BuildRequires: swig
@@ -259,13 +282,13 @@ applications interfacing with AppArmor, including the AppArmor utilities.
%if %{with python}
%package -n python-apparmor
Summary: Python interface for libapparmor functions
Summary: Python 2 interface for libapparmor functions
License: GPL-2.0 and LGPL-2.1+
Group: Development/Libraries/Python
BuildRequires: python
Requires: libapparmor1 = %{version}
Requires: python = %{python_version}
Provides: python-libapparmor
Provides: python-libapparmor = %{version}
Obsoletes: python-libapparmor < 2.5
%description -n python-apparmor
@@ -274,15 +297,31 @@ applications interfacing with AppArmor.
%endif
%if %{with python3}
%package -n python3-apparmor
Summary: Python 3 interface for libapparmor functions
License: GPL-2.0 and LGPL-2.1+
Group: Development/Libraries/Python
Requires: libapparmor1 = %{version}
Requires: python(abi) = %{py3_ver}
Provides: python-libapparmor = %{version}
%description -n python3-apparmor
This package provides the python interface to AppArmor. It is used for python
applications interfacing with AppArmor.
%endif
%if %{with ruby}
%package -n ruby-apparmor
Summary: Ruby interface for libapparmor functions
License: GPL-2.0 and LGPL-2.1+
Group: Development/Libraries/Ruby
Group: Development/Languages/Ruby
Requires: libapparmor1 = %{version}
Requires: ruby = %{ruby_version}
Provides: ruby-libapparmor
Requires: ruby = %(rpm -q --qf '%%{version}' ruby)
Provides: ruby-libapparmor = %{version}
Obsoletes: ruby-libapparmor < 2.5
%description -n ruby-apparmor
@@ -418,8 +457,7 @@ SubDomain.
%setup -q
%patch1 -p1
%patch2 -p0
%patch3 -p0
%patch4 -p0
%patch3
%patch5 -p1
%patch12 -p1
@@ -430,21 +468,34 @@ SubDomain.
%endif
%endif
# Ruby 2.0 mkmf prefixes every path with $(DESTDIR)
%if 0%{?suse_version} > 1230
%patch22 -p1
%endif
# profile for winbindd (bnc#748499, submitted upstream 2012-11-06, trunk r2078)
test ! -e profiles/apparmor.d/usr.sbin.winbindd
cp %{SOURCE10} profiles/apparmor.d/
%build
echo _libdir: %{_libdir} ruby: %{rb_sitearch} python: %{python3_sitearch} # test if _libdir breaks it or if it's broken by default on <= 12.1
export SUSE_ASNEEDED=0
# re-define _libdir to /lib or /lib64
%define _libdir /%{_lib}
echo new _libdir: %{_libdir} ruby: %{rb_sitearch} python: %{python3_sitearch} # test if _libdir breaks it or if it's broken by default on <= 12.1
%if %{with python3}
export PYTHON=/usr/bin/python3
%endif
# libapparmor:
(
cd ./libraries/libapparmor
sh ./autogen.sh
%configure --with-perl \
%if %{with python}
%if %{with python}%{with python3}
--with-python \
%else
--without-python \
@@ -498,11 +549,6 @@ make -C profiles
#--with-profileeditor \
%endif
%if %{with ruby}
#rm libraries/libapparmor/swig/ruby/Makefile.ruby
#make -C libraries/libapparmor/swig/ruby
%endif
%install
# libapparmor
# override pkgconfigdir for now - TODO: don't redefine libdir when packaging AppArmor 3.0
@@ -567,9 +613,9 @@ done
rm -fv %{buildroot}%{_libdir}/libapparmor.la %{buildroot}%{_libdir}/libimmunix.la
echo -------------------------------------------------------------------
find -ls
#find -ls
echo -------------------------------------------------------------------
find %{buildroot} -ls
#find %{buildroot} -ls
echo -------------------------------------------------------------------
%files docs
@@ -648,7 +694,9 @@ fi
%dir %{_sysconfdir}/apparmor.d/apache2.d
%dir %{_sysconfdir}/apparmor.d/disable
%config(noreplace) %{_sysconfdir}/apparmor.d/apache2.d/phpsysinfo
%config(noreplace) %{_sysconfdir}/apparmor.d/*.*
%config(noreplace) %{_sysconfdir}/apparmor.d/bin.*
%config(noreplace) %{_sysconfdir}/apparmor.d/sbin.*
%config(noreplace) %{_sysconfdir}/apparmor.d/usr.*
%dir %{_sysconfdir}/apparmor.d/local
%config(noreplace) %{_sysconfdir}/apparmor.d/local/*
%dir %{_sysconfdir}/apparmor.d/program-chunks
@@ -668,7 +716,10 @@ fi
%config(noreplace) %{_sysconfdir}/apparmor/severity.db
%{_sbindir}/*
%{_bindir}/aa-easyprof
%{python_sitelib}/apparmor-%{version}-py%{py_ver}.egg-info
# easyprof python modules are installed into py2 directories
#{python3_sitelib}/apparmor-%{version}-py%{py3_ver}.egg-info
#{python3_sitelib}/apparmor/
%{python_sitelib}/apparmor-%{version}-py%{python_version}.egg-info
%{python_sitelib}/apparmor/
%dir %{_datadir}/apparmor
%{_datadir}/apparmor/easyprof/
@@ -703,15 +754,34 @@ fi
%files -n python-apparmor
%defattr(-,root,root)
%{python_sitearch}/LibAppArmor-2.5.1-py2.7.egg-info
%{python_sitearch}/libapparmor1/*
%files -n python-apparmor
%{python_sitearch}/LibAppArmor-%{version}-py%{python_version}.egg-info
%dir %{python_sitearch}/LibAppArmor
%{python_sitearch}/LibAppArmor/_LibAppArmor.so
%{python_sitearch}/LibAppArmor/__init__.py
%{python_sitearch}/LibAppArmor/__init__.pyc
%endif
%if %{with python3}
%files -n python3-apparmor
%defattr(-,root,root)
%{python3_sitearch}/LibAppArmor-%{version}-py*.egg-info
%dir %{python3_sitearch}/LibAppArmor
%dir %{python3_sitearch}/LibAppArmor/__pycache__
%{python3_sitearch}/LibAppArmor/_LibAppArmor.cpython-*.so
%{python3_sitearch}/LibAppArmor/__pycache__/__init__.cpython-*.pyc
%{python3_sitearch}/LibAppArmor/__init__.py
%endif
%if %{with ruby}
%files -n ruby-apparmor
%defattr(-,root,root)
%{_prefix}/%{rb_sitearch}/*
%{rb_sitearch}/LibAppArmor.so
%endif
%if %{with pam}
@@ -822,6 +892,7 @@ fi
%post -n libapparmor1 -p /sbin/ldconfig
%postun -n libapparmor1 -p /sbin/ldconfig
%if %{with tomcat}
%post -n tomcat_apparmor -p /sbin/ldconfig

19
ruby-2_0-mkmf-destdir.patch Normal file
View File

@@ -0,0 +1,19 @@
diff -wruN -x '*~' -x '*.o' -x '*.a' -x '*.so' -x '*.so.[0-9]' -x autom4te.cache -x .deps -x .libs -x Makefile -x Makefile ../orig-apparmor-2.8.1/libraries/libapparmor/swig/ruby/extconf.rb ./libraries/libapparmor/swig/ruby/extconf.rb
--- ../orig-apparmor-2.8.1/libraries/libapparmor/swig/ruby/extconf.rb 2009-05-12 23:56:56.000000000 +0200
+++ ./libraries/libapparmor/swig/ruby/extconf.rb 2013-06-04 14:52:01.677579537 +0200
@@ -28,7 +28,14 @@
# hack 2: strip all rpath references
open('Makefile.ruby', 'w') do |out|
IO.foreach('Makefile.new') do |line|
- out.puts line.gsub(/-Wl,-R'[^']*'/, '')
+ l = line.gsub(/-Wl,-R'[^']*'/, '')
+ # oldincludedir = $(DESTDIR)/usr/include
+ # -> oldincludedir = /usr/include
+ l = l.gsub(/(oldincludedir)\s+=\s+\$\(DESTDIR\)(.*)/) { |m| "#{$1} = #{$2}" }
+ # hdrdir = $(includedir)/$(RUBY_VERSION_NAME)
+ # -> hdrdir = $(oldincludedir)/$(RUBY_VERSION_NAME)
+ l = l.gsub(/(hdrdir)\s+=\s+\$\(includedir\)(.*)/) { |m| "#{$1} = $(oldincludedir)#{$2}" }
+ out.puts l
end
end
else