Accepting request 254059 from home:cboltz

- update to AppArmor 2.8.97 (aka 2.9 beta3 aka r2721) - several bugfixes in python and C tools - rename "__unused" to "unused" in apparmor_parser to fix compilation on openSUSE <= 13.1 x86_64 (bnc#895495) - usr.lib.dovecot.auth profile: allow access to auth-token-secret.dat - various small profile improvements - update and add several testcases - drop upstreamed patch apparmor-profiles-dnsmasq-iface-mtu.patch - re-number remaining patches OBS-URL: https://build.opensuse.org/request/show/254059 OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=100
2014-10-05 19:34:36 +00:00 · 2014-10-05 19:34:36 +00:00 · 6915e079e5
commit 6915e079e5
parent f7c45c5e5a
7 changed files with 32 additions and 54 deletions
--- a/apparmor-2.8.96.tar.gz
+++ b/apparmor-2.8.96.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:5950255fc0a6989a5123a46ec58ba0a7ef03eb0d28731e38aae55d0cd10ed0a1
-size 2332645
--- a/apparmor-2.8.96.tar.gz.asc
+++ b/apparmor-2.8.96.tar.gz.asc
@ -1,7 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-Version: GnuPG v1
-
-iEYEABECAAYFAlQI2pMACgkQgTeYuayTEnEALACgtB68bFa+u0F1KBSarph9lfB7
-0V8AnRVmXpaq+dzhKmcspVoR+bzYn4GM
-=VwGt
-----END PGP SIGNATURE-----
--- a/apparmor-2.8.97.tar.gz
+++ b/apparmor-2.8.97.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:170a6495dd48246df1c042aa562fb759b287331ceed62c67961c81dc7ce6cba4
+size 2360991
--- a/apparmor-2.8.97.tar.gz.asc
+++ b/apparmor-2.8.97.tar.gz.asc
@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1
+
+iEYEABECAAYFAlQuRy8ACgkQgTeYuayTEnFnyACgyxwM2udlu+OnuaZwyMo0vsNZ
+YacAn0lEU5qGxRHoSQv/h7Uo7c9qhhtg
+=Bo0m
+-----END PGP SIGNATURE-----
--- a/apparmor-profiles-dnsmasq-iface-mtu.patch
+++ b/apparmor-profiles-dnsmasq-iface-mtu.patch
@ -1,30 +0,0 @@
-Allow dnsmasq read access to IPv6 config
-
-The IPv6 Neighbor Discovery protocol (RFC 2461) suggests
-implementations provide MTU in Router Advertisement (RA)
-messages.  From section 4.2
-
-MTU    SHOULD be sent on links that have a variable MTU
-       (as specified in the document that describes how to
-       run IP over the particular link type).  MAY be sent
-       on other links.
-
-dnsmasq supports this option and should have read access
-to an interface's MTU.
-
-
-Index: apparmor-2.8.3/profiles/apparmor.d/usr.sbin.dnsmasq
-===================================================================
--- apparmor-2.8.3.orig/profiles/apparmor.d/usr.sbin.dnsmasq
-+++ apparmor-2.8.3/profiles/apparmor.d/usr.sbin.dnsmasq
-@@ -44,6 +44,10 @@
- 
-   /var/lib/misc/dnsmasq.leases rw, # Required only for DHCP server usage
- 
-+  # access to iface mtu needed for Router Advertisement messages in IPv6
-+  # Neighbor Discovery protocol (RFC 2461)
-+  @{PROC}/sys/net/ipv6/conf/*/mtu r,
-+
-   # for the read-only TFTP server
-   @{TFTP_DIR}/ r,
-   @{TFTP_DIR}/** r,
--- a/apparmor.changes
+++ b/apparmor.changes
@ -1,3 +1,16 @@
+-------------------------------------------------------------------
+Sun Oct  5 18:53:43 UTC 2014 - opensuse@cboltz.de
+
+- update to AppArmor 2.8.97 (aka 2.9 beta3 aka r2721)
+  - several bugfixes in python and C tools
+  - rename "__unused" to "unused" in apparmor_parser to fix compilation
+    on openSUSE <= 13.1 x86_64 (bnc#895495) 
+  - usr.lib.dovecot.auth profile: allow access to auth-token-secret.dat
+  - various small profile improvements
+  - update and add several testcases
+- drop upstreamed patch apparmor-profiles-dnsmasq-iface-mtu.patch
+- re-number remaining patches
+
 -------------------------------------------------------------------
 Sun Sep 28 19:25:32 UTC 2014 - opensuse@cboltz.de

--- a/apparmor.spec
+++ b/apparmor.spec
@ -60,7 +60,7 @@ Name:           apparmor
 %if ! %{?distro:1}0
  %define distro suse
 %endif
-Version:        2.8.96
+Version:        2.8.97
 Release:        0
 Summary:        AppArmor userlevel parser utility
 License:        GPL-2.0+
@ -80,16 +80,13 @@ Patch1:         apparmor-enable-profile-cache.diff
 Patch2:         apparmor-samba-include-permissions-for-shares.diff

 # split a long string in AppArmor.pm. Not accepted upstream because they want a solution without hardcoded width.
-Patch5:         apparmor-utils-string-split
+Patch3:         apparmor-utils-string-split

 # Add support for eDirectory calls in abstractions/nameservice. Not accepted upstream (yet) because of open questions
-Patch12:        apparmor-2.5.1-edirectory-profile
+Patch4:         apparmor-2.5.1-edirectory-profile

 # Ruby 2.0 mkmf prefixes everything with $(DESTDIR), bnc#822277, kkaempf@suse.de
-Patch22:        ruby-2_0-mkmf-destdir.patch
-
-# allow dnsmasq to read access to IPv6 config (bnc#892374) (commited upstream trunk r2657, 2.8 branch r2140)
-Patch28:        apparmor-profiles-dnsmasq-iface-mtu.patch
+Patch5:         ruby-2_0-mkmf-destdir.patch

 Url:            https://launchpad.net/apparmor
 PreReq:         sed
@ -312,10 +309,10 @@ Requires:       apparmor-parser(CAP_SYSLOG)
 BuildArch:      noarch

 %description abstractions
-AppArmor abstractions (common parts used in various profiles) and 
+AppArmor abstractions (common parts used in various profiles) and
 the /etc/apparmor.d/ directory structure.

-AppArmor is a file and network mandatory access control mechanism. 
+AppArmor is a file and network mandatory access control mechanism.
 AppArmor confines processes to the resources allowed by the systems
 administrator and can constrain the scope of potential security
 vulnerabilities.
@ -422,16 +419,14 @@ SubDomain.
 %setup -q
 %patch1 -p1
 %patch2
-%patch5 -p1 
-%patch12
+%patch3 -p1
+%patch4

 # Ruby 2.0 mkmf prefixes every path with $(DESTDIR)
 %if 0%{?suse_version} > 1230
-%patch22 -p1
+%patch5 -p1
 %endif

-%patch28 -p1
-
 %build
 echo _libdir: %{_libdir}  ruby: %{rb_sitearch}  python: %{python3_sitearch} # test if _libdir breaks it or if it's broken by default on <= 12.1