Accepting request 93892 from security:apparmor:factory

- package subdomain.conf only in -parser, not in -utils package - package libapparmor.so and libimmunix.so only in libapparmor-devel, not in libapparmor1 - make Provides for perl-libapparmor versioned to avoid self-Obsoletes - move libapparmor.a and libimmunix.a from libapparmor1 to libapparmor-devel package - update to AppArmor 2.7.0 rc2 Most of the changes since rc1 were already included as patches. Additional changes: - fix logprof/genprof to recognize "mknod" in audit.log - fix libapparmor python bindings to compile with python 3 - fix wrong status message in initscript if apparmor-utils are not installed - parser/Makefile: fix some warnings, always respect CXX and LDFLAGS - fix some warnings in utils/Makefile - remove 4 upstreamed patches - remove mkdir /etc/apparmor.d/disable - that's done by upstream Makefile now - update line numbers in 2 patches OBS-URL: https://build.opensuse.org/request/show/93892 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=30
2011-11-28 11:52:47 +00:00 · 2011-11-28 11:52:47 +00:00 · 76a45f653d
commit 76a45f653d
parent 6058242ab8
10 changed files with 37 additions and 156 deletions
--- a/apparmor-2.5.1-edirectory-profile
+++ b/apparmor-2.5.1-edirectory-profile
@ -17,7 +17,7 @@ Signed-off-by: Jeff Mahoney <jeffm@suse.com>

 --- a/profiles/apparmor.d/abstractions/nameservice
 +++ b/profiles/apparmor.d/abstractions/nameservice
-@@ -72,6 +72,9 @@
+@@ -70,6 +70,9 @@
   # kerberos
   #include <abstractions/kerberosclient>
 
--- a/apparmor-2.5.1-ldapclient-profile
+++ b/apparmor-2.5.1-ldapclient-profile
@ -1,66 +0,0 @@
-Thu Jan  6 16:23:19 UTC 2011 - rhafer@suse.de
-
- Splitted ldap related things from nameservice into separate
-  profile and added some missing paths (bnc#662761)
-
-
---
- profiles/apparmor.d/abstractions/ldapclient  |   21 +++++++++++++++++++++
- profiles/apparmor.d/abstractions/nameservice |    8 +++-----
- 2 files changed, 24 insertions(+), 5 deletions(-)
-
--- /dev/null
-+++ b/profiles/apparmor.d/abstractions/ldapclient
-@@ -0,0 +1,21 @@
-+# ------------------------------------------------------------------
-+#
-+#    Copyright (C) 2011 Novell/SUSE
-+#
-+#    This program is free software; you can redistribute it and/or
-+#    modify it under the terms of version 2 of the GNU General Public
-+#    License published by the Free Software Foundation.
-+#
-+# ------------------------------------------------------------------
-+
-+  # files required by LDAP clients (e.g. nss_ldap/pam_ldap)
-+  /etc/ldap.conf            r,
-+  /etc/ldap.secret          r,
-+  /etc/openldap/*           r,
-+  /etc/openldap/cacerts/*   r,
-+
-+  # SASL plugins and config
-+  /etc/sasl2/*              r,
-+  /usr/lib{,32,64}/sasl2/*  r,
-+
-+  #include <abstractions/ssl_certs>
--- a/profiles/apparmor.d/abstractions/nameservice
-+++ b/profiles/apparmor.d/abstractions/nameservice
-@@ -16,8 +16,6 @@
-   /etc/group              r,
-   /etc/host.conf          r,
-   /etc/hosts              r,
-  /etc/ldap.conf          r,
-  /etc/ldap.secret        r,
-   /etc/nsswitch.conf      r,
-   /etc/gai.conf           r,
-   /etc/passwd             r,
-@@ -32,9 +30,6 @@
- 
-   /etc/samba/lmhosts      r,
-   /etc/services           r,
-  # all openldap config
-  /etc/openldap/*         r,
-  /etc/ldap/**            r,
-   # db backend
-   /var/lib/misc/*.db      r,
-   # The Name Service Cache Daemon can cache lookups, sometimes leading
-@@ -60,6 +55,9 @@
-   # nis
-   #include <abstractions/nis>
- 
-+  # ldap
-+  #include <abstractions/ldapclient>
-+
-   # winbind
-   #include <abstractions/winbind>
- 
--- a/apparmor-2.7.0rc1-aa-notify-better-error-message.diff
+++ b/apparmor-2.7.0rc1-aa-notify-better-error-message.diff
@ -1,21 +0,0 @@
-Add a more helpful error message to aa-notify -p if the user is not in 
-the configured group.
-
-Pending for review upstream.
-
-
-Signed-off-by: Christian Boltz <apparmor@cboltz.de>
-
-=== modified file 'utils/aa-notify'
--- utils/aa-notify	2011-10-12 11:08:25 +0000
-+++ utils/aa-notify	2011-10-16 13:53:23 +0000
-@@ -151,7 +151,7 @@
-     if (defined($prefs{use_group})) {
-         my ($name, $passwd, $gid, $members) = getgrnam($prefs{use_group});
-         if (not defined($members) or not defined($login) or (not grep { $_ eq $login } split(/ /, $members) and $login ne "root")) {
-            _error("'$login' must be in '$prefs{use_group}' group. Aborting");
-+            _error("'$login' must be in '$prefs{use_group}' group. Aborting.\nAsk your admin to add you to this group or to change the group in\n$conf if you want to use aa-notify.");
-         }
-     }
- }
-
--- a/apparmor-2.7.rc1.tar.gz
+++ b/apparmor-2.7.rc1.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:e4e93cbca008cbec2da080931a5e8d7dc170c993fd5f070fdc04c4062a687ce3
-size 1427050
--- a/apparmor-2.7.rc2.tar.gz
+++ b/apparmor-2.7.rc2.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:c360763503c6e68b46ae0a563efad878c7ab4c28a0f8084035aa3f04bc914437
+size 1427203
--- a/apparmor-abstractions-winbind-64bit.diff
+++ b/apparmor-abstractions-winbind-64bit.diff
@ -1,21 +0,0 @@
-Make abstractions/winbind working on 64bit systems - valid.dat etc. are in
-/usr/lib64/samba/ there
-
-Signed-Off-by: Christian Boltz <apparmor@cboltz.de>
-Acked-By: Steve Beattie <sbeattie@ubuntu.com>
-
-=== modified file 'profiles/apparmor.d/abstractions/winbind'
--- profiles/apparmor.d/abstractions/winbind	2010-12-20 20:29:10 +0000
-+++ profiles/apparmor.d/abstractions/winbind	2011-11-01 15:56:49 +0000
-@@ -13,7 +13,7 @@
-   /tmp/.winbindd/pipe  rw,
-   /var/{lib,run}/samba/winbindd_privileged/pipe rw,
-   /etc/samba/smb.conf         r,
-  /usr/lib/samba/valid.dat    r,
-  /usr/lib/samba/upcase.dat   r,
-  /usr/lib/samba/lowcase.dat  r,
-+  /usr/lib*/samba/valid.dat   r,
-+  /usr/lib*/samba/upcase.dat  r,
-+  /usr/lib*/samba/lowcase.dat r,
- 
-
--- a/apparmor-samba-include-permissions-for-shares.diff
+++ b/apparmor-samba-include-permissions-for-shares.diff
@ -20,7 +20,7 @@ Signed-off-by: Christian Boltz <apparmor@cboltz.de>
 === modified file 'profiles/apparmor.d/usr.sbin.smbd'
 --- profiles/apparmor.d/usr.sbin.smbd	2011-08-27 18:50:42 +0000
 +++ profiles/apparmor.d/usr.sbin.smbd	2011-10-19 09:37:04 +0000
-@@ -40,6 +40,10 @@
+@@ -41,6 +41,10 @@
 
   @{HOMEDIRS}/** lrwk,
 
--- a/apparmor-samba-vfs-objects.diff
+++ b/apparmor-samba-vfs-objects.diff
@ -1,18 +0,0 @@
-Allow loading the libraries used for Samba "vfs objects = ..."
-
-References: https://bugzilla.novell.com/show_bug.cgi?id=725967
-
-Signed-off-by: Christian Boltz <apparmor@cboltz.de>
-
-
-=== modified file 'profiles/apparmor.d/usr.sbin.smbd'
--- profiles/apparmor.d/usr.sbin.smbd	2011-08-27 18:50:42 +0000
-+++ profiles/apparmor.d/usr.sbin.smbd	2011-10-26 20:43:13 +0000
-@@ -24,6 +24,7 @@
-   /etc/printcap r,
-   /proc/*/mounts r,
-   /proc/sys/kernel/core_pattern r,
-+  /usr/lib*/samba/vfs/*.so mr,
-   /usr/sbin/smbd mr,
-   /etc/samba/* rwk,
-   /var/cache/samba/** rwk,
--- a/apparmor.changes
+++ b/apparmor.changes
@ -1,3 +1,28 @@
+-------------------------------------------------------------------
+Sat Nov 26 21:52:31 UTC 2011 - opensuse@cboltz.de
+
+- package subdomain.conf only in -parser, not in -utils package
+- package libapparmor.so and libimmunix.so only in libapparmor-devel,
+  not in libapparmor1
+- make Provides for perl-libapparmor versioned to avoid self-Obsoletes
+- move libapparmor.a and libimmunix.a from libapparmor1 to 
+  libapparmor-devel package
+
+-------------------------------------------------------------------
+Thu Nov 10 20:16:24 UTC 2011 - opensuse@cboltz.de
+
+- update to AppArmor 2.7.0 rc2
+  Most of the changes since rc1 were already included as patches.
+  Additional changes:
+  - fix logprof/genprof to recognize "mknod" in audit.log
+  - fix libapparmor python bindings to compile with python 3
+  - fix wrong status message in initscript if apparmor-utils are not installed
+  - parser/Makefile: fix some warnings, always respect CXX and LDFLAGS
+  - fix some warnings in utils/Makefile
+- remove 4 upstreamed patches
+- remove mkdir /etc/apparmor.d/disable - that's done by upstream Makefile now
+- update line numbers in 2 patches
+
 -------------------------------------------------------------------
 Tue Nov  1 17:39:29 UTC 2011 - opensuse@cboltz.de

--- a/apparmor.spec
+++ b/apparmor.spec
@ -43,9 +43,9 @@ Name:           apparmor
 %if ! %{?distro:1}0
  %define distro suse
 %endif
-Version:        2.7.rc1
+Version:        2.7.rc2
 Release:        1
-%define versiondir        2.7.0~rc1
+%define versiondir        2.7.0~rc2
 Summary:        AppArmor userlevel parser utility
 Group:          Productivity/Networking/Security
 Source0:        apparmor-%{version}.tar.gz
@ -53,21 +53,12 @@ Source1:        %{name}-profile-editor.png
 Source2:        %{name}-profile-editor.desktop
 Source3:        update-trans.sh

-# more helpful error message for "aa-notify -p" if the user is not in the configured group. Commited upstream after 2.7rc1.
-Patch:          apparmor-2.7.0rc1-aa-notify-better-error-message.diff
-
 # enable caching of profiles (= massive performance speedup when loading profiles)
 Patch1:         apparmor-enable-profile-cache.diff

 # include autogenerated profile sniplet for samba shares (bnc#688040)
 Patch2:         apparmor-samba-include-permissions-for-shares.diff

-# allow samba "vfs objects" (bnc#725967). Commited upstream after 2.7rc1.
-Patch3:         apparmor-samba-vfs-objects.diff
-
-# make abstractions/winbind working on 64bit systems. Commited upstream after 2.7rc1.
-Patch4:         apparmor-abstractions-winbind-64bit.diff
-
 # split a long string in AppArmor.pm. Not accepted upstream because they want a solution without hardcoded width.
 Patch5:         apparmor-utils-string-split

@ -78,8 +69,6 @@ Patch11:        apparmor-2.5.1-rpmlint-asprintf

 # Add support for eDirectory calls in abstractions/nameservice. Not accepted upstream (yet) because of open questions
 Patch12:        apparmor-2.5.1-edirectory-profile
-# split ldap related things from abstractions/nameservice to abstractions/ldapclient and add sasl support. Commited upstream after 2.7rc1.
-Patch13:        apparmor-2.5.1-ldapclient-profile

 # obsolete, upstream implemented this in another way
 Patch15:        apparmor-remove-repo
@ -246,7 +235,7 @@ Requires:       perl(RPC::XML)
 Requires:       perl(RPC::XML)
 Requires:       perl(Term::ReadKey)
 Requires:       perl(Term::ReadKey)
-Provides:       perl-libapparmor
+Provides:       perl-libapparmor = %{version}
 Obsoletes:      perl-libapparmor < 2.5

 %description -n perl-apparmor
@ -412,16 +401,12 @@ SubDomain.

 %prep
 %setup -q -n %{name}-%{versiondir}
-%patch -p0
 %patch1 -p1
 %patch2 -p0
-%patch3 -p0
-%patch4 -p0
 %patch5 -p1
 #%patch10 -p1 # disabled, see above
 #%patch11 -p1 # disabled, see above
 %patch12 -p1
-%patch13 -p1
 #%patch15 -p1 # obsolete, see above
 %patch21 -p1

@ -505,7 +490,6 @@ make -C profiles
 mkdir -p %{buildroot}%{_localstatedir}/log/apparmor

 %makeinstall -C profiles
-mkdir %{buildroot}%{_sysconfdir}/apparmor.d/disable

 %makeinstall -C parser
 # default cache dir is /etc/apparmor.d/cache - not the best location. 
@ -606,14 +590,13 @@ fi

 %files -n libapparmor1
 %defattr(-,root,root)
-%{_libdir}/libapparmor.so*
-%{_libdir}/libimmunix.so*
-# not sure about the correct package for *.a files...
-%{_libdir}/libapparmor.a
-%{_libdir}/libimmunix.a
+%{_libdir}/libapparmor.so.*
+%{_libdir}/libimmunix.so.*

 %files -n libapparmor-devel
 %defattr(-,root,root)
+%{_libdir}/libapparmor.a
+%{_libdir}/libimmunix.a
 %{_libdir}/libapparmor.so
 %{_libdir}/libimmunix.so
 %doc %{_mandir}/man2/aa_change_hat.2.gz
@ -642,7 +625,6 @@ fi
 %config(noreplace) %{_sysconfdir}/apparmor/logprof.conf
 %config(noreplace) %{_sysconfdir}/apparmor/notify.conf
 %config(noreplace) %{_sysconfdir}/apparmor/severity.db
-%config(noreplace) %{_sysconfdir}/apparmor/subdomain.conf
 %{_sbindir}/*
 %dir %{_localstatedir}/log/apparmor
 %doc %{_mandir}/man2/aa_change_profile.2.gz