Accepting request 317971 from home:cboltz

- update to AppArmor 2.10 (trunk r3205) - profile names can now contain variables - improved profile compile time in apparmor_parser - lots of improvements, refactoring and bugfixes in the aa-* tools - new apis for managing and loading profile caches into the kernel in libapparmor - lots of profile updates - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_10 for the complete changelog with more details - add new apparmor_private.h and the aa_query_label(2), aa_features(3), aa_kernel_interface(3), aa_policy_cache(3), aa_splitcon(3) manpages to libapparmor-devel - drop apparmor-2.5.1-edirectory-profile patch - it's most probably no longer needed (see boo#621394 for details) - drop upstreamed samba-4.2-profiles.diff - refresh apparmor-samba-include-permissions-for-shares.diff OBS-URL: https://build.opensuse.org/request/show/317971 OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=135
2015-07-22 16:38:30 +00:00
parent b9a02e50dc
commit 7f772258a8
9 changed files with 50 additions and 124 deletions
--- a/apparmor.spec
+++ b/apparmor.spec
@@ -25,7 +25,7 @@
 %bcond_without apache
 %bcond_without perl
 %if 0%{?suse_version} > 0 && 0%{?suse_version} <= 1210
- # disable python and ruby bindings on openSUSE <= 12.1 to avoid problems with rb_sitearch and python_sitearch 
+ # disable python and ruby bindings on openSUSE <= 12.1 to avoid problems with rb_sitearch and python_sitearch
 %bcond_with python
 %bcond_with python3
 %bcond_with ruby
@@ -60,7 +60,7 @@ Name:           apparmor
 %if ! %{?distro:1}0
  %define distro suse
 %endif
-Version:        2.9.2
+Version:        2.10
 Release:        0
 Summary:        AppArmor userlevel parser utility
 License:        GPL-2.0+
@@ -82,11 +82,6 @@ Patch2:         apparmor-samba-include-permissions-for-shares.diff
 # split a long string in AppArmor.pm. Not accepted upstream because they want a solution without hardcoded width.
 Patch3:         apparmor-utils-string-split

-# Add support for eDirectory calls in abstractions/nameservice. Not accepted upstream (yet) because of open questions
-# as discussed with Jeff on #apparmor 2015-03-16, disable when packaging the next major release
-# (Is this really needed in abstractions/nameservice or only in the nscd profile? bnc#621394 only shows nscd.)
-Patch4:         apparmor-2.5.1-edirectory-profile
-
 # Ruby 2.0 mkmf prefixes everything with $(DESTDIR), bnc#822277, kkaempf@suse.de
 Patch5:         ruby-2_0-mkmf-destdir.patch

@@ -97,10 +92,6 @@ Patch6:         apparmor-abstractions-no-multiline.diff
 # bug 906858 - confine lessopen.sh (submitted upstream 2014-12-21)
 Patch7:         apparmor-lessopen-profile.patch

-# update samba (winbindd and nmb) profiles for samba 4.2 (boo#921098, boo#923201)
-# commited upstream trunk r3038, 2.9 r2917 (2.9 commit doesn't include the /var/lib/samba/... cleanup in the winbindd profile)
-Patch10:        samba-4.2-profiles.diff
-
 Url:            https://launchpad.net/apparmor
 PreReq:         sed
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
@@ -381,7 +372,7 @@ BuildArch:      noarch
 %description utils
 This package provides the aa-logprof, aa-genprof, aa-autodep,
 aa-enforce, and aa-complain tools to assist with profile authoring.
-Besides it provides the aa-unconfined server information tool. 
+Besides it provides the aa-unconfined server information tool.
 It is part of a suite of tools that used to be named SubDomain.

 %if %{with tomcat}
@@ -437,7 +428,6 @@ SubDomain.
 %patch1 -p1
 %patch2
 %patch3 -p1
-%patch4

 # Ruby 2.0 mkmf prefixes every path with $(DESTDIR)
 %if 0%{?suse_version} > 1230
@@ -446,7 +436,6 @@ SubDomain.

 %patch6
 %patch7 -p1
-%patch10
 # search for left-over multiline rules
 test -z "$(grep -r '^\s*\(unix\|dbus\)[^,]\(([^)]*)\)*[^,]*$' profiles/apparmor.d/)"

@@ -671,8 +660,14 @@ fi
 %doc %{_mandir}/man2/change_hat.2.gz
 %doc %{_mandir}/man2/aa_find_mountpoint.2.gz
 %doc %{_mandir}/man2/aa_getcon.2.gz
+%doc %{_mandir}/man2/aa_query_label.2.gz
+%doc %{_mandir}/man3/aa_features.3.gz
+%doc %{_mandir}/man3/aa_kernel_interface.3.gz
+%doc %{_mandir}/man3/aa_policy_cache.3.gz
+%doc %{_mandir}/man3/aa_splitcon.3.gz
 %dir %{_includedir}/aalogparse
 %{_includedir}/sys/apparmor.h
+%{_includedir}/sys/apparmor_private.h
 %{_includedir}/aalogparse/*

 %files abstractions