diff --git a/apparmor-2.8.2-fix-ntpd-profile.diff b/apparmor-2.8.2-fix-ntpd-profile.diff deleted file mode 100644 index 4c4355e..0000000 --- a/apparmor-2.8.2-fix-ntpd-profile.diff +++ /dev/null @@ -1,28 +0,0 @@ -Patch-Author: Stefan Seyfried - -After this change in ntp: - -* Mo Aug 19 2013 crrodriguez@opensuse.org -- Build with -DOPENSSL_LOAD_CONF , ntp must respect and use - the system's openssl configuration. - -we need to read openssl.cnf or starting of ntpd will fail silently(!) - - - -Patch v2 by Christian Boltz: use abstractions/openssl instead of -allowing /etc/ssl/openssl.cnf directly - - -=== modified file 'profiles/apparmor.d/usr.sbin.ntpd' ---- profiles/apparmor.d/usr.sbin.ntpd 2011-08-08 20:16:06 +0000 -+++ profiles/apparmor.d/usr.sbin.ntpd 2013-09-16 20:28:39 +0000 -@@ -14,6 +14,7 @@ - /usr/sbin/ntpd { - #include - #include -+ #include - #include - - capability dac_override, - diff --git a/apparmor-2.8.2-nm-dnsmasq-config.patch b/apparmor-2.8.2-nm-dnsmasq-config.patch index e72ff3c..5437cbf 100644 --- a/apparmor-2.8.2-nm-dnsmasq-config.patch +++ b/apparmor-2.8.2-nm-dnsmasq-config.patch @@ -2,12 +2,11 @@ Index: profiles/apparmor.d/usr.sbin.dnsmasq =================================================================== --- profiles/apparmor.d/usr.sbin.dnsmasq.orig +++ profiles/apparmor.d/usr.sbin.dnsmasq -@@ -54,6 +54,12 @@ - # NetworkManager integration +@@ -55,6 +55,11 @@ /{,var/}run/nm-dns-dnsmasq.conf r, /{,var/}run/sendsigs.omit.d/*dnsmasq.pid w, + /{,var/}run/NetworkManager/dnsmasq.conf r, + # new dnsmasq config path (as of 2012-11-05) -+ /{,var/}run/NetworkManager/dnsmasq.conf r, + /{,var/}run/NetworkManager/dnsmasq.pid w, + # dnsmasq supplemental config directory + /etc/NetworkManager/dnsmasq.d/ r, diff --git a/apparmor-2.8.2.tar.gz b/apparmor-2.8.2.tar.gz deleted file mode 100644 index a374049..0000000 --- a/apparmor-2.8.2.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:742f3f776c5e1bf303fe2c4bca7607241593189a8c985f9f3acc01baa7dbd2bb -size 1507411 diff --git a/apparmor-2.8.2.tar.gz.asc b/apparmor-2.8.2.tar.gz.asc deleted file mode 100644 index 076287a..0000000 --- a/apparmor-2.8.2.tar.gz.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.12 (GNU/Linux) - -iEYEABECAAYFAlIOaXsACgkQgTeYuayTEnGiegCgp0f1WBTPyOrIOYHCYhmfxgFS -ESUAoK6sEDZbfBJtYR6fNSTu4E+DqfHA -=CKDr ------END PGP SIGNATURE----- diff --git a/apparmor-2.8.3.tar.gz b/apparmor-2.8.3.tar.gz new file mode 100644 index 0000000..5b253a6 --- /dev/null +++ b/apparmor-2.8.3.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:84c2ca7fb6d170e5bb56270f01c9b78e78a991b9eee7fa53a9e6409ef0845c7e +size 1534245 diff --git a/apparmor-2.8.3.tar.gz.asc b/apparmor-2.8.3.tar.gz.asc new file mode 100644 index 0000000..2422c91 --- /dev/null +++ b/apparmor-2.8.3.tar.gz.asc @@ -0,0 +1,7 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.14 (GNU/Linux) + +iEYEABECAAYFAlMBmasACgkQgTeYuayTEnEGUgCffqcl+7dchiLlbXj75UnVwayv +qcwAnjsArLD0+9UwU4f/VKgWTo1pJSMo +=SGfh +-----END PGP SIGNATURE----- diff --git a/apparmor-abstractions-r2089-r2090.diff b/apparmor-abstractions-r2089-r2090.diff deleted file mode 100644 index 583386f..0000000 --- a/apparmor-abstractions-r2089-r2090.diff +++ /dev/null @@ -1,59 +0,0 @@ -from 2.8 branch: - ------------------------------------------------------------- -revno: 2090 -committer: Jamie Strandboge -branch nick: 2.8 -timestamp: Thu 2013-09-12 09:25:56 -0500 -message: - p11-kit needs access to /usr/share/p11-kit/modules - - Acked-By: Jamie Strandboge - Acked-by: Steve Beattie (for trunk and 2.8) -modified: - profiles/apparmor.d/abstractions/p11-kit ------------------------------------------------------------- -revno: 2089 -committer: Steve Beattie -branch nick: 2.8 -timestamp: Wed 2013-09-11 16:05:13 -0700 -message: - profiles - Allow reading /etc/machine-id in the dbus-session abstraction. - Merge from trunk commit rev 2181 - From: intrigeri - - D-Bus now uses /etc/machine-id in some cases: - https://bugs.freedesktop.org/show_bug.cgi?id=35228 - - Acked-by: Steve Beattie -modified: - profiles/apparmor.d/abstractions/dbus-session ------------------------------------------------------------- - - -=== modified file 'profiles/apparmor.d/abstractions/dbus-session' ---- profiles/apparmor.d/abstractions/dbus-session 2011-05-09 16:09:24 +0000 -+++ profiles/apparmor.d/abstractions/dbus-session 2013-09-11 23:05:13 +0000 -@@ -10,4 +10,7 @@ - # ------------------------------------------------------------------ - - /usr/bin/dbus-launch ix, -+ -+ # unique per-machine identifier -+ /etc/machine-id r, - /var/lib/dbus/machine-id r, - -=== modified file 'profiles/apparmor.d/abstractions/p11-kit' ---- profiles/apparmor.d/abstractions/p11-kit 2012-01-18 22:22:08 +0000 -+++ profiles/apparmor.d/abstractions/p11-kit 2013-09-12 14:25:56 +0000 -@@ -16,6 +16,9 @@ - /usr/lib{,32,64}/pkcs11/*.so mr, - /usr/lib/@{multiarch}/pkcs11/*.so mr, - -+ /usr/share/p11-kit/modules/ r, -+ /usr/share/p11-kit/modules/* r, -+ - # p11-kit also supports reading user configuration from ~/.pkcs11 depending - # on how /etc/pkcs11/pkcs11.conf is configured. This should generally not be - # included in this abstraction. - diff --git a/apparmor-abstractions-ssl_certs.diff b/apparmor-abstractions-ssl_certs.diff deleted file mode 100644 index 69b3fd6..0000000 --- a/apparmor-abstractions-ssl_certs.diff +++ /dev/null @@ -1,10 +0,0 @@ -=== modified file 'profiles/apparmor.d/abstractions/ssl_certs' ---- profiles/apparmor.d/abstractions/ssl_certs 2011-08-08 20:22:03 +0000 -+++ profiles/apparmor.d/abstractions/ssl_certs 2013-11-25 23:40:53 +0000 -@@ -17,3 +17,5 @@ - /usr/share/ssl/certs/ca-bundle.crt r, - /usr/local/share/ca-certificates/ r, - /usr/local/share/ca-certificates/** r, -+ /var/lib/ca-certificates/ r, -+ /var/lib/ca-certificates/** r, - diff --git a/apparmor-fix-url-in-manpages-r2093.diff b/apparmor-fix-url-in-manpages-r2093.diff deleted file mode 100644 index 7729c75..0000000 --- a/apparmor-fix-url-in-manpages-r2093.diff +++ /dev/null @@ -1,247 +0,0 @@ -=== modified file 'changehat/mod_apparmor/mod_apparmor.pod' ---- changehat/mod_apparmor/mod_apparmor.pod 2010-12-20 20:29:10 +0000 -+++ changehat/mod_apparmor/mod_apparmor.pod 2013-09-19 19:14:41 +0000 -@@ -115,7 +115,7 @@ - may not work correctly. - - There are likely other bugs lurking about; if you find any, please report --them at L. -+them at L. - - =head1 SEE ALSO - - -=== modified file 'libraries/libapparmor/doc/aa_change_hat.pod' ---- libraries/libapparmor/doc/aa_change_hat.pod 2012-11-21 00:52:43 +0000 -+++ libraries/libapparmor/doc/aa_change_hat.pod 2013-09-19 19:14:41 +0000 -@@ -248,7 +248,7 @@ - =head1 BUGS - - None known. If you find any, please report them at --L. Note that -+L. Note that - aa_change_hat(2) provides no memory barriers between different areas of a - program; if address space separation is required, then separate processes - should be used. - -=== modified file 'libraries/libapparmor/doc/aa_change_profile.pod' ---- libraries/libapparmor/doc/aa_change_profile.pod 2012-11-21 00:52:43 +0000 -+++ libraries/libapparmor/doc/aa_change_profile.pod 2013-09-19 19:14:41 +0000 -@@ -197,7 +197,7 @@ - =head1 BUGS - - None known. If you find any, please report them at --L. Note that using -+L. Note that using - aa_change_profile(2) without execve(2) provides no memory barriers between - different areas of a program; if address space separation is required, then - separate processes should be used. - -=== modified file 'libraries/libapparmor/doc/aa_find_mountpoint.pod' ---- libraries/libapparmor/doc/aa_find_mountpoint.pod 2012-02-16 00:34:03 +0000 -+++ libraries/libapparmor/doc/aa_find_mountpoint.pod 2013-09-19 19:14:41 +0000 -@@ -110,7 +110,7 @@ - =head1 BUGS - - None known. If you find any, please report them at --L. -+L. - - =head1 SEE ALSO - - -=== modified file 'libraries/libapparmor/doc/aa_getcon.pod' ---- libraries/libapparmor/doc/aa_getcon.pod 2012-03-22 14:58:18 +0000 -+++ libraries/libapparmor/doc/aa_getcon.pod 2013-09-19 19:14:41 +0000 -@@ -103,7 +103,7 @@ - =head1 BUGS - - None known. If you find any, please report them at --L. -+L. - - =head1 SEE ALSO - - -=== modified file 'parser/apparmor.vim.pod' ---- parser/apparmor.vim.pod 2012-03-22 20:15:20 +0000 -+++ parser/apparmor.vim.pod 2013-09-19 19:14:41 +0000 -@@ -48,7 +48,7 @@ - - B does not properly detect dark versus light backgrounds. - Patches accepted. If you find any bugs, please report them at --L. -+L. - - =head1 SEE ALSO - - -=== modified file 'parser/apparmor_parser.pod' ---- parser/apparmor_parser.pod 2013-01-03 23:58:28 +0000 -+++ parser/apparmor_parser.pod 2013-09-19 19:14:41 +0000 -@@ -308,7 +308,7 @@ - =head1 BUGS - - If you find any bugs, please report them at --L. -+L. - - =head1 SEE ALSO - - -=== modified file 'parser/subdomain.conf.pod' ---- parser/subdomain.conf.pod 2012-02-24 12:21:59 +0000 -+++ parser/subdomain.conf.pod 2013-09-19 19:14:41 +0000 -@@ -96,7 +96,7 @@ - been included with the SUSE kernel, so no rebuilding should be necessary. - - If you find any additional bugs, please report them at --L. -+L. - - =head1 SEE ALSO - - -=== modified file 'utils/aa-audit.pod' ---- utils/aa-audit.pod 2011-02-07 23:39:54 +0000 -+++ utils/aa-audit.pod 2013-09-19 18:48:14 +0000 -@@ -16,7 +16,7 @@ - =head1 BUGS - - If you find any bugs, please report them at --L. -+L. - - =head1 SEE ALSO - - -=== modified file 'utils/aa-autodep.pod' ---- utils/aa-autodep.pod 2011-02-07 23:39:54 +0000 -+++ utils/aa-autodep.pod 2013-09-19 18:48:14 +0000 -@@ -42,7 +42,7 @@ - This program does not perform full static analysis of executables, so - the profiles generated are necessarily incomplete. If you find any bugs, - please report them at --L. -+L. - - =head1 SEE ALSO - - -=== modified file 'utils/aa-complain.pod' ---- utils/aa-complain.pod 2011-02-07 23:39:54 +0000 -+++ utils/aa-complain.pod 2013-09-19 18:48:14 +0000 -@@ -37,7 +37,7 @@ - =head1 BUGS - - If you find any bugs, please report them at --L. -+L. - - =head1 SEE ALSO - - -=== modified file 'utils/aa-disable.pod' ---- utils/aa-disable.pod 2011-02-07 23:39:36 +0000 -+++ utils/aa-disable.pod 2013-09-19 18:48:14 +0000 -@@ -39,7 +39,7 @@ - =head1 BUGS - - If you find any bugs, please report them at --L. -+L. - - =head1 SEE ALSO - - -=== modified file 'utils/aa-enforce.pod' ---- utils/aa-enforce.pod 2011-05-02 20:33:31 +0000 -+++ utils/aa-enforce.pod 2013-09-19 18:48:14 +0000 -@@ -41,7 +41,7 @@ - =head1 BUGS - - If you find any bugs, please report them at --L. -+L. - - =head1 SEE ALSO - - -=== modified file 'utils/aa-exec.pod' ---- utils/aa-exec.pod 2012-04-11 16:16:47 +0000 -+++ utils/aa-exec.pod 2013-09-19 18:48:14 +0000 -@@ -87,7 +87,7 @@ - =head1 BUGS - - If you find any bugs, please report them at --L. -+L. - - =head1 SEE ALSO - - -=== modified file 'utils/aa-genprof.pod' ---- utils/aa-genprof.pod 2011-02-07 23:39:54 +0000 -+++ utils/aa-genprof.pod 2013-09-19 18:48:14 +0000 -@@ -73,7 +73,7 @@ - =head1 BUGS - - If you find any bugs, please report them at --L. -+L. - - =head1 SEE ALSO - - -=== modified file 'utils/aa-logprof.pod' ---- utils/aa-logprof.pod 2011-02-07 23:39:54 +0000 -+++ utils/aa-logprof.pod 2013-09-19 18:48:14 +0000 -@@ -155,7 +155,7 @@ - =head1 BUGS - - If you find any bugs, please report them at --L. -+L. - - =head1 SEE ALSO - - -=== modified file 'utils/aa-status.pod' ---- utils/aa-status.pod 2010-12-20 20:29:10 +0000 -+++ utils/aa-status.pod 2013-09-19 18:48:14 +0000 -@@ -116,7 +116,7 @@ - =back - - If you find any additional bugs, please report them at --L. -+L. - - =head1 SEE ALSO - - -=== modified file 'utils/aa-unconfined.pod' ---- utils/aa-unconfined.pod 2010-12-20 20:29:10 +0000 -+++ utils/aa-unconfined.pod 2013-09-19 18:48:14 +0000 -@@ -47,7 +47,7 @@ - to profiling all network-accessible processes in the lab. - - If you find any bugs, please report them at --L. -+L. - - =head1 SEE ALSO - - -=== modified file 'utils/logprof.conf.pod' ---- utils/logprof.conf.pod 2011-02-07 23:39:54 +0000 -+++ utils/logprof.conf.pod 2013-09-19 18:48:14 +0000 -@@ -103,7 +103,7 @@ - =head1 BUGS - - If you find any bugs, please report them at --L. -+L. - - =head1 SEE ALSO - - diff --git a/apparmor-no-perl-smartmatch-r2088.diff b/apparmor-no-perl-smartmatch-r2088.diff deleted file mode 100644 index df70820..0000000 --- a/apparmor-no-perl-smartmatch-r2088.diff +++ /dev/null @@ -1,22 +0,0 @@ -=== modified file 'utils/Immunix/AppArmor.pm' ---- utils/Immunix/AppArmor.pm 2013-07-09 23:03:09 +0000 -+++ utils/Immunix/AppArmor.pm 2013-08-23 20:01:35 +0000 -@@ -3879,7 +3879,7 @@ - $newpath =~ s/\/[^\/]+$/\/\*/; - } - } -- if (not $newpath ~~ @options) { -+ if (not grep { $newpath eq $_ } @options) { - push @options, $newpath; - $defaultoption = $#options + 1; - } -@@ -3896,7 +3896,7 @@ - } else { - $newpath =~ s/\/[^\/]+(\.[^\/]+)$/\/\*$1/; - } -- if (not $newpath ~~ @options) { -+ if (not grep { $newpath eq $_ } @options) { - push @options, $newpath; - $defaultoption = $#options + 1; - } - diff --git a/apparmor-profiles-dnsmasq.diff b/apparmor-profiles-dnsmasq.diff deleted file mode 100644 index dab10ac..0000000 --- a/apparmor-profiles-dnsmasq.diff +++ /dev/null @@ -1,17 +0,0 @@ -=== modified file 'profiles/apparmor.d/usr.sbin.dnsmasq' ---- profiles/apparmor.d/usr.sbin.dnsmasq 2013-01-04 17:46:39 +0000 -+++ profiles/apparmor.d/usr.sbin.dnsmasq 2013-10-30 19:32:39 +0000 -@@ -42,10 +42,10 @@ - @{TFTP_DIR}/ r, - @{TFTP_DIR}/** r, - -- # libvirt lease and hosts files for dnsmasq -+ # libvirt config, lease and hosts files for dnsmasq - /var/lib/libvirt/dnsmasq/ r, -+ /var/lib/libvirt/dnsmasq/* r, - /var/lib/libvirt/dnsmasq/*.leases rw, -- /var/lib/libvirt/dnsmasq/*.hostsfile r, - - # libvirt pid files for dnsmasq - /{,var/}run/libvirt/network/ r, - diff --git a/apparmor-profiles-ntpd-r2103.diff b/apparmor-profiles-ntpd-r2103.diff deleted file mode 100644 index cdadb3d..0000000 --- a/apparmor-profiles-ntpd-r2103.diff +++ /dev/null @@ -1,13 +0,0 @@ -=== modified file 'profiles/apparmor.d/usr.sbin.ntpd' ---- profiles/apparmor.d/usr.sbin.ntpd 2013-09-16 22:25:59 +0000 -+++ profiles/apparmor.d/usr.sbin.ntpd 2013-11-14 20:48:41 +0000 -@@ -45,6 +45,8 @@ - /usr/sbin/ntpd rmix, - /var/lib/ntp/drift rwl, - /var/lib/ntp/drift.TEMP rwl, -+ /var/lib/ntp/drift/driftfile rw, -+ /var/lib/ntp/drift/driftfile.TEMP rw, - /var/lib/ntp/drift/ntp.drift rw, - /var/lib/ntp/drift/ntp.drift.TEMP rw, - /var/lib/ntp/etc/* r, - diff --git a/apparmor-profiles-samba-create-dirs.diff b/apparmor-profiles-samba-create-dirs.diff deleted file mode 100644 index e3b1adc..0000000 --- a/apparmor-profiles-samba-create-dirs.diff +++ /dev/null @@ -1,16 +0,0 @@ -=== modified file 'profiles/apparmor.d/abstractions/samba' ---- profiles/apparmor.d/abstractions/samba 2013-11-20 00:11:01 +0000 -+++ profiles/apparmor.d/abstractions/samba 2013-12-23 12:28:06 +0000 -@@ -12,9 +12,11 @@ - /etc/samba/* r, - /usr/share/samba/*.dat r, - /usr/share/samba/codepages/{lowcase,upcase,valid}.dat r, -+ /var/cache/samba/ w, - /var/lib/samba/**.tdb rwk, - /var/log/samba/cores/ rw, - /var/log/samba/cores/** rw, - /var/log/samba/log.* w, -+ /{,var/}run/samba/ w, - /{,var/}run/samba/*.tdb rw, - - diff --git a/apparmor-profiles-samba4.diff b/apparmor-profiles-samba4.diff deleted file mode 100644 index 55cb3fb..0000000 --- a/apparmor-profiles-samba4.diff +++ /dev/null @@ -1,65 +0,0 @@ -=== modified file 'profiles/apparmor.d/abstractions/samba' ---- profiles/apparmor.d/abstractions/samba 2011-08-26 23:52:27 +0000 -+++ profiles/apparmor.d/abstractions/samba 2013-10-15 20:36:33 +0000 -@@ -11,6 +11,7 @@ - - /etc/samba/* r, - /usr/share/samba/*.dat r, -+ /usr/share/samba/codepages/{lowcase,upcase,valid}.dat r, - /var/lib/samba/**.tdb rwk, - /var/log/samba/cores/ rw, - /var/log/samba/cores/** rw, - -=== modified file 'profiles/apparmor.d/usr.sbin.nmbd' ---- profiles/apparmor.d/usr.sbin.nmbd 2011-08-27 18:50:42 +0000 -+++ profiles/apparmor.d/usr.sbin.nmbd 2013-10-20 11:54:48 +0000 -@@ -11,7 +11,9 @@ - - /usr/sbin/nmbd mr, - -+ /var/cache/samba/gencache.tdb rwk, - /var/{cache,lib}/samba/browse.dat* rw, -+ /var/{cache,lib}/samba/gencache.dat rw, - /var/{cache,lib}/samba/wins.dat* rw, - /var/{cache,lib}/samba/smb_krb5/ rw, - /var/{cache,lib}/samba/smb_krb5/krb5.conf* rw, - -=== modified file 'profiles/apparmor.d/usr.sbin.smbd' ---- profiles/apparmor.d/usr.sbin.smbd 2012-01-10 18:06:24 +0000 -+++ profiles/apparmor.d/usr.sbin.smbd 2013-10-15 20:36:33 +0000 -@@ -29,16 +29,21 @@ - /usr/lib*/samba/vfs/*.so mr, - /usr/lib*/samba/charset/*.so mr, - /usr/lib*/samba/auth/script.so mr, -- /usr/lib*/samba/{lowercase,upcase,valid}.dat r, -+ /usr/lib*/samba/pdb/*.so mr, -+ /usr/lib*/samba/{lowercase,lowcase,upcase,valid}.dat r, - /usr/sbin/smbd mr, - /usr/sbin/smbldap-useradd Px, - /var/cache/samba/** rwk, - /var/cache/samba/printing/printers.tdb mrw, - /var/lib/samba/** rwk, - /var/lib/samba/printers/** rw, -+ /var/lib/sss/mc/passwd r, -+ /var/lib/sss/pubconf/kdcinfo.* r, - /{,var/}run/cups/cups.sock rw, - /{,var/}run/dbus/system_bus_socket rw, - /{,var/}run/samba/** rk, -+ /{,var/}run/samba/ncalrpc/ rw, -+ /{,var/}run/samba/ncalrpc/** rw, - /{,var/}run/samba/smbd.pid rw, - /var/log/samba/cores/smbd/ rw, - /var/log/samba/cores/smbd/** rw, -Index: profiles/apparmor.d/abstractions/kerberosclient -=================================================================== ---- profiles/apparmor.d/abstractions/kerberosclient.orig 2011-03-23 20:24:11.000000000 +0100 -+++ profiles/apparmor.d/abstractions/kerberosclient 2013-11-02 15:04:27.267448981 +0100 -@@ -20,7 +20,7 @@ - /usr/lib/@{multiarch}/krb5/plugins/preauth/ r, - /usr/lib/@{multiarch}/krb5/plugins/preauth/* mr, - -- /etc/krb5.keytab r, -+ /etc/krb5.keytab rk, - /etc/krb5.conf r, - - # config files found via strings on libs diff --git a/apparmor-samba-include-permissions-for-shares.diff b/apparmor-samba-include-permissions-for-shares.diff index 5884905..e9820c1 100644 --- a/apparmor-samba-include-permissions-for-shares.diff +++ b/apparmor-samba-include-permissions-for-shares.diff @@ -20,7 +20,7 @@ Signed-off-by: Christian Boltz === modified file 'profiles/apparmor.d/usr.sbin.smbd' --- profiles/apparmor.d/usr.sbin.smbd 2011-08-27 18:50:42 +0000 +++ profiles/apparmor.d/usr.sbin.smbd 2011-10-19 09:37:04 +0000 -@@ -46,6 +46,10 @@ +@@ -51,6 +51,10 @@ @{HOMEDIRS}/** lrwk, diff --git a/apparmor-unconfined-lang-r2094.diff b/apparmor-unconfined-lang-r2094.diff deleted file mode 100644 index ff6eb41..0000000 --- a/apparmor-unconfined-lang-r2094.diff +++ /dev/null @@ -1,13 +0,0 @@ -=== modified file 'utils/aa-unconfined' ---- utils/aa-unconfined 2011-01-13 21:58:26 +0000 -+++ utils/aa-unconfined 2013-09-19 21:31:28 +0000 -@@ -60,7 +60,7 @@ - @pids = grep { /^\d+$/ } readdir(PROC); - closedir(PROC); - } else { -- if (open(NETSTAT, "/bin/netstat -nlp |")) { -+ if (open(NETSTAT, "LANG=C /bin/netstat -nlp |")) { - while () { - chomp; - push @pids, $5 - diff --git a/apparmor-utils-po-de-r2091.diff b/apparmor-utils-po-de-r2091.diff deleted file mode 100644 index e538dd4..0000000 --- a/apparmor-utils-po-de-r2091.diff +++ /dev/null @@ -1,201 +0,0 @@ -=== modified file 'utils/po/de.po' ---- utils/po/de.po 2011-02-09 00:29:59 +0000 -+++ utils/po/de.po 2013-09-13 19:12:39 +0000 -@@ -1,19 +1,23 @@ - # Copyright (C) 2006 SuSE Linux Products GmbH, Nuernberg -+# Copyright (C) 2013 Christian Boltz - # This file is distributed under the same license as the package. - # - msgid "" - msgstr "" - "Project-Id-Version: apparmor-utils\n" - "Report-Msgid-Bugs-To: apparmor-general@forge.novell.com\n" - "POT-Creation-Date: 2008-09-22 22:56-0700\n" --"PO-Revision-Date: 2009-02-05 13:38\n" --"Last-Translator: Novell Language \n" -+"PO-Revision-Date: 2013-09-13 21:05+0200\n" -+"Last-Translator: Christian Boltz \n" - "Language-Team: Novell Language \n" - "MIME-Version: 1.0\n" - "Content-Type: text/plain; charset=UTF-8\n" - "Content-Transfer-Encoding: 8bit\n" -+"Language: de\n" -+"Plural-Forms: nplurals=2; plural=(n != 1);\n" - - #: ../genprof:69 -+#, fuzzy - msgid "Please enter the program to profile: " - msgstr "Geben Sie das Programm für das Profil ein: " - -@@ -52,12 +57,12 @@ - #: ../logprof:72 - #, perl-format - msgid "usage: %s [ -d /path/to/profiles ] [ -f /path/to/logfile ] [ -m \"mark in log to start processing after\"" --msgstr "Syntax: %s [ -d /pfad/zu/profilen ] [ -f /pfad/zu/protokolldatei ] [ -m \"markierng im protokoll, nach der die verarbeitung gestartet werden soll\"" -+msgstr "Syntax: %s [ -d /pfad/zu/profilen ] [ -f /pfad/zu/protokolldatei ] [ -m \"Markierng im Protokoll, nach der die Verarbeitung gestartet werden soll\"" - - #: ../autodep:63 - #, perl-format - msgid "Can't find AppArmor profiles in %s." --msgstr "In %s wurden keine Unterdomänenprofile gefunden." -+msgstr "In %s wurden keine AppArmor-Profile gefunden." - - #: ../autodep:71 - msgid "Please enter the program to create a profile for: " -@@ -86,7 +91,7 @@ - #: ../audit:131 - #, perl-format - msgid "usage: %s [ -d /path/to/profiles ] [ program to switch to audit mode ]" --msgstr "Syntax: %s [ -d /pfad/zu/profilen ] [ programm, das in den prüfmodus versetzt werden soll ]" -+msgstr "Syntax: %s [ -d /pfad/zu/profilen ] [ Programm, das in den Prüfmodus versetzt werden soll ]" - - #: ../complain:64 - msgid "Please enter the program to switch to complain mode: " -@@ -100,7 +105,7 @@ - #: ../complain:131 - #, perl-format - msgid "usage: %s [ -d /path/to/profiles ] [ program to switch to complain mode ]" --msgstr "Syntax: %s [ -d /pfad/zu/profilen ] [ programm, das in den meldungsmodus versetzt werden soll ]" -+msgstr "Syntax: %s [ -d /pfad/zu/profilen ] [ Programm, das in den Meldungsmodus versetzt werden soll ]" - - #: ../enforce:64 - msgid "Please enter the program to switch to enforce mode: " -@@ -109,12 +114,12 @@ - #: ../enforce:105 ../AppArmor.pm:592 - #, perl-format - msgid "Setting %s to enforce mode." --msgstr "Einstellungen %s für Erwzingungsmodus" -+msgstr "%s wird in den Erwzingen-Modus versetzt." - - #: ../enforce:131 - #, perl-format - msgid "usage: %s [ -d /path/to/profiles ] [ program to switch to enforce mode ]" --msgstr "Syntax: %s [ -d /pfad/zu/profilen ] [ programm, das in den erzwingen-modus versetzt werden soll ]" -+msgstr "Syntax: %s [ -d /pfad/zu/profilen ] [ Programm, das in den Erzwingen-Modus versetzt werden soll ]" - - #: ../unconfined:50 - #, perl-format -@@ -193,7 +198,7 @@ - - #: ../AppArmor.pm:1159 - msgid "Select which of the changed profiles you would like to upload\nto the repository" --msgstr "Wählen Sie die geänderten Profile aus, die Sie an das Repository \nhochladen möchten" -+msgstr "Wählen Sie die geänderten Profile aus, die Sie in das Repository \nhochladen möchten" - - #: ../AppArmor.pm:1161 - msgid "Changed profiles" -@@ -210,7 +215,7 @@ - #: ../AppArmor.pm:1236 ../AppArmor.pm:1316 - #, perl-format - msgid "WARNING: An error occured while uploading the profile %s\n%s\n" --msgstr "ACHTUNG: Fehler beim Heraufladen von Profil %s\n%s\n" -+msgstr "ACHTUNG: Fehler beim Hochladen von Profil %s\n%s\n" - - #: ../AppArmor.pm:1241 - msgid "Uploaded changes to repository." -@@ -223,11 +228,11 @@ - #: ../AppArmor.pm:1311 - #, perl-format - msgid "Uploaded %s to repository." --msgstr "'%s' an Repository hochgeladen." -+msgstr "'%s' ins Repository hochgeladen." - - #: ../AppArmor.pm:1322 - msgid "Repository Error\nRegistration or Signin was unsuccessful. User login\ninformation is required to upload profiles to the\nrepository. These changes have not been sent.\n" --msgstr "Repository-Fehler\nRegistrierung oder Anmeldung war erfolglos. Die Anmeldeinformationen\ndes Nutzers werden benötigt, um Profile in das Repository\n heraufzuladen. Diese Änderungen wurden nicht gesendet.\n" -+msgstr "Repository-Fehler\nRegistrierung oder Anmeldung war erfolglos. Die Anmeldeinformationen\ndes Nutzers werden benötigt, um Profile in das Repository\n hochzuladen. Diese Änderungen wurden nicht gesendet.\n" - - #: ../AppArmor.pm:1379 ../AppArmor.pm:1419 - msgid "(Y)es" -@@ -251,7 +256,7 @@ - - #: ../AppArmor.pm:1748 - msgid "Abandoning all changes." --msgstr "Alle Änderungen verwerfen?" -+msgstr "Alle Änderungen verworfen." - - #: ../AppArmor.pm:1854 - msgid "Default Hat" -@@ -259,7 +264,7 @@ - - #: ../AppArmor.pm:1856 - msgid "Requested Hat" --msgstr "Hat angefordert" -+msgstr "Angeforderter Hat" - - #: ../AppArmor.pm:2142 - msgid "Program" -@@ -387,16 +392,17 @@ - #: ../AppArmor.pm:3250 - #, perl-format - msgid "Invalid mode found: %s" --msgstr "Ungültige Option: %s" -+msgstr "Ungültiger Modus gefunden: %s" - - #: ../AppArmor.pm:3301 ../AppArmor.pm:3334 -+#, fuzzy - msgid "Capability" - msgstr "Funktion" - - #: ../AppArmor.pm:3354 ../AppArmor.pm:3628 ../AppArmor.pm:3875 - #, perl-format - msgid "Adding #include <%s> to profile." --msgstr "#include <%s> zum Profil hinzufügen." -+msgstr "#include <%s> zum Profil hinzugefügt." - - #: ../AppArmor.pm:3357 ../AppArmor.pm:3629 ../AppArmor.pm:3669 - #: ../AppArmor.pm:3879 -@@ -405,12 +411,12 @@ - msgstr "%s vorherige übereinstimmende Profileinträge wurden gelöscht." - - #: ../AppArmor.pm:3368 --#, perl-format -+#, fuzzy, perl-format - msgid "Adding capability %s to profile." - msgstr "Funktion %s wird dem Profil hinzugefügt." - - #: ../AppArmor.pm:3373 --#, perl-format -+#, fuzzy, perl-format - msgid "Denying capability %s to profile." - msgstr "Funktion %s wird dem Profil verweigert." - -@@ -457,7 +463,7 @@ - - #: ../AppArmor.pm:3687 - msgid "The specified path does not match this log entry:" --msgstr "Der angegebene Pfad stimmt nicht mit dem Protokolleintrag überein." -+msgstr "Der angegebene Pfad stimmt nicht mit dem Protokolleintrag überein:" - - #: ../AppArmor.pm:3688 - msgid "Log Entry" -@@ -482,17 +488,17 @@ - #: ../AppArmor.pm:3905 - #, perl-format - msgid "Adding network access %s %s to profile." --msgstr "Netzwerkzugriff '%s' '%s' wird zu Profil hinzugefügt." -+msgstr "Netzwerkzugriff '%s' '%s' wird zum Profil hinzugefügt." - - #: ../AppArmor.pm:3924 - #, perl-format - msgid "Denying network access %s %s to profile." --msgstr "Netzwerkzugriff '%s' '%s' auf Profil wird verweigert." -+msgstr "Netzwerkzugriff '%s' '%s' wird dem Profil verweigert." - - #: ../AppArmor.pm:4132 - #, perl-format - msgid "Reading log entries from %s." --msgstr "%s Mailserver-Domains werden eingelesen..." -+msgstr "Protokolleinträge von %s werden eingelesen." - - #: ../AppArmor.pm:4133 - #, perl-format -@@ -572,6 +578,7 @@ - msgstr "Ungültige Tastenkombination in Standardelement" - - #: ../AppArmor.pm:6392 -+#, fuzzy - msgid "Invalid default" - msgstr "Ungültiger Standard" - - diff --git a/apparmor-utils-string-split b/apparmor-utils-string-split index 921854c..d29f3fb 100644 --- a/apparmor-utils-string-split +++ b/apparmor-utils-string-split @@ -8,7 +8,7 @@ Subject: AppArmor.pm: Split long string --- a/utils/Immunix/AppArmor.pm +++ b/utils/Immunix/AppArmor.pm -@@ -6300,7 +6300,12 @@ sub check_qualifiers($) { +@@ -6335,7 +6335,12 @@ sub check_qualifiers($) { if ($cfg->{qualifiers}{$program}) { unless($cfg->{qualifiers}{$program} =~ /p/) { diff --git a/apparmor.changes b/apparmor.changes index 4065496..fff68f9 100644 --- a/apparmor.changes +++ b/apparmor.changes @@ -1,3 +1,27 @@ +------------------------------------------------------------------- +Mon Feb 17 11:40:36 UTC 2014 - opensuse@cboltz.de + +- update to AppArmor 2.8.3 (r2122) bugfix release + - fix some cache clearing bugs in apparmor_parser + - various fixes in mod_apparmor + - several profile updates, most of them were already included as patches + (except abstractions/winbind (bnc#863226), abstractions/fonts and + abstractions/p11-kit) + - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_8_3 for all details +- update partially upstreamed apparmor-2.8.2-nm-dnsmasq-config.patch +- remove upstream(ed) patches + - apparmor-2.8.2-fix-ntpd-profile.diff + - apparmor-abstractions-r2089-r2090.diff + - apparmor-abstractions-ssl_certs.diff + - apparmor-fix-url-in-manpages-r2093.diff + - apparmor-no-perl-smartmatch-r2088.diff + - apparmor-profiles-dnsmasq.diff + - apparmor-profiles-ntpd-r2103.diff + - apparmor-profiles-samba-create-dirs.diff + - apparmor-profiles-samba4.diff + - apparmor-unconfined-lang-r2094.diff + - apparmor-utils-po-de-r2091.diff + ------------------------------------------------------------------- Sat Feb 1 11:23:45 UTC 2014 - coolo@suse.com diff --git a/apparmor.spec b/apparmor.spec index 5921856..431f011 100644 --- a/apparmor.spec +++ b/apparmor.spec @@ -61,7 +61,7 @@ Name: apparmor %if ! %{?distro:1}0 %define distro suse %endif -Version: 2.8.2 +Version: 2.8.3 Release: 0 Summary: AppArmor userlevel parser utility License: GPL-2.0+ @@ -79,7 +79,7 @@ Source7: rpmlintrc # profile for winbindd (bnc#748499, submitted upstream 2012-11-06, trunk r2078) Source10: usr.sbin.winbindd -# profiles for dovecot 2.x (bnc#851984) +# profiles for dovecot 2.x (bnc#851984) - commited upstream trunk r2354, r2355, r2356, updated version commited trunk r2360, r2370 Source20: usr.lib.dovecot.anvil Source21: usr.lib.dovecot.auth Source22: usr.lib.dovecot.config @@ -97,49 +97,16 @@ Patch1: apparmor-enable-profile-cache.diff # include autogenerated profile sniplet for samba shares (bnc#688040) Patch2: apparmor-samba-include-permissions-for-shares.diff -# use grep instead of ~~ (smartmatch) because ~~ was marked as experimental again in perl 5.18 (upstream trunk r2158, 2.8 r2088) -Patch3: apparmor-no-perl-smartmatch-r2088.diff - -# abstractions/p11-kit and abstractions/dbus-session update (upstream trunk r2181 and r2182 , 2.8 r2089 and r2090) -Patch4: apparmor-abstractions-r2089-r2090.diff - # split a long string in AppArmor.pm. Not accepted upstream because they want a solution without hardcoded width. Patch5: apparmor-utils-string-split # make apparmor/__init__.py ready for the new tools developed in GSoC. Submitted upstream 2013-09-12 Patch6: apparmor-init.py-gsoc.diff -# fix some (mis)translations in utils/po/de.po (upstream trunk r2186, 2.8 r2091) -Patch7: apparmor-utils-po-de-r2091.diff - -# fix ntpd after configuration change (commited upstream trunk r2188, 2.8 r2092) -Patch8: apparmor-2.8.2-fix-ntpd-profile.diff - -# fix URL in manpages (commited upstream trunk r2189, 2.8 r2093) -Patch9: apparmor-fix-url-in-manpages-r2093.diff - -# fix aa-unconfined to work with all languages (commited upstream trunk r2190, 2.8 r2094) -Patch10: apparmor-unconfined-lang-r2094.diff - -# various permissions needed for Samba 4.1 - bnc#845867 bnc#846054 - commited upstream trunk r2104, 2.8 branch r2254 -Patch11: apparmor-profiles-samba4.diff - # Add support for eDirectory calls in abstractions/nameservice. Not accepted upstream (yet) because of open questions Patch12: apparmor-2.5.1-edirectory-profile -# dnsmasq - add missing read permisions for libvirt files - bnc#848215 - committed upstream trunk r2238, 2.8 branch r2101 -Patch13: apparmor-profiles-dnsmasq.diff - -# ntpd - add missing permissions for drift file at yet another location - bnc#850374 - commited upstream trunk r2252, 2.8 branch r2103 -Patch14: apparmor-profiles-ntpd-r2103.diff - -# abstractions/ssl_certs - add /var/lib/ca-certificates/ - bnc#852018 - commited upstream trunk r2255, 2.8 branch r2105 -Patch15: apparmor-abstractions-ssl_certs.diff - -# abstractions/samba - allow mkdir /var/run/samba and /var/cache/samba - bnc#856651 - commited upstream trunk r2293, 2.8 branch r2106 -Patch16: apparmor-profiles-samba-create-dirs.diff - -# update dovecot profiles for dovecot 2.x (bnc#851984, not upstreamed yet) +# update dovecot profiles for dovecot 2.x (bnc#851984 - commited upstream trunk r2354, r2356, [updated patch] r2359) Patch17: apparmor-profiles-dovecot-bnc851984.diff # create Immunix::SubDomain perl module - only included for openSUSE <= 12.1 - bnc#720617 #c7 @@ -148,7 +115,8 @@ Patch21: apparmor-utils-subdomain-compat # Ruby 2.0 mkmf prefixes everything with $(DESTDIR), bnc#822277, kkaempf@suse.de Patch22: ruby-2_0-mkmf-destdir.patch -# dnsmasq - allow to read config created by recent NetworkManager - commited upstream trunk r2323, 2.8 branch r2110 +# dnsmasq - allow to read config created by recent NetworkManager +# commited upstream trunk r2323, 2.8 branch r2110 - updated version commited trunk r2385, 2.8 r2123 Patch23: apparmor-2.8.2-nm-dnsmasq-config.patch Url: https://launchpad.net/apparmor @@ -510,20 +478,9 @@ SubDomain. %setup -q %patch1 -p1 %patch2 -%patch3 -%patch4 %patch5 -p1 %patch6 -%patch7 -%patch8 -%patch9 -%patch10 -%patch11 %patch12 -p1 -%patch13 -%patch14 -%patch15 -%patch16 %patch17 # only create Immunix::SubDomain perl module for openSUSE <= 12.1 @@ -543,7 +500,7 @@ SubDomain. %patch23 %endif -# profile for winbindd (bnc#748499, submitted upstream 2012-11-06, trunk r2078) +# profile for winbindd (bnc#748499, commited upstream trunk r2078, updated in trunk r2328) test ! -e profiles/apparmor.d/usr.sbin.winbindd cp %{SOURCE10} profiles/apparmor.d/ @@ -829,8 +786,6 @@ fi %files -n python-apparmor %defattr(-,root,root) - -%files -n python-apparmor %{python_sitearch}/LibAppArmor-%{version}-py%{python_version}.egg-info %dir %{python_sitearch}/LibAppArmor %{python_sitearch}/LibAppArmor/_LibAppArmor.so