pool/apparmor
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 222647 from security:apparmor

Browse Source 
- update to AppArmor 2.8.3 (r2122) bugfix release
  - fix some cache clearing bugs in apparmor_parser
  - various fixes in mod_apparmor
  - several profile updates, most of them were already included as patches
    (except abstractions/winbind (bnc#863226), abstractions/fonts and 
    abstractions/p11-kit)
  - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_8_3 for all details
- update partially upstreamed apparmor-2.8.2-nm-dnsmasq-config.patch
- remove upstream(ed) patches
  - apparmor-2.8.2-fix-ntpd-profile.diff
  - apparmor-abstractions-r2089-r2090.diff
  - apparmor-abstractions-ssl_certs.diff
  - apparmor-fix-url-in-manpages-r2093.diff
  - apparmor-no-perl-smartmatch-r2088.diff
  - apparmor-profiles-dnsmasq.diff
  - apparmor-profiles-ntpd-r2103.diff
  - apparmor-profiles-samba-create-dirs.diff
  - apparmor-profiles-samba4.diff
  - apparmor-unconfined-lang-r2094.diff
  - apparmor-utils-po-de-r2091.diff

OBS-URL: https://build.opensuse.org/request/show/222647
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=65
This commit is contained in:
Stephan Kulow 2014-02-19 17:54:54 +00:00 committed by Git OBS Bridge
commit 8fc563461c
20 changed files with 44 additions and 757 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
apparmor-2.8.2-fix-ntpd-profile.diff
View File

@ -1,28 +0,0 @@
Patch-Author: Stefan Seyfried <seife+obs@b1-systems.com>
After this change in ntp:
* Mo Aug 19 2013 crrodriguez@opensuse.org
- Build with -DOPENSSL_LOAD_CONF , ntp must respect and use
the system's openssl configuration.
we need to read openssl.cnf or starting of ntpd will fail silently(!)
Patch v2 by Christian Boltz: use abstractions/openssl instead of
allowing /etc/ssl/openssl.cnf directly
=== modified file 'profiles/apparmor.d/usr.sbin.ntpd'
--- profiles/apparmor.d/usr.sbin.ntpd 2011-08-08 20:16:06 +0000
+++ profiles/apparmor.d/usr.sbin.ntpd 2013-09-16 20:28:39 +0000
@@ -14,6 +14,7 @@
/usr/sbin/ntpd {
#include <abstractions/base>
#include <abstractions/nameservice>
+ #include <abstractions/openssl>
#include <abstractions/xad>
capability dac_override,

5
apparmor-2.8.2-nm-dnsmasq-config.patch
View File

@ -2,12 +2,11 @@ Index: profiles/apparmor.d/usr.sbin.dnsmasq
===================================================================
--- profiles/apparmor.d/usr.sbin.dnsmasq.orig
+++ profiles/apparmor.d/usr.sbin.dnsmasq
@@ -54,6 +54,12 @@
# NetworkManager integration
@@ -55,6 +55,11 @@
/{,var/}run/nm-dns-dnsmasq.conf r,
/{,var/}run/sendsigs.omit.d/*dnsmasq.pid w,
/{,var/}run/NetworkManager/dnsmasq.conf r,
+ # new dnsmasq config path (as of 2012-11-05)
+ /{,var/}run/NetworkManager/dnsmasq.conf r,
+ /{,var/}run/NetworkManager/dnsmasq.pid w,
+ # dnsmasq supplemental config directory
+ /etc/NetworkManager/dnsmasq.d/ r,

3
apparmor-2.8.2.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:742f3f776c5e1bf303fe2c4bca7607241593189a8c985f9f3acc01baa7dbd2bb
size 1507411

7
apparmor-2.8.2.tar.gz.asc
View File

@ -1,7 +0,0 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEABECAAYFAlIOaXsACgkQgTeYuayTEnGiegCgp0f1WBTPyOrIOYHCYhmfxgFS
ESUAoK6sEDZbfBJtYR6fNSTu4E+DqfHA
=CKDr
-----END PGP SIGNATURE-----

3
apparmor-2.8.3.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:84c2ca7fb6d170e5bb56270f01c9b78e78a991b9eee7fa53a9e6409ef0845c7e
size 1534245

7
apparmor-2.8.3.tar.gz.asc Normal file
View File

@ -0,0 +1,7 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
iEYEABECAAYFAlMBmasACgkQgTeYuayTEnEGUgCffqcl+7dchiLlbXj75UnVwayv
qcwAnjsArLD0+9UwU4f/VKgWTo1pJSMo
=SGfh
-----END PGP SIGNATURE-----

59
apparmor-abstractions-r2089-r2090.diff
View File

@ -1,59 +0,0 @@
from 2.8 branch:
------------------------------------------------------------
revno: 2090
committer: Jamie Strandboge <jamie@canonical.com>
branch nick: 2.8
timestamp: Thu 2013-09-12 09:25:56 -0500
message:
p11-kit needs access to /usr/share/p11-kit/modules
Acked-By: Jamie Strandboge <jamie@canonical.com>
Acked-by: Steve Beattie <steve@nxnw.org> (for trunk and 2.8)
modified:
profiles/apparmor.d/abstractions/p11-kit
------------------------------------------------------------
revno: 2089
committer: Steve Beattie <sbeattie@ubuntu.com>
branch nick: 2.8
timestamp: Wed 2013-09-11 16:05:13 -0700
message:
profiles - Allow reading /etc/machine-id in the dbus-session abstraction.
Merge from trunk commit rev 2181
From: intrigeri <intrigeri@boum.org>
D-Bus now uses /etc/machine-id in some cases:
https://bugs.freedesktop.org/show_bug.cgi?id=35228
Acked-by: Steve Beattie <steve@nxnw.org>
modified:
profiles/apparmor.d/abstractions/dbus-session
------------------------------------------------------------
=== modified file 'profiles/apparmor.d/abstractions/dbus-session'
--- profiles/apparmor.d/abstractions/dbus-session 2011-05-09 16:09:24 +0000
+++ profiles/apparmor.d/abstractions/dbus-session 2013-09-11 23:05:13 +0000
@@ -10,4 +10,7 @@
# ------------------------------------------------------------------
/usr/bin/dbus-launch ix,
+
+ # unique per-machine identifier
+ /etc/machine-id r,
/var/lib/dbus/machine-id r,
=== modified file 'profiles/apparmor.d/abstractions/p11-kit'
--- profiles/apparmor.d/abstractions/p11-kit 2012-01-18 22:22:08 +0000
+++ profiles/apparmor.d/abstractions/p11-kit 2013-09-12 14:25:56 +0000
@@ -16,6 +16,9 @@
/usr/lib{,32,64}/pkcs11/*.so mr,
/usr/lib/@{multiarch}/pkcs11/*.so mr,
+ /usr/share/p11-kit/modules/ r,
+ /usr/share/p11-kit/modules/* r,
+
# p11-kit also supports reading user configuration from ~/.pkcs11 depending
# on how /etc/pkcs11/pkcs11.conf is configured. This should generally not be
# included in this abstraction.

10
apparmor-abstractions-ssl_certs.diff
View File

@ -1,10 +0,0 @@
=== modified file 'profiles/apparmor.d/abstractions/ssl_certs'
--- profiles/apparmor.d/abstractions/ssl_certs 2011-08-08 20:22:03 +0000
+++ profiles/apparmor.d/abstractions/ssl_certs 2013-11-25 23:40:53 +0000
@@ -17,3 +17,5 @@
/usr/share/ssl/certs/ca-bundle.crt r,
/usr/local/share/ca-certificates/ r,
/usr/local/share/ca-certificates/** r,
+ /var/lib/ca-certificates/ r,
+ /var/lib/ca-certificates/** r,

247
apparmor-fix-url-in-manpages-r2093.diff
View File

@ -1,247 +0,0 @@
=== modified file 'changehat/mod_apparmor/mod_apparmor.pod'
--- changehat/mod_apparmor/mod_apparmor.pod 2010-12-20 20:29:10 +0000
+++ changehat/mod_apparmor/mod_apparmor.pod 2013-09-19 19:14:41 +0000
@@ -115,7 +115,7 @@
may not work correctly.
There are likely other bugs lurking about; if you find any, please report
-them at L<http://https://bugs.launchpad.net/apparmor/+filebug>.
+them at L<https://bugs.launchpad.net/apparmor/+filebug>.
=head1 SEE ALSO
=== modified file 'libraries/libapparmor/doc/aa_change_hat.pod'
--- libraries/libapparmor/doc/aa_change_hat.pod 2012-11-21 00:52:43 +0000
+++ libraries/libapparmor/doc/aa_change_hat.pod 2013-09-19 19:14:41 +0000
@@ -248,7 +248,7 @@
=head1 BUGS
None known. If you find any, please report them at
-L<http://https://bugs.launchpad.net/apparmor/+filebug>. Note that
+L<https://bugs.launchpad.net/apparmor/+filebug>. Note that
aa_change_hat(2) provides no memory barriers between different areas of a
program; if address space separation is required, then separate processes
should be used.
=== modified file 'libraries/libapparmor/doc/aa_change_profile.pod'
--- libraries/libapparmor/doc/aa_change_profile.pod 2012-11-21 00:52:43 +0000
+++ libraries/libapparmor/doc/aa_change_profile.pod 2013-09-19 19:14:41 +0000
@@ -197,7 +197,7 @@
=head1 BUGS
None known. If you find any, please report them at
-L<http://https://bugs.launchpad.net/apparmor/+filebug>. Note that using
+L<https://bugs.launchpad.net/apparmor/+filebug>. Note that using
aa_change_profile(2) without execve(2) provides no memory barriers between
different areas of a program; if address space separation is required, then
separate processes should be used.
=== modified file 'libraries/libapparmor/doc/aa_find_mountpoint.pod'
--- libraries/libapparmor/doc/aa_find_mountpoint.pod 2012-02-16 00:34:03 +0000
+++ libraries/libapparmor/doc/aa_find_mountpoint.pod 2013-09-19 19:14:41 +0000
@@ -110,7 +110,7 @@
=head1 BUGS
None known. If you find any, please report them at
-L<http://https://bugs.launchpad.net/apparmor/+filebug>.
+L<https://bugs.launchpad.net/apparmor/+filebug>.
=head1 SEE ALSO
=== modified file 'libraries/libapparmor/doc/aa_getcon.pod'
--- libraries/libapparmor/doc/aa_getcon.pod 2012-03-22 14:58:18 +0000
+++ libraries/libapparmor/doc/aa_getcon.pod 2013-09-19 19:14:41 +0000
@@ -103,7 +103,7 @@
=head1 BUGS
None known. If you find any, please report them at
-L<http://https://bugs.launchpad.net/apparmor/+filebug>.
+L<https://bugs.launchpad.net/apparmor/+filebug>.
=head1 SEE ALSO
=== modified file 'parser/apparmor.vim.pod'
--- parser/apparmor.vim.pod 2012-03-22 20:15:20 +0000
+++ parser/apparmor.vim.pod 2013-09-19 19:14:41 +0000
@@ -48,7 +48,7 @@
B<apparmor.vim> does not properly detect dark versus light backgrounds.
Patches accepted. If you find any bugs, please report them at
-L<http://https://bugs.launchpad.net/apparmor/+filebug>.
+L<https://bugs.launchpad.net/apparmor/+filebug>.
=head1 SEE ALSO
=== modified file 'parser/apparmor_parser.pod'
--- parser/apparmor_parser.pod 2013-01-03 23:58:28 +0000
+++ parser/apparmor_parser.pod 2013-09-19 19:14:41 +0000
@@ -308,7 +308,7 @@
=head1 BUGS
If you find any bugs, please report them at
-L<http://https://bugs.launchpad.net/apparmor/+filebug>.
+L<https://bugs.launchpad.net/apparmor/+filebug>.
=head1 SEE ALSO
=== modified file 'parser/subdomain.conf.pod'
--- parser/subdomain.conf.pod 2012-02-24 12:21:59 +0000
+++ parser/subdomain.conf.pod 2013-09-19 19:14:41 +0000
@@ -96,7 +96,7 @@
been included with the SUSE kernel, so no rebuilding should be necessary.
If you find any additional bugs, please report them at
-L<http://https://bugs.launchpad.net/apparmor/+filebug>.
+L<https://bugs.launchpad.net/apparmor/+filebug>.
=head1 SEE ALSO
=== modified file 'utils/aa-audit.pod'
--- utils/aa-audit.pod 2011-02-07 23:39:54 +0000
+++ utils/aa-audit.pod 2013-09-19 18:48:14 +0000
@@ -16,7 +16,7 @@
=head1 BUGS
If you find any bugs, please report them at
-L<http://https://bugs.launchpad.net/apparmor/+filebug>.
+L<https://bugs.launchpad.net/apparmor/+filebug>.
=head1 SEE ALSO
=== modified file 'utils/aa-autodep.pod'
--- utils/aa-autodep.pod 2011-02-07 23:39:54 +0000
+++ utils/aa-autodep.pod 2013-09-19 18:48:14 +0000
@@ -42,7 +42,7 @@
This program does not perform full static analysis of executables, so
the profiles generated are necessarily incomplete. If you find any bugs,
please report them at
-L<http://https://bugs.launchpad.net/apparmor/+filebug>.
+L<https://bugs.launchpad.net/apparmor/+filebug>.
=head1 SEE ALSO
=== modified file 'utils/aa-complain.pod'
--- utils/aa-complain.pod 2011-02-07 23:39:54 +0000
+++ utils/aa-complain.pod 2013-09-19 18:48:14 +0000
@@ -37,7 +37,7 @@
=head1 BUGS
If you find any bugs, please report them at
-L<http://https://bugs.launchpad.net/apparmor/+filebug>.
+L<https://bugs.launchpad.net/apparmor/+filebug>.
=head1 SEE ALSO
=== modified file 'utils/aa-disable.pod'
--- utils/aa-disable.pod 2011-02-07 23:39:36 +0000
+++ utils/aa-disable.pod 2013-09-19 18:48:14 +0000
@@ -39,7 +39,7 @@
=head1 BUGS
If you find any bugs, please report them at
-L<http://https://bugs.launchpad.net/apparmor/+filebug>.
+L<https://bugs.launchpad.net/apparmor/+filebug>.
=head1 SEE ALSO
=== modified file 'utils/aa-enforce.pod'
--- utils/aa-enforce.pod 2011-05-02 20:33:31 +0000
+++ utils/aa-enforce.pod 2013-09-19 18:48:14 +0000
@@ -41,7 +41,7 @@
=head1 BUGS
If you find any bugs, please report them at
-L<http://https://bugs.launchpad.net/apparmor/+filebug>.
+L<https://bugs.launchpad.net/apparmor/+filebug>.
=head1 SEE ALSO
=== modified file 'utils/aa-exec.pod'
--- utils/aa-exec.pod 2012-04-11 16:16:47 +0000
+++ utils/aa-exec.pod 2013-09-19 18:48:14 +0000
@@ -87,7 +87,7 @@
=head1 BUGS
If you find any bugs, please report them at
-L<http://https://bugs.launchpad.net/apparmor/+filebug>.
+L<https://bugs.launchpad.net/apparmor/+filebug>.
=head1 SEE ALSO
=== modified file 'utils/aa-genprof.pod'
--- utils/aa-genprof.pod 2011-02-07 23:39:54 +0000
+++ utils/aa-genprof.pod 2013-09-19 18:48:14 +0000
@@ -73,7 +73,7 @@
=head1 BUGS
If you find any bugs, please report them at
-L<http://https://bugs.launchpad.net/apparmor/+filebug>.
+L<https://bugs.launchpad.net/apparmor/+filebug>.
=head1 SEE ALSO
=== modified file 'utils/aa-logprof.pod'
--- utils/aa-logprof.pod 2011-02-07 23:39:54 +0000
+++ utils/aa-logprof.pod 2013-09-19 18:48:14 +0000
@@ -155,7 +155,7 @@
=head1 BUGS
If you find any bugs, please report them at
-L<http://https://bugs.launchpad.net/apparmor/+filebug>.
+L<https://bugs.launchpad.net/apparmor/+filebug>.
=head1 SEE ALSO
=== modified file 'utils/aa-status.pod'
--- utils/aa-status.pod 2010-12-20 20:29:10 +0000
+++ utils/aa-status.pod 2013-09-19 18:48:14 +0000
@@ -116,7 +116,7 @@
=back
If you find any additional bugs, please report them at
-L<http://https://bugs.launchpad.net/apparmor/+filebug>.
+L<https://bugs.launchpad.net/apparmor/+filebug>.
=head1 SEE ALSO
=== modified file 'utils/aa-unconfined.pod'
--- utils/aa-unconfined.pod 2010-12-20 20:29:10 +0000
+++ utils/aa-unconfined.pod 2013-09-19 18:48:14 +0000
@@ -47,7 +47,7 @@
to profiling all network-accessible processes in the lab.
If you find any bugs, please report them at
-L<http://https://bugs.launchpad.net/apparmor/+filebug>.
+L<https://bugs.launchpad.net/apparmor/+filebug>.
=head1 SEE ALSO
=== modified file 'utils/logprof.conf.pod'
--- utils/logprof.conf.pod 2011-02-07 23:39:54 +0000
+++ utils/logprof.conf.pod 2013-09-19 18:48:14 +0000
@@ -103,7 +103,7 @@
=head1 BUGS
If you find any bugs, please report them at
-L<http://https://bugs.launchpad.net/apparmor/+filebug>.
+L<https://bugs.launchpad.net/apparmor/+filebug>.
=head1 SEE ALSO

22
apparmor-no-perl-smartmatch-r2088.diff
View File

@ -1,22 +0,0 @@
=== modified file 'utils/Immunix/AppArmor.pm'
--- utils/Immunix/AppArmor.pm 2013-07-09 23:03:09 +0000
+++ utils/Immunix/AppArmor.pm 2013-08-23 20:01:35 +0000
@@ -3879,7 +3879,7 @@
$newpath =~ s/\/[^\/]+$/\/\*/;
}
}
- if (not $newpath ~~ @options) {
+ if (not grep { $newpath eq $_ } @options) {
push @options, $newpath;
$defaultoption = $#options + 1;
}
@@ -3896,7 +3896,7 @@
} else {
$newpath =~ s/\/[^\/]+(\.[^\/]+)$/\/\*$1/;
}
- if (not $newpath ~~ @options) {
+ if (not grep { $newpath eq $_ } @options) {
push @options, $newpath;
$defaultoption = $#options + 1;
}

17
apparmor-profiles-dnsmasq.diff
View File

@ -1,17 +0,0 @@
=== modified file 'profiles/apparmor.d/usr.sbin.dnsmasq'
--- profiles/apparmor.d/usr.sbin.dnsmasq 2013-01-04 17:46:39 +0000
+++ profiles/apparmor.d/usr.sbin.dnsmasq 2013-10-30 19:32:39 +0000
@@ -42,10 +42,10 @@
@{TFTP_DIR}/ r,
@{TFTP_DIR}/** r,
- # libvirt lease and hosts files for dnsmasq
+ # libvirt config, lease and hosts files for dnsmasq
/var/lib/libvirt/dnsmasq/ r,
+ /var/lib/libvirt/dnsmasq/* r,
/var/lib/libvirt/dnsmasq/*.leases rw,
- /var/lib/libvirt/dnsmasq/*.hostsfile r,
# libvirt pid files for dnsmasq
/{,var/}run/libvirt/network/ r,

13
apparmor-profiles-ntpd-r2103.diff
View File

@ -1,13 +0,0 @@
=== modified file 'profiles/apparmor.d/usr.sbin.ntpd'
--- profiles/apparmor.d/usr.sbin.ntpd 2013-09-16 22:25:59 +0000
+++ profiles/apparmor.d/usr.sbin.ntpd 2013-11-14 20:48:41 +0000
@@ -45,6 +45,8 @@
/usr/sbin/ntpd rmix,
/var/lib/ntp/drift rwl,
/var/lib/ntp/drift.TEMP rwl,
+ /var/lib/ntp/drift/driftfile rw,
+ /var/lib/ntp/drift/driftfile.TEMP rw,
/var/lib/ntp/drift/ntp.drift rw,
/var/lib/ntp/drift/ntp.drift.TEMP rw,
/var/lib/ntp/etc/* r,

16
apparmor-profiles-samba-create-dirs.diff
View File

@ -1,16 +0,0 @@
=== modified file 'profiles/apparmor.d/abstractions/samba'
--- profiles/apparmor.d/abstractions/samba 2013-11-20 00:11:01 +0000
+++ profiles/apparmor.d/abstractions/samba 2013-12-23 12:28:06 +0000
@@ -12,9 +12,11 @@
/etc/samba/* r,
/usr/share/samba/*.dat r,
/usr/share/samba/codepages/{lowcase,upcase,valid}.dat r,
+ /var/cache/samba/ w,
/var/lib/samba/**.tdb rwk,
/var/log/samba/cores/ rw,
/var/log/samba/cores/** rw,
/var/log/samba/log.* w,
+ /{,var/}run/samba/ w,
/{,var/}run/samba/*.tdb rw,

65
apparmor-profiles-samba4.diff
View File

@ -1,65 +0,0 @@
=== modified file 'profiles/apparmor.d/abstractions/samba'
--- profiles/apparmor.d/abstractions/samba 2011-08-26 23:52:27 +0000
+++ profiles/apparmor.d/abstractions/samba 2013-10-15 20:36:33 +0000
@@ -11,6 +11,7 @@
/etc/samba/* r,
/usr/share/samba/*.dat r,
+ /usr/share/samba/codepages/{lowcase,upcase,valid}.dat r,
/var/lib/samba/**.tdb rwk,
/var/log/samba/cores/ rw,
/var/log/samba/cores/** rw,
=== modified file 'profiles/apparmor.d/usr.sbin.nmbd'
--- profiles/apparmor.d/usr.sbin.nmbd 2011-08-27 18:50:42 +0000
+++ profiles/apparmor.d/usr.sbin.nmbd 2013-10-20 11:54:48 +0000
@@ -11,7 +11,9 @@
/usr/sbin/nmbd mr,
+ /var/cache/samba/gencache.tdb rwk,
/var/{cache,lib}/samba/browse.dat* rw,
+ /var/{cache,lib}/samba/gencache.dat rw,
/var/{cache,lib}/samba/wins.dat* rw,
/var/{cache,lib}/samba/smb_krb5/ rw,
/var/{cache,lib}/samba/smb_krb5/krb5.conf* rw,
=== modified file 'profiles/apparmor.d/usr.sbin.smbd'
--- profiles/apparmor.d/usr.sbin.smbd 2012-01-10 18:06:24 +0000
+++ profiles/apparmor.d/usr.sbin.smbd 2013-10-15 20:36:33 +0000
@@ -29,16 +29,21 @@
/usr/lib*/samba/vfs/*.so mr,
/usr/lib*/samba/charset/*.so mr,
/usr/lib*/samba/auth/script.so mr,
- /usr/lib*/samba/{lowercase,upcase,valid}.dat r,
+ /usr/lib*/samba/pdb/*.so mr,
+ /usr/lib*/samba/{lowercase,lowcase,upcase,valid}.dat r,
/usr/sbin/smbd mr,
/usr/sbin/smbldap-useradd Px,
/var/cache/samba/** rwk,
/var/cache/samba/printing/printers.tdb mrw,
/var/lib/samba/** rwk,
/var/lib/samba/printers/** rw,
+ /var/lib/sss/mc/passwd r,
+ /var/lib/sss/pubconf/kdcinfo.* r,
/{,var/}run/cups/cups.sock rw,
/{,var/}run/dbus/system_bus_socket rw,
/{,var/}run/samba/** rk,
+ /{,var/}run/samba/ncalrpc/ rw,
+ /{,var/}run/samba/ncalrpc/** rw,
/{,var/}run/samba/smbd.pid rw,
/var/log/samba/cores/smbd/ rw,
/var/log/samba/cores/smbd/** rw,
Index: profiles/apparmor.d/abstractions/kerberosclient
===================================================================
--- profiles/apparmor.d/abstractions/kerberosclient.orig 2011-03-23 20:24:11.000000000 +0100
+++ profiles/apparmor.d/abstractions/kerberosclient 2013-11-02 15:04:27.267448981 +0100
@@ -20,7 +20,7 @@
/usr/lib/@{multiarch}/krb5/plugins/preauth/ r,
/usr/lib/@{multiarch}/krb5/plugins/preauth/* mr,
- /etc/krb5.keytab r,
+ /etc/krb5.keytab rk,
/etc/krb5.conf r,
# config files found via strings on libs

2
apparmor-samba-include-permissions-for-shares.diff
View File

@ -20,7 +20,7 @@ Signed-off-by: Christian Boltz <apparmor@cboltz.de>
=== modified file 'profiles/apparmor.d/usr.sbin.smbd'
--- profiles/apparmor.d/usr.sbin.smbd 2011-08-27 18:50:42 +0000
+++ profiles/apparmor.d/usr.sbin.smbd 2011-10-19 09:37:04 +0000
@@ -46,6 +46,10 @@
@@ -51,6 +51,10 @@
@{HOMEDIRS}/** lrwk,

13
apparmor-unconfined-lang-r2094.diff
View File

@ -1,13 +0,0 @@
=== modified file 'utils/aa-unconfined'
--- utils/aa-unconfined 2011-01-13 21:58:26 +0000
+++ utils/aa-unconfined 2013-09-19 21:31:28 +0000
@@ -60,7 +60,7 @@
@pids = grep { /^\d+$/ } readdir(PROC);
closedir(PROC);
} else {
- if (open(NETSTAT, "/bin/netstat -nlp |")) {
+ if (open(NETSTAT, "LANG=C /bin/netstat -nlp |")) {
while (<NETSTAT>) {
chomp;
push @pids, $5

201
apparmor-utils-po-de-r2091.diff
View File

@ -1,201 +0,0 @@
=== modified file 'utils/po/de.po'
--- utils/po/de.po 2011-02-09 00:29:59 +0000
+++ utils/po/de.po 2013-09-13 19:12:39 +0000
@@ -1,19 +1,23 @@
# Copyright (C) 2006 SuSE Linux Products GmbH, Nuernberg
+# Copyright (C) 2013 Christian Boltz
# This file is distributed under the same license as the package.
#
msgid ""
msgstr ""
"Project-Id-Version: apparmor-utils\n"
"Report-Msgid-Bugs-To: apparmor-general@forge.novell.com\n"
"POT-Creation-Date: 2008-09-22 22:56-0700\n"
-"PO-Revision-Date: 2009-02-05 13:38\n"
-"Last-Translator: Novell Language <language@novell.com>\n"
+"PO-Revision-Date: 2013-09-13 21:05+0200\n"
+"Last-Translator: Christian Boltz <apparmor@cboltz.de>\n"
"Language-Team: Novell Language <language@novell.com>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
+"Language: de\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
#: ../genprof:69
+#, fuzzy
msgid "Please enter the program to profile: "
msgstr "Geben Sie das Programm für das Profil ein: "
@@ -52,12 +57,12 @@
#: ../logprof:72
#, perl-format
msgid "usage: %s [ -d /path/to/profiles ] [ -f /path/to/logfile ] [ -m \"mark in log to start processing after\""
-msgstr "Syntax: %s [ -d /pfad/zu/profilen ] [ -f /pfad/zu/protokolldatei ] [ -m \"markierng im protokoll, nach der die verarbeitung gestartet werden soll\""
+msgstr "Syntax: %s [ -d /pfad/zu/profilen ] [ -f /pfad/zu/protokolldatei ] [ -m \"Markierng im Protokoll, nach der die Verarbeitung gestartet werden soll\""
#: ../autodep:63
#, perl-format
msgid "Can't find AppArmor profiles in %s."
-msgstr "In %s wurden keine Unterdomänenprofile gefunden."
+msgstr "In %s wurden keine AppArmor-Profile gefunden."
#: ../autodep:71
msgid "Please enter the program to create a profile for: "
@@ -86,7 +91,7 @@
#: ../audit:131
#, perl-format
msgid "usage: %s [ -d /path/to/profiles ] [ program to switch to audit mode ]"
-msgstr "Syntax: %s [ -d /pfad/zu/profilen ] [ programm, das in den prüfmodus versetzt werden soll ]"
+msgstr "Syntax: %s [ -d /pfad/zu/profilen ] [ Programm, das in den Prüfmodus versetzt werden soll ]"
#: ../complain:64
msgid "Please enter the program to switch to complain mode: "
@@ -100,7 +105,7 @@
#: ../complain:131
#, perl-format
msgid "usage: %s [ -d /path/to/profiles ] [ program to switch to complain mode ]"
-msgstr "Syntax: %s [ -d /pfad/zu/profilen ] [ programm, das in den meldungsmodus versetzt werden soll ]"
+msgstr "Syntax: %s [ -d /pfad/zu/profilen ] [ Programm, das in den Meldungsmodus versetzt werden soll ]"
#: ../enforce:64
msgid "Please enter the program to switch to enforce mode: "
@@ -109,12 +114,12 @@
#: ../enforce:105 ../AppArmor.pm:592
#, perl-format
msgid "Setting %s to enforce mode."
-msgstr "Einstellungen %s für Erwzingungsmodus"
+msgstr "%s wird in den Erwzingen-Modus versetzt."
#: ../enforce:131
#, perl-format
msgid "usage: %s [ -d /path/to/profiles ] [ program to switch to enforce mode ]"
-msgstr "Syntax: %s [ -d /pfad/zu/profilen ] [ programm, das in den erzwingen-modus versetzt werden soll ]"
+msgstr "Syntax: %s [ -d /pfad/zu/profilen ] [ Programm, das in den Erzwingen-Modus versetzt werden soll ]"
#: ../unconfined:50
#, perl-format
@@ -193,7 +198,7 @@
#: ../AppArmor.pm:1159
msgid "Select which of the changed profiles you would like to upload\nto the repository"
-msgstr "Wählen Sie die geänderten Profile aus, die Sie an das Repository \nhochladen möchten"
+msgstr "Wählen Sie die geänderten Profile aus, die Sie in das Repository \nhochladen möchten"
#: ../AppArmor.pm:1161
msgid "Changed profiles"
@@ -210,7 +215,7 @@
#: ../AppArmor.pm:1236 ../AppArmor.pm:1316
#, perl-format
msgid "WARNING: An error occured while uploading the profile %s\n%s\n"
-msgstr "ACHTUNG: Fehler beim Heraufladen von Profil %s\n%s\n"
+msgstr "ACHTUNG: Fehler beim Hochladen von Profil %s\n%s\n"
#: ../AppArmor.pm:1241
msgid "Uploaded changes to repository."
@@ -223,11 +228,11 @@
#: ../AppArmor.pm:1311
#, perl-format
msgid "Uploaded %s to repository."
-msgstr "'%s' an Repository hochgeladen."
+msgstr "'%s' ins Repository hochgeladen."
#: ../AppArmor.pm:1322
msgid "Repository Error\nRegistration or Signin was unsuccessful. User login\ninformation is required to upload profiles to the\nrepository. These changes have not been sent.\n"
-msgstr "Repository-Fehler\nRegistrierung oder Anmeldung war erfolglos. Die Anmeldeinformationen\ndes Nutzers werden benötigt, um Profile in das Repository\n heraufzuladen. Diese Änderungen wurden nicht gesendet.\n"
+msgstr "Repository-Fehler\nRegistrierung oder Anmeldung war erfolglos. Die Anmeldeinformationen\ndes Nutzers werden benötigt, um Profile in das Repository\n hochzuladen. Diese Änderungen wurden nicht gesendet.\n"
#: ../AppArmor.pm:1379 ../AppArmor.pm:1419
msgid "(Y)es"
@@ -251,7 +256,7 @@
#: ../AppArmor.pm:1748
msgid "Abandoning all changes."
-msgstr "Alle Änderungen verwerfen?"
+msgstr "Alle Änderungen verworfen."
#: ../AppArmor.pm:1854
msgid "Default Hat"
@@ -259,7 +264,7 @@
#: ../AppArmor.pm:1856
msgid "Requested Hat"
-msgstr "Hat angefordert"
+msgstr "Angeforderter Hat"
#: ../AppArmor.pm:2142
msgid "Program"
@@ -387,16 +392,17 @@
#: ../AppArmor.pm:3250
#, perl-format
msgid "Invalid mode found: %s"
-msgstr "Ungültige Option: %s"
+msgstr "Ungültiger Modus gefunden: %s"
#: ../AppArmor.pm:3301 ../AppArmor.pm:3334
+#, fuzzy
msgid "Capability"
msgstr "Funktion"
#: ../AppArmor.pm:3354 ../AppArmor.pm:3628 ../AppArmor.pm:3875
#, perl-format
msgid "Adding #include <%s> to profile."
-msgstr "#include <%s> zum Profil hinzufügen."
+msgstr "#include <%s> zum Profil hinzugefügt."
#: ../AppArmor.pm:3357 ../AppArmor.pm:3629 ../AppArmor.pm:3669
#: ../AppArmor.pm:3879
@@ -405,12 +411,12 @@
msgstr "%s vorherige übereinstimmende Profileinträge wurden gelöscht."
#: ../AppArmor.pm:3368
-#, perl-format
+#, fuzzy, perl-format
msgid "Adding capability %s to profile."
msgstr "Funktion %s wird dem Profil hinzugefügt."
#: ../AppArmor.pm:3373
-#, perl-format
+#, fuzzy, perl-format
msgid "Denying capability %s to profile."
msgstr "Funktion %s wird dem Profil verweigert."
@@ -457,7 +463,7 @@
#: ../AppArmor.pm:3687
msgid "The specified path does not match this log entry:"
-msgstr "Der angegebene Pfad stimmt nicht mit dem Protokolleintrag überein."
+msgstr "Der angegebene Pfad stimmt nicht mit dem Protokolleintrag überein:"
#: ../AppArmor.pm:3688
msgid "Log Entry"
@@ -482,17 +488,17 @@
#: ../AppArmor.pm:3905
#, perl-format
msgid "Adding network access %s %s to profile."
-msgstr "Netzwerkzugriff '%s' '%s' wird zu Profil hinzugefügt."
+msgstr "Netzwerkzugriff '%s' '%s' wird zum Profil hinzugefügt."
#: ../AppArmor.pm:3924
#, perl-format
msgid "Denying network access %s %s to profile."
-msgstr "Netzwerkzugriff '%s' '%s' auf Profil wird verweigert."
+msgstr "Netzwerkzugriff '%s' '%s' wird dem Profil verweigert."
#: ../AppArmor.pm:4132
#, perl-format
msgid "Reading log entries from %s."
-msgstr "%s Mailserver-Domains werden eingelesen..."
+msgstr "Protokolleinträge von %s werden eingelesen."
#: ../AppArmor.pm:4133
#, perl-format
@@ -572,6 +578,7 @@
msgstr "Ungültige Tastenkombination in Standardelement"
#: ../AppArmor.pm:6392
+#, fuzzy
msgid "Invalid default"
msgstr "Ungültiger Standard"

2
apparmor-utils-string-split
View File

@ -8,7 +8,7 @@ Subject: AppArmor.pm: Split long string
--- a/utils/Immunix/AppArmor.pm
+++ b/utils/Immunix/AppArmor.pm
@@ -6300,7 +6300,12 @@ sub check_qualifiers($) {
@@ -6335,7 +6335,12 @@ sub check_qualifiers($) {
if ($cfg->{qualifiers}{$program}) {
unless($cfg->{qualifiers}{$program} =~ /p/) {

24
apparmor.changes
View File

@ -1,3 +1,27 @@
-------------------------------------------------------------------
Mon Feb 17 11:40:36 UTC 2014 - opensuse@cboltz.de
- update to AppArmor 2.8.3 (r2122) bugfix release
- fix some cache clearing bugs in apparmor_parser
- various fixes in mod_apparmor
- several profile updates, most of them were already included as patches
(except abstractions/winbind (bnc#863226), abstractions/fonts and
abstractions/p11-kit)
- see http://wiki.apparmor.net/index.php/ReleaseNotes_2_8_3 for all details
- update partially upstreamed apparmor-2.8.2-nm-dnsmasq-config.patch
- remove upstream(ed) patches
- apparmor-2.8.2-fix-ntpd-profile.diff
- apparmor-abstractions-r2089-r2090.diff
- apparmor-abstractions-ssl_certs.diff
- apparmor-fix-url-in-manpages-r2093.diff
- apparmor-no-perl-smartmatch-r2088.diff
- apparmor-profiles-dnsmasq.diff
- apparmor-profiles-ntpd-r2103.diff
- apparmor-profiles-samba-create-dirs.diff
- apparmor-profiles-samba4.diff
- apparmor-unconfined-lang-r2094.diff
- apparmor-utils-po-de-r2091.diff
-------------------------------------------------------------------
Sat Feb 1 11:23:45 UTC 2014 - coolo@suse.com

57
apparmor.spec
View File

@ -61,7 +61,7 @@ Name: apparmor
%if ! %{?distro:1}0
%define distro suse
%endif
Version: 2.8.2
Version: 2.8.3
Release: 0
Summary: AppArmor userlevel parser utility
License: GPL-2.0+
@ -79,7 +79,7 @@ Source7: rpmlintrc
# profile for winbindd (bnc#748499, submitted upstream 2012-11-06, trunk r2078)
Source10: usr.sbin.winbindd
# profiles for dovecot 2.x (bnc#851984)
# profiles for dovecot 2.x (bnc#851984) - commited upstream trunk r2354, r2355, r2356, updated version commited trunk r2360, r2370
Source20: usr.lib.dovecot.anvil
Source21: usr.lib.dovecot.auth
Source22: usr.lib.dovecot.config
@ -97,49 +97,16 @@ Patch1: apparmor-enable-profile-cache.diff
# include autogenerated profile sniplet for samba shares (bnc#688040)
Patch2: apparmor-samba-include-permissions-for-shares.diff
# use grep instead of ~~ (smartmatch) because ~~ was marked as experimental again in perl 5.18 (upstream trunk r2158, 2.8 r2088)
Patch3: apparmor-no-perl-smartmatch-r2088.diff
# abstractions/p11-kit and abstractions/dbus-session update (upstream trunk r2181 and r2182 , 2.8 r2089 and r2090)
Patch4: apparmor-abstractions-r2089-r2090.diff
# split a long string in AppArmor.pm. Not accepted upstream because they want a solution without hardcoded width.
Patch5: apparmor-utils-string-split
# make apparmor/__init__.py ready for the new tools developed in GSoC. Submitted upstream 2013-09-12
Patch6: apparmor-init.py-gsoc.diff
# fix some (mis)translations in utils/po/de.po (upstream trunk r2186, 2.8 r2091)
Patch7: apparmor-utils-po-de-r2091.diff
# fix ntpd after configuration change (commited upstream trunk r2188, 2.8 r2092)
Patch8: apparmor-2.8.2-fix-ntpd-profile.diff
# fix URL in manpages (commited upstream trunk r2189, 2.8 r2093)
Patch9: apparmor-fix-url-in-manpages-r2093.diff
# fix aa-unconfined to work with all languages (commited upstream trunk r2190, 2.8 r2094)
Patch10: apparmor-unconfined-lang-r2094.diff
# various permissions needed for Samba 4.1 - bnc#845867 bnc#846054 - commited upstream trunk r2104, 2.8 branch r2254
Patch11: apparmor-profiles-samba4.diff
# Add support for eDirectory calls in abstractions/nameservice. Not accepted upstream (yet) because of open questions
Patch12: apparmor-2.5.1-edirectory-profile
# dnsmasq - add missing read permisions for libvirt files - bnc#848215 - committed upstream trunk r2238, 2.8 branch r2101
Patch13: apparmor-profiles-dnsmasq.diff
# ntpd - add missing permissions for drift file at yet another location - bnc#850374 - commited upstream trunk r2252, 2.8 branch r2103
Patch14: apparmor-profiles-ntpd-r2103.diff
# abstractions/ssl_certs - add /var/lib/ca-certificates/ - bnc#852018 - commited upstream trunk r2255, 2.8 branch r2105
Patch15: apparmor-abstractions-ssl_certs.diff
# abstractions/samba - allow mkdir /var/run/samba and /var/cache/samba - bnc#856651 - commited upstream trunk r2293, 2.8 branch r2106
Patch16: apparmor-profiles-samba-create-dirs.diff
# update dovecot profiles for dovecot 2.x (bnc#851984, not upstreamed yet)
# update dovecot profiles for dovecot 2.x (bnc#851984 - commited upstream trunk r2354, r2356, [updated patch] r2359)
Patch17: apparmor-profiles-dovecot-bnc851984.diff
# create Immunix::SubDomain perl module - only included for openSUSE <= 12.1 - bnc#720617 #c7
@ -148,7 +115,8 @@ Patch21: apparmor-utils-subdomain-compat
# Ruby 2.0 mkmf prefixes everything with $(DESTDIR), bnc#822277, kkaempf@suse.de
Patch22: ruby-2_0-mkmf-destdir.patch
# dnsmasq - allow to read config created by recent NetworkManager - commited upstream trunk r2323, 2.8 branch r2110
# dnsmasq - allow to read config created by recent NetworkManager
# commited upstream trunk r2323, 2.8 branch r2110 - updated version commited trunk r2385, 2.8 r2123
Patch23: apparmor-2.8.2-nm-dnsmasq-config.patch
Url: https://launchpad.net/apparmor
@ -510,20 +478,9 @@ SubDomain.
%setup -q
%patch1 -p1
%patch2
%patch3
%patch4
%patch5 -p1
%patch6
%patch7
%patch8
%patch9
%patch10
%patch11
%patch12 -p1
%patch13
%patch14
%patch15
%patch16
%patch17
# only create Immunix::SubDomain perl module for openSUSE <= 12.1
@ -543,7 +500,7 @@ SubDomain.
%patch23
%endif
# profile for winbindd (bnc#748499, submitted upstream 2012-11-06, trunk r2078)
# profile for winbindd (bnc#748499, commited upstream trunk r2078, updated in trunk r2328)
test ! -e profiles/apparmor.d/usr.sbin.winbindd
cp %{SOURCE10} profiles/apparmor.d/
@ -829,8 +786,6 @@ fi
%files -n python-apparmor
%defattr(-,root,root)
%files -n python-apparmor
%{python_sitearch}/LibAppArmor-%{version}-py%{python_version}.egg-info
%dir %{python_sitearch}/LibAppArmor
%{python_sitearch}/LibAppArmor/_LibAppArmor.so