pool/apparmor
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 660558 from home:cboltz

Browse Source 
- update to AppArmor 2.13.2
  - add profile names to most profiles
  - update dnsmasq profile (pid file and logfile path) (boo#1111342)
  - add vulkan abstraction
  - add letsencrypt certificate path to abstractions/ssl_*
  - ignore *.orig and *.rej files when loading profiles
  - fix aa-complain etc. to handle named profiles
  - several bugfixes and small profile improvements
  - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13.2
    for the detailed upstream changelog
- remove upstreamed fix-syntax-error-in-rc.apparmor.functions.patch

- update to 2.13.1
  - add qt5 and qt5-compose-cache-write abstractions
  - add @{uid} and @{uids} kernel var placeholders
  - several profile and abstraction updates
  - ignore "abi" rules in parser and tools (instead of erroring out)
  - utils: fix overwriting of child profile flags if they differ from
    the main profile
  - several bugfixes (including boo#1100779)
  - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13.1
    for the detailed upstream changelog
- remove upstream(ed) patches:
  - aa-teardown-path.diff
  - fix-apparmor-systemd-perms.diff
  - logprof-skip-cache-d.diff
  - fix-samba-profiles.patch
  - make-pyflakes-happy.diff
  - dnsmasq-Add-permission-to-open-log-files.patch
- refresh apparmor-samba-include-permissions-for-shares.diff
- add fix-syntax-error-in-rc.apparmor.functions.patch

- update to AppArmor 2.13.2
  - no changes in libapparmor
  - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13.2
    for the detailed upstream changelog

- update to AppArmor 2.13.1
  - several bug fixes
  - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13.1
    for the detailed upstream changelog

OBS-URL: https://build.opensuse.org/request/show/660558
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=224
This commit is contained in:
Christian Boltz 2018-12-21 14:30:43 +00:00 committed by Git OBS Bridge
parent d7630ac7d0
commit a50868b293
15 changed files with 78 additions and 166 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
aa-teardown-path.diff
View File

@ -1,15 +0,0 @@
Index: parser/Makefile
===================================================================
--- parser/Makefile.orig 2018-04-15 15:48:53.000000000 +0200
+++ parser/Makefile 2018-04-15 23:21:13.677508654 +0200
@@ -384,8 +384,8 @@ install-systemd:
install -m 755 -d $(SYSTEMD_UNIT_DIR)
install -m 644 apparmor.service $(SYSTEMD_UNIT_DIR)
install -m 644 apparmor.systemd $(APPARMOR_BIN_PREFIX)
- install -m 755 -d $(DESTDIR)/sbin
- install -m 755 aa-teardown $(DESTDIR)/sbin
+ install -m 755 -d $(DESTDIR)/usr/sbin
+ install -m 755 aa-teardown $(DESTDIR)/usr/sbin
ifndef VERBOSE
.SILENT: clean

3
apparmor-2.13.2.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:844def9926dfda5c7858428d06e44afc80573f9706458b6e7282edbb40b11a30
size 7369240

17
apparmor-2.13.2.tar.gz.asc Normal file
View File

@ -0,0 +1,17 @@
-----BEGIN PGP SIGNATURE-----
iQJOBAABCgA4FiEEPs3Lpfs00lSWHMU/ZonmTj02ZLsFAlwczB8aHGFwcGFybW9y
QGxpc3RzLnVidW50dS5jb20ACgkQZonmTj02ZLtQ7BAAkhe2XlK/VUYTLHDYp9Ku
v7F8fNsUAl+fAnUBr8zyqHqUDhcJuknE097DO1SIqkqYwn3wm4SC9otEwodHLXpQ
ruDPLd1id1+440toHDDD0vEJD3AOPTyxrH5Py3OwulZ5AmVdzGiiqy2u57dHucqQ
wg6ZJqXC+HeiaGWvEeh0vWAVrg/NyLNCHV6nAvYW1QoS/86MkbPJygA2srVWME3n
EFiTJdHuRUVqAus2a48tGnLmg0jokF8iUK27HBJVYb38md9Ve3483BfUc0eaWDqb
2x48PK1U3qEw/p7kwhmXKCsMwpFN2+2kjxTYm0htwYwAempKfqDAqdQa3J1C6XLL
g0x4QtXdIwjdr3/gKyYH5ZoAxSYEfRqA4jRg7jh4mNCsNvdIfhbtexJwiSBQbugw
5WygriBvHcxeYlWzLVwKfYqsuvZH+MaL+6XKraIzSz1WhooRGXqYCsAksXFNVVeP
+fAGSsZyC3XRKnj2EGe7vAnpc28vZa+Yg2MUiaAeqldP8/mIjw/v/flABP2BhCB6
yAa7UrXvheG3cu/RzMGfMVs5fdhMaK49/YR4FL7i/CpLOCLTDeP+wIzQWeObY0CU
IwhVwz90PZklvEWsUchApzjKLAuEv2avY81Ij47BkPfjcKf3Q2VPTP34uTnw0axT
RIP58VSpAJmOYwgdcxzph2s=
=uFF9
-----END PGP SIGNATURE-----

3
apparmor-2.13.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:49f0b65a60c1eb5b7b4316023811bf1785875567e0e0c4c8a26cb1f1c3ac5858
size 7352564

16
apparmor-2.13.tar.gz.asc
View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQI3BAABCgAhBQJa01juGhxhcHBhcm1vckBsaXN0cy51YnVudHUuY29tAAoJEGaJ
5k49NmS7w7sP/jWzBwvWn4NySOdncM+/h83AIb0Kx2mBPFCqLrZ3low73riA/LtJ
mq7JN/qiBYM/lB/6fiEJZV5eUTvN9IFOtJkJVbEYOhIe5IjBkkOoxDfmnpnrkTvK
GYkoIjSpsJDepvzqpBeQ44exH7XGkhpZRULlgJZkpJXvYE0nb9JDQgOuPWP56Q0F
t773uEIYME/7sveQtHYbUVrB2ncnMO4ppcFhNo2VEz7q1xl+s0D9b5qAvRNMjA/9
vgx8ZXSGbhsIUhMf5RgZd3j2hVs2LI+Qg6jM+ULzB+C9PtXefSe802gREoSkKxvQ
f88sPuOL1DX2aiIu5GFUQqziP9u+Xp/2YkQs0WSJEGUbs2+HfKDJHVF/610B4i6L
jpBIja9cYRacINU4beTNvZulyAAZHQ0CsRf1eyRzUrwNIi76eLlmhkBve40mtVq0
6CKWkKllTmEk94D3CEFPzzDV7rpA9hcif71WGwNbMBj4HOlLK/pNAedAccdWwNbo
4EExDyMQrOeHQsUmppaiH/ulwMKd6HGQOMiLm1kPesBqpW+bbI1PMP0O/Kpb/tVQ
Kesr9tTYiTrSXeQUoWeaCZ5xV2yq6xr9RWLSLkLj3B2F9WF9RcR8jj1K7796ervi
Ybm7VwdnmSi/fRV+8lUUjy1NPksTZ4iem26GJ0YsQqxCz3phH9wAvW1c
=oH+3
-----END PGP SIGNATURE-----

2
apparmor-samba-include-permissions-for-shares.diff
View File

@ -20,7 +20,7 @@ Signed-off-by: Christian Boltz <apparmor@cboltz.de>
=== modified file 'profiles/apparmor.d/usr.sbin.smbd'
--- profiles/apparmor.d/usr.sbin.smbd 2011-08-27 18:50:42 +0000
+++ profiles/apparmor.d/usr.sbin.smbd 2011-10-19 09:37:04 +0000
@@ -53,6 +53,10 @@
@@ -55,6 +55,10 @@
@{HOMEDIRS}/** lrwk,

38
apparmor.changes
View File

@ -1,3 +1,41 @@
-------------------------------------------------------------------
Fri Dec 21 12:59:00 UTC 2018 - Christian Boltz <suse-beta@cboltz.de>
- update to AppArmor 2.13.2
- add profile names to most profiles
- update dnsmasq profile (pid file and logfile path) (boo#1111342)
- add vulkan abstraction
- add letsencrypt certificate path to abstractions/ssl_*
- ignore *.orig and *.rej files when loading profiles
- fix aa-complain etc. to handle named profiles
- several bugfixes and small profile improvements
- see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13.2
for the detailed upstream changelog
- remove upstreamed fix-syntax-error-in-rc.apparmor.functions.patch
-------------------------------------------------------------------
Sun Oct 14 11:02:58 UTC 2018 - Christian Boltz <suse-beta@cboltz.de>
- update to 2.13.1
- add qt5 and qt5-compose-cache-write abstractions
- add @{uid} and @{uids} kernel var placeholders
- several profile and abstraction updates
- ignore "abi" rules in parser and tools (instead of erroring out)
- utils: fix overwriting of child profile flags if they differ from
the main profile
- several bugfixes (including boo#1100779)
- see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13.1
for the detailed upstream changelog
- remove upstream(ed) patches:
- aa-teardown-path.diff
- fix-apparmor-systemd-perms.diff
- logprof-skip-cache-d.diff
- fix-samba-profiles.patch
- make-pyflakes-happy.diff
- dnsmasq-Add-permission-to-open-log-files.patch
- refresh apparmor-samba-include-permissions-for-shares.diff
- add fix-syntax-error-in-rc.apparmor.functions.patch
-------------------------------------------------------------------
Wed Oct 10 18:01:16 UTC 2018 - Christian Boltz <suse-beta@cboltz.de>

27
apparmor.spec
View File

@ -35,7 +35,7 @@
%define apache_module_path %(/usr/sbin/apxs2 -q LIBEXECDIR)
Name: apparmor
Version: 2.13
Version: 2.13.2
Release: 0
Summary: AppArmor userlevel parser utility
License: GPL-2.0-or-later
@ -62,24 +62,6 @@ Patch5: ruby-2_0-mkmf-destdir.patch
# bug 906858 - confine lessopen.sh (submitted upstream 2014-12-21)
Patch7: apparmor-lessopen-profile.patch
# install aa-teardown to /usr/sbin, not /sbin (merged upstream 2018-04-15 https://gitlab.com/apparmor/apparmor/merge_requests/97)
Patch8: aa-teardown-path.diff
# fix permissions of apparmor.systemd (boo#1090545, merged upstream 2018-04-27 https://gitlab.com/apparmor/apparmor/merge_requests/106)
Patch9: fix-apparmor-systemd-perms.diff
# exclude the /etc/apparmor.d/cache.d directory from aa-logprof parsing (merged upstream 2018-04-30 https://gitlab.com/apparmor/apparmor/merge_requests/110/diffs)
Patch10: logprof-skip-cache-d.diff
# bug 1092099 - Allow smbd to load new shared libraries. Allow Winbindd to read and write new kerberos cache location (accepted upstream 2018-05-09 https://gitlab.com/apparmor/apparmor/merge_requests/121 - slightly different patch)
Patch11: fix-samba-profiles.patch
# SR 629206 - make pyflakes 2.0 happy (unused variable) (accepted upstream 2018-08-22)
Patch12: make-pyflakes-happy.diff
# boo#1111342 Backport fix for dnsmasq into Tumbleweed (add permission to open log files) (from upstream 2018-10-08)
Patch13: dnsmasq-Add-permission-to-open-log-files.patch
PreReq: sed
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%define apparmor_bin_prefix /lib/apparmor
@ -367,12 +349,6 @@ SubDomain.
%patch2
%patch5 -p1
%patch7
%patch8
%patch9 -p1
%patch10
%patch11 -p1
%patch12 -p1
%patch13 -p1
%build
export SUSE_ASNEEDED=0
@ -602,6 +578,7 @@ fi
%config(noreplace) %{_sysconfdir}/apparmor.d/bin.*
%config(noreplace) %{_sysconfdir}/apparmor.d/sbin.*
%config(noreplace) %{_sysconfdir}/apparmor.d/usr.*
%config(noreplace) %{_sysconfdir}/apparmor.d/nvidia_modprobe
%config(noreplace) %{_sysconfdir}/apparmor.d/local/*
%dir /usr/share/apparmor/
/usr/share/apparmor/cache/

28
dnsmasq-Add-permission-to-open-log-files.patch
View File

@ -1,28 +0,0 @@
From 025c7dc6a131da24c31e41ad32753015a0ec0f76 Mon Sep 17 00:00:00 2001
From: Petr Vorel <pvorel@suse.cz>
Date: Mon, 8 Oct 2018 16:44:01 +0200
Subject: [PATCH] dnsmasq: Add permission to open log files
--log-facility option needs to have permission to open files.
Use '*' to allow using more files (for using more dnsmasq instances).
Signed-off-by: Petr Vorel <pvorel@suse.cz>
Signed-off-by: Jamie Strandboge <jamie@canonical.com>
Signed-off-by: Steve Beattie <steve.beattie@canonical.com>
---
profiles/apparmor.d/usr.sbin.dnsmasq | 2 ++
1 file changed, 2 insertions(+)
diff --git a/profiles/apparmor.d/usr.sbin.dnsmasq b/profiles/apparmor.d/usr.sbin.dnsmasq
index 2b4b1bfc..f2e6847d 100644
--- a/profiles/apparmor.d/usr.sbin.dnsmasq
+++ b/profiles/apparmor.d/usr.sbin.dnsmasq
@@ -43,6 +43,8 @@
/usr/sbin/dnsmasq mr,
+ /var/log/*dnsmasq.log w,
+
/{,var/}run/*dnsmasq*.pid w,
/{,var/}run/dnsmasq-forwarders.conf r,
/{,var/}run/dnsmasq/ r,

13
fix-apparmor-systemd-perms.diff
View File

@ -1,13 +0,0 @@
diff --git a/parser/Makefile b/parser/Makefile
index 70fb27fe..04996fb7 100644
--- a/parser/Makefile
+++ b/parser/Makefile
@@ -383,7 +383,7 @@ install-indep: indep
install-systemd:
install -m 755 -d $(SYSTEMD_UNIT_DIR)
install -m 644 apparmor.service $(SYSTEMD_UNIT_DIR)
- install -m 644 apparmor.systemd $(APPARMOR_BIN_PREFIX)
+ install -m 755 apparmor.systemd $(APPARMOR_BIN_PREFIX)
install -m 755 -d $(DESTDIR)/usr/sbin
install -m 755 aa-teardown $(DESTDIR)/usr/sbin

25
fix-samba-profiles.patch
View File

@ -1,25 +0,0 @@
diff --git a/profiles/apparmor.d/usr.sbin.smbd b/profiles/apparmor.d/usr.sbin.smbd
index 8f54e9c0..cbd03bad 100644
--- a/profiles/apparmor.d/usr.sbin.smbd
+++ b/profiles/apparmor.d/usr.sbin.smbd
@@ -32,6 +32,8 @@
/usr/lib*/samba/charset/*.so mr,
/usr/lib*/samba/auth/script.so mr,
/usr/lib*/samba/pdb/*.so mr,
+ /usr/lib*/samba/auth/*.so mr,
+ /usr/lib*/samba/gensec/*.so mr,
/usr/lib*/samba/{lowcase,upcase,valid}.dat r,
/usr/lib/@{multiarch}/samba/*.so{,.[0-9]*} mr,
/usr/lib/@{multiarch}/samba/**/ r,
diff --git a/profiles/apparmor.d/usr.sbin.winbindd b/profiles/apparmor.d/usr.sbin.winbindd
index f5f8cc08..5a906c0e 100644
--- a/profiles/apparmor.d/usr.sbin.winbindd
+++ b/profiles/apparmor.d/usr.sbin.winbindd
@@ -20,6 +20,7 @@
@{PROC}/sys/kernel/core_pattern r,
/tmp/.winbindd/ w,
/tmp/krb5cc_* rwk,
+ /run/user/*/krb5cc/* rwk,
/usr/lib*/samba/gensec/krb*.so mr,
/usr/lib*/samba/idmap/*.so mr,
/usr/lib*/samba/nss_info/*.so mr,

16
libapparmor.changes
View File

@ -1,3 +1,19 @@
-------------------------------------------------------------------
Fri Dec 21 12:58:02 UTC 2018 - Christian Boltz <suse-beta@cboltz.de>
- update to AppArmor 2.13.2
- no changes in libapparmor
- see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13.2
for the detailed upstream changelog
-------------------------------------------------------------------
Sun Oct 14 11:32:31 UTC 2018 - Christian Boltz <suse-beta@cboltz.de>
- update to AppArmor 2.13.1
- several bug fixes
- see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13.1
for the detailed upstream changelog
-------------------------------------------------------------------
Sun Apr 15 19:02:35 UTC 2018 - suse-beta@cboltz.de

2
libapparmor.spec
View File

@ -18,7 +18,7 @@
Name: libapparmor
Version: 2.13
Version: 2.13.2
Release: 0
Summary: Utility library for AppArmor
License: LGPL-2.1-or-later

26
logprof-skip-cache-d.diff
View File

@ -1,26 +0,0 @@
diff --git a/utils/apparmor/aa.py b/utils/apparmor/aa.py
index e28b8495..88bf2172 100644
--- utils/apparmor/aa.py
+++ utils/apparmor/aa.py
@@ -2048,7 +2048,7 @@ def is_skippable_file(path):
return False
def is_skippable_dir(path):
- if re.search('^(.*/)?(disable|cache|force-complain|lxc|\.git)/?$', path):
+ if re.search('^(.*/)?(disable|cache|cache\.d|force-complain|lxc|\.git)/?$', path):
return True
return False
diff --git a/utils/test/test-aa.py b/utils/test/test-aa.py
index 243283a9..b5f8e94f 100644
--- utils/test/test-aa.py
+++ utils/test/test-aa.py
@@ -484,6 +484,8 @@ class AaTest_is_skippable_dir(AATest):
('lxc', True),
('force-complain', True),
('/etc/apparmor.d/cache', True),
+ ('/etc/apparmor.d/cache.d', True),
+ ('/etc/apparmor.d/cache.d/', True),
('/etc/apparmor.d/lxc/', True),
('/etc/apparmor.d/.git/', True),

13
make-pyflakes-happy.diff
View File

@ -1,13 +0,0 @@
diff --git a/utils/apparmor/sandbox.py b/utils/apparmor/sandbox.py
index 51048f6f..17e413ea 100644
--- a/utils/apparmor/sandbox.py
+++ b/utils/apparmor/sandbox.py
@@ -718,7 +718,7 @@ def run_xsandbox(command, opt):
# aa-exec
try:
rc, report = aa_exec(command, opt, x.new_environ, required_rules)
- except Exception as e:
+ except Exception:
x.cleanup()
raise
x.cleanup()