From a50868b293658e1c1884500590f7ec8ae5e57c795011b42613328d33c20a47de Mon Sep 17 00:00:00 2001 From: Christian Boltz Date: Fri, 21 Dec 2018 14:30:43 +0000 Subject: [PATCH] Accepting request 660558 from home:cboltz - update to AppArmor 2.13.2 - add profile names to most profiles - update dnsmasq profile (pid file and logfile path) (boo#1111342) - add vulkan abstraction - add letsencrypt certificate path to abstractions/ssl_* - ignore *.orig and *.rej files when loading profiles - fix aa-complain etc. to handle named profiles - several bugfixes and small profile improvements - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13.2 for the detailed upstream changelog - remove upstreamed fix-syntax-error-in-rc.apparmor.functions.patch - update to 2.13.1 - add qt5 and qt5-compose-cache-write abstractions - add @{uid} and @{uids} kernel var placeholders - several profile and abstraction updates - ignore "abi" rules in parser and tools (instead of erroring out) - utils: fix overwriting of child profile flags if they differ from the main profile - several bugfixes (including boo#1100779) - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13.1 for the detailed upstream changelog - remove upstream(ed) patches: - aa-teardown-path.diff - fix-apparmor-systemd-perms.diff - logprof-skip-cache-d.diff - fix-samba-profiles.patch - make-pyflakes-happy.diff - dnsmasq-Add-permission-to-open-log-files.patch - refresh apparmor-samba-include-permissions-for-shares.diff - add fix-syntax-error-in-rc.apparmor.functions.patch - update to AppArmor 2.13.2 - no changes in libapparmor - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13.2 for the detailed upstream changelog - update to AppArmor 2.13.1 - several bug fixes - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13.1 for the detailed upstream changelog OBS-URL: https://build.opensuse.org/request/show/660558 OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=224 --- aa-teardown-path.diff | 15 -------- apparmor-2.13.2.tar.gz | 3 ++ apparmor-2.13.2.tar.gz.asc | 17 +++++++++ apparmor-2.13.tar.gz | 3 -- apparmor-2.13.tar.gz.asc | 16 -------- ...-samba-include-permissions-for-shares.diff | 2 +- apparmor.changes | 38 +++++++++++++++++++ apparmor.spec | 27 +------------ ...asq-Add-permission-to-open-log-files.patch | 28 -------------- fix-apparmor-systemd-perms.diff | 13 ------- fix-samba-profiles.patch | 25 ------------ libapparmor.changes | 16 ++++++++ libapparmor.spec | 2 +- logprof-skip-cache-d.diff | 26 ------------- make-pyflakes-happy.diff | 13 ------- 15 files changed, 78 insertions(+), 166 deletions(-) delete mode 100644 aa-teardown-path.diff create mode 100644 apparmor-2.13.2.tar.gz create mode 100644 apparmor-2.13.2.tar.gz.asc delete mode 100644 apparmor-2.13.tar.gz delete mode 100644 apparmor-2.13.tar.gz.asc delete mode 100644 dnsmasq-Add-permission-to-open-log-files.patch delete mode 100644 fix-apparmor-systemd-perms.diff delete mode 100644 fix-samba-profiles.patch delete mode 100644 logprof-skip-cache-d.diff delete mode 100644 make-pyflakes-happy.diff diff --git a/aa-teardown-path.diff b/aa-teardown-path.diff deleted file mode 100644 index cdf705c..0000000 --- a/aa-teardown-path.diff +++ /dev/null @@ -1,15 +0,0 @@ -Index: parser/Makefile -=================================================================== ---- parser/Makefile.orig 2018-04-15 15:48:53.000000000 +0200 -+++ parser/Makefile 2018-04-15 23:21:13.677508654 +0200 -@@ -384,8 +384,8 @@ install-systemd: - install -m 755 -d $(SYSTEMD_UNIT_DIR) - install -m 644 apparmor.service $(SYSTEMD_UNIT_DIR) - install -m 644 apparmor.systemd $(APPARMOR_BIN_PREFIX) -- install -m 755 -d $(DESTDIR)/sbin -- install -m 755 aa-teardown $(DESTDIR)/sbin -+ install -m 755 -d $(DESTDIR)/usr/sbin -+ install -m 755 aa-teardown $(DESTDIR)/usr/sbin - - ifndef VERBOSE - .SILENT: clean diff --git a/apparmor-2.13.2.tar.gz b/apparmor-2.13.2.tar.gz new file mode 100644 index 0000000..92b9d68 --- /dev/null +++ b/apparmor-2.13.2.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:844def9926dfda5c7858428d06e44afc80573f9706458b6e7282edbb40b11a30 +size 7369240 diff --git a/apparmor-2.13.2.tar.gz.asc b/apparmor-2.13.2.tar.gz.asc new file mode 100644 index 0000000..698eb7e --- /dev/null +++ b/apparmor-2.13.2.tar.gz.asc @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- + +iQJOBAABCgA4FiEEPs3Lpfs00lSWHMU/ZonmTj02ZLsFAlwczB8aHGFwcGFybW9y +QGxpc3RzLnVidW50dS5jb20ACgkQZonmTj02ZLtQ7BAAkhe2XlK/VUYTLHDYp9Ku +v7F8fNsUAl+fAnUBr8zyqHqUDhcJuknE097DO1SIqkqYwn3wm4SC9otEwodHLXpQ +ruDPLd1id1+440toHDDD0vEJD3AOPTyxrH5Py3OwulZ5AmVdzGiiqy2u57dHucqQ +wg6ZJqXC+HeiaGWvEeh0vWAVrg/NyLNCHV6nAvYW1QoS/86MkbPJygA2srVWME3n +EFiTJdHuRUVqAus2a48tGnLmg0jokF8iUK27HBJVYb38md9Ve3483BfUc0eaWDqb +2x48PK1U3qEw/p7kwhmXKCsMwpFN2+2kjxTYm0htwYwAempKfqDAqdQa3J1C6XLL +g0x4QtXdIwjdr3/gKyYH5ZoAxSYEfRqA4jRg7jh4mNCsNvdIfhbtexJwiSBQbugw +5WygriBvHcxeYlWzLVwKfYqsuvZH+MaL+6XKraIzSz1WhooRGXqYCsAksXFNVVeP ++fAGSsZyC3XRKnj2EGe7vAnpc28vZa+Yg2MUiaAeqldP8/mIjw/v/flABP2BhCB6 +yAa7UrXvheG3cu/RzMGfMVs5fdhMaK49/YR4FL7i/CpLOCLTDeP+wIzQWeObY0CU +IwhVwz90PZklvEWsUchApzjKLAuEv2avY81Ij47BkPfjcKf3Q2VPTP34uTnw0axT +RIP58VSpAJmOYwgdcxzph2s= +=uFF9 +-----END PGP SIGNATURE----- diff --git a/apparmor-2.13.tar.gz b/apparmor-2.13.tar.gz deleted file mode 100644 index 7a9960e..0000000 --- a/apparmor-2.13.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:49f0b65a60c1eb5b7b4316023811bf1785875567e0e0c4c8a26cb1f1c3ac5858 -size 7352564 diff --git a/apparmor-2.13.tar.gz.asc b/apparmor-2.13.tar.gz.asc deleted file mode 100644 index 9581f56..0000000 --- a/apparmor-2.13.tar.gz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQI3BAABCgAhBQJa01juGhxhcHBhcm1vckBsaXN0cy51YnVudHUuY29tAAoJEGaJ -5k49NmS7w7sP/jWzBwvWn4NySOdncM+/h83AIb0Kx2mBPFCqLrZ3low73riA/LtJ -mq7JN/qiBYM/lB/6fiEJZV5eUTvN9IFOtJkJVbEYOhIe5IjBkkOoxDfmnpnrkTvK -GYkoIjSpsJDepvzqpBeQ44exH7XGkhpZRULlgJZkpJXvYE0nb9JDQgOuPWP56Q0F -t773uEIYME/7sveQtHYbUVrB2ncnMO4ppcFhNo2VEz7q1xl+s0D9b5qAvRNMjA/9 -vgx8ZXSGbhsIUhMf5RgZd3j2hVs2LI+Qg6jM+ULzB+C9PtXefSe802gREoSkKxvQ -f88sPuOL1DX2aiIu5GFUQqziP9u+Xp/2YkQs0WSJEGUbs2+HfKDJHVF/610B4i6L -jpBIja9cYRacINU4beTNvZulyAAZHQ0CsRf1eyRzUrwNIi76eLlmhkBve40mtVq0 -6CKWkKllTmEk94D3CEFPzzDV7rpA9hcif71WGwNbMBj4HOlLK/pNAedAccdWwNbo -4EExDyMQrOeHQsUmppaiH/ulwMKd6HGQOMiLm1kPesBqpW+bbI1PMP0O/Kpb/tVQ -Kesr9tTYiTrSXeQUoWeaCZ5xV2yq6xr9RWLSLkLj3B2F9WF9RcR8jj1K7796ervi -Ybm7VwdnmSi/fRV+8lUUjy1NPksTZ4iem26GJ0YsQqxCz3phH9wAvW1c -=oH+3 ------END PGP SIGNATURE----- diff --git a/apparmor-samba-include-permissions-for-shares.diff b/apparmor-samba-include-permissions-for-shares.diff index ed492b9..89a139d 100644 --- a/apparmor-samba-include-permissions-for-shares.diff +++ b/apparmor-samba-include-permissions-for-shares.diff @@ -20,7 +20,7 @@ Signed-off-by: Christian Boltz === modified file 'profiles/apparmor.d/usr.sbin.smbd' --- profiles/apparmor.d/usr.sbin.smbd 2011-08-27 18:50:42 +0000 +++ profiles/apparmor.d/usr.sbin.smbd 2011-10-19 09:37:04 +0000 -@@ -53,6 +53,10 @@ +@@ -55,6 +55,10 @@ @{HOMEDIRS}/** lrwk, diff --git a/apparmor.changes b/apparmor.changes index 0d7cc3e..a815983 100644 --- a/apparmor.changes +++ b/apparmor.changes @@ -1,3 +1,41 @@ +------------------------------------------------------------------- +Fri Dec 21 12:59:00 UTC 2018 - Christian Boltz + +- update to AppArmor 2.13.2 + - add profile names to most profiles + - update dnsmasq profile (pid file and logfile path) (boo#1111342) + - add vulkan abstraction + - add letsencrypt certificate path to abstractions/ssl_* + - ignore *.orig and *.rej files when loading profiles + - fix aa-complain etc. to handle named profiles + - several bugfixes and small profile improvements + - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13.2 + for the detailed upstream changelog +- remove upstreamed fix-syntax-error-in-rc.apparmor.functions.patch + +------------------------------------------------------------------- +Sun Oct 14 11:02:58 UTC 2018 - Christian Boltz + +- update to 2.13.1 + - add qt5 and qt5-compose-cache-write abstractions + - add @{uid} and @{uids} kernel var placeholders + - several profile and abstraction updates + - ignore "abi" rules in parser and tools (instead of erroring out) + - utils: fix overwriting of child profile flags if they differ from + the main profile + - several bugfixes (including boo#1100779) + - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13.1 + for the detailed upstream changelog +- remove upstream(ed) patches: + - aa-teardown-path.diff + - fix-apparmor-systemd-perms.diff + - logprof-skip-cache-d.diff + - fix-samba-profiles.patch + - make-pyflakes-happy.diff + - dnsmasq-Add-permission-to-open-log-files.patch +- refresh apparmor-samba-include-permissions-for-shares.diff +- add fix-syntax-error-in-rc.apparmor.functions.patch + ------------------------------------------------------------------- Wed Oct 10 18:01:16 UTC 2018 - Christian Boltz diff --git a/apparmor.spec b/apparmor.spec index 074be5e..734457c 100644 --- a/apparmor.spec +++ b/apparmor.spec @@ -35,7 +35,7 @@ %define apache_module_path %(/usr/sbin/apxs2 -q LIBEXECDIR) Name: apparmor -Version: 2.13 +Version: 2.13.2 Release: 0 Summary: AppArmor userlevel parser utility License: GPL-2.0-or-later @@ -62,24 +62,6 @@ Patch5: ruby-2_0-mkmf-destdir.patch # bug 906858 - confine lessopen.sh (submitted upstream 2014-12-21) Patch7: apparmor-lessopen-profile.patch -# install aa-teardown to /usr/sbin, not /sbin (merged upstream 2018-04-15 https://gitlab.com/apparmor/apparmor/merge_requests/97) -Patch8: aa-teardown-path.diff - -# fix permissions of apparmor.systemd (boo#1090545, merged upstream 2018-04-27 https://gitlab.com/apparmor/apparmor/merge_requests/106) -Patch9: fix-apparmor-systemd-perms.diff - -# exclude the /etc/apparmor.d/cache.d directory from aa-logprof parsing (merged upstream 2018-04-30 https://gitlab.com/apparmor/apparmor/merge_requests/110/diffs) -Patch10: logprof-skip-cache-d.diff - -# bug 1092099 - Allow smbd to load new shared libraries. Allow Winbindd to read and write new kerberos cache location (accepted upstream 2018-05-09 https://gitlab.com/apparmor/apparmor/merge_requests/121 - slightly different patch) -Patch11: fix-samba-profiles.patch - -# SR 629206 - make pyflakes 2.0 happy (unused variable) (accepted upstream 2018-08-22) -Patch12: make-pyflakes-happy.diff - -# boo#1111342 Backport fix for dnsmasq into Tumbleweed (add permission to open log files) (from upstream 2018-10-08) -Patch13: dnsmasq-Add-permission-to-open-log-files.patch - PreReq: sed BuildRoot: %{_tmppath}/%{name}-%{version}-build %define apparmor_bin_prefix /lib/apparmor @@ -367,12 +349,6 @@ SubDomain. %patch2 %patch5 -p1 %patch7 -%patch8 -%patch9 -p1 -%patch10 -%patch11 -p1 -%patch12 -p1 -%patch13 -p1 %build export SUSE_ASNEEDED=0 @@ -602,6 +578,7 @@ fi %config(noreplace) %{_sysconfdir}/apparmor.d/bin.* %config(noreplace) %{_sysconfdir}/apparmor.d/sbin.* %config(noreplace) %{_sysconfdir}/apparmor.d/usr.* +%config(noreplace) %{_sysconfdir}/apparmor.d/nvidia_modprobe %config(noreplace) %{_sysconfdir}/apparmor.d/local/* %dir /usr/share/apparmor/ /usr/share/apparmor/cache/ diff --git a/dnsmasq-Add-permission-to-open-log-files.patch b/dnsmasq-Add-permission-to-open-log-files.patch deleted file mode 100644 index bf11f0e..0000000 --- a/dnsmasq-Add-permission-to-open-log-files.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 025c7dc6a131da24c31e41ad32753015a0ec0f76 Mon Sep 17 00:00:00 2001 -From: Petr Vorel -Date: Mon, 8 Oct 2018 16:44:01 +0200 -Subject: [PATCH] dnsmasq: Add permission to open log files - ---log-facility option needs to have permission to open files. -Use '*' to allow using more files (for using more dnsmasq instances). - -Signed-off-by: Petr Vorel -Signed-off-by: Jamie Strandboge -Signed-off-by: Steve Beattie ---- - profiles/apparmor.d/usr.sbin.dnsmasq | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/profiles/apparmor.d/usr.sbin.dnsmasq b/profiles/apparmor.d/usr.sbin.dnsmasq -index 2b4b1bfc..f2e6847d 100644 ---- a/profiles/apparmor.d/usr.sbin.dnsmasq -+++ b/profiles/apparmor.d/usr.sbin.dnsmasq -@@ -43,6 +43,8 @@ - - /usr/sbin/dnsmasq mr, - -+ /var/log/*dnsmasq.log w, -+ - /{,var/}run/*dnsmasq*.pid w, - /{,var/}run/dnsmasq-forwarders.conf r, - /{,var/}run/dnsmasq/ r, diff --git a/fix-apparmor-systemd-perms.diff b/fix-apparmor-systemd-perms.diff deleted file mode 100644 index 3c5c8cc..0000000 --- a/fix-apparmor-systemd-perms.diff +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/parser/Makefile b/parser/Makefile -index 70fb27fe..04996fb7 100644 ---- a/parser/Makefile -+++ b/parser/Makefile -@@ -383,7 +383,7 @@ install-indep: indep - install-systemd: - install -m 755 -d $(SYSTEMD_UNIT_DIR) - install -m 644 apparmor.service $(SYSTEMD_UNIT_DIR) -- install -m 644 apparmor.systemd $(APPARMOR_BIN_PREFIX) -+ install -m 755 apparmor.systemd $(APPARMOR_BIN_PREFIX) - install -m 755 -d $(DESTDIR)/usr/sbin - install -m 755 aa-teardown $(DESTDIR)/usr/sbin - diff --git a/fix-samba-profiles.patch b/fix-samba-profiles.patch deleted file mode 100644 index d3868fd..0000000 --- a/fix-samba-profiles.patch +++ /dev/null @@ -1,25 +0,0 @@ -diff --git a/profiles/apparmor.d/usr.sbin.smbd b/profiles/apparmor.d/usr.sbin.smbd -index 8f54e9c0..cbd03bad 100644 ---- a/profiles/apparmor.d/usr.sbin.smbd -+++ b/profiles/apparmor.d/usr.sbin.smbd -@@ -32,6 +32,8 @@ - /usr/lib*/samba/charset/*.so mr, - /usr/lib*/samba/auth/script.so mr, - /usr/lib*/samba/pdb/*.so mr, -+ /usr/lib*/samba/auth/*.so mr, -+ /usr/lib*/samba/gensec/*.so mr, - /usr/lib*/samba/{lowcase,upcase,valid}.dat r, - /usr/lib/@{multiarch}/samba/*.so{,.[0-9]*} mr, - /usr/lib/@{multiarch}/samba/**/ r, -diff --git a/profiles/apparmor.d/usr.sbin.winbindd b/profiles/apparmor.d/usr.sbin.winbindd -index f5f8cc08..5a906c0e 100644 ---- a/profiles/apparmor.d/usr.sbin.winbindd -+++ b/profiles/apparmor.d/usr.sbin.winbindd -@@ -20,6 +20,7 @@ - @{PROC}/sys/kernel/core_pattern r, - /tmp/.winbindd/ w, - /tmp/krb5cc_* rwk, -+ /run/user/*/krb5cc/* rwk, - /usr/lib*/samba/gensec/krb*.so mr, - /usr/lib*/samba/idmap/*.so mr, - /usr/lib*/samba/nss_info/*.so mr, diff --git a/libapparmor.changes b/libapparmor.changes index 1592852..14798a2 100644 --- a/libapparmor.changes +++ b/libapparmor.changes @@ -1,3 +1,19 @@ +------------------------------------------------------------------- +Fri Dec 21 12:58:02 UTC 2018 - Christian Boltz + +- update to AppArmor 2.13.2 + - no changes in libapparmor + - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13.2 + for the detailed upstream changelog + +------------------------------------------------------------------- +Sun Oct 14 11:32:31 UTC 2018 - Christian Boltz + +- update to AppArmor 2.13.1 + - several bug fixes + - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13.1 + for the detailed upstream changelog + ------------------------------------------------------------------- Sun Apr 15 19:02:35 UTC 2018 - suse-beta@cboltz.de diff --git a/libapparmor.spec b/libapparmor.spec index 8aa4ed3..1f8266d 100644 --- a/libapparmor.spec +++ b/libapparmor.spec @@ -18,7 +18,7 @@ Name: libapparmor -Version: 2.13 +Version: 2.13.2 Release: 0 Summary: Utility library for AppArmor License: LGPL-2.1-or-later diff --git a/logprof-skip-cache-d.diff b/logprof-skip-cache-d.diff deleted file mode 100644 index ad291bc..0000000 --- a/logprof-skip-cache-d.diff +++ /dev/null @@ -1,26 +0,0 @@ -diff --git a/utils/apparmor/aa.py b/utils/apparmor/aa.py -index e28b8495..88bf2172 100644 ---- utils/apparmor/aa.py -+++ utils/apparmor/aa.py -@@ -2048,7 +2048,7 @@ def is_skippable_file(path): - return False - - def is_skippable_dir(path): -- if re.search('^(.*/)?(disable|cache|force-complain|lxc|\.git)/?$', path): -+ if re.search('^(.*/)?(disable|cache|cache\.d|force-complain|lxc|\.git)/?$', path): - return True - return False - -diff --git a/utils/test/test-aa.py b/utils/test/test-aa.py -index 243283a9..b5f8e94f 100644 ---- utils/test/test-aa.py -+++ utils/test/test-aa.py -@@ -484,6 +484,8 @@ class AaTest_is_skippable_dir(AATest): - ('lxc', True), - ('force-complain', True), - ('/etc/apparmor.d/cache', True), -+ ('/etc/apparmor.d/cache.d', True), -+ ('/etc/apparmor.d/cache.d/', True), - ('/etc/apparmor.d/lxc/', True), - ('/etc/apparmor.d/.git/', True), - diff --git a/make-pyflakes-happy.diff b/make-pyflakes-happy.diff deleted file mode 100644 index 753cbdf..0000000 --- a/make-pyflakes-happy.diff +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/utils/apparmor/sandbox.py b/utils/apparmor/sandbox.py -index 51048f6f..17e413ea 100644 ---- a/utils/apparmor/sandbox.py -+++ b/utils/apparmor/sandbox.py -@@ -718,7 +718,7 @@ def run_xsandbox(command, opt): - # aa-exec - try: - rc, report = aa_exec(command, opt, x.new_environ, required_rules) -- except Exception as e: -+ except Exception: - x.cleanup() - raise - x.cleanup()