diff --git a/apparmor.changes b/apparmor.changes index 9e92552..21993b2 100644 --- a/apparmor.changes +++ b/apparmor.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Tue May 24 12:15:19 UTC 2016 - suse-beta@cboltz.de + +- add profiles-ping-inet6-r3449.diff - latest ping also does IPv6 (boo#980596) + ------------------------------------------------------------------- Fri Apr 22 20:49:24 UTC 2016 - suse-beta@cboltz.de diff --git a/apparmor.spec b/apparmor.spec index 733c33a..7459a55 100644 --- a/apparmor.spec +++ b/apparmor.spec @@ -92,6 +92,9 @@ Patch6: apparmor-abstractions-no-multiline.diff # bug 906858 - confine lessopen.sh (submitted upstream 2014-12-21) Patch7: apparmor-lessopen-profile.patch +# boo#980596 - latest ping includes IPv6 (commited upstream trunk r3449 / 2.10 branch r3331 / 2.9 branch r3009) +Patch8: profiles-ping-inet6-r3449.diff + Url: https://launchpad.net/apparmor PreReq: sed BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -439,6 +442,7 @@ SubDomain. %patch6 %patch7 -p1 +%patch8 # search for left-over multiline rules test -z "$(grep -r '^\s*\(unix\|dbus\)[^,]\(([^)]*)\)*[^,]*$' profiles/apparmor.d/)" diff --git a/profiles-ping-inet6-r3449.diff b/profiles-ping-inet6-r3449.diff new file mode 100644 index 0000000..f117bec --- /dev/null +++ b/profiles-ping-inet6-r3449.diff @@ -0,0 +1,33 @@ +------------------------------------------------------------ +revno: trunk r3449 / 2.10 branch r3331 / 2.9 branch r3009 +committer: Christian Boltz +branch nick: apparmor +timestamp: Wed 2016-05-18 21:18:10 +0200 +message: + allow inet6 in ping profile + + The latest iputils merged ping and ping6 into a single binary that does + both IPv4 and IPv6 pings (by default, it really does both). + This means we need to allow network inet6 raw in the ping profile. + + References: https://bugzilla.opensuse.org/show_bug.cgi?id=980596 + (contains more details and example output) + + + Acked-by: Steve Beattie for trunk, 2.10 and 2.9 + + +=== modified file 'profiles/apparmor.d/bin.ping' +--- profiles/apparmor.d/bin.ping 2015-10-20 21:12:35 +0000 ++++ profiles/apparmor.d/bin.ping 2016-05-18 19:18:10 +0000 +@@ -18,6 +18,7 @@ + capability net_raw, + capability setuid, + network inet raw, ++ network inet6 raw, + + /{,usr/}bin/ping mixr, + /etc/modules.conf r, + + +vim:ft=diff