Accepting request 102458 from security:apparmor:factory
- Update to AppArmor 2.7.2 (= 2.7 branch / r1894) - move various permissions from httpd2-prefork profile to abstractions/apache2-common. Backward-incompatible change: *.htaccess files are no longer allowed for ^HANDLING_UNTRUSTED_INPUT - allow access for more /usr/lib*/samba/ files for smbd (bnc#725967#c5) - allow various .conf files for dovecot (lp#458922) - disallow wl for *.so in @{HOME}/.pki/nssdb/ in abstractions/private-files and abstractions/private-files-strict (lp#911847) - update abstractions/kde, private-files* and ubuntu-browsers.d/user-files to use ~/.kde4, not only ~/.kde (bnc#741592) - block write access to ~/.kde{,4}/env in abstractions/private-files (lp#914190) - allow write access for personal dictionary etc. in abstractions/aspell (lp#917859) - when using genprof for a script, include read access to the script itsself - automatically include abstractions/python or abstractions/ruby for python/ruby scripts - add profile for smbldap-useradd and allow smbd to call it (bnc#738041) - allow creation of the .config directory in abstractions/enchant (lp#914184) - allow TFTP read-only access in dnsmasq profile (lp#905412) - allow capability dac_read_search for syslog-ng (bnc#731876) - add p11-kit abstraction and include it in abstractions/authentification (lp#912754, lp#912752) - add audacity to abstractions/ubuntu-media-players (lp#899963) - allow software-center, fireclam plugin, [tT]unar, exo-open, kate and /dev/nvidia* in abstractons/ubuntu-browsers.d/* (lp#662906, lp#562831, lp#890894, lp#890894, lp#884748) - fix typo for multiarch gconf-modules in abstractions/base (lp#904548) - allow avahi to do dbus introspection (lp#769148) - allow access to ~/.fonts.conf.d in abstractions/fonts (lp#870992) - allow transmission in abstractions/ubuntu-bittorrent-clients (lp#852062) - allow reading ~/.cups/client.conf and ~/.cups/lpoptions in abstractions/cups-client (lp#887992) - allow read access of /etc/python{2,3}.[0-7]*/sitecustomize.py in abstractions/python (lp#860856) - various updates to the sshd profile (lp#817956) - (and some more changes I already included in the apparmor-2.7-branch.diff) OBS-URL: https://build.opensuse.org/request/show/102458 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=32
This commit is contained in:
parent
b2f1c70e39
commit
c958d9cad3
@ -1,36 +0,0 @@
|
||||
svn diff -r1858..1861 > 2.7-branch.diff
|
||||
|
||||
=== modified file 'profiles/Makefile'
|
||||
--- profiles/Makefile 2011-10-19 22:23:19 +0000
|
||||
+++ profiles/Makefile 2012-01-03 22:45:00 +0000
|
||||
@@ -56,6 +56,7 @@
|
||||
${PROFILES_DEST}/program-chunks \
|
||||
${PROFILES_DEST}/tunables \
|
||||
${PROFILES_DEST}/tunables/home.d \
|
||||
+ ${PROFILES_DEST}/tunables/multiarch.d \
|
||||
${PROFILES_DEST}/local
|
||||
install -m 644 ${PROFILES_TO_COPY} ${PROFILES_DEST}
|
||||
install -m 644 ${ABSTRACTIONS_TO_COPY} ${PROFILES_DEST}/abstractions
|
||||
|
||||
=== modified file 'profiles/apparmor.d/abstractions/python'
|
||||
--- profiles/apparmor.d/abstractions/python 2011-11-30 16:56:45 +0000
|
||||
+++ profiles/apparmor.d/abstractions/python 2012-01-03 20:23:30 +0000
|
||||
@@ -31,4 +31,4 @@
|
||||
/usr/lib/wx/python/*.pth r,
|
||||
|
||||
# python build configuration and headers
|
||||
- /usr/include/python{2,3}.[0-7]*/pyconfig.h
|
||||
+ /usr/include/python{2,3}.[0-7]*/pyconfig.h r,
|
||||
|
||||
=== modified file 'profiles/apparmor.d/usr.sbin.smbd'
|
||||
--- profiles/apparmor.d/usr.sbin.smbd 2011-11-01 17:28:49 +0000
|
||||
+++ profiles/apparmor.d/usr.sbin.smbd 2011-12-30 20:55:58 +0000
|
||||
@@ -21,6 +21,7 @@
|
||||
capability sys_tty_config,
|
||||
|
||||
/etc/mtab r,
|
||||
+ /etc/netgroup r,
|
||||
/etc/printcap r,
|
||||
/proc/*/mounts r,
|
||||
/proc/sys/kernel/core_pattern r,
|
||||
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:ff8a2f49f902faa78e502590c65d3850fb9a2a3453bef0dc1f99e947c52fc60f
|
||||
size 1399442
|
3
apparmor-2.7.2.tar.gz
Normal file
3
apparmor-2.7.2.tar.gz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:42deb8cbf4937fac07a48ec8427b90131e92ed2f83b606beee092bdb4fc2a41f
|
||||
size 1403151
|
@ -20,7 +20,7 @@ Signed-off-by: Christian Boltz <apparmor@cboltz.de>
|
||||
=== modified file 'profiles/apparmor.d/usr.sbin.smbd'
|
||||
--- profiles/apparmor.d/usr.sbin.smbd 2011-08-27 18:50:42 +0000
|
||||
+++ profiles/apparmor.d/usr.sbin.smbd 2011-10-19 09:37:04 +0000
|
||||
@@ -42,6 +42,10 @@
|
||||
@@ -46,6 +46,10 @@
|
||||
|
||||
@{HOMEDIRS}/** lrwk,
|
||||
|
||||
|
@ -1,3 +1,44 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue Jan 31 09:53:06 UTC 2012 - opensuse@cboltz.de
|
||||
|
||||
- Update to AppArmor 2.7.2 (= 2.7 branch / r1894)
|
||||
- move various permissions from httpd2-prefork profile to
|
||||
abstractions/apache2-common. Backward-incompatible change: *.htaccess
|
||||
files are no longer allowed for ^HANDLING_UNTRUSTED_INPUT
|
||||
- allow access for more /usr/lib*/samba/ files for smbd (bnc#725967#c5)
|
||||
- allow various .conf files for dovecot (lp#458922)
|
||||
- disallow wl for *.so in @{HOME}/.pki/nssdb/ in abstractions/private-files
|
||||
and abstractions/private-files-strict (lp#911847)
|
||||
- update abstractions/kde, private-files* and ubuntu-browsers.d/user-files
|
||||
to use ~/.kde4, not only ~/.kde (bnc#741592)
|
||||
- block write access to ~/.kde{,4}/env in abstractions/private-files
|
||||
(lp#914190)
|
||||
- allow write access for personal dictionary etc. in abstractions/aspell
|
||||
(lp#917859)
|
||||
- when using genprof for a script, include read access to the script itsself
|
||||
- automatically include abstractions/python or abstractions/ruby for
|
||||
python/ruby scripts
|
||||
- add profile for smbldap-useradd and allow smbd to call it (bnc#738041)
|
||||
- allow creation of the .config directory in abstractions/enchant (lp#914184)
|
||||
- allow TFTP read-only access in dnsmasq profile (lp#905412)
|
||||
- allow capability dac_read_search for syslog-ng (bnc#731876)
|
||||
- add p11-kit abstraction and include it in abstractions/authentification
|
||||
(lp#912754, lp#912752)
|
||||
- add audacity to abstractions/ubuntu-media-players (lp#899963)
|
||||
- allow software-center, fireclam plugin, [tT]unar, exo-open, kate and
|
||||
/dev/nvidia* in abstractons/ubuntu-browsers.d/* (lp#662906, lp#562831,
|
||||
lp#890894, lp#890894, lp#884748)
|
||||
- fix typo for multiarch gconf-modules in abstractions/base (lp#904548)
|
||||
- allow avahi to do dbus introspection (lp#769148)
|
||||
- allow access to ~/.fonts.conf.d in abstractions/fonts (lp#870992)
|
||||
- allow transmission in abstractions/ubuntu-bittorrent-clients (lp#852062)
|
||||
- allow reading ~/.cups/client.conf and ~/.cups/lpoptions in
|
||||
abstractions/cups-client (lp#887992)
|
||||
- allow read access of /etc/python{2,3}.[0-7]*/sitecustomize.py in
|
||||
abstractions/python (lp#860856)
|
||||
- various updates to the sshd profile (lp#817956)
|
||||
- (and some more changes I already included in the apparmor-2.7-branch.diff)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jan 3 23:52:38 UTC 2012 - opensuse@cboltz.de
|
||||
|
||||
|
@ -43,19 +43,17 @@ Name: apparmor
|
||||
%if ! %{?distro:1}0
|
||||
%define distro suse
|
||||
%endif
|
||||
Version: 2.7.0
|
||||
Release: 1
|
||||
%define versiondir 2.7.0
|
||||
Version: 2.7.2
|
||||
Release: 0
|
||||
%define versiondir 2.7.2
|
||||
Summary: AppArmor userlevel parser utility
|
||||
License: GPL-2.0+
|
||||
Group: Productivity/Networking/Security
|
||||
Source0: apparmor-%{version}.tar.gz
|
||||
Source1: %{name}-profile-editor.png
|
||||
Source2: %{name}-profile-editor.desktop
|
||||
Source3: update-trans.sh
|
||||
|
||||
# upstream changes since the 2.7 release
|
||||
Patch0: apparmor-2.7-branch.diff
|
||||
|
||||
# enable caching of profiles (= massive performance speedup when loading profiles)
|
||||
Patch1: apparmor-enable-profile-cache.diff
|
||||
|
||||
@ -79,7 +77,6 @@ Patch15: apparmor-remove-repo
|
||||
# remove after 12.1 release - bnc#720617 #c7
|
||||
Patch21: apparmor-utils-subdomain-compat
|
||||
|
||||
License: GPLv2+
|
||||
Url: https://launchpad.net/apparmor
|
||||
PreReq: sed
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
@ -142,8 +139,8 @@ BuildRequires: pkgconfig(dbus-1)
|
||||
%endif
|
||||
|
||||
%package parser
|
||||
License: GPLv2+
|
||||
Summary: AppArmor userlevel parser utility
|
||||
License: GPL-2.0+
|
||||
Group: Productivity/Networking/Security
|
||||
Obsoletes: subdomain_parser < %{version}
|
||||
Obsoletes: subdomain-parser < %{version}
|
||||
@ -167,8 +164,8 @@ This package is part of a suite of tools that used to be named
|
||||
SubDomain.
|
||||
|
||||
%package docs
|
||||
License: GPLv2+
|
||||
Summary: AppArmor Documentation package
|
||||
License: GPL-2.0+
|
||||
Group: Documentation/Other
|
||||
BuildArch: noarch
|
||||
|
||||
@ -181,8 +178,8 @@ SubDomain.
|
||||
%if %{with apache}
|
||||
|
||||
%package -n apache2-mod_apparmor
|
||||
License: GPLv2+
|
||||
Summary: AppArmor module for apache2
|
||||
License: GPL-2.0+
|
||||
Group: Productivity/Security
|
||||
|
||||
%description -n apache2-mod_apparmor
|
||||
@ -198,8 +195,8 @@ The documentation is in the apparmor-admin_en package.
|
||||
%endif
|
||||
|
||||
%package -n libapparmor1
|
||||
License: LGPLv2.1+
|
||||
Summary: Utility library for AppArmor
|
||||
License: LGPL-2.1+
|
||||
Group: Development/Libraries/C and C++
|
||||
%ifarch ppc64
|
||||
Obsoletes: libapparmor-64bit < %{version}
|
||||
@ -216,8 +213,8 @@ change_hat(2) symbol, used for sub-process confinement by AppArmor, as
|
||||
well as functions to parse AppArmor log messages.
|
||||
|
||||
%package -n libapparmor-devel
|
||||
License: LGPLv2.1+
|
||||
Summary: Development headers and libraries for libapparmor
|
||||
License: LGPL-2.1+
|
||||
Group: Development/Libraries/C and C++
|
||||
Requires: libapparmor1 = %{version}
|
||||
Provides: libapparmor:/usr/include/sys/apparmor.h
|
||||
@ -227,8 +224,8 @@ These libraries are needed for developing software that makes use of the
|
||||
AppArmor API.
|
||||
|
||||
%package -n perl-apparmor
|
||||
License: GPLv2 ; LGPLv2.1+
|
||||
Summary: Perl interface for libapparmor functions
|
||||
License: GPL-2.0 ; LGPL-2.1+
|
||||
Group: Development/Libraries/Perl
|
||||
Requires: libapparmor1 = %{version}
|
||||
Requires: perl = %{perl_version}
|
||||
@ -248,8 +245,8 @@ applications interfacing with AppArmor, including the AppArmor utilities.
|
||||
%if %{with python}
|
||||
|
||||
%package -n python-apparmor
|
||||
License: GPLv2 ; LGPLv2.1+
|
||||
Summary: Python interface for libapparmor functions
|
||||
License: GPL-2.0 ; LGPL-2.1+
|
||||
Group: Development/Libraries/Python
|
||||
BuildRequires: python
|
||||
Requires: libapparmor1 = %{version}
|
||||
@ -266,8 +263,8 @@ applications interfacing with AppArmor.
|
||||
%if %{with ruby}
|
||||
|
||||
%package -n ruby-apparmor
|
||||
License: GPLv2 ; LGPLv2.1+
|
||||
Summary: Ruby interface for libapparmor functions
|
||||
License: GPL-2.0 ; LGPL-2.1+
|
||||
Group: Development/Libraries/Ruby
|
||||
Requires: libapparmor1 = %{version}
|
||||
Requires: ruby = %{ruby_version}
|
||||
@ -281,8 +278,8 @@ applications interfacing with AppArmor.
|
||||
%endif
|
||||
|
||||
%package profiles
|
||||
License: GPLv2 ; LGPLv2.1+
|
||||
Summary: AppArmor profiles that are loaded into the apparmor kernel module
|
||||
License: GPL-2.0 ; LGPL-2.1+
|
||||
Group: Productivity/Security
|
||||
Requires: apparmor-parser(CAP_SYSLOG)
|
||||
Obsoletes: subdomain-profiles < %{version}
|
||||
@ -299,8 +296,8 @@ This package is part of a suite of tools that used to be named
|
||||
SubDomain.
|
||||
|
||||
%package utils
|
||||
License: GPLv2 ; LGPLv2.1+
|
||||
Summary: AppArmor User-Level Utilities Useful for Creating AppArmor Profiles
|
||||
License: GPL-2.0 ; LGPL-2.1+
|
||||
Group: Productivity/Security
|
||||
Requires: libapparmor1 = %{version}
|
||||
Requires: perl = %{perl_version}
|
||||
@ -316,8 +313,8 @@ It is part of a suite of tools that used to be named SubDomain.
|
||||
%if %{with tomcat}
|
||||
|
||||
%package -n tomcat_apparmor
|
||||
License: GPLv2 ; LGPLv2.1+
|
||||
Summary: Tomcat 6 plugin for AppArmor change_hat
|
||||
License: GPL-2.0 ; LGPL-2.1+
|
||||
Group: System/Libraries
|
||||
Requires: libapparmor1 = %{version}
|
||||
Requires: tomcat6
|
||||
@ -334,8 +331,8 @@ created for individual URL processing or per servlet.
|
||||
%if %{with pam}
|
||||
|
||||
%package -n pam_apparmor
|
||||
License: GPLv2 ; LGPLv2.1+
|
||||
Summary: PAM module for AppArmor change_hat
|
||||
License: GPL-2.0 ; LGPL-2.1+
|
||||
Group: Productivity/Security
|
||||
BuildRequires: pam-devel
|
||||
PreReq: pam
|
||||
@ -354,8 +351,8 @@ policy.
|
||||
%if %{with dbus}
|
||||
|
||||
%package dbus
|
||||
License: GPLv2 ; LGPLv2.1+
|
||||
Summary: Audit dispatcher for sending AppArmor events over DBUS
|
||||
License: GPL-2.0 ; LGPL-2.1+
|
||||
Group: System/Monitoring
|
||||
|
||||
%description dbus
|
||||
@ -367,8 +364,8 @@ bus.
|
||||
%if %{with editor}
|
||||
|
||||
%package profile-editor
|
||||
License: GPLv2 ; LGPLv2.1+
|
||||
Summary: AppArmor profile editor
|
||||
License: GPL-2.0 ; LGPL-2.1+
|
||||
Group: Productivity/Editors/Other
|
||||
|
||||
%description profile-editor
|
||||
@ -379,8 +376,8 @@ A syntax highlighting editor for AppArmor profiles.
|
||||
%if %{with gnome}
|
||||
|
||||
%package -n apparmorapplet-gnome
|
||||
License: GPLv2 ; LGPLv2.1+
|
||||
Summary: An AppArmor event notification applet for GNOME
|
||||
License: GPL-2.0 ; LGPL-2.1+
|
||||
Group: System/GUI/GNOME
|
||||
|
||||
%description -n apparmorapplet-gnome
|
||||
@ -404,7 +401,6 @@ SubDomain.
|
||||
|
||||
%prep
|
||||
%setup -q -n %{name}-%{versiondir}
|
||||
%patch0 -p0
|
||||
%patch1 -p1
|
||||
%patch2 -p0
|
||||
%patch5 -p1
|
||||
|
Loading…
Reference in New Issue
Block a user