pool/apparmor
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
451 Commits 1 Branch 0 Tags 11 MiB
factory
Commit Graph

251 Commits

Author SHA256 Message Date
Christian Boltz
355817a1c9 Accepting request 1180047 from home:cboltz 
- add logprof-mount-empty-source.diff: add support for mount rules
  with quoted paths and empty source (boo#1226031)

OBS-URL: https://build.opensuse.org/request/show/1180047
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=417
 2024-06-11 16:36:48 +00:00
Christian Boltz
9312f36a2c Accepting request 1178599 from home:cboltz 
- add sddm-xauth.diff - sddm uses a new path for xauth (boo#1223900)
- add plasmashell.diff - fix QtWebEngineProcess path to prevent a
  crash in plasmashell (boo#1225961)

OBS-URL: https://build.opensuse.org/request/show/1178599
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=415
 2024-06-04 19:56:31 +00:00
Christian Boltz
e9f8add613 Accepting request 1177727 from home:Guillaume_G:branches:security:apparmor 
- Also exclude podman profile - boo#1225608

OBS-URL: https://build.opensuse.org/request/show/1177727
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=413
 2024-05-30 13:02:46 +00:00
Dominique Leuenberger
0522be49ed Accepting request 1177448 from home:favogt:branches:security:apparmor 
- Exclude the crun profile in addition to runc

OBS-URL: https://build.opensuse.org/request/show/1177448
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=411
 2024-05-29 08:11:54 +00:00
Christian Boltz
534e2c4e8e Accepting request 1177403 from home:cboltz 
- add utils-relax-mount-rules.diff and utils-relax-mount-rules-2.diff:
  Relax handling of mount rules in utils to avoid errors when
  parsing valid profiles
- add teardown-unconfined.diff to fix aa-teardown for 'unconfined'
  profiles (boo#1225457)

OBS-URL: https://build.opensuse.org/request/show/1177403
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=409
 2024-05-28 19:51:09 +00:00
Christian Boltz
7450ea5e32 Accepting request 1177351 from home:cboltz 
- exclude runc profile until updated runc packages (including
  updated profile with "signal peer=runc") have arrived

- add aa-remove-unknown-fix-unconfined.diff to fix
  aa-remove-unknown for 'unconfined' profiles (boo#1225457)
- set permissions for %ghost files (boo#1223578)

OBS-URL: https://build.opensuse.org/request/show/1177351
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=407
 2024-05-28 12:49:08 +00:00
Christian Boltz
ae29aa0b55 Accepting request 1176727 from home:cboltz 
- fix bashism in %post profiles

OBS-URL: https://build.opensuse.org/request/show/1176727
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=405
 2024-05-24 12:22:43 +00:00
Christian Boltz
8f0fcf5e40 Accepting request 1176504 from home:cboltz 
- Update to AppArmor 4.0.1
  Too many changes to list them here. See
  https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_4.0.1
  for the detailed upstream release notes
- add tools-fix-redefinition.diff: fix redefinition of _ in tools
- add test-aa-notify.diff: relax test-aa-notify to avoid a mismatch
  with argparse on Leap 15.5
- drop upstreamed patches:
  - apparmor-abstractions-openssl-allow-version-specific-en.patch
  - dovecot-unix_chkpwd.diff
  - smbd-unix_chkpwd.diff
- apparmor-lessopen-profile.patch: update lessopen profile to
  abi/4.0
- mark local/* as %ghost so that these dummy files don't get
  installed anymore (changed existing local/files will be kept,
  unchanged files will be deleted)
- switch to gitlab tarballs (without pregenerated libapparmor
  configure script and prebuilt techdoc.pdf)
  - run libapparmor autogen.sh (needs additional BuildRequires
    autoconf, autoconf-archive, automake and libtool)
  - no longer package techdoc.pdf - old documentation, not worth
    the texlive BuildRequires we would need to build it
- drop old (up to 2.12) cache location /var/lib/apparmor/ and the
  /etc/apparmor.d/cache symlink pointing to it
- drop apparmor-samba-include-permissions-for-shares.diff - no
  longer needed, update-apparmor-samba-profile in Tumbleweed works
  without a pre-existing local/usr.sbin.smbd-shares file
- drop ruby-2_0-mkmf-destdir.patch - this ancient patch doesn't
  change a single bit in the resulting build (anymore?)
- drop apparmor-lessopen-nfs-workaround.diff - no longer needed

OBS-URL: https://build.opensuse.org/request/show/1176504
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=404
 2024-05-23 14:51:56 +00:00
Christian Boltz
0696aaace6 Accepting request 1165684 from home:badshah400:branches:security:apparmor 
Use full URLs for source tarball and signature.

OBS-URL: https://build.opensuse.org/request/show/1165684
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=402
 2024-04-05 21:36:20 +00:00
Christian Boltz
d108d92e93 Accepting request 1154195 from home:cboltz 
- Remove workaround for boo#853019 in %postun parser -
  apparmor.service contains a more safe workaround.
  This also fixes boo#1220708 (missing daemon-reload).

OBS-URL: https://build.opensuse.org/request/show/1154195
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=400
 2024-03-01 22:28:16 +00:00
Goldwyn Rodrigues
4fb7056ea8 Accepting request 1148955 from home:dmdiss:aa_multivers_openssl_prof 
- Only run utils and profiles make check if kernel LSM is enabled
  (bsc#1220084)

OBS-URL: https://build.opensuse.org/request/show/1148955
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=399
 2024-03-01 19:52:43 +00:00
Christian Boltz
8cf3c6a617 Accepting request 1152898 from home:npower:branches:security:apparmor 
- Add smbd-unix_chkpwd.diff to allow smbd to execute
  unix_chkpwd and fix other pam related denies; (boo#1220032).

OBS-URL: https://build.opensuse.org/request/show/1152898
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=398
 2024-02-29 20:44:35 +00:00
Christian Boltz
9041844394 Accepting request 1151902 from home:lnussel:branches:security:apparmor 
- Fix systemd userdb access in unix-chkpwd

OBS-URL: https://build.opensuse.org/request/show/1151902
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=396
 2024-02-26 18:34:45 +00:00
Christian Boltz
ea1a0afe49 Accepting request 1147750 from home:dimstar:rpm4.20:a 
Prepare for RPM 4.20

OBS-URL: https://build.opensuse.org/request/show/1147750
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=394
 2024-02-20 12:41:09 +00:00
Christian Boltz
cca2b01644 Accepting request 1145034 from home:dmdiss:aa_multivers_openssl_prof 
- Add apparmor-abstractions-openssl-allow-version-specific-en.patch to
  allow version specific engdef & engines openssl paths (boo#1219571)

OBS-URL: https://build.opensuse.org/request/show/1145034
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=392
 2024-02-16 20:16:09 +00:00
Christian Boltz
a6186b65ec Accepting request 1144684 from home:cboltz 
- Update to AppArmor 3.1.7
  - aa-logprof: don't skip exec events in hats
  - fix aa-cleanprof to work with named profiles
  - add permissions in various abstractions
  - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.7
    for the full list of changes
- drop upstreamed apparmor-systemd-sessions.patch

OBS-URL: https://build.opensuse.org/request/show/1144684
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=390
 2024-02-06 16:57:35 +00:00
Christian Boltz
4d639e7be3 Accepting request 1142649 from home:cboltz 
- Add dovecot-unix_chkpwd.diff to allow dovecot-auth to execute
  unix_chkpwd, and add a profile for unix_chkpwd. This is needed
  for PAM 1.6 (boo#1219139)
- Refresh apparmor.keyring - the key was renewed

OBS-URL: https://build.opensuse.org/request/show/1142649
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=388
 2024-01-29 21:22:57 +00:00
Christian Boltz
d4f95baf8b Accepting request 1124275 from home:cboltz 
- Actually apply the previously added patch for bsc#1216878

- Add apparmor-systemd-sessions.patch to allow read access to

OBS-URL: https://build.opensuse.org/request/show/1124275
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=386
 2023-11-08 18:21:57 +00:00
Christian Boltz
59c7ab6268 Accepting request 1124273 from home:juliogonzalez:branches:security:apparmor 
- Add apparmor-systemd-sessions.patch to allow read access to 
  /run/systemd/sessions/ (bsc#1216878)

OBS-URL: https://build.opensuse.org/request/show/1124273
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=385
 2023-11-08 18:13:57 +00:00
Christian Boltz
6fa03b13c7 Accepting request 1113476 from home:dmdiss:aa-php-fpm-pid 
- Fix pam_apparmor %post and %postun scripts to handle pam-config errors
  (bsc#1215596)

OBS-URL: https://build.opensuse.org/request/show/1113476
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=383
 2023-09-25 17:58:43 +00:00
Christian Boltz
27c282dc26 Accepting request 1108011 from home:dmdiss:aa_15.6 
Sorry Christian, another boring changelog-only change to track the
samba-4-17.patch fix we're carrying in 15.5 and dropping for 15.6
thanks to the upstream 926 merge.

OBS-URL: https://build.opensuse.org/request/show/1108011
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=381
 2023-08-30 12:41:09 +00:00
Christian Boltz
9b8cd28372 Accepting request 1106958 from home:dmdiss:aa_15.6 
Add Jira tag to track AppArmor 3.1.6 submission for 15.6 (jsc#PED-5600)

OBS-URL: https://build.opensuse.org/request/show/1106958
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=378
 2023-08-28 15:51:07 +00:00
Christian Boltz
42a8953453 Accepting request 1100592 from home:dmdiss:pam_apparmor_readme 
- Add pam_apparmor README, referenced from online cha-apparmor-pam.html
  documentation (bsc#1213472)

OBS-URL: https://build.opensuse.org/request/show/1100592
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=376
 2023-07-25 12:07:57 +00:00
Christian Boltz
3cbddb4090 Accepting request 1094654 from home:cboltz 
- update to AppArmor 3.1.6
  - fix regression in mount rules (boo#1211989)
  - some additions to the base and authentification abstractions
  - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.6
    for the full upstream changelog

OBS-URL: https://build.opensuse.org/request/show/1094654
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=374
 2023-06-22 11:50:42 +00:00
Christian Boltz
4677ecc2c8 Accepting request 1092349 from home:cboltz 
- update to AppArmor 3.1.5
  - fix handling of mount rules in apparmor_parser
  - minor additions to abstractions/base and snap_browsers
  - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.5
    for the full upstream changelog
- remove upstreamed aa-status-fix-json-mr1046.patch
- split off apparmor-enable-precompiled-cache.diff from
  apparmor-enable-profile-cache.diff so that the precompiled cache
  path doesn't get added in parser.conf for Tumbleweed builds.
  This prevents a warning about the non-existing directory when
  loading profiles.

OBS-URL: https://build.opensuse.org/request/show/1092349
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=372
 2023-06-11 16:08:52 +00:00
Christian Boltz
bc914eedfb Accepting request 1091162 from home:cboltz 
- fix aa-status --json output (aa-status-fix-json-mr1046.patch,
  boo#1211980#c12)

OBS-URL: https://build.opensuse.org/request/show/1091162
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=370
 2023-06-06 22:05:43 +00:00
Christian Boltz
66f8380e84 Accepting request 1090054 from home:cboltz 
- update to AppArmor 3.1.4
  - parser: fix mount rules encoding (CVE-2016-1585)
  - aa-logprof: fix error when choosing named exec with plain profile names
  - aa-status: fix json output
  - several fixes for profiles and abstractions
  - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.4
    for the full upstream changelog

OBS-URL: https://build.opensuse.org/request/show/1090054
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=368
 2023-05-31 17:47:43 +00:00
Christian Boltz
9f11e0eae7 Accepting request 1084717 from home:fcrozat:branches:security:apparmor 
- Add _multibuild to define additional spec files as additional
  flavors.
  Eliminates the need for source package links in OBS.

OBS-URL: https://build.opensuse.org/request/show/1084717
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=366
 2023-05-05 22:08:45 +00:00
Christian Boltz
2d719d1da8 Accepting request 1068311 from home:cboltz 
- update to AppArmor 3.1.3
  - add support for more audit.log formats in libapparmor
  - add abstractions/groff (boo#1065388)
  - various additions in abstractions and profiles
  - several bug fixes in parser and utils
  - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.3
    for the detailed upstream changelog
- drop upstreamed patches:
  - abstractions-openssl-1_1.diff
  - dnsmasq-cpu-possible.diff
  - nscd-systemd-userdb.diff

OBS-URL: https://build.opensuse.org/request/show/1068311
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=364
 2023-02-28 20:14:12 +00:00
Christian Boltz
01b087876d Accepting request 1063513 from home:cboltz 
- add abstractions-openssl-1_1.diff: allow to read
  /etc/ssl/openssl-1_1.cnf in abstractions/openssl (boo#1207911)

OBS-URL: https://build.opensuse.org/request/show/1063513
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=362
 2023-02-06 19:49:37 +00:00
Christian Boltz
4c137d697e Accepting request 1062036 from home:cboltz 
- add nscd-systemd-userdb.diff: allow nscd to read systemd-userdb
  (boo#1207698)

OBS-URL: https://build.opensuse.org/request/show/1062036
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=360
 2023-02-02 17:23:48 +00:00
Goldwyn Rodrigues
5b9ec4e27e Accepting request 1051011 from home:lnussel:usrmerge 
- Replace transitional %usrmerged macro with regular version check (boo#1206798)

OBS-URL: https://build.opensuse.org/request/show/1051011
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=358
 2023-01-04 11:51:42 +00:00
Christian Boltz
f32cb3d585 Accepting request 1037410 from home:cboltz 
- update to AppArmor 3.1.2
  - lots of cleanups, improvements and bugfixes in all areas
  - rework internal profile storage and handling in the aa-* tools
  - support boolean variable definitions in the aa-* tools
  - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.1
    and https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.2
    for the detailed upstream changelog
- remove upstream(ed) patches:
  - apparmor-3.0.7-egrep.patch
  - dnsmasq.diff
  - profiles-permit-php-fpm-pid-files-directly-under-run.patch
  - zgrep-profile-mr870.diff
- no longer ship precompiled profile cache for Tumbleweed (boo#1205659)
- BuildRequire iproute2 (needed for aa-unconfined tests)

OBS-URL: https://build.opensuse.org/request/show/1037410
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=356
 2022-11-22 21:07:29 +00:00
Christian Boltz
5fc84e780a Accepting request 998222 from home:bnavigator:branches:security:apparmor 
- skip code linting for packaging
  * removes pyflakes from the build requirements and thus Ring1
  * see also https://gitlab.com/apparmor/apparmor/-/issues/121

OBS-URL: https://build.opensuse.org/request/show/998222
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=354
 2022-10-07 19:37:58 +00:00
Christian Boltz
59cee26703 Accepting request 1001150 from home:AndreasStieger:branches:security:apparmor 
- aa-decode: use grep -E instead of deprecated egrep (boo#1203092)

OBS-URL: https://build.opensuse.org/request/show/1001150
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=352
 2022-09-05 21:07:51 +00:00
Christian Boltz
0c205599ae Accepting request 999637 from home:cboltz 
- update to AppArmor 3.0.7
  - fix setuptools version detection in buildpath.py
  - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.7
    for the detailed upstream changelog
- add dnsmasq-cpu-possible.diff: allow reading /sys/devices/system/cpu/possible
  in dnsmasc//libvirt-leaseshelper profile (boo#1202849)

OBS-URL: https://build.opensuse.org/request/show/999637
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=350
 2022-08-28 11:06:57 +00:00
Christian Boltz
65d1693eee Accepting request 999408 from home:dmdiss:aa-php-fpm-pid 
- add profiles-permit-php-fpm-pid-files-directly-under-run.patch
  https://gitlab.com/apparmor/apparmor/-/merge_requests/914 (bsc#1202344)

OBS-URL: https://build.opensuse.org/request/show/999408
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=348
 2022-08-26 13:37:48 +00:00
Christian Boltz
56136dc1ef Accepting request 993843 from home:cboltz 
- add dnsmasq.diff: missing r permissions for dnsmasq//libvirt-leaseshelper
  (boo#1202161)

OBS-URL: https://build.opensuse.org/request/show/993843
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=346
 2022-08-08 19:15:19 +00:00
Christian Boltz
1437772dac Accepting request 992099 from home:cboltz 
- update to AppArmor 3.0.6
  - fix LTO build in the parser
  - remove dbus deny rule in abstractions/exo-open
  - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.6
    for the detailed upstream changelog
- drop upstream patch dirtest-sort-mr900.diff

OBS-URL: https://build.opensuse.org/request/show/992099
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=344
 2022-08-01 20:17:36 +00:00
Christian Boltz
4312257819 Accepting request 991157 from home:cboltz 
- update to AppArmor 3.0.5
  - several additions to profiles and abstractions
  - bugfixes in parser and utils
  - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.5
    for the detailed upstream changelog
- remove upstream(ed) patchs:
  - apparmor-setuptools61-mr897.patch
  - dovecot-profiles-boo1199535-mr881.diff
  - php8-fpm-mr876.patch
  - python310-help-mr848.patch
  - samba-new-dcerpcd.patch
  - samba_deny_net_admin.patch
  - update-samba-bgqd.diff
  - update-usr-sbin-smbd.diff
- apparmor-samba-include-permissions-for-shares.diff: remove
  upstreamed part
- add dirtest-sort-mr900.diff to fix random test failures
- change apache-extra-profile-include-if-exists.diff to the post-mv
  path (new quilt executes mv)
- stop disabling lto (fixed upstream) (boo#1133091)
- package profile-load script in -parser

OBS-URL: https://build.opensuse.org/request/show/991157
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=342
 2022-07-25 21:54:59 +00:00
Christian Boltz
629457566e Accepting request 989600 from home:bnavigator:branches:devel:languages:python 
- Add apparmor-setuptools61-mr897.patch
  https://gitlab.com/apparmor/apparmor/-/merge_requests/897
- Add buildtime dependencies on python-rpm-macros and setuptools

OBS-URL: https://build.opensuse.org/request/show/989600
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=340
 2022-07-19 19:39:21 +00:00
Christian Boltz
0789b32d69 Accepting request 985681 from home:cboltz 
- update zgrep-profile-mr870.diff: allow zgrep to execute egrep and fgrep
  (poo#113108)

OBS-URL: https://build.opensuse.org/request/show/985681
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=338
 2022-06-28 22:06:37 +00:00
Christian Boltz
e26436faab Accepting request 977391 from home:cboltz 
- add dovecot-profiles-boo1199535-mr881.diff: update dovecot profiles
  for latest dovecot (boo#1199535)

OBS-URL: https://build.opensuse.org/request/show/977391
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=336
 2022-05-15 19:27:23 +00:00
Christian Boltz
98a1fb1ca2 Accepting request 976576 from home:npower:branches:security:apparmor 
- Update samba-new-dcerpcd.patch for aarch64 which needs some
  additional rules; (bnc#1198309).

OBS-URL: https://build.opensuse.org/request/show/976576
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=334
 2022-05-12 12:07:17 +00:00
Christian Boltz
af1eec118e Accepting request 975634 from home:bnavigator:branches:security:apparmor 
- Add python310-help-mr848.patch so that Tumbleweed can switch
  python3 to Python 3.10
  (https://gitlab.com/apparmor/apparmor/-/merge_requests/848)

OBS-URL: https://build.opensuse.org/request/show/975634
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=332
 2022-05-08 13:58:25 +00:00
Christian Boltz
c1b382df0e Accepting request 973915 from home:cboltz 
- add php8-fpm-mr876.patch so that php8 php-fpm can read its config
  (boo#1186267#c11)
- parser: add conflict with apparmor-utils < 3.0 to avoid aa-status
  file conflict on upgrade (boo#1198958)
- utils: add missing dependency on apparmor-parser (boo#1198958#c4)

OBS-URL: https://build.opensuse.org/request/show/973915
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=329
 2022-04-29 12:11:04 +00:00
Christian Boltz
a9656c2801 Accepting request 973084 from home:dimstar:Factory 
- Enhance zgrep-profile-mr870.diff to also allow/support zstd
  (boo#1198922).

OBS-URL: https://build.opensuse.org/request/show/973084
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=328
 2022-04-27 12:32:57 +00:00
Christian Boltz
f1c2c7aee9 Accepting request 970465 from home:cboltz 
- update zgrep-profile-mr870.diff to allow executing 'expr' (boo#1198531)

OBS-URL: https://build.opensuse.org/request/show/970465
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=326
 2022-04-16 20:41:16 +00:00
Christian Boltz
c04137f806 Accepting request 970229 from home:npower:branches:security:apparmor 
- Add samba-new-dcerpcd.patch, samba-4.16 has a new dcerpcd daemon
  which now will spawn new additional services on demand. We need to
  modify the existing smbd/winbind profiles and additionally add a
  new set of profiles to cater for the new functionality;
  (bnc#1198309);
  

- Add samba_deny_net_admin.patch to add new rule to deny
  noisy setsockopt calls from systemd; (bnc#1196850).

OBS-URL: https://build.opensuse.org/request/show/970229
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=324
 2022-04-14 19:08:39 +00:00
Christian Boltz
9a2a40f1ba Accepting request 968252 from home:cboltz 
- add profile for zgrep and xzgrep to prevent CVE-2022-1271
  (zgrep-profile-mr870.diff)

OBS-URL: https://build.opensuse.org/request/show/968252
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=322
 2022-04-10 13:52:36 +00:00