pool/apparmor
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
451 Commits 1 Branch 0 Tags 11 MiB
factory
Commit Graph

451 Commits

This Branch
This Branch
All Branches
Author SHA256 Message Date
Christian Boltz
66f8380e84 Accepting request 1090054 from home:cboltz 
- update to AppArmor 3.1.4
  - parser: fix mount rules encoding (CVE-2016-1585)
  - aa-logprof: fix error when choosing named exec with plain profile names
  - aa-status: fix json output
  - several fixes for profiles and abstractions
  - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.4
    for the full upstream changelog

OBS-URL: https://build.opensuse.org/request/show/1090054
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=368
 2023-05-31 17:47:43 +00:00
Dominique Leuenberger
bfda69ee6d Accepting request 1085178 from security:apparmor 
- Add _multibuild to define additional spec files as additional
  flavors.
  Eliminates the need for source package links in OBS. (forwarded request 1084717 from fcrozat)

OBS-URL: https://build.opensuse.org/request/show/1085178
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=189
 2023-05-06 20:08:55 +00:00
Christian Boltz
9f11e0eae7 Accepting request 1084717 from home:fcrozat:branches:security:apparmor 
- Add _multibuild to define additional spec files as additional
  flavors.
  Eliminates the need for source package links in OBS.

OBS-URL: https://build.opensuse.org/request/show/1084717
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=366
 2023-05-05 22:08:45 +00:00
Dominique Leuenberger
e272bb2860 Accepting request 1068312 from security:apparmor 
- update to AppArmor 3.1.3
  - add support for more audit.log formats in libapparmor
  - add abstractions/groff (boo#1065388)
  - various additions in abstractions and profiles
  - several bug fixes in parser and utils
  - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.3
    for the detailed upstream changelog
- drop upstreamed patches:
  - abstractions-openssl-1_1.diff
  - dnsmasq-cpu-possible.diff
  - nscd-systemd-userdb.diff (forwarded request 1068311 from cboltz)

OBS-URL: https://build.opensuse.org/request/show/1068312
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=188
 2023-03-01 15:13:48 +00:00
Christian Boltz
2d719d1da8 Accepting request 1068311 from home:cboltz 
- update to AppArmor 3.1.3
  - add support for more audit.log formats in libapparmor
  - add abstractions/groff (boo#1065388)
  - various additions in abstractions and profiles
  - several bug fixes in parser and utils
  - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.3
    for the detailed upstream changelog
- drop upstreamed patches:
  - abstractions-openssl-1_1.diff
  - dnsmasq-cpu-possible.diff
  - nscd-systemd-userdb.diff

OBS-URL: https://build.opensuse.org/request/show/1068311
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=364
 2023-02-28 20:14:12 +00:00
Dominique Leuenberger
8b45158640 Accepting request 1063514 from security:apparmor 
- add abstractions-openssl-1_1.diff: allow to read
  /etc/ssl/openssl-1_1.cnf in abstractions/openssl (boo#1207911) (forwarded request 1063513 from cboltz)

OBS-URL: https://build.opensuse.org/request/show/1063514
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=187
 2023-02-07 17:48:28 +00:00
Christian Boltz
01b087876d Accepting request 1063513 from home:cboltz 
- add abstractions-openssl-1_1.diff: allow to read
  /etc/ssl/openssl-1_1.cnf in abstractions/openssl (boo#1207911)

OBS-URL: https://build.opensuse.org/request/show/1063513
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=362
 2023-02-06 19:49:37 +00:00
Dominique Leuenberger
b0ebae81de Accepting request 1062692 from security:apparmor 
- add nscd-systemd-userdb.diff: allow nscd to read systemd-userdb
  (boo#1207698) (forwarded request 1062036 from cboltz)

OBS-URL: https://build.opensuse.org/request/show/1062692
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=186
 2023-02-04 13:11:00 +00:00
Christian Boltz
4c137d697e Accepting request 1062036 from home:cboltz 
- add nscd-systemd-userdb.diff: allow nscd to read systemd-userdb
  (boo#1207698)

OBS-URL: https://build.opensuse.org/request/show/1062036
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=360
 2023-02-02 17:23:48 +00:00
Dominique Leuenberger
21b2d6d319 Accepting request 1055771 from security:apparmor 
OBS-URL: https://build.opensuse.org/request/show/1055771
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=185
 2023-01-05 14:00:02 +00:00
Goldwyn Rodrigues
5b9ec4e27e Accepting request 1051011 from home:lnussel:usrmerge 
- Replace transitional %usrmerged macro with regular version check (boo#1206798)

OBS-URL: https://build.opensuse.org/request/show/1051011
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=358
 2023-01-04 11:51:42 +00:00
Dominique Leuenberger
28bc0b5532 Accepting request 1037411 from security:apparmor 
- update to AppArmor 3.1.2
  - lots of cleanups, improvements and bugfixes in all areas
  - rework internal profile storage and handling in the aa-* tools
  - support boolean variable definitions in the aa-* tools
  - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.1
    and https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.2
    for the detailed upstream changelog
- remove upstream(ed) patches:
  - apparmor-3.0.7-egrep.patch
  - dnsmasq.diff
  - profiles-permit-php-fpm-pid-files-directly-under-run.patch
  - zgrep-profile-mr870.diff
- no longer ship precompiled profile cache for Tumbleweed (boo#1205659)
- BuildRequire iproute2 (needed for aa-unconfined tests) (forwarded request 1037410 from cboltz)

OBS-URL: https://build.opensuse.org/request/show/1037411
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=184
 2022-11-24 11:22:03 +00:00
Christian Boltz
f32cb3d585 Accepting request 1037410 from home:cboltz 
- update to AppArmor 3.1.2
  - lots of cleanups, improvements and bugfixes in all areas
  - rework internal profile storage and handling in the aa-* tools
  - support boolean variable definitions in the aa-* tools
  - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.1
    and https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.2
    for the detailed upstream changelog
- remove upstream(ed) patches:
  - apparmor-3.0.7-egrep.patch
  - dnsmasq.diff
  - profiles-permit-php-fpm-pid-files-directly-under-run.patch
  - zgrep-profile-mr870.diff
- no longer ship precompiled profile cache for Tumbleweed (boo#1205659)
- BuildRequire iproute2 (needed for aa-unconfined tests)

OBS-URL: https://build.opensuse.org/request/show/1037410
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=356
 2022-11-22 21:07:29 +00:00
Fabian Vogt
fd62056fef Accepting request 1008880 from security:apparmor 
- skip code linting for packaging
  * removes pyflakes from the build requirements and thus Ring1
  * see also https://gitlab.com/apparmor/apparmor/-/issues/121 (forwarded request 998222 from bnavigator)

OBS-URL: https://build.opensuse.org/request/show/1008880
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=183
 2022-10-10 16:46:26 +00:00
Christian Boltz
5fc84e780a Accepting request 998222 from home:bnavigator:branches:security:apparmor 
- skip code linting for packaging
  * removes pyflakes from the build requirements and thus Ring1
  * see also https://gitlab.com/apparmor/apparmor/-/issues/121

OBS-URL: https://build.opensuse.org/request/show/998222
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=354
 2022-10-07 19:37:58 +00:00
Dominique Leuenberger
bfb4876c31 Accepting request 1001316 from security:apparmor 
- aa-decode: use grep -E instead of deprecated egrep (boo#1203092) (forwarded request 1001150 from AndreasStieger)

OBS-URL: https://build.opensuse.org/request/show/1001316
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=182
 2022-09-07 09:05:17 +00:00
Christian Boltz
59cee26703 Accepting request 1001150 from home:AndreasStieger:branches:security:apparmor 
- aa-decode: use grep -E instead of deprecated egrep (boo#1203092)

OBS-URL: https://build.opensuse.org/request/show/1001150
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=352
 2022-09-05 21:07:51 +00:00
Dominique Leuenberger
79909861a4 Accepting request 999638 from security:apparmor 
- update to AppArmor 3.0.7
  - fix setuptools version detection in buildpath.py
  - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.7
    for the detailed upstream changelog
- add dnsmasq-cpu-possible.diff: allow reading /sys/devices/system/cpu/possible
  in dnsmasc//libvirt-leaseshelper profile (boo#1202849) (forwarded request 999637 from cboltz)

OBS-URL: https://build.opensuse.org/request/show/999638
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=181
 2022-08-29 07:42:22 +00:00
Christian Boltz
0c205599ae Accepting request 999637 from home:cboltz 
- update to AppArmor 3.0.7
  - fix setuptools version detection in buildpath.py
  - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.7
    for the detailed upstream changelog
- add dnsmasq-cpu-possible.diff: allow reading /sys/devices/system/cpu/possible
  in dnsmasc//libvirt-leaseshelper profile (boo#1202849)

OBS-URL: https://build.opensuse.org/request/show/999637
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=350
 2022-08-28 11:06:57 +00:00
Dominique Leuenberger
fbddff842d Accepting request 999414 from security:apparmor 
- add profiles-permit-php-fpm-pid-files-directly-under-run.patch
  https://gitlab.com/apparmor/apparmor/-/merge_requests/914 (bsc#1202344) (forwarded request 999408 from dmdiss)

OBS-URL: https://build.opensuse.org/request/show/999414
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=180
 2022-08-27 09:48:21 +00:00
Christian Boltz
65d1693eee Accepting request 999408 from home:dmdiss:aa-php-fpm-pid 
- add profiles-permit-php-fpm-pid-files-directly-under-run.patch
  https://gitlab.com/apparmor/apparmor/-/merge_requests/914 (bsc#1202344)

OBS-URL: https://build.opensuse.org/request/show/999408
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=348
 2022-08-26 13:37:48 +00:00
Dominique Leuenberger
9659838e55 Accepting request 993844 from security:apparmor 
- add dnsmasq.diff: missing r permissions for dnsmasq//libvirt-leaseshelper
  (boo#1202161) (forwarded request 993843 from cboltz)

OBS-URL: https://build.opensuse.org/request/show/993844
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=179
 2022-08-09 13:26:22 +00:00
Christian Boltz
56136dc1ef Accepting request 993843 from home:cboltz 
- add dnsmasq.diff: missing r permissions for dnsmasq//libvirt-leaseshelper
  (boo#1202161)

OBS-URL: https://build.opensuse.org/request/show/993843
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=346
 2022-08-08 19:15:19 +00:00
Dominique Leuenberger
7d8a5c187a Accepting request 992100 from security:apparmor 
- update to AppArmor 3.0.6
  - fix LTO build in the parser
  - remove dbus deny rule in abstractions/exo-open
  - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.6
    for the detailed upstream changelog
- drop upstream patch dirtest-sort-mr900.diff (forwarded request 992099 from cboltz)

OBS-URL: https://build.opensuse.org/request/show/992100
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=178
 2022-08-03 19:16:19 +00:00
Christian Boltz
1437772dac Accepting request 992099 from home:cboltz 
- update to AppArmor 3.0.6
  - fix LTO build in the parser
  - remove dbus deny rule in abstractions/exo-open
  - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.6
    for the detailed upstream changelog
- drop upstream patch dirtest-sort-mr900.diff

OBS-URL: https://build.opensuse.org/request/show/992099
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=344
 2022-08-01 20:17:36 +00:00
Richard Brown
a411472626 Accepting request 991158 from security:apparmor 
- update to AppArmor 3.0.5
  - several additions to profiles and abstractions
  - bugfixes in parser and utils
  - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.5
    for the detailed upstream changelog
- remove upstream(ed) patchs:
  - apparmor-setuptools61-mr897.patch
  - dovecot-profiles-boo1199535-mr881.diff
  - php8-fpm-mr876.patch
  - python310-help-mr848.patch
  - samba-new-dcerpcd.patch
  - samba_deny_net_admin.patch
  - update-samba-bgqd.diff
  - update-usr-sbin-smbd.diff
- apparmor-samba-include-permissions-for-shares.diff: remove
  upstreamed part
- add dirtest-sort-mr900.diff to fix random test failures
- change apache-extra-profile-include-if-exists.diff to the post-mv
  path (new quilt executes mv)
- stop disabling lto (fixed upstream) (boo#1133091)
- package profile-load script in -parser (forwarded request 991157 from cboltz)

OBS-URL: https://build.opensuse.org/request/show/991158
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=177
 2022-07-29 14:47:00 +00:00
Christian Boltz
4312257819 Accepting request 991157 from home:cboltz 
- update to AppArmor 3.0.5
  - several additions to profiles and abstractions
  - bugfixes in parser and utils
  - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.5
    for the detailed upstream changelog
- remove upstream(ed) patchs:
  - apparmor-setuptools61-mr897.patch
  - dovecot-profiles-boo1199535-mr881.diff
  - php8-fpm-mr876.patch
  - python310-help-mr848.patch
  - samba-new-dcerpcd.patch
  - samba_deny_net_admin.patch
  - update-samba-bgqd.diff
  - update-usr-sbin-smbd.diff
- apparmor-samba-include-permissions-for-shares.diff: remove
  upstreamed part
- add dirtest-sort-mr900.diff to fix random test failures
- change apache-extra-profile-include-if-exists.diff to the post-mv
  path (new quilt executes mv)
- stop disabling lto (fixed upstream) (boo#1133091)
- package profile-load script in -parser

OBS-URL: https://build.opensuse.org/request/show/991157
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=342
 2022-07-25 21:54:59 +00:00
Richard Brown
ba1c18f43f Accepting request 990296 from security:apparmor 
- Add apparmor-setuptools61-mr897.patch
  https://gitlab.com/apparmor/apparmor/-/merge_requests/897
- Add buildtime dependencies on python-rpm-macros and setuptools

OBS-URL: https://build.opensuse.org/request/show/990296
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=176
 2022-07-22 17:20:13 +00:00
Christian Boltz
629457566e Accepting request 989600 from home:bnavigator:branches:devel:languages:python 
- Add apparmor-setuptools61-mr897.patch
  https://gitlab.com/apparmor/apparmor/-/merge_requests/897
- Add buildtime dependencies on python-rpm-macros and setuptools

OBS-URL: https://build.opensuse.org/request/show/989600
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=340
 2022-07-19 19:39:21 +00:00
Dominique Leuenberger
428131c3d6 Accepting request 985682 from security:apparmor 
- update zgrep-profile-mr870.diff: allow zgrep to execute egrep and fgrep
  (poo#113108) (forwarded request 985681 from cboltz)

OBS-URL: https://build.opensuse.org/request/show/985682
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=175
 2022-06-30 11:17:50 +00:00
Christian Boltz
0789b32d69 Accepting request 985681 from home:cboltz 
- update zgrep-profile-mr870.diff: allow zgrep to execute egrep and fgrep
  (poo#113108)

OBS-URL: https://build.opensuse.org/request/show/985681
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=338
 2022-06-28 22:06:37 +00:00
Dominique Leuenberger
156707fe83 Accepting request 977392 from security:apparmor 
- add dovecot-profiles-boo1199535-mr881.diff: update dovecot profiles
  for latest dovecot (boo#1199535) (forwarded request 977391 from cboltz)

OBS-URL: https://build.opensuse.org/request/show/977392
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=174
 2022-05-17 15:23:35 +00:00
Christian Boltz
e26436faab Accepting request 977391 from home:cboltz 
- add dovecot-profiles-boo1199535-mr881.diff: update dovecot profiles
  for latest dovecot (boo#1199535)

OBS-URL: https://build.opensuse.org/request/show/977391
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=336
 2022-05-15 19:27:23 +00:00
Dominique Leuenberger
614767381d Accepting request 976602 from security:apparmor 
- Update samba-new-dcerpcd.patch for aarch64 which needs some
  additional rules; (bnc#1198309). (forwarded request 976576 from npower)

OBS-URL: https://build.opensuse.org/request/show/976602
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=173
 2022-05-14 20:52:15 +00:00
Christian Boltz
98a1fb1ca2 Accepting request 976576 from home:npower:branches:security:apparmor 
- Update samba-new-dcerpcd.patch for aarch64 which needs some
  additional rules; (bnc#1198309).

OBS-URL: https://build.opensuse.org/request/show/976576
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=334
 2022-05-12 12:07:17 +00:00
Dominique Leuenberger
8111df16b1 Accepting request 975636 from security:apparmor 
- Add python310-help-mr848.patch so that Tumbleweed can switch
  python3 to Python 3.10
  (https://gitlab.com/apparmor/apparmor/-/merge_requests/848) (forwarded request 975634 from bnavigator)

OBS-URL: https://build.opensuse.org/request/show/975636
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=172
 2022-05-10 13:09:50 +00:00
Christian Boltz
af1eec118e Accepting request 975634 from home:bnavigator:branches:security:apparmor 
- Add python310-help-mr848.patch so that Tumbleweed can switch
  python3 to Python 3.10
  (https://gitlab.com/apparmor/apparmor/-/merge_requests/848)

OBS-URL: https://build.opensuse.org/request/show/975634
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=332
 2022-05-08 13:58:25 +00:00
Dominique Leuenberger
b47766d0bd Accepting request 974768 from security:apparmor 
- add php8-fpm-mr876.patch so that php8 php-fpm can read its config
  (boo#1186267#c11)
- parser: add conflict with apparmor-utils < 3.0 to avoid aa-status
  file conflict on upgrade (boo#1198958)
- utils: add missing dependency on apparmor-parser (boo#1198958#c4)

OBS-URL: https://build.opensuse.org/request/show/974768
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=171
 2022-05-05 21:04:38 +00:00
Dominique Leuenberger
bd3c466f84 Accepting request 973180 from security:apparmor 
- Enhance zgrep-profile-mr870.diff to also allow/support zstd
  (boo#1198922). (forwarded request 973084 from dimstar)

OBS-URL: https://build.opensuse.org/request/show/973180
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=170
 2022-04-29 22:45:00 +00:00
Christian Boltz
c1b382df0e Accepting request 973915 from home:cboltz 
- add php8-fpm-mr876.patch so that php8 php-fpm can read its config
  (boo#1186267#c11)
- parser: add conflict with apparmor-utils < 3.0 to avoid aa-status
  file conflict on upgrade (boo#1198958)
- utils: add missing dependency on apparmor-parser (boo#1198958#c4)

OBS-URL: https://build.opensuse.org/request/show/973915
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=329
 2022-04-29 12:11:04 +00:00
Christian Boltz
a9656c2801 Accepting request 973084 from home:dimstar:Factory 
- Enhance zgrep-profile-mr870.diff to also allow/support zstd
  (boo#1198922).

OBS-URL: https://build.opensuse.org/request/show/973084
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=328
 2022-04-27 12:32:57 +00:00
Dominique Leuenberger
a11c668df0 Accepting request 970466 from security:apparmor 
- update zgrep-profile-mr870.diff to allow executing 'expr' (boo#1198531) (forwarded request 970465 from cboltz)

OBS-URL: https://build.opensuse.org/request/show/970466
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=169
 2022-04-17 21:49:55 +00:00
Christian Boltz
f1c2c7aee9 Accepting request 970465 from home:cboltz 
- update zgrep-profile-mr870.diff to allow executing 'expr' (boo#1198531)

OBS-URL: https://build.opensuse.org/request/show/970465
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=326
 2022-04-16 20:41:16 +00:00
Dominique Leuenberger
6e38e3ea06 Accepting request 970238 from security:apparmor 
- Add samba-new-dcerpcd.patch, samba-4.16 has a new dcerpcd daemon
  which now will spawn new additional services on demand. We need to
  modify the existing smbd/winbind profiles and additionally add a
  new set of profiles to cater for the new functionality;
  (bnc#1198309);
  

- Add samba_deny_net_admin.patch to add new rule to deny
  noisy setsockopt calls from systemd; (bnc#1196850). (forwarded request 970229 from npower)

OBS-URL: https://build.opensuse.org/request/show/970238
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=168
 2022-04-15 22:14:06 +00:00
Christian Boltz
c04137f806 Accepting request 970229 from home:npower:branches:security:apparmor 
- Add samba-new-dcerpcd.patch, samba-4.16 has a new dcerpcd daemon
  which now will spawn new additional services on demand. We need to
  modify the existing smbd/winbind profiles and additionally add a
  new set of profiles to cater for the new functionality;
  (bnc#1198309);
  

- Add samba_deny_net_admin.patch to add new rule to deny
  noisy setsockopt calls from systemd; (bnc#1196850).

OBS-URL: https://build.opensuse.org/request/show/970229
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=324
 2022-04-14 19:08:39 +00:00
Dominique Leuenberger
7814fe9c5a Accepting request 968253 from security:apparmor 
- add profile for zgrep and xzgrep to prevent CVE-2022-1271
  (zgrep-profile-mr870.diff) (forwarded request 968252 from cboltz)

OBS-URL: https://build.opensuse.org/request/show/968253
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=167
 2022-04-12 19:43:17 +00:00
Christian Boltz
9a2a40f1ba Accepting request 968252 from home:cboltz 
- add profile for zgrep and xzgrep to prevent CVE-2022-1271
  (zgrep-profile-mr870.diff)

OBS-URL: https://build.opensuse.org/request/show/968252
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=322
 2022-04-10 13:52:36 +00:00
Dominique Leuenberger
bd594ec2cb Accepting request 966667 from security:apparmor 
- ensure precompiled cache files are newer than (text) profiles
- reload profiles in %posttrans instead of %post to ensure both
  -profiles and -abstractons package are updated before the cache
  in /var/cache/apparmor/ gets built (boo#1195463 #c20) (forwarded request 966666 from cboltz)

OBS-URL: https://build.opensuse.org/request/show/966667
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=166
 2022-04-05 17:55:25 +00:00
Christian Boltz
f697678c37 Accepting request 966666 from home:cboltz 
- ensure precompiled cache files are newer than (text) profiles
- reload profiles in %posttrans instead of %post to ensure both
  -profiles and -abstractons package are updated before the cache
  in /var/cache/apparmor/ gets built (boo#1195463 #c20)

OBS-URL: https://build.opensuse.org/request/show/966666
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=320
 2022-04-03 14:46:04 +00:00
Dominique Leuenberger
fe99ae5b7e Accepting request 964948 from security:apparmor 
- Add update-samba-bgqd.diff to add new rule to fix 'DENIED' open on
  /proc/{pid}/fd for samba-bgqd (bnc#1196850).
- Add update-usr-sbin-smbd.diff to add new rule to allow reading of
  openssl.cnf (bnc#1195463).

OBS-URL: https://build.opensuse.org/request/show/964948
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=165
 2022-03-28 15:00:35 +00:00