Commit Graph

118 Commits

Author SHA256 Message Date
Christian Boltz
2bb2c46241 Accepting request 517036 from home:matejcik:branches:security:apparmor
- do not require exact X.Y version of "python3"
- require also matching python(abi) which is arguably more important

OBS-URL: https://build.opensuse.org/request/show/517036
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=181
2017-08-15 16:08:48 +00:00
Christian Boltz
5eb186d7f3 Accepting request 511328 from home:cboltz
mention JSON patches in changelog

OBS-URL: https://build.opensuse.org/request/show/511328
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=179
2017-07-18 20:44:21 +00:00
Christian Boltz
5f32a36514 Accepting request 511315 from home:cboltz
- don't rely on implementation details for reload in %post

OBS-URL: https://build.opensuse.org/request/show/511315
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=178
2017-07-18 19:59:57 +00:00
Christian Boltz
f8148e7701 Accepting request 511034 from home:goldwynr:branches:security:apparmor
Adds JSON support. These patches can be removed when we update apparmor to contain JSON support. Until then, this is required for the smooth merge of yast-apparmor

OBS-URL: https://build.opensuse.org/request/show/511034
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=177
2017-07-18 19:56:43 +00:00
Christian Boltz
834d67a5c3 Accepting request 482775 from home:cboltz
fix filename in patch name

OBS-URL: https://build.opensuse.org/request/show/482775
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=175
2017-03-26 20:38:57 +00:00
Christian Boltz
454b681e13 Accepting request 482764 from home:cboltz
- add upstream-changes-r-3629..3648.diff:
  - preserve unknown profiles when reloading apparmor.service
    (CVE-2017-6507, lp#1668892, boo#1029696)
  - add aa-remove-unknown utility to unload unknown profiles (lp#1668892)
  - update nvidia abstraction for newer nvidia drivers
  - don't enforce ordering of dbus rule attributes in utils (lp#1628286)
  - add --parser, --base and --Include option to aa-easyprof to allow
    non-standard paths (useful for tests) (lp#1521031)
  - move initialization code in apparmor.aa to init_aa(). This allows to
    run all utils tests even if /etc/apparmor.d/ or /sbin/apparmor_parser
    don't exist.
  - several improvements in the utils tests
- drop upstreamed python3-drop-re-locale.patch
- no longer delete/skip some of the utils tests (to allow this, add
  parser-tests-dbus-duplicated-conditionals.diff)
- add var.mount dependeny to apparmor.service (boo#1016259#c34)

OBS-URL: https://build.opensuse.org/request/show/482764
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=174
2017-03-26 18:43:45 +00:00
Christian Boltz
bba6e7bef6 Accepting request 480782 from home:kukuk:branches:security:apparmor
- Cleanup spec file:
  - don't use insserv if we afterwards call systemd, this can
    have bad side effects
  - remove dead code
  - remove now obsolete 'distro' checks
- Replace init.d script with new wrapper working with systemd

OBS-URL: https://build.opensuse.org/request/show/480782
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=172
2017-03-19 19:14:12 +00:00
Christian Boltz
b8cc801318 add reference to lp#1661766 for python3-drop-re-locale.patch
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=170
2017-02-18 12:30:48 +00:00
Christian Boltz
14d5404240 Accepting request 458503 from home:matejcik:branches:security:apparmor
- add python3-drop-re-locale.patch: remove deprecated re.LOCALE
  flag in Python UI as it was dropped from Python 3.6

OBS-URL: https://build.opensuse.org/request/show/458503
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=169
2017-02-18 12:29:18 +00:00
Christian Boltz
8c83a952f7 Accepting request 453533 from home:cboltz
- add upstream-changes-r3616..3628.diff:
  - update abstractions/base, abstractions/apache2-common and dovecot profiles
  - merge ask_the_questions() of aa-logprof and aa-mergeprof
  - pass LDFLAGS when building parser, libapparmor perl bindings and pam_apparmor
- adjust deleting the cache in profiles %post to the new cache location
- silence errors when deleting the cache (boo#976914)

- split libapparmor into separate spec to get rid of build loop
  involving mariadb, systemd, apparmor, libapr and mariadb again
  (see the discussion in SR 448871 for details)

- libapparmor.spec is based on the AppArmor 2.11 apparmor.spec, but
  with minimum BuildRequires

OBS-URL: https://build.opensuse.org/request/show/453533
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=166
2017-01-30 22:53:15 +00:00
Christian Boltz
fcc884a7e3 Accepting request 453151 from home:cboltz
- update to AppArmor 2.11.0
  - apparmor_parser now supports parallel compiles and loads
  - add full support for dbus, ptrace and signal rules and events to the
    utils
  - full rewrite of the file rule handling in the utils
  - lots of improvements and fixes
  - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_11 for the
    detailed changelog
- patches:
  - add sshd-profile-drop-local-include-r3615.diff to fix 'make check'
  - drop aa-unconfined-fix-netstat-call-2.10r3380.diff, no longer needed
  - refresh apparmor-abstractions-no-multiline.diff
  - refresh apparmor-samba-include-permissions-for-shares.diff
- spec changes:
  - aa-unconfined switched to using ss (from iproute2), adjust Recommends:
  - move libapparmor to /usr/lib*/
  - drop %if %suse_version checks for 12.x
  - change several Obsoletes from %version to < 2.9. Those package names
    weren't used since years, and 2.9 is still a careful choice
  - include apparmor.service independent of %suse_version
  - techdoc.pdf is now shipped in upstream tarball to reduce BuildRequires
    - drop latex2html, texlive-* and w3m BuildRequires
    - techdoc.txt and techdoc.html not included, drop them from the package
  - run most of utils/ make check (some tests expect /etc/apparmor.d/ and
    /sbin/apparmor_parser to exist, skip them)
  - BuildRequires python3-pyflakes (utils tests) and dejagnu (libapparmor tests)
  - drop sed'ing python3 into aa-* shebang (upstreamed)
  - build binutils
    - aa-exec is now written in C and lives in /usr/bin/, move it to the
      apparmor_parser package and create a compability symlink in /usr/sbin/
    - aa-exec manpage moved to section 1
    - aa-enabled is a small new tool to find out if AppArmor is enabled
  - package new aa_stack_profile(2) manpage

OBS-URL: https://build.opensuse.org/request/show/453151
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=165
2017-01-28 12:45:16 +00:00
Christian Boltz
99869c0576 - change /etc/apparmor.d/cache symlink to /var/lib/apparmor/cache/.
This is part of the root partition (at least with default partitioning)
  and should be available earlier than /var/cache/apparmor/
  (boo#1015249, boo#980081, bsc#1016259)
- add dependency on var-lib.mount to apparmor.service as safety net

OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=163
2017-01-24 14:23:09 +00:00
Christian Boltz
1a27f96919 Accepting request 449666 from home:cboltz
- delete /etc/apparmor.d/cache symlink. apparmor_parser will re-create
  it as real directory. This is needed to avoid problems on boot if
  /var/ is mounted too late (boo#1015249, boo#980081, bsc#1016259)
  (Note: I'm not packaging /etc/apparmor.d/cache/ as directory to avoid
  RPM update problems with the symlink -> directory change.)

OBS-URL: https://build.opensuse.org/request/show/449666
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=162
2017-01-11 11:32:04 +00:00
Christian Boltz
8b7ca9d3cb Accepting request 449596 from home:cboltz
- update to AppArmor 2.10.2 maintenance release
  - lots of bugfixes and profile updates (including boo#1000201,
    boo#1009964, boo#1014463)
  - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_10_2 for details
- add aa-unconfined-fix-netstat-call-2.10r3380.diff to fix a regression
  in aa-unconfined
- drop upstream(ed) patches:
  - changes-since-2.10.1--r3326..3346.diff
  - changes-since-2.10.1--r3347..3353.diff
  - libapparmor-fix-import-path.diff (upstream fix is slightly different)
  - nscd-var-lib.diff
- refresh apparmor-abstractions-no-multiline.diff

OBS-URL: https://build.opensuse.org/request/show/449596
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=161
2017-01-10 23:07:09 +00:00
Christian Boltz
5c6de0adb5 manually revert the accidently accepted SR 443209
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=160
2016-12-06 00:26:20 +00:00
Christian Boltz
2ba9e1fcd5 Accepting request 443209 from home:kstreitova:branches:security:apparmor
- disable apache in order to break build cycle:
  ['apache2', 'apparmor', 'libapr-util1', 'mariadb', 'systemd']

OBS-URL: https://build.opensuse.org/request/show/443209
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=159
2016-12-06 00:22:55 +00:00
Christian Boltz
86efea86c1 Accepting request 436984 from home:cboltz
- add nscd-var-lib.diff to allow /var/lib/nscd/ in the nscd profile and
  abstractions/nameservice (path changed in latest nscd in Tumbleweed)


Note: The glibc/nscd package that needs this change was already released
with the 20161020 snapshot, so it would be a good idea to get the
AppArmor profile updates released quickly ;-)

OBS-URL: https://build.opensuse.org/request/show/436984
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=157
2016-10-23 14:11:15 +00:00
Christian Boltz
041a6f7868 Accepting request 435008 from home:cboltz
- add changes-since-2.10.1--r3347..3353.diff with upstream changes and
  fixes in the 2.10 branch, including
  - allow writing *.qf files (for disk-based buffering) in syslog-ng profile
  - add several permissions to the dovecot profiles (deb#835826)
  - add a missing path in the traceroute profile

OBS-URL: https://build.opensuse.org/request/show/435008
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=155
2016-10-13 19:45:07 +00:00
Christian Boltz
cc896b26e3 Accepting request 423291 from home:cboltz
- add changes-since-2.10.1--r3326..3346.diff with upstream changes and
  fixes since the 2.10.1 release, including
  - allow dac_override in winbindd profile (boo#990006#c5)
  - allow mr for /usr/lib*/ldb/*.so in samba abstractions (needed since
    Samba 4.4.x, boo#990006)
  - abstractions/nameservice: also support ConnMan-managed resolv.conf
  - let aa-genprof ask about profiles in extra dir (again)
  - fix aa-logprof "add hat" endless loop (lp#1538306)
  - honor 'chown' file events in logparser.py
  - ignore log file events with a request mask of 'send' or 'receive'
    because they are actually network events (lp#1577051, lp#1582374)
  - accept hostname with dots when parsing logs (lp#1453300 comments #1 and #2)
- fix python LibAppArmor import failures with swig > 3.0.8 (boo#987607)
  (libapparmor-fix-import-path.diff)
- refresh apparmor-abstractions-no-multiline.diff
- drop upstreamed profiles-ping-inet6-r3449.diff
- add %check section - runs libapparmor (including swig bindings),
  parser and profiles tests
- add BuildRequires: perl(Locale::gettext) - needed for parser tests

OBS-URL: https://build.opensuse.org/request/show/423291
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=152
2016-08-26 22:07:45 +00:00
Christian Boltz
a86a930209 - add profiles-ping-inet6-r3449.diff - latest ping also does IPv6 (boo#980596)
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=150
2016-05-24 12:16:43 +00:00
Christian Boltz
0b85e41674 :- drop libapparmor autogen.sh call (broke the build) and remove libtool BR
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=148
2016-04-23 11:08:24 +00:00
Christian Boltz
7374ae94dd - update to AppArmor 2.10.1 (2.10 branch r3326):
- fix incorrect output of child profile names (apparmor_parser -N) which
    caused 'rcapparmor reload' to remove child profiles and hats (lp#1551950)
  - fix a crash in aa-logprof / logparser.py for change_hat log events
    (lp#1523297) and log events that look like file events, but aren't
    (lp#1540562, lp#1525119, lp#1466812)
  - write unix rules when saving a profile (lp#1522938, boo#954104#c3)
  - several fixes for variable handling in aa-logprof
  - map c (create) log events to w instead of a
  - add python to the "no Px rule" list in logprof.conf
  - let aa-logprof check for duplicate profiles
  - let aa-status work without the apparmor.fail python module (boo#971917,
    lp#1480492)
  - add permissions in several profiles (including boo#948584, boo#948753,
    boo#954959, boo#954958, boo#971790, boo#964971, boo#921098, boo#923201 and
    boo#921098#c15).
  - and many more fixes, see the full changelog at
    http://wiki.apparmor.net/index.php/ReleaseNotes_2_10_1
- drop upstream(ed) patches:
  - fix-initscript-aa_log_end_msg.diff
  - syslog-ng-profile-boo948584.diff
  - upstream-profile-updates-r3205-3241.diff
- refresh patches:
  - apparmor-abstractions-no-multiline.diff
  - apparmor-samba-include-permissions-for-shares.diff

OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=147
2016-04-22 22:33:49 +00:00
Christian Boltz
7dfa8bfe4d Accepting request 337046 from home:cboltz
- add syslog-ng-profile-boo948584.diff - add several permissions needed
  by latest syslog-ng (boo#948584, boo#948753)
- add upstream-profile-updates-r3205-3241.diff with several profile updates:
  - add /usr/share/locale-bundle/** to abstractions/base
  - allow dnsmask to use /bin/sh (boo#940749) and /bin/dash
  - allow dovecot imap to read /run/dovecot/mounts
  - allow avahi-daemon to write to /run/systemd/notify
  - allow ntpd to read $PATH directory listings (boo#945592, boo#948752)
  - update dhclient profile
  - allow skype to read @{PROC}/@{pid}/net/dev (boo#939568)
  - and some other small updates
- drop upstreamed apparmor-winbindd-r3213.diff (included in the
  upstream-profile-updates patch)

OBS-URL: https://build.opensuse.org/request/show/337046
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=145
2015-10-07 18:07:19 +00:00
Christian Boltz
69c6ac8c6e Accepting request 331541 from home:cboltz
undo adding samba-3.4-etc-samba-sock.diff - see boo#945563

OBS-URL: https://build.opensuse.org/request/show/331541
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=143
2015-09-16 15:46:00 +00:00
Christian Boltz
f480c778f4 Accepting request 330817 from home:cboltz
- add samba-3.4-etc-samba-sock.diff - Samba 3.4 needs write access
  to /etc/samba/sock/ (boo#945563)
- netstat moved to net-tools-deprecated in Tumbleweed (boo#944904)

OBS-URL: https://build.opensuse.org/request/show/330817
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=141
2015-09-13 20:30:22 +00:00
Christian Boltz
3c2e40e824 Accepting request 319660 from home:cboltz
- add apparmor-winbindd-r3213.diff - add missing k permissions for
  /etc/samba/smbd.tmp/msg/* in winbindd profile (boo#921098 #c15..19)

OBS-URL: https://build.opensuse.org/request/show/319660
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=138
2015-07-30 20:39:22 +00:00
Christian Boltz
7ae1344363 Accepting request 318424 from home:cboltz
- add fix-initscript-aa_log_end_msg.diff - fixes ugly initscript
  output (boo#862170)

OBS-URL: https://build.opensuse.org/request/show/318424
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=137
2015-07-24 11:34:14 +00:00
Christian Boltz
7f772258a8 Accepting request 317971 from home:cboltz
- update to AppArmor 2.10 (trunk r3205)
  - profile names can now contain variables
  - improved profile compile time in apparmor_parser
  - lots of improvements, refactoring and bugfixes in the aa-* tools
  - new apis for managing and loading profile caches into the kernel in
    libapparmor
  - lots of profile updates
  - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_10 for the
    complete changelog with more details
- add new apparmor_private.h and the aa_query_label(2), aa_features(3),
  aa_kernel_interface(3), aa_policy_cache(3), aa_splitcon(3) manpages
  to libapparmor-devel
- drop apparmor-2.5.1-edirectory-profile patch - it's most probably
  no longer needed (see boo#621394 for details)
- drop upstreamed samba-4.2-profiles.diff
- refresh apparmor-samba-include-permissions-for-shares.diff

OBS-URL: https://build.opensuse.org/request/show/317971
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=135
2015-07-22 16:38:30 +00:00
Christian Boltz
b9a02e50dc Accepting request 312166 from home:cboltz
- systemd-rpm-macros and %systemd_requires were at the wrong place,
  move them to the parser package (boo#931792)

OBS-URL: https://build.opensuse.org/request/show/312166
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=133
2015-06-15 22:42:34 +00:00
Christian Boltz
7a649ea462 Accepting request 303871 from home:cboltz
- update to AppArmor 2.9.2 (2.9 branch r2911)
  - lots of bugfixes in the parser and the aa-* tools (including
    boo#918787)
  - update dovecot and dnsmasq profiles and several abstractions
    (including boo#911001)
  - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_9_2 for the
    full changelog
- remove upstream(ed) patches apparmor-changes-since-2.9.1.diff and
  apparmor-fix-stl-ostream.diff
- replace GPG key with new AppArmor GPG signing key, see
  https://launchpad.net/apparmor/+announcement/13404

OBS-URL: https://build.opensuse.org/request/show/303871
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=131
2015-04-24 22:09:04 +00:00
Christian Boltz
e9ac0b8434 Accepting request 297855 from home:cboltz
- make sure %service_del_postun doesn't call systemctl try-restart
  (boo#853019, bare systemd edition)
- add samba-4.2-profiles.diff: update samba (winbindd and nmb)
  profiles for samba 4.2 (boo#921098, boo#923201)

OBS-URL: https://build.opensuse.org/request/show/297855
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=129
2015-04-17 19:38:20 +00:00
Christian Boltz
0322b69ba2 Accepting request 295606 from home:cboltz
- only install apparmor.service for openSUSE > 13.2

OBS-URL: https://build.opensuse.org/request/show/295606
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=128
2015-04-12 22:19:06 +00:00
Christian Boltz
531d50b796 Accepting request 293870 from home:elvigia:branches:security:apparmor
- Add a native systemd unit which *at the moment* only 
 wraps/masks the early boot script.

OBS-URL: https://build.opensuse.org/request/show/293870
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=127
2015-04-12 21:08:34 +00:00
Christian Boltz
218655ab95 Accepting request 287520 from home:rguenther:branches:security:apparmor
- add apparmor-fix-stl-ostream.diff which fixes odd uses of
  std::ostream which are not valid.  Fixes build with GCC 5

OBS-URL: https://build.opensuse.org/request/show/287520
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=125
2015-02-26 19:33:32 +00:00
Christian Boltz
2e99500a06 Accepting request 287051 from home:cboltz
- allow lessopen.sh to run /usr/bin/unzip-plain (boo#906858)

OBS-URL: https://build.opensuse.org/request/show/287051
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=123
2015-02-20 19:32:48 +00:00
Christian Boltz
eb6f836202 Accepting request 285866 from home:cboltz
- add Requires: python3 to python3-apparmor package - readline isn't
  part of python3-base (boo#917577)

OBS-URL: https://build.opensuse.org/request/show/285866
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=121
2015-02-12 18:59:47 +00:00
Christian Boltz
3ea512f728 Accepting request 282162 from home:cboltz
.changes: mention patch name

OBS-URL: https://build.opensuse.org/request/show/282162
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=119
2015-01-20 22:03:04 +00:00
Christian Boltz
c728560d5f Accepting request 282158 from home:cboltz
- pull in upstream fixes since the 2.9.1 release
  - update logparser.py to support changed syslog format (lp#1399027)
  - update usr.sbin.dovecot and usr.lib.dovecot.imap{, -login} profiles (lp#1296667)
  - update the mysqld profile
  - fix network rule description in apparmor.d(5) manpage
- drop upstreamed dnsmasq-profile-fixes.patch
- update expired GPG key

Also add a missing bnc number in the Jan 1 2015 changelog entry.

OBS-URL: https://build.opensuse.org/request/show/282158
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=118
2015-01-20 21:05:09 +00:00
Christian Boltz
29b885b462 Accepting request 266969 from home:cboltz
- update to AppArmor 2.9.1 (2.9 branch r2831)
  - fix log parsing for 3.16 kernels and syslog-style logs (boo#905368)
  - several fixes and performance improvements in the aa-* utils
  - profile updates for dnsmasq (boo#907870), nscd (boo#904620#c14),
	useradd, sendmail, man and passwd
  - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_9_1
    for full release notes
- refresh dnsmasq-profile-fixes.patch

OBS-URL: https://build.opensuse.org/request/show/266969
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=116
2015-01-01 16:51:57 +00:00
Christian Boltz
7a29d85d80 Accepting request 266140 from home:cbosdonnat:branches:security:apparmor
- Fix dnsmasq profile to allow executing bash to run the --dhcp-script
  argument. Also fixed /usr/lib -> /usr/{lib,lib64} to get libvirt
  leasehealper script to run even on x86_64.
  dnsmasq-profile-fixes.patch. boo#911001

OBS-URL: https://build.opensuse.org/request/show/266140
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=114
2014-12-22 12:55:06 +00:00
Christian Boltz
2520f26685 update changelog to mention patch name
- add apparmor-lessopen-profile.patch: /usr/bin/lessopen.sh needs
  confinement. bnc#906858

OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=113
2014-12-21 18:05:47 +00:00
Christian Boltz
a8ada6b88d - rename lessopen.sh profile file to usr.bin.lessopen.sh to match the
script filename

OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=112
2014-12-21 16:26:04 +00:00
Christian Boltz
fd37374f57 Accepting request 264683 from home:msmeissn:branches:security:apparmor
- /usr/bin/lessopen.sh needs confinement. bnc#906858

OBS-URL: https://build.opensuse.org/request/show/264683
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=111
2014-12-21 16:18:25 +00:00
Christian Boltz
ce726570fb - delete cache in apparmor-profiles %post (workaround for
bnc#904620#c8 / lp#1392042)

OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=109
2014-11-16 16:38:29 +00:00
Christian Boltz
62b0b4baf3 Accepting request 261546 from home:dimstar:gpg2
OBS-URL: https://build.opensuse.org/request/show/261546
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=108
2014-11-15 12:46:47 +00:00
Christian Boltz
611d65c78d Accepting request 260415 from home:Ledest:misc
fix bashism in post script

OBS-URL: https://build.opensuse.org/request/show/260415
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=106
2014-11-09 13:29:57 +00:00
Christian Boltz
bc413776a0 Accepting request 257520 from home:cboltz
- update to AppArmor 2.9.0 (r2759)
  - change aa-mergeprof to the final commandline syntax
  - lots of bugfixes in the aa-* tools (bnc#900163, lp#1328707 and several
    bugs without a formal bugreport)
  - small additions to gnome, freedesktop.org, ubuntu-browsers.d/java 
    and user-mail abstractions
  - fix mod_apparmor to not break basic auth
  - update perl modules to support signal, unix and ptrace rules (bnc#900013)
  - don't warn about rules not supported by the kernel
  - fix logging of "audit capability" (lp#1378091)
  - add support for the "hat" keyword in apparmor.vim
  - build html version of apparmor.vim manpage again (lp#1366572)
  - see also http://wiki.apparmor.net/index.php/ReleaseNotes_2_9_0
- update apparmor-abstractions-no-multiline.diff
- remove upstreamed apparmor-profiles-ntpd-pid-location.diff

- add apparmor-abstractions-no-multiline.diff: change all multiline
  rules into one line. Needed for yast2-apparmor (bnc#900013)

OBS-URL: https://build.opensuse.org/request/show/257520
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=104
2014-10-18 13:47:32 +00:00
Christian Boltz
225afaddfb Accepting request 254373 from home:cboltz
- add apparmor-profiles-ntpd-pid-location.diff to cover new ntpd pid
  location (bnc#899746)

OBS-URL: https://build.opensuse.org/request/show/254373
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=102
2014-10-06 18:24:32 +00:00
Christian Boltz
6915e079e5 Accepting request 254059 from home:cboltz
- update to AppArmor 2.8.97 (aka 2.9 beta3 aka r2721)
  - several bugfixes in python and C tools
  - rename "__unused" to "unused" in apparmor_parser to fix compilation
    on openSUSE <= 13.1 x86_64 (bnc#895495) 
  - usr.lib.dovecot.auth profile: allow access to auth-token-secret.dat
  - various small profile improvements
  - update and add several testcases
- drop upstreamed patch apparmor-profiles-dnsmasq-iface-mtu.patch
- re-number remaining patches

OBS-URL: https://build.opensuse.org/request/show/254059
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=100
2014-10-05 19:34:36 +00:00
Christian Boltz
f7c45c5e5a Accepting request 254032 from home:cboltz
- split apparmor-profiles package into -profiles and -abstractions

OBS-URL: https://build.opensuse.org/request/show/254032
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=99
2014-10-05 16:17:38 +00:00