- update to AppArmor 3.0.0
- introduce feature abi declaration in profiles to enable use of
new rule types (for openSUSE: dbus and unix rules)
- support xattr attachment conditionals
- experimental support for kill and unconfined profile modes
- rewritten aa-status (in C), including support for new profile modes
- rewritten aa-notify (in python), finally dropping the perl
requirement at runtime
- new tool aa-features-abi for extracting feature abis from the kernel
- update profiles to have profile names and to use 3.0 feature abi
- introduce @{etc_ro} and @{etc_rw} profile variables
- new profile for php-fpm
- several updates to profiles and abstractions (including boo#1166007)
- fully support 'include if exists' in the aa-* tools
- rewrite handling of alias, include, link and variable rules in
the aa-* tools
- rewrite and simplify log handling in the aa-logprof and aa-genprof
- see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0
for the detailed upstream changelog
- patches:
- add changes-since-3.0.0.diff with upstream fixes since the 3.0.0
release up to 3e18c0785abc03ee42a022a67a27a085516a7921
- drop upstreamed usr-etc-abstractions-base-nameservice.diff
- drop 2.13-only libapparmor-so-number.diff
- refresh apparmor-enable-profile-cache.diff - partially upstreamed
- update apparmor-samba-include-permissions-for-shares.diff and
apparmor-lessopen-profile.patch - switch to "include if exists"
- apparmor-lessopen-profile.patch: add abi rule to lessopen profile
- refresh apparmor-lessopen-nfs-workaround.diff
- move away very loose apache profile that doesn't even match the
apache2 binary path in openSUSE to avoid confusion (boo#872984)
- move rewritten aa-status from utils to parser subpackage
- add aa-features-abi to parser subpackage
- replace perl and libnotify-tools requires with requiring
python3-notify2 and python3-psutil (needed by the rewritten
aa-notify)
- drop ancient cleanup for /etc/init.d/subdomain from parser %pre
- drop (never enabled) conditionals to build with python2 and to
build the python-apparmor subpackage (upstream dropped python2
support)
- drop setting PYTHON and PYTHON_VERSIONS env variable, no longer needed
- set PYFLAKES path for utils check
- add precompiled_cache build conditional to allow faster local
builds without using kvm
- remove duplicated BuildRequires: swig
libapparmor:
- update to AppArmor 3.0.0
- see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0
for the detailed upstream changelog
- add changes-since-3.0.0.diff with upstream fixes since the 3.0.0
release up to 3e18c0785abc03ee42a022a67a27a085516a7921
- drop 2.13-only patch libapparmor-so-number.diff
OBS-URL: https://build.opensuse.org/request/show/844157
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=281
- update to AppArmor 2.13.2
- add profile names to most profiles
- update dnsmasq profile (pid file and logfile path) (boo#1111342)
- add vulkan abstraction
- add letsencrypt certificate path to abstractions/ssl_*
- ignore *.orig and *.rej files when loading profiles
- fix aa-complain etc. to handle named profiles
- several bugfixes and small profile improvements
- see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13.2
for the detailed upstream changelog
- remove upstreamed fix-syntax-error-in-rc.apparmor.functions.patch
- update to 2.13.1
- add qt5 and qt5-compose-cache-write abstractions
- add @{uid} and @{uids} kernel var placeholders
- several profile and abstraction updates
- ignore "abi" rules in parser and tools (instead of erroring out)
- utils: fix overwriting of child profile flags if they differ from
the main profile
- several bugfixes (including boo#1100779)
- see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13.1
for the detailed upstream changelog
- remove upstream(ed) patches:
- aa-teardown-path.diff
- fix-apparmor-systemd-perms.diff
- logprof-skip-cache-d.diff
- fix-samba-profiles.patch
- make-pyflakes-happy.diff
- dnsmasq-Add-permission-to-open-log-files.patch
- refresh apparmor-samba-include-permissions-for-shares.diff
- add fix-syntax-error-in-rc.apparmor.functions.patch
- update to AppArmor 2.13.2
- no changes in libapparmor
- see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13.2
for the detailed upstream changelog
- update to AppArmor 2.13.1
- several bug fixes
- see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13.1
for the detailed upstream changelog
OBS-URL: https://build.opensuse.org/request/show/660558
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=224
--------------------------------------------------------------------
- update to AppArmor 2.13
- add support for multiple cache directories and cache overlays
(boo#1069906, boo#1074429)
- add support for conditional includes in policy
- remove group restrictions from aa-notify (boo#1058787)
- aa-complain etc.: set flags for profiles represented by a glob
- aa-status: split profile from exec name
- several profile and abstraction updates
- see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13
for the detailed upstream changelog
- drop upstreamed patches and files:
- aa-teardown
- apparmor.service
- apparmor.systemd
- 32-bit-no-uid.diff
- disable-cache-on-ro-fs.diff
- dovecot-stats.diff
- parser-write-cache-warn-only.diff
- set-flags-for-profiles-represented-by-glob.patch
- fix-regression-in-set-flags.patch
- drop spec code that handled installing aa-teardown, apparmor.service
and apparmor.systemd (now part of upstream Makefile)
- simplify "make -C profiles parser-check" call (upstream Makefile bug
that required to call "cd" was fixed)
- add aa-teardown-path.diff - install aa-teardown in /usr/sbin/
- move 'exec' symlink to parser package (belongs to aa-exec)
libapparmor:
- update to AppArmor 2.13
- add support for multiple cache directories and cache overlays
(boo#1069906, boo#1074429)
- see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13
for the detailed upstream changelog
OBS-URL: https://build.opensuse.org/request/show/598823
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=207
- update to AppArmor 2.12
- add support for 'owner' rules in aa-logprof and aa-genprof
- add support for includes with absolute path in aa-logprof etc. (lp#1733700)
- update aa-decode to also decode PROCTITLE (lp#1736841)
- several profile and abstraction updates, including boo#1069470
- see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.12
for the detailed upstream changelog
- drop upstreamed patches:
- read_inactive_profile-exactly-once.patch
- utils-fix-sorted-save_profiles-regression.diff
- lessopen profile: change all 'rix' rules to 'mrix'
- update to AppArmor 2.11.95 aka 2.12 beta1
- add JSON interface to aa-logprof and aa-genprof (used by YaST)
- drop old YaST interface code
- update audio, base and nameservice abstractions
- allow @{pid} to match 7-digit pids
- see http://wiki.apparmor.net/index.php/ReleaseNotes_2_11_95
for the detailed upstream changelog
- drop upstreamed patches
- apparmor-yast-cleanup.patch
- apparmor-json-support.patch
- nameservice-libtirpc.diff
- drop obsolete perl modules (YaST no longer needs them)
- drop patches that were only needed by the obsolete perl modules:
- apparmor-utils-string-split
- apparmor-abstractions-no-multiline.diff
- drop profiles-sockets-temporary-fix.patch - obsoleted by a fix in
apparmor_parser
- refresh utils-fix-sorted-save_profiles-regression.diff
OBS-URL: https://build.opensuse.org/request/show/560016
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=194
apparmor:
- update to AppArmor 2.11.1
- add permissions to several profiles and abstractions (including
lp#1650827 and boo#1057900)
- several fixes in the aa-* tools (including lp#1689667, lp#1628286,
lp#1661766 and boo#1062667)
- fix downgrading/converting of 'unix' rules (will be supported in
kernel 4.15) to 'network unix' rules in apparmor_parser (boo#1061195)
- see http://wiki.apparmor.net/index.php/ReleaseNotes_2_11_1 for
upstream changelog
- remove upstream(ed) patches
- upstream-changes-r3616..3628.diff
- upstream-changes-r3629..3648.diff
- parser-tests-dbus-duplicated-conditionals.diff
- apparmor-fix-podsyntax.patch
- sshd-profile-drop-local-include-r3615.diff
- refresh apparmor-yast-cleanup.patch
- add utils-fix-sorted-save_profiles-regression.diff to fix a regression
in displaying the "changed profiles" list in aa-logprof
Also add bugzilla reference to the previous change:
- add nameservice-libtirpc.diff to fix NIS/YP logins (boo#1062244)
libapparmor:
- update to AppArmor 2.11.1
- mostly test-related changes in libapparmor
- see http://wiki.apparmor.net/index.php/ReleaseNotes_2_11_1 for
upstream changelog
OBS-URL: https://build.opensuse.org/request/show/536620
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=190
- add upstream-changes-r3616..3628.diff:
- update abstractions/base, abstractions/apache2-common and dovecot profiles
- merge ask_the_questions() of aa-logprof and aa-mergeprof
- pass LDFLAGS when building parser, libapparmor perl bindings and pam_apparmor
- adjust deleting the cache in profiles %post to the new cache location
- silence errors when deleting the cache (boo#976914)
- split libapparmor into separate spec to get rid of build loop
involving mariadb, systemd, apparmor, libapr and mariadb again
(see the discussion in SR 448871 for details)
- libapparmor.spec is based on the AppArmor 2.11 apparmor.spec, but
with minimum BuildRequires
OBS-URL: https://build.opensuse.org/request/show/453533
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=166
