Dominique Leuenberger
6e38e3ea06
Accepting request 970238 from security:apparmor
...
- Add samba-new-dcerpcd.patch, samba-4.16 has a new dcerpcd daemon
which now will spawn new additional services on demand. We need to
modify the existing smbd/winbind profiles and additionally add a
new set of profiles to cater for the new functionality;
(bnc#1198309);
- Add samba_deny_net_admin.patch to add new rule to deny
noisy setsockopt calls from systemd; (bnc#1196850). (forwarded request 970229 from npower)
OBS-URL: https://build.opensuse.org/request/show/970238
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=168
2022-04-15 22:14:06 +00:00
c04137f806
Accepting request 970229 from home:npower:branches:security:apparmor
...
- Add samba-new-dcerpcd.patch, samba-4.16 has a new dcerpcd daemon
which now will spawn new additional services on demand. We need to
modify the existing smbd/winbind profiles and additionally add a
new set of profiles to cater for the new functionality;
(bnc#1198309);
- Add samba_deny_net_admin.patch to add new rule to deny
noisy setsockopt calls from systemd; (bnc#1196850).
OBS-URL: https://build.opensuse.org/request/show/970229
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=324
2022-04-14 19:08:39 +00:00
Dominique Leuenberger
7814fe9c5a
Accepting request 968253 from security:apparmor
...
- add profile for zgrep and xzgrep to prevent CVE-2022-1271
(zgrep-profile-mr870.diff) (forwarded request 968252 from cboltz)
OBS-URL: https://build.opensuse.org/request/show/968253
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=167
2022-04-12 19:43:17 +00:00
9a2a40f1ba
Accepting request 968252 from home:cboltz
...
- add profile for zgrep and xzgrep to prevent CVE-2022-1271
(zgrep-profile-mr870.diff)
OBS-URL: https://build.opensuse.org/request/show/968252
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=322
2022-04-10 13:52:36 +00:00
Dominique Leuenberger
bd594ec2cb
Accepting request 966667 from security:apparmor
...
- ensure precompiled cache files are newer than (text) profiles
- reload profiles in %posttrans instead of %post to ensure both
-profiles and -abstractons package are updated before the cache
in /var/cache/apparmor/ gets built (boo#1195463 #c20) (forwarded request 966666 from cboltz)
OBS-URL: https://build.opensuse.org/request/show/966667
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=166
2022-04-05 17:55:25 +00:00
f697678c37
Accepting request 966666 from home:cboltz
...
- ensure precompiled cache files are newer than (text) profiles
- reload profiles in %posttrans instead of %post to ensure both
-profiles and -abstractons package are updated before the cache
in /var/cache/apparmor/ gets built (boo#1195463 #c20)
OBS-URL: https://build.opensuse.org/request/show/966666
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=320
2022-04-03 14:46:04 +00:00
Dominique Leuenberger
fe99ae5b7e
Accepting request 964948 from security:apparmor
...
- Add update-samba-bgqd.diff to add new rule to fix 'DENIED' open on
/proc/{pid}/fd for samba-bgqd (bnc#1196850).
- Add update-usr-sbin-smbd.diff to add new rule to allow reading of
openssl.cnf (bnc#1195463).
OBS-URL: https://build.opensuse.org/request/show/964948
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=165
2022-03-28 15:00:35 +00:00
3154bca472
add patch filenames to .changes
...
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=318
2022-03-25 20:31:35 +00:00
Goldwyn Rodrigues
153645aade
Accepting request 964827 from home:npower:branches:security:apparmor
...
- Add new rule to fix 'DENIED' open on /proc/{pid}/fd for
samba-bgqd; (bnc#1196850).
- Add new rule to allow reading of openssl.cnf; (bnc#1195463).
OBS-URL: https://build.opensuse.org/request/show/964827
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=317
2022-03-25 12:18:52 +00:00
Dominique Leuenberger
8ef65ccef3
Accepting request 953284 from security:apparmor
...
- update to AppArmor 3.0.4
- various fixes in profiles, abstractions, apparmor_parser and utils
(some of them were already included as patches)
- add support for mctp address family
- see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.4
for the full upstream changelog
- remove upstream(ed) patches:
- aa-notify-more-arch-mr809.diff
- ruby-3.1-build-fix.diff
- add-samba-bgqd.diff
- openssl-engdef-mr818.diff
- profiles-python-3.10-mr783.diff
- update-samba-abstractions-ldb2.diff
- refresh patches:
- apparmor-samba-include-permissions-for-shares.diff
- ruby-2_0-mkmf-destdir.patch
AppArmor 3.0.4 also includes a fix for the issue with 'mctp' found via
https://build.opensuse.org/request/show/951354
so you might want to pick this SR into Staging:O (forwarded request 953283 from cboltz)
OBS-URL: https://build.opensuse.org/request/show/953284
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=164
2022-02-11 22:06:37 +00:00
7ae734d682
Accepting request 953283 from home:cboltz
...
- update to AppArmor 3.0.4
- various fixes in profiles, abstractions, apparmor_parser and utils
(some of them were already included as patches)
- add support for mctp address family
- see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.4
for the full upstream changelog
- remove upstream(ed) patches:
- aa-notify-more-arch-mr809.diff
- ruby-3.1-build-fix.diff
- add-samba-bgqd.diff
- openssl-engdef-mr818.diff
- profiles-python-3.10-mr783.diff
- update-samba-abstractions-ldb2.diff
- refresh patches:
- apparmor-samba-include-permissions-for-shares.diff
- ruby-2_0-mkmf-destdir.patch
AppArmor 3.0.4 also includes a fix for the issue with 'mctp' found via
https://build.opensuse.org/request/show/951354
so you might want to pick this SR into Staging:O
OBS-URL: https://build.opensuse.org/request/show/953283
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=316
2022-02-10 18:40:04 +00:00
Dominique Leuenberger
d31ca30827
Accepting request 949320 from security:apparmor
...
- add ruby-3.1-build-fix.diff: fix build with ruby 3.1 (boo#1194221,
MR 827) (forwarded request 949319 from cboltz)
OBS-URL: https://build.opensuse.org/request/show/949320
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=163
2022-01-29 20:01:42 +00:00
a53ba0c4c6
Accepting request 949319 from home:cboltz
...
- add ruby-3.1-build-fix.diff: fix build with ruby 3.1 (boo#1194221,
MR 827)
OBS-URL: https://build.opensuse.org/request/show/949319
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=315
2022-01-26 18:03:22 +00:00
Dominique Leuenberger
aa19e950de
Accepting request 947042 from security:apparmor
...
- add update-samba-abstractions-ldb2.diff: Cater for changes to ldb
packaging to allow parallel installation with libldb;
(bsc#1192684). (forwarded request 947009 from scabrero)
OBS-URL: https://build.opensuse.org/request/show/947042
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=162
2022-01-22 07:17:49 +00:00
b6bdf3e03b
Accepting request 947009 from home:scabrero:branches:network:samba:STABLE
...
- add update-samba-abstractions-ldb2.diff: Cater for changes to ldb
packaging to allow parallel installation with libldb;
(bsc#1192684).
OBS-URL: https://build.opensuse.org/request/show/947009
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=314
2022-01-17 19:17:01 +00:00
Dominique Leuenberger
31fa02e8ae
Accepting request 941697 from security:apparmor
...
- Modify add-samba-bgqd.diff: Add new rule to fix new "DENIED
operation="file_mmap" violation in SLE15-SP4; (bsc#1192336).
OBS-URL: https://build.opensuse.org/request/show/941697
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=161
2021-12-22 19:17:41 +00:00
808d4c74f6
Accepting request 941696 from home:cboltz
...
patch comment update
OBS-URL: https://build.opensuse.org/request/show/941696
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=313
2021-12-20 20:27:13 +00:00
29f71f58a2
Accepting request 941674 from home:npower:branches:security:apparmor
...
- Modify add-samba-bgqd.diff: Add new rule to fix new "DENIED
operation="file_mmap" violation in SLE15-SP4; (bsc#1192336).
OBS-URL: https://build.opensuse.org/request/show/941674
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=312
2021-12-20 20:25:33 +00:00
Dominique Leuenberger
f9bc91dbb4
Accepting request 941547 from security:apparmor
...
- add openssl-engdef-mr818.diff: Allow reading /etc/ssl/engdef.d/ and
/etc/ssl/engines.d/ in abstractions/openssl which were introduced
with the latest openssl update
NOTE: Without this patch, dovecot is spamming the audit.log with denials. Please accept ASAP.
OBS-URL: https://build.opensuse.org/request/show/941547
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=160
2021-12-20 20:06:09 +00:00
880c63e84b
Accepting request 941546 from home:cboltz
...
- add openssl-engdef-mr818.diff: Allow reading /etc/ssl/engdef.d/ and
/etc/ssl/engines.d/ in abstractions/openssl which were introduced
with the latest openssl update
OBS-URL: https://build.opensuse.org/request/show/941546
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=311
2021-12-19 22:02:51 +00:00
Dominique Leuenberger
64fa1fa1ae
Accepting request 930527 from security:apparmor
...
- add aa-notify-more-arch-mr809.diff: Add support for reading s390x
and aarch64 wtmp files (boo#1181155) (forwarded request 930526 from cboltz)
OBS-URL: https://build.opensuse.org/request/show/930527
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=159
2021-11-12 14:58:56 +00:00
b71124a2f1
Accepting request 930526 from home:cboltz
...
- add aa-notify-more-arch-mr809.diff: Add support for reading s390x
and aarch64 wtmp files (boo#1181155)
OBS-URL: https://build.opensuse.org/request/show/930526
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=310
2021-11-09 18:09:23 +00:00
Dominique Leuenberger
a0d7871c36
Accepting request 925557 from security:apparmor
...
- add add-samba-bgqd.diff: add profile for samba-bgqd (boo#1191532)
OBS-URL: https://build.opensuse.org/request/show/925557
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=158
2021-10-19 21:03:30 +00:00
d4a4627460
Accepting request 925556 from home:cboltz
...
package /etc/apparmor.d/samba-bgqd
OBS-URL: https://build.opensuse.org/request/show/925556
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=309
2021-10-15 21:38:52 +00:00
95882c1eba
Accepting request 925550 from home:cboltz
...
- add add-samba-bgqd.diff: add profile for samba-bgqd (boo#1191532)
OBS-URL: https://build.opensuse.org/request/show/925550
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=308
2021-10-15 20:26:27 +00:00
Dominique Leuenberger
96460463b2
Accepting request 920054 from security:apparmor
...
- lessopen.sh profile: allow reading files that live on NFS over UDP
(added to apparmor-lessopen-nfs-workaround.diff) (boo#1190552) (forwarded request 920053 from cboltz)
OBS-URL: https://build.opensuse.org/request/show/920054
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=157
2021-09-24 22:35:13 +00:00
4c0a0a0ace
Accepting request 920053 from home:cboltz
...
- lessopen.sh profile: allow reading files that live on NFS over UDP
(added to apparmor-lessopen-nfs-workaround.diff) (boo#1190552)
OBS-URL: https://build.opensuse.org/request/show/920053
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=307
2021-09-18 13:20:11 +00:00
Richard Brown
134f67aeba
Accepting request 911600 from security:apparmor
...
- add profiles-python-3.10-mr783.diff: update abstractions/python and
profiles for python 3.10 (forwarded request 911594 from cboltz)
OBS-URL: https://build.opensuse.org/request/show/911600
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=156
2021-08-16 08:08:56 +00:00
102dd5dab3
Accepting request 911594 from home:cboltz
...
- add profiles-python-3.10-mr783.diff: update abstractions/python and
profiles for python 3.10
OBS-URL: https://build.opensuse.org/request/show/911594
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=306
2021-08-12 11:55:02 +00:00
Richard Brown
8a3ab8ab7f
Accepting request 910591 from security:apparmor
...
- update to AppArmor 3.0.3
- fix a failure in the parser tests
- see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.3
for the detailed upstream changelog
- update to AppArmor 3.0.2
- add missing permissions to several profiles and abstractions
(including boo#1188296)
- bugfixes in utils and parser (including boo#1180766 and boo#1184779)
- see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.2
for the detailed upstream changelog
- remove upstreamed patches:
- apparmor-dovecot-stats-metrics.diff
- abstractions-php8.diff
- crypto-policies-mr720.diff (forwarded request 910590 from cboltz)
OBS-URL: https://build.opensuse.org/request/show/910591
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=155
2021-08-12 07:00:57 +00:00
07f7b7b8e2
Accepting request 910590 from home:cboltz
...
- update to AppArmor 3.0.3
- fix a failure in the parser tests
- see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.3
for the detailed upstream changelog
- update to AppArmor 3.0.2
- add missing permissions to several profiles and abstractions
(including boo#1188296)
- bugfixes in utils and parser (including boo#1180766 and boo#1184779)
- see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.2
for the detailed upstream changelog
- remove upstreamed patches:
- apparmor-dovecot-stats-metrics.diff
- abstractions-php8.diff
- crypto-policies-mr720.diff
OBS-URL: https://build.opensuse.org/request/show/910590
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=305
2021-08-07 11:29:35 +00:00
Dominique Leuenberger
bc83f4a8ff
Accepting request 907196 from security:apparmor
...
- added apparmor-dovecot-stats-metrics.diff to allow Prometheus metrics end-point
OBS-URL: https://build.opensuse.org/request/show/907196
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=154
2021-07-22 20:42:33 +00:00
5607b21278
Accepting request 907195 from home:cboltz
...
add upstreaming comment
OBS-URL: https://build.opensuse.org/request/show/907195
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=304
2021-07-19 20:47:16 +00:00
90a47beb92
Accepting request 906541 from home:stroeder:sys
...
added apparmor-dovecot-stats-metrics.diff to allow Prometheus metrics end-point
OBS-URL: https://build.opensuse.org/request/show/906541
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=303
2021-07-19 20:35:07 +00:00
Dominique Leuenberger
f4d85b54ce
Accepting request 898187 from security:apparmor
...
- move Requires: python3 back to the python3-apparmor subpackage -
readline usage is in the python modules, not in apparmor-utils
- Remove python symbols (python means currently python2), work
only with python3 ones (fallout from bsc#1185588).
OBS-URL: https://build.opensuse.org/request/show/898187
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=153
2021-06-11 20:29:54 +00:00
b8fb8937d0
Accepting request 898186 from home:cboltz
...
- move Requires: python3 back to the python3-apparmor subpackage -
readline usage is in the python modules, not in apparmor-utils
OBS-URL: https://build.opensuse.org/request/show/898186
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=301
2021-06-07 19:32:55 +00:00
Goldwyn Rodrigues
00b1cea83e
Accepting request 895564 from home:mcepl:branches:security:apparmor
...
- Remove python symbols (python means currently python2), work
only with python3 ones (fallout from bsc#1185588).
OBS-URL: https://build.opensuse.org/request/show/895564
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=300
2021-06-07 18:40:06 +00:00
Dominique Leuenberger
2c601347e0
Accepting request 894865 from security:apparmor
...
- add abstractions-php8.diff to support PHP8 in abstractions/php (boo#1186267) (forwarded request 894864 from cboltz)
OBS-URL: https://build.opensuse.org/request/show/894865
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=152
2021-05-23 21:30:42 +00:00
b410411567
Accepting request 894864 from home:cboltz
...
- add abstractions-php8.diff to support PHP8 in abstractions/php (boo#1186267)
OBS-URL: https://build.opensuse.org/request/show/894864
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=298
2021-05-21 21:13:53 +00:00
Dominique Leuenberger
fbefbf80e3
Accepting request 888863 from security:apparmor
...
- add crypto-policies-mr720.diff to allow reading crypto policies
in abstractions/ssl_certs (boo#1183597)
- replace %{?systemd_requires} with %{?systemd_ordering} to avoid dragging in
systemd into containers just because apparmor-parser ships a *.service file (forwarded request 888862 from cboltz)
OBS-URL: https://build.opensuse.org/request/show/888863
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=151
2021-04-29 20:44:40 +00:00
0916435d00
Accepting request 888862 from home:cboltz
...
- add crypto-policies-mr720.diff to allow reading crypto policies
in abstractions/ssl_certs (boo#1183597)
- replace %{?systemd_requires} with %{?systemd_ordering} to avoid dragging in
systemd into containers just because apparmor-parser ships a *.service file
OBS-URL: https://build.opensuse.org/request/show/888862
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=296
2021-04-27 17:07:13 +00:00
Richard Brown
9df4d92cec
Accepting request 874417 from security:apparmor
...
- avoid file listed twice error (forwarded request 874370 from lnussel)
OBS-URL: https://build.opensuse.org/request/show/874417
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=150
2021-03-02 13:41:41 +00:00
4710d6ccea
Accepting request 874370 from home:lnussel:usrmove
...
- avoid file listed twice error
OBS-URL: https://build.opensuse.org/request/show/874370
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=294
2021-02-22 18:21:51 +00:00
Dominique Leuenberger
e0c2c9960d
Accepting request 871277 from security:apparmor
...
- merge libapparmor.changes into apparmor.changes (forwarded request 871276 from cboltz)
OBS-URL: https://build.opensuse.org/request/show/871277
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=149
2021-02-15 22:14:57 +00:00
1906a6ea33
Accepting request 871276 from home:cboltz
...
- merge libapparmor.changes into apparmor.changes
OBS-URL: https://build.opensuse.org/request/show/871276
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=292
2021-02-11 18:20:43 +00:00
Dominique Leuenberger
4895045e47
Accepting request 868746 from security:apparmor
...
- define %_pamdir for <= 15.x to fix the build on those releases (forwarded request 868745 from cboltz)
OBS-URL: https://build.opensuse.org/request/show/868746
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=148
2021-02-04 19:22:46 +00:00
8416250f76
Accepting request 868745 from home:cboltz
...
- define %_pamdir for <= 15.x to fix the build on those releases
OBS-URL: https://build.opensuse.org/request/show/868745
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=290
2021-02-02 18:37:25 +00:00
a564ac7aa3
Accepting request 868407 from home:lnussel:usrmove
...
- prepare usrmerge (boo#1029961)
* use %_pamdir
OBS-URL: https://build.opensuse.org/request/show/868407
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=289
2021-02-01 18:27:47 +00:00
Dominique Leuenberger
91cf85d908
Accepting request 865956 from security:apparmor
...
- add apache-extra-profile-include-if-exists.diff: make <apache2.d>
include in apache extra profile optional to avoid problems with empty
profile directory (boo#1178527) (forwarded request 865955 from cboltz)
OBS-URL: https://build.opensuse.org/request/show/865956
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=147
2021-01-27 17:57:03 +00:00
cbfc4c18e3
Accepting request 865955 from home:cboltz
...
- add apache-extra-profile-include-if-exists.diff: make <apache2.d>
include in apache extra profile optional to avoid problems with empty
profile directory (boo#1178527)
OBS-URL: https://build.opensuse.org/request/show/865955
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=287
2021-01-22 11:50:03 +00:00
