TL;DR: update AppArmor to 3.0.0 + some post-release fixes
Long version:
- add utils-fix-hotkey-conflict.diff to fix a hotkey conflict in
de, id and sv translations (and fix the test) (MR 675)
- add extra-profiles-fix-Pux.diff to fix an inactive profile -
prevents a crash in aa-logprof and aa-genprof when creating a new
profile (MR 676)
- update to AppArmor 3.0.0
- introduce feature abi declaration in profiles to enable use of
new rule types (for openSUSE: dbus and unix rules)
- support xattr attachment conditionals
- experimental support for kill and unconfined profile modes
- rewritten aa-status (in C), including support for new profile modes
- rewritten aa-notify (in python), finally dropping the perl
requirement at runtime
- new tool aa-features-abi for extracting feature abis from the kernel
- update profiles to have profile names and to use 3.0 feature abi
- introduce @{etc_ro} and @{etc_rw} profile variables
- new profile for php-fpm
- several updates to profiles and abstractions (including boo#1166007)
- fully support 'include if exists' in the aa-* tools
- rewrite handling of alias, include, link and variable rules in
the aa-* tools
- rewrite and simplify log handling in the aa-logprof and aa-genprof
- see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0
for the detailed upstream changelog
- patches:
- add changes-since-3.0.0.diff with upstream fixes since the 3.0.0
release up to 3e18c0785abc03ee42a022a67a27a085516a7921
- drop upstreamed usr-etc-abstractions-base-nameservice.diff
- drop 2.13-only libapparmor-so-number.diff
- refresh apparmor-enable-profile-cache.diff - partially upstreamed
- update apparmor-samba-include-permissions-for-shares.diff and
apparmor-lessopen-profile.patch - switch to "include if exists"
- apparmor-lessopen-profile.patch: add abi rule to lessopen profile
- refresh apparmor-lessopen-nfs-workaround.diff
- move away very loose apache profile that doesn't even match the
apache2 binary path in openSUSE to avoid confusion (boo#872984)
- move rewritten aa-status from utils to parser subpackage
- add aa-features-abi to parser subpackage
- replace perl and libnotify-tools requires with requiring
python3-notify2 and python3-psutil (needed by the rewritten
aa-notify)
- drop ancient cleanup for /etc/init.d/subdomain from parser %pre
- drop (never enabled) conditionals to build with python2 and to
build the python-apparmor subpackage (upstream dropped python2
support)
- drop setting PYTHON and PYTHON_VERSIONS env variable, no longer needed
- set PYFLAKES path for utils check
- add precompiled_cache build conditional to allow faster local
builds without using kvm
- remove duplicated BuildRequires: swig
libapparmor:
- update to AppArmor 3.0.0
- see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0
for the detailed upstream changelog
- add changes-since-3.0.0.diff with upstream fixes since the 3.0.0
release up to 3e18c0785abc03ee42a022a67a27a085516a7921
- drop 2.13-only patch libapparmor-so-number.diff
OBS-URL: https://build.opensuse.org/request/show/845533
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=145
- update to AppArmor 3.0.0
- introduce feature abi declaration in profiles to enable use of
new rule types (for openSUSE: dbus and unix rules)
- support xattr attachment conditionals
- experimental support for kill and unconfined profile modes
- rewritten aa-status (in C), including support for new profile modes
- rewritten aa-notify (in python), finally dropping the perl
requirement at runtime
- new tool aa-features-abi for extracting feature abis from the kernel
- update profiles to have profile names and to use 3.0 feature abi
- introduce @{etc_ro} and @{etc_rw} profile variables
- new profile for php-fpm
- several updates to profiles and abstractions (including boo#1166007)
- fully support 'include if exists' in the aa-* tools
- rewrite handling of alias, include, link and variable rules in
the aa-* tools
- rewrite and simplify log handling in the aa-logprof and aa-genprof
- see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0
for the detailed upstream changelog
- patches:
- add changes-since-3.0.0.diff with upstream fixes since the 3.0.0
release up to 3e18c0785abc03ee42a022a67a27a085516a7921
- drop upstreamed usr-etc-abstractions-base-nameservice.diff
- drop 2.13-only libapparmor-so-number.diff
- refresh apparmor-enable-profile-cache.diff - partially upstreamed
- update apparmor-samba-include-permissions-for-shares.diff and
apparmor-lessopen-profile.patch - switch to "include if exists"
- apparmor-lessopen-profile.patch: add abi rule to lessopen profile
- refresh apparmor-lessopen-nfs-workaround.diff
- move away very loose apache profile that doesn't even match the
apache2 binary path in openSUSE to avoid confusion (boo#872984)
- move rewritten aa-status from utils to parser subpackage
- add aa-features-abi to parser subpackage
- replace perl and libnotify-tools requires with requiring
python3-notify2 and python3-psutil (needed by the rewritten
aa-notify)
- drop ancient cleanup for /etc/init.d/subdomain from parser %pre
- drop (never enabled) conditionals to build with python2 and to
build the python-apparmor subpackage (upstream dropped python2
support)
- drop setting PYTHON and PYTHON_VERSIONS env variable, no longer needed
- set PYFLAKES path for utils check
- add precompiled_cache build conditional to allow faster local
builds without using kvm
- remove duplicated BuildRequires: swig
libapparmor:
- update to AppArmor 3.0.0
- see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0
for the detailed upstream changelog
- add changes-since-3.0.0.diff with upstream fixes since the 3.0.0
release up to 3e18c0785abc03ee42a022a67a27a085516a7921
- drop 2.13-only patch libapparmor-so-number.diff
OBS-URL: https://build.opensuse.org/request/show/844157
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=281
- add changes-since-2.13.4.diff with upstream changes and fixes
since 2.13.4 up to 5f61bd4c:
- add several abstractions related to xdg-open:
dbus-network-manager-strict, exo-open, gio-open, gvfs-open,
kde-open5, xdg-open
- introduce @{run} variable
- update dnsmasq and winbindd profile
- update mdns, mesa and nameservice abstraction
- some bugfixes in the aa-* tools, including a remote bugfix in the
YaST AppArmor module (boo#1171315)
- drop upstream(ed) patches (now part of changes-since-2.13.4.diff):
- make-4.3-capabilities.diff
- make-4.3-capabilities-vim.diff
- make-4.3-fix-utils-network-test.diff
- make-4.3-network.diff
- abstractions-add-etc-mdns.allow-to-etc-apparmor.d-abstractions-mdns.patch
- apply usr-etc-abstractions-base-nameservice.diff only for
Tumbleweed, but not for Leap 15.x where it's not needed
- refresh usr-etc-abstractions-base-nameservice.diff (forwarded request 807998 from cboltz)
OBS-URL: https://build.opensuse.org/request/show/807999
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=138
- add changes-since-2.13.4.diff with upstream changes and fixes
since 2.13.4 up to 5f61bd4c:
- add several abstractions related to xdg-open:
dbus-network-manager-strict, exo-open, gio-open, gvfs-open,
kde-open5, xdg-open
- introduce @{run} variable
- update dnsmasq and winbindd profile
- update mdns, mesa and nameservice abstraction
- some bugfixes in the aa-* tools, including a remote bugfix in the
YaST AppArmor module (boo#1171315)
- drop upstream(ed) patches (now part of changes-since-2.13.4.diff):
- make-4.3-capabilities.diff
- make-4.3-capabilities-vim.diff
- make-4.3-fix-utils-network-test.diff
- make-4.3-network.diff
- abstractions-add-etc-mdns.allow-to-etc-apparmor.d-abstractions-mdns.patch
- apply usr-etc-abstractions-base-nameservice.diff only for
Tumbleweed, but not for Leap 15.x where it's not needed
- refresh usr-etc-abstractions-base-nameservice.diff
OBS-URL: https://build.opensuse.org/request/show/807998
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=266
- fix build with make 4.3 by backporting some commits from upstream
master (boo#1167953):
- make-4.3-capabilities.diff
- make-4.3-capabilities-vim.diff
- make-4.3-network.diff
- make-4.3-fix-utils-network-test.diff
Also fix a wrong patch filename in the previous .changes entry.
The correct message about the refreshed patch is:
- refresh usr-etc-abstractions-base-nameservice.diff (forwarded request 789397 from cboltz)
OBS-URL: https://build.opensuse.org/request/show/789398
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=136
- fix build with make 4.3 by backporting some commits from upstream
master (boo#1167953):
- make-4.3-capabilities.diff
- make-4.3-capabilities-vim.diff
- make-4.3-network.diff
- make-4.3-fix-utils-network-test.diff
Also fix a wrong patch filename in the previous .changes entry.
The correct message about the refreshed patch is:
- refresh usr-etc-abstractions-base-nameservice.diff
OBS-URL: https://build.opensuse.org/request/show/789397
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=262
