Commit Graph

218 Commits

Author SHA256 Message Date
Dominique Leuenberger
d6f9b81f0e Accepting request 560031 from security:apparmor
- add 32-bit-no-uid.diff to fix handling of log events without ouid on
  32 bit systems (forwarded request 560030 from cboltz)

OBS-URL: https://build.opensuse.org/request/show/560031
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=109
2018-01-01 21:05:36 +00:00
Christian Boltz
772075ecd7 Accepting request 560030 from home:cboltz
- add 32-bit-no-uid.diff to fix handling of log events without ouid on
  32 bit systems

OBS-URL: https://build.opensuse.org/request/show/560030
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=195
2017-12-26 18:02:52 +00:00
Christian Boltz
7823513103 Accepting request 560016 from home:cboltz
- update to AppArmor 2.12
  - add support for 'owner' rules in aa-logprof and aa-genprof
  - add support for includes with absolute path in aa-logprof etc. (lp#1733700)
  - update aa-decode to also decode PROCTITLE (lp#1736841)
  - several profile and abstraction updates, including boo#1069470
  - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.12
    for the detailed upstream changelog
- drop upstreamed patches:
  - read_inactive_profile-exactly-once.patch
  - utils-fix-sorted-save_profiles-regression.diff
- lessopen profile: change all 'rix' rules to 'mrix'

- update to AppArmor 2.11.95 aka 2.12 beta1
  - add JSON interface to aa-logprof and aa-genprof (used by YaST)
  - drop old YaST interface code
  - update audio, base and nameservice abstractions
  - allow @{pid} to match 7-digit pids
  - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_11_95
    for the detailed upstream changelog
- drop upstreamed patches
  - apparmor-yast-cleanup.patch
  - apparmor-json-support.patch
  - nameservice-libtirpc.diff
- drop obsolete perl modules (YaST no longer needs them)
- drop patches that were only needed by the obsolete perl modules:
  - apparmor-utils-string-split
  - apparmor-abstractions-no-multiline.diff
- drop profiles-sockets-temporary-fix.patch - obsoleted by a fix in
  apparmor_parser
- refresh utils-fix-sorted-save_profiles-regression.diff

OBS-URL: https://build.opensuse.org/request/show/560016
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=194
2017-12-26 14:30:01 +00:00
Dominique Leuenberger
4e1b11c68e Accepting request 547738 from security:apparmor
bsc#1069346 (forwarded request 546471 from goldwynr)

OBS-URL: https://build.opensuse.org/request/show/547738
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=108
2017-12-06 07:52:57 +00:00
Christian Boltz
51c20bdc0e Accepting request 546471 from home:goldwynr:branches:security:apparmor
bsc#1069346

OBS-URL: https://build.opensuse.org/request/show/546471
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=192
2017-12-03 12:44:51 +00:00
Dominique Leuenberger
75f748809c Accepting request 536621 from security:apparmor
apparmor:
- update to AppArmor 2.11.1
  - add permissions to several profiles and abstractions (including
    lp#1650827 and boo#1057900)
  - several fixes in the aa-* tools (including lp#1689667, lp#1628286,
    lp#1661766 and boo#1062667)
  - fix downgrading/converting of 'unix' rules (will be supported in
    kernel 4.15) to 'network unix' rules in apparmor_parser (boo#1061195)
  - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_11_1 for
    upstream changelog
- remove upstream(ed) patches
  - upstream-changes-r3616..3628.diff
  - upstream-changes-r3629..3648.diff
  - parser-tests-dbus-duplicated-conditionals.diff
  - apparmor-fix-podsyntax.patch
  - sshd-profile-drop-local-include-r3615.diff
- refresh apparmor-yast-cleanup.patch
- add utils-fix-sorted-save_profiles-regression.diff to fix a regression
  in displaying the "changed profiles" list in aa-logprof

Also add bugzilla reference to the previous change:
- add nameservice-libtirpc.diff to fix NIS/YP logins (boo#1062244)


libapparmor:
- update to AppArmor 2.11.1
  - mostly test-related changes in libapparmor
  - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_11_1 for
    upstream changelog (forwarded request 536620 from cboltz)

OBS-URL: https://build.opensuse.org/request/show/536621
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=107
2017-10-27 11:47:52 +00:00
Christian Boltz
3a01d74522 Accepting request 536620 from home:cboltz
apparmor:
- update to AppArmor 2.11.1
  - add permissions to several profiles and abstractions (including
    lp#1650827 and boo#1057900)
  - several fixes in the aa-* tools (including lp#1689667, lp#1628286,
    lp#1661766 and boo#1062667)
  - fix downgrading/converting of 'unix' rules (will be supported in
    kernel 4.15) to 'network unix' rules in apparmor_parser (boo#1061195)
  - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_11_1 for
    upstream changelog
- remove upstream(ed) patches
  - upstream-changes-r3616..3628.diff
  - upstream-changes-r3629..3648.diff
  - parser-tests-dbus-duplicated-conditionals.diff
  - apparmor-fix-podsyntax.patch
  - sshd-profile-drop-local-include-r3615.diff
- refresh apparmor-yast-cleanup.patch
- add utils-fix-sorted-save_profiles-regression.diff to fix a regression
  in displaying the "changed profiles" list in aa-logprof

Also add bugzilla reference to the previous change:
- add nameservice-libtirpc.diff to fix NIS/YP logins (boo#1062244)


libapparmor:
- update to AppArmor 2.11.1
  - mostly test-related changes in libapparmor
  - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_11_1 for
    upstream changelog

OBS-URL: https://build.opensuse.org/request/show/536620
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=190
2017-10-25 21:04:37 +00:00
Dominique Leuenberger
56e1a28d47 Accepting request 534597 from security:apparmor
- add nameservice-libtirpc.diff to fix NIS/YP logins (forwarded request 534596 from cboltz)

OBS-URL: https://build.opensuse.org/request/show/534597
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=106
2017-10-23 14:40:36 +00:00
Christian Boltz
365c3b08fa Accepting request 534596 from home:cboltz
- add nameservice-libtirpc.diff to fix NIS/YP logins

OBS-URL: https://build.opensuse.org/request/show/534596
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=188
2017-10-17 21:44:17 +00:00
Dominique Leuenberger
e55e76f0aa Accepting request 531184 from security:apparmor
- profiles-sockets-temporary-fix.patch to cater to nameservices with the
  new sockets mediation, until unix rules are upstreamed (boo#1061195)

OBS-URL: https://build.opensuse.org/request/show/531184
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=105
2017-10-10 09:33:56 +00:00
Christian Boltz
60a2ec39cc better patch description and changelog for profiles-sockets-temporary-fix.patch
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=186
2017-10-04 11:35:57 +00:00
Christian Boltz
5958c64a3e Accepting request 530988 from home:goldwynr:branches:security:apparmor
added the temporary fix to profiles abstractions/nameservice

OBS-URL: https://build.opensuse.org/request/show/530988
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=185
2017-10-04 11:33:29 +00:00
Dominique Leuenberger
f78a17e922 Accepting request 528520 from security:apparmor
- add apparmor-fix-podsyntax.patch from mailing list to fix
  compilation with perl 5.26 (forwarded request 528495 from coolo)

OBS-URL: https://build.opensuse.org/request/show/528520
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=104
2017-09-25 11:57:26 +00:00
Christian Boltz
4f49cf147b Accepting request 528495 from home:coolo:branches:openSUSE:Factory
- add apparmor-fix-podsyntax.patch from mailing list to fix
  compilation with perl 5.26

OBS-URL: https://build.opensuse.org/request/show/528495
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=183
2017-09-24 11:31:08 +00:00
Dominique Leuenberger
4fa3d6888b Accepting request 517044 from security:apparmor
- do not require exact X.Y version of "python3"
- require also matching python(abi) which is arguably more important (forwarded request 517036 from matejcik)

OBS-URL: https://build.opensuse.org/request/show/517044
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=103
2017-08-24 16:26:40 +00:00
Christian Boltz
2bb2c46241 Accepting request 517036 from home:matejcik:branches:security:apparmor
- do not require exact X.Y version of "python3"
- require also matching python(abi) which is arguably more important

OBS-URL: https://build.opensuse.org/request/show/517036
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=181
2017-08-15 16:08:48 +00:00
Dominique Leuenberger
dcc7263ed5 Accepting request 511329 from security:apparmor
- don't rely on implementation details for reload in %post

- add JSON support. Required for FATE#323380.
  (apparmor-yast-cleanup.patch, apparmor-json-support.patch)

OBS-URL: https://build.opensuse.org/request/show/511329
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=102
2017-07-23 10:13:24 +00:00
Christian Boltz
5eb186d7f3 Accepting request 511328 from home:cboltz
mention JSON patches in changelog

OBS-URL: https://build.opensuse.org/request/show/511328
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=179
2017-07-18 20:44:21 +00:00
Christian Boltz
5f32a36514 Accepting request 511315 from home:cboltz
- don't rely on implementation details for reload in %post

OBS-URL: https://build.opensuse.org/request/show/511315
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=178
2017-07-18 19:59:57 +00:00
Christian Boltz
f8148e7701 Accepting request 511034 from home:goldwynr:branches:security:apparmor
Adds JSON support. These patches can be removed when we update apparmor to contain JSON support. Until then, this is required for the smooth merge of yast-apparmor

OBS-URL: https://build.opensuse.org/request/show/511034
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=177
2017-07-18 19:56:43 +00:00
Yuchen Lin
c2ad9e9b7f Accepting request 482776 from security:apparmor
- add upstream-changes-r3629..3648.diff:
  - preserve unknown profiles when reloading apparmor.service
    (CVE-2017-6507, lp#1668892, boo#1029696)
  - add aa-remove-unknown utility to unload unknown profiles (lp#1668892)
  - update nvidia abstraction for newer nvidia drivers
  - don't enforce ordering of dbus rule attributes in utils (lp#1628286)
  - add --parser, --base and --Include option to aa-easyprof to allow
    non-standard paths (useful for tests) (lp#1521031)
  - move initialization code in apparmor.aa to init_aa(). This allows to
    run all utils tests even if /etc/apparmor.d/ or /sbin/apparmor_parser
    don't exist.
  - several improvements in the utils tests
- drop upstreamed python3-drop-re-locale.patch
- no longer delete/skip some of the utils tests (to allow this, add
  parser-tests-dbus-duplicated-conditionals.diff)
- add var.mount dependeny to apparmor.service (boo#1016259#c34)

OBS-URL: https://build.opensuse.org/request/show/482776
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=101
2017-04-11 10:39:06 +00:00
Christian Boltz
834d67a5c3 Accepting request 482775 from home:cboltz
fix filename in patch name

OBS-URL: https://build.opensuse.org/request/show/482775
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=175
2017-03-26 20:38:57 +00:00
Christian Boltz
454b681e13 Accepting request 482764 from home:cboltz
- add upstream-changes-r-3629..3648.diff:
  - preserve unknown profiles when reloading apparmor.service
    (CVE-2017-6507, lp#1668892, boo#1029696)
  - add aa-remove-unknown utility to unload unknown profiles (lp#1668892)
  - update nvidia abstraction for newer nvidia drivers
  - don't enforce ordering of dbus rule attributes in utils (lp#1628286)
  - add --parser, --base and --Include option to aa-easyprof to allow
    non-standard paths (useful for tests) (lp#1521031)
  - move initialization code in apparmor.aa to init_aa(). This allows to
    run all utils tests even if /etc/apparmor.d/ or /sbin/apparmor_parser
    don't exist.
  - several improvements in the utils tests
- drop upstreamed python3-drop-re-locale.patch
- no longer delete/skip some of the utils tests (to allow this, add
  parser-tests-dbus-duplicated-conditionals.diff)
- add var.mount dependeny to apparmor.service (boo#1016259#c34)

OBS-URL: https://build.opensuse.org/request/show/482764
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=174
2017-03-26 18:43:45 +00:00
Dominique Leuenberger
3ab13de061 Accepting request 481186 from security:apparmor
- Cleanup spec file:
  - don't use insserv if we afterwards call systemd, this can
    have bad side effects
  - remove dead code
  - remove now obsolete 'distro' checks
- Replace init.d script with new wrapper working with systemd (forwarded request 480782 from kukuk)

OBS-URL: https://build.opensuse.org/request/show/481186
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=100
2017-03-22 22:17:29 +00:00
Christian Boltz
bba6e7bef6 Accepting request 480782 from home:kukuk:branches:security:apparmor
- Cleanup spec file:
  - don't use insserv if we afterwards call systemd, this can
    have bad side effects
  - remove dead code
  - remove now obsolete 'distro' checks
- Replace init.d script with new wrapper working with systemd

OBS-URL: https://build.opensuse.org/request/show/480782
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=172
2017-03-19 19:14:12 +00:00
Dominique Leuenberger
92548b9193 Accepting request 458843 from security:apparmor
- add python3-drop-re-locale.patch: remove deprecated re.LOCALE
  flag in Python UI as it was dropped from Python 3.6 (lp#1661766)

- Fix RPM groups

OBS-URL: https://build.opensuse.org/request/show/458843
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=99
2017-02-18 23:45:48 +00:00
Christian Boltz
b8cc801318 add reference to lp#1661766 for python3-drop-re-locale.patch
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=170
2017-02-18 12:30:48 +00:00
Christian Boltz
14d5404240 Accepting request 458503 from home:matejcik:branches:security:apparmor
- add python3-drop-re-locale.patch: remove deprecated re.LOCALE
  flag in Python UI as it was dropped from Python 3.6

OBS-URL: https://build.opensuse.org/request/show/458503
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=169
2017-02-18 12:29:18 +00:00
Christian Boltz
7314b9e327 Accepting request 456389 from home:jengelh:branches:security:apparmor
- Fix RPM groups

OBS-URL: https://build.opensuse.org/request/show/456389
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=168
2017-02-11 12:19:17 +00:00
Dominique Leuenberger
6d997a3d70 Accepting request 453537 from security:apparmor
TL;DR: update AppArmor to 2.11, split off libapparmor package/spec, move libapparmor to /usr


Details:

- add upstream-changes-r3616..3628.diff:
  - update abstractions/base, abstractions/apache2-common and dovecot profiles
  - merge ask_the_questions() of aa-logprof and aa-mergeprof
  - pass LDFLAGS when building parser, libapparmor perl bindings and pam_apparmor
- adjust deleting the cache in profiles %post to the new cache location
- silence errors when deleting the cache (boo#976914)

- split libapparmor into separate spec to get rid of build loop
  involving mariadb, systemd, apparmor, libapr and mariadb again
  (see the discussion in SR 448871 for details)
- libapparmor.spec is based on the AppArmor 2.11 apparmor.spec, but
  with minimum BuildRequires

- update to AppArmor 2.11.0
  - apparmor_parser now supports parallel compiles and loads
  - add full support for dbus, ptrace and signal rules and events to the
    utils
  - full rewrite of the file rule handling in the utils
  - lots of improvements and fixes
  - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_11 for the
    detailed changelog
- patches:
  - add sshd-profile-drop-local-include-r3615.diff to fix 'make check'
  - drop aa-unconfined-fix-netstat-call-2.10r3380.diff, no longer needed
  - refresh apparmor-abstractions-no-multiline.diff
  - refresh apparmor-samba-include-permissions-for-shares.diff
- spec changes:
  - aa-unconfined switched to using ss (from iproute2), adjust Recommends:
  - move libapparmor to /usr/lib*/
  - drop %if %suse_version checks for 12.x
  - change several Obsoletes from %version to < 2.9. Those package names
    weren't used since years, and 2.9 is still a careful choice
  - include apparmor.service independent of %suse_version
  - techdoc.pdf is now shipped in upstream tarball to reduce BuildRequires
    - drop latex2html, texlive-* and w3m BuildRequires
    - techdoc.txt and techdoc.html not included, drop them from the package
  - run most of utils/ make check (some tests expect /etc/apparmor.d/ and
    /sbin/apparmor_parser to exist, skip them)
  - BuildRequires python3-pyflakes (utils tests) and dejagnu (libapparmor tests)
  - drop sed'ing python3 into aa-* shebang (upstreamed)
  - build binutils
    - aa-exec is now written in C and lives in /usr/bin/, move it to the
      apparmor_parser package and create a compability symlink in /usr/sbin/
    - aa-exec manpage moved to section 1
    - aa-enabled is a small new tool to find out if AppArmor is enabled
  - package new aa_stack_profile(2) manpage

OBS-URL: https://build.opensuse.org/request/show/453537
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=98
2017-02-11 00:33:45 +00:00
Christian Boltz
8c83a952f7 Accepting request 453533 from home:cboltz
- add upstream-changes-r3616..3628.diff:
  - update abstractions/base, abstractions/apache2-common and dovecot profiles
  - merge ask_the_questions() of aa-logprof and aa-mergeprof
  - pass LDFLAGS when building parser, libapparmor perl bindings and pam_apparmor
- adjust deleting the cache in profiles %post to the new cache location
- silence errors when deleting the cache (boo#976914)

- split libapparmor into separate spec to get rid of build loop
  involving mariadb, systemd, apparmor, libapr and mariadb again
  (see the discussion in SR 448871 for details)

- libapparmor.spec is based on the AppArmor 2.11 apparmor.spec, but
  with minimum BuildRequires

OBS-URL: https://build.opensuse.org/request/show/453533
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=166
2017-01-30 22:53:15 +00:00
Christian Boltz
fcc884a7e3 Accepting request 453151 from home:cboltz
- update to AppArmor 2.11.0
  - apparmor_parser now supports parallel compiles and loads
  - add full support for dbus, ptrace and signal rules and events to the
    utils
  - full rewrite of the file rule handling in the utils
  - lots of improvements and fixes
  - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_11 for the
    detailed changelog
- patches:
  - add sshd-profile-drop-local-include-r3615.diff to fix 'make check'
  - drop aa-unconfined-fix-netstat-call-2.10r3380.diff, no longer needed
  - refresh apparmor-abstractions-no-multiline.diff
  - refresh apparmor-samba-include-permissions-for-shares.diff
- spec changes:
  - aa-unconfined switched to using ss (from iproute2), adjust Recommends:
  - move libapparmor to /usr/lib*/
  - drop %if %suse_version checks for 12.x
  - change several Obsoletes from %version to < 2.9. Those package names
    weren't used since years, and 2.9 is still a careful choice
  - include apparmor.service independent of %suse_version
  - techdoc.pdf is now shipped in upstream tarball to reduce BuildRequires
    - drop latex2html, texlive-* and w3m BuildRequires
    - techdoc.txt and techdoc.html not included, drop them from the package
  - run most of utils/ make check (some tests expect /etc/apparmor.d/ and
    /sbin/apparmor_parser to exist, skip them)
  - BuildRequires python3-pyflakes (utils tests) and dejagnu (libapparmor tests)
  - drop sed'ing python3 into aa-* shebang (upstreamed)
  - build binutils
    - aa-exec is now written in C and lives in /usr/bin/, move it to the
      apparmor_parser package and create a compability symlink in /usr/sbin/
    - aa-exec manpage moved to section 1
    - aa-enabled is a small new tool to find out if AppArmor is enabled
  - package new aa_stack_profile(2) manpage

OBS-URL: https://build.opensuse.org/request/show/453151
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=165
2017-01-28 12:45:16 +00:00
Dominique Leuenberger
cd42aa3f12 Accepting request 452189 from security:apparmor
[New attemp with /var/lib/apparmor/cache as cache location, as discussed
with DimStar on IRC. No other differences compared to SR 449669.]

- change /etc/apparmor.d/cache symlink to /var/lib/apparmor/cache/.
  This is part of the root partition (at least with default partitioning)
  and should be available earlier than /var/cache/apparmor/
  (boo#1015249, boo#980081, bsc#1016259)
- add dependency on var-lib.mount to apparmor.service as safety net

- update to AppArmor 2.10.2 maintenance release
  - lots of bugfixes and profile updates (including boo#1000201,
    boo#1009964, boo#1014463)
  - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_10_2 for details
- add aa-unconfined-fix-netstat-call-2.10r3380.diff to fix a regression
  in aa-unconfined
- drop upstream(ed) patches:
  - changes-since-2.10.1--r3326..3346.diff
  - changes-since-2.10.1--r3347..3353.diff
  - libapparmor-fix-import-path.diff (upstream fix is slightly different)
  - nscd-var-lib.diff
- refresh apparmor-abstractions-no-multiline.diff

OBS-URL: https://build.opensuse.org/request/show/452189
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=97
2017-01-27 09:39:55 +00:00
Christian Boltz
99869c0576 - change /etc/apparmor.d/cache symlink to /var/lib/apparmor/cache/.
This is part of the root partition (at least with default partitioning)
  and should be available earlier than /var/cache/apparmor/
  (boo#1015249, boo#980081, bsc#1016259)
- add dependency on var-lib.mount to apparmor.service as safety net

OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=163
2017-01-24 14:23:09 +00:00
Christian Boltz
1a27f96919 Accepting request 449666 from home:cboltz
- delete /etc/apparmor.d/cache symlink. apparmor_parser will re-create
  it as real directory. This is needed to avoid problems on boot if
  /var/ is mounted too late (boo#1015249, boo#980081, bsc#1016259)
  (Note: I'm not packaging /etc/apparmor.d/cache/ as directory to avoid
  RPM update problems with the symlink -> directory change.)

OBS-URL: https://build.opensuse.org/request/show/449666
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=162
2017-01-11 11:32:04 +00:00
Christian Boltz
8b7ca9d3cb Accepting request 449596 from home:cboltz
- update to AppArmor 2.10.2 maintenance release
  - lots of bugfixes and profile updates (including boo#1000201,
    boo#1009964, boo#1014463)
  - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_10_2 for details
- add aa-unconfined-fix-netstat-call-2.10r3380.diff to fix a regression
  in aa-unconfined
- drop upstream(ed) patches:
  - changes-since-2.10.1--r3326..3346.diff
  - changes-since-2.10.1--r3347..3353.diff
  - libapparmor-fix-import-path.diff (upstream fix is slightly different)
  - nscd-var-lib.diff
- refresh apparmor-abstractions-no-multiline.diff

OBS-URL: https://build.opensuse.org/request/show/449596
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=161
2017-01-10 23:07:09 +00:00
Christian Boltz
5c6de0adb5 manually revert the accidently accepted SR 443209
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=160
2016-12-06 00:26:20 +00:00
Christian Boltz
2ba9e1fcd5 Accepting request 443209 from home:kstreitova:branches:security:apparmor
- disable apache in order to break build cycle:
  ['apache2', 'apparmor', 'libapr-util1', 'mariadb', 'systemd']

OBS-URL: https://build.opensuse.org/request/show/443209
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=159
2016-12-06 00:22:55 +00:00
Dominique Leuenberger
c4e8318ac3 Accepting request 436985 from security:apparmor
- add nscd-var-lib.diff to allow /var/lib/nscd/ in the nscd profile and
  abstractions/nameservice (path changed in latest nscd in Tumbleweed)


Note: The glibc/nscd package that needs this change was already released
with the 20161020 snapshot, so it would be a good idea to get the
AppArmor profile updates released quickly ;-) (forwarded request 436984 from cboltz)

OBS-URL: https://build.opensuse.org/request/show/436985
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=96
2016-10-31 08:52:34 +00:00
Christian Boltz
86efea86c1 Accepting request 436984 from home:cboltz
- add nscd-var-lib.diff to allow /var/lib/nscd/ in the nscd profile and
  abstractions/nameservice (path changed in latest nscd in Tumbleweed)


Note: The glibc/nscd package that needs this change was already released
with the 20161020 snapshot, so it would be a good idea to get the
AppArmor profile updates released quickly ;-)

OBS-URL: https://build.opensuse.org/request/show/436984
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=157
2016-10-23 14:11:15 +00:00
Dominique Leuenberger
5bcf8941d9 Accepting request 435009 from security:apparmor
- add changes-since-2.10.1--r3347..3353.diff with upstream changes and
  fixes in the 2.10 branch, including
  - allow writing *.qf files (for disk-based buffering) in syslog-ng profile
  - add several permissions to the dovecot profiles (deb#835826)
  - add a missing path in the traceroute profile (forwarded request 435008 from cboltz)

OBS-URL: https://build.opensuse.org/request/show/435009
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=95
2016-10-18 08:09:02 +00:00
Christian Boltz
041a6f7868 Accepting request 435008 from home:cboltz
- add changes-since-2.10.1--r3347..3353.diff with upstream changes and
  fixes in the 2.10 branch, including
  - allow writing *.qf files (for disk-based buffering) in syslog-ng profile
  - add several permissions to the dovecot profiles (deb#835826)
  - add a missing path in the traceroute profile

OBS-URL: https://build.opensuse.org/request/show/435008
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=155
2016-10-13 19:45:07 +00:00
Dominique Leuenberger
caf222a435 Accepting request 423554 from security:apparmor
really delete profiles-ping-inet6-r3449.diff (forwarded request 423553 from cboltz)

OBS-URL: https://build.opensuse.org/request/show/423554
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=94
2016-08-30 22:01:22 +00:00
Christian Boltz
4bdce4a3da Accepting request 423553 from home:cboltz
really delete profiles-ping-inet6-r3449.diff

OBS-URL: https://build.opensuse.org/request/show/423553
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=153
2016-08-28 15:58:12 +00:00
Christian Boltz
cc896b26e3 Accepting request 423291 from home:cboltz
- add changes-since-2.10.1--r3326..3346.diff with upstream changes and
  fixes since the 2.10.1 release, including
  - allow dac_override in winbindd profile (boo#990006#c5)
  - allow mr for /usr/lib*/ldb/*.so in samba abstractions (needed since
    Samba 4.4.x, boo#990006)
  - abstractions/nameservice: also support ConnMan-managed resolv.conf
  - let aa-genprof ask about profiles in extra dir (again)
  - fix aa-logprof "add hat" endless loop (lp#1538306)
  - honor 'chown' file events in logparser.py
  - ignore log file events with a request mask of 'send' or 'receive'
    because they are actually network events (lp#1577051, lp#1582374)
  - accept hostname with dots when parsing logs (lp#1453300 comments #1 and #2)
- fix python LibAppArmor import failures with swig > 3.0.8 (boo#987607)
  (libapparmor-fix-import-path.diff)
- refresh apparmor-abstractions-no-multiline.diff
- drop upstreamed profiles-ping-inet6-r3449.diff
- add %check section - runs libapparmor (including swig bindings),
  parser and profiles tests
- add BuildRequires: perl(Locale::gettext) - needed for parser tests

OBS-URL: https://build.opensuse.org/request/show/423291
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=152
2016-08-26 22:07:45 +00:00
Dominique Leuenberger
315760cb8a Accepting request 397705 from security:apparmor
- add profiles-ping-inet6-r3449.diff - latest ping also does IPv6 (boo#980596)


Please accept this SR before accepting SR 397541 (iputils).

OBS-URL: https://build.opensuse.org/request/show/397705
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=93
2016-05-25 19:22:16 +00:00
Christian Boltz
a86a930209 - add profiles-ping-inet6-r3449.diff - latest ping also does IPv6 (boo#980596)
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=150
2016-05-24 12:16:43 +00:00
Dominique Leuenberger
9489f19499 Accepting request 391406 from security:apparmor
- update to AppArmor 2.10.1 (2.10 branch r3326):
  - fix incorrect output of child profile names (apparmor_parser -N) which
    caused 'rcapparmor reload' to remove child profiles and hats (lp#1551950)
  - fix a crash in aa-logprof / logparser.py for change_hat log events
    (lp#1523297) and log events that look like file events, but aren't
    (lp#1540562, lp#1525119, lp#1466812)
  - write unix rules when saving a profile (lp#1522938, boo#954104#c3)
  - several fixes for variable handling in aa-logprof
  - map c (create) log events to w instead of a
  - add python to the "no Px rule" list in logprof.conf
  - let aa-logprof check for duplicate profiles
  - let aa-status work without the apparmor.fail python module (boo#971917,
    lp#1480492)
  - add permissions in several profiles (including boo#948584, boo#948753,
    boo#954959, boo#954958, boo#971790, boo#964971, boo#921098, boo#923201 and
    boo#921098#c15).
  - and many more fixes, see the full changelog at
    http://wiki.apparmor.net/index.php/ReleaseNotes_2_10_1
- drop upstream(ed) patches:
  - fix-initscript-aa_log_end_msg.diff
  - syslog-ng-profile-boo948584.diff
  - upstream-profile-updates-r3205-3241.diff
- refresh patches:
  - apparmor-abstractions-no-multiline.diff
  - apparmor-samba-include-permissions-for-shares.diff
- drop libapparmor autogen.sh call (broke the build) and remove libtool BR

OBS-URL: https://build.opensuse.org/request/show/391406
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=92
2016-04-28 14:51:56 +00:00
Christian Boltz
0b85e41674 :- drop libapparmor autogen.sh call (broke the build) and remove libtool BR
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=148
2016-04-23 11:08:24 +00:00
Christian Boltz
7374ae94dd - update to AppArmor 2.10.1 (2.10 branch r3326):
- fix incorrect output of child profile names (apparmor_parser -N) which
    caused 'rcapparmor reload' to remove child profiles and hats (lp#1551950)
  - fix a crash in aa-logprof / logparser.py for change_hat log events
    (lp#1523297) and log events that look like file events, but aren't
    (lp#1540562, lp#1525119, lp#1466812)
  - write unix rules when saving a profile (lp#1522938, boo#954104#c3)
  - several fixes for variable handling in aa-logprof
  - map c (create) log events to w instead of a
  - add python to the "no Px rule" list in logprof.conf
  - let aa-logprof check for duplicate profiles
  - let aa-status work without the apparmor.fail python module (boo#971917,
    lp#1480492)
  - add permissions in several profiles (including boo#948584, boo#948753,
    boo#954959, boo#954958, boo#971790, boo#964971, boo#921098, boo#923201 and
    boo#921098#c15).
  - and many more fixes, see the full changelog at
    http://wiki.apparmor.net/index.php/ReleaseNotes_2_10_1
- drop upstream(ed) patches:
  - fix-initscript-aa_log_end_msg.diff
  - syslog-ng-profile-boo948584.diff
  - upstream-profile-updates-r3205-3241.diff
- refresh patches:
  - apparmor-abstractions-no-multiline.diff
  - apparmor-samba-include-permissions-for-shares.diff

OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=147
2016-04-22 22:33:49 +00:00