------------------------------------------------------------------- Sun Oct 20 11:59:28 UTC 2013 - opensuse@cboltz.de - apparmor-profiles-samba4.diff, usr.sbin.winbindd: some more profile updates for samba 4.x (bnc#846054#c5) ------------------------------------------------------------------- Tue Oct 15 20:10:49 UTC 2013 - opensuse@cboltz.de - add apparmor-profiles-samba4.diff - various profile additions for samba 4.x (bnc#845867, bnc#846054) - update usr.sbin.winbindd for samba 4.x (bnc#845867, bnc#846054) ------------------------------------------------------------------- Sun Sep 29 15:00:20 UTC 2013 - opensuse@cboltz.de - update apparmor-init.py-gsoc.diff to the final GSoC apparmor/__init__.py ------------------------------------------------------------------- Fri Sep 20 11:28:20 UTC 2013 - opensuse@cboltz.de - add apparmor-fix-url-in-manpages-r2093.diff: fix URL in manpages - add apparmor-unconfined-lang-r2094.diff: fix aa-unconfined to work in all languages ------------------------------------------------------------------- Mon Sep 16 18:23:46 UTC 2013 - seife+obs@b1-systems.com - fix ntp by allowing read access to openssl.cnf ------------------------------------------------------------------- Fri Sep 13 22:41:18 UTC 2013 - opensuse@cboltz.de - add apparmor-utils-po-de-r2091.diff: fix some (mis)translations ------------------------------------------------------------------- Thu Sep 12 20:40:38 UTC 2013 - opensuse@cboltz.de - add apparmor-abstractions-r2089-r2090.diff (from upstream 2.8 branch) - p11-kit needs access to /usr/share/p11-kit/modules - allow reading /etc/machine-id in the dbus-session abstraction - add apparmor-init.py-gsoc.diff - make apparmor/__init__.py ready for the new tools developed in GSoC ------------------------------------------------------------------- Fri Aug 23 20:09:59 UTC 2013 - opensuse@cboltz.de - add apparmor-no-perl-smartmatch-r2088.diff: ~~ was marked as experimental in perl 5.18 again - use grep instead (upstream 2.8 branch r2088) - fix ruby requires ------------------------------------------------------------------- Fri Aug 16 18:26:20 UTC 2013 - opensuse@cboltz.de - update to AppArmor 2.8.2 - several fixes for python3 compability - various profile improvements: - various additions to abstractions/fonts - move poppler's cMaps from gnome to fonts; gnome includes fonts - deny @{HOME}/.gnome2/keyrings/** to abstractions/private-files-strict - add read access to @{PROC}/sys/vm/overcommit_memory to abstractions/base (bnc#824577) - update pulseaudio directory and cookie file paths - add missing permissions to the nscd profile (bnc#807104) - deny capability block_suspend to nscd (bnc#807104) - MariaDB compatability in abstractions/mysql (bnc#798183) - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_8_2 for all details - removed upstream(ed) patches - apparmor-abstractions-mysql-path.diff - apparmor-profiles-nscd.diff - apparmor-python3-r2052.diff ------------------------------------------------------------------- Thu Aug 15 18:59:41 UTC 2013 - opensuse@cboltz.de - swig for python3 is broken on openSUSE 12.2 - build python-apparmor (for python2) instead on 12.2 ------------------------------------------------------------------- Thu Aug 15 00:01:46 UTC 2013 - opensuse@cboltz.de - add python3-apparmor subpackage (currently py2 OR py3 package can be build, but not both at the same time) - add upstream apparmor-python3-r2052.diff to fix various python3 issues ------------------------------------------------------------------- Tue Jun 4 13:06:37 UTC 2013 - kkaempf@suse.com - Ruby 2.0 mkmf gets the path to ruby.h wrong (bnc#822277) ------------------------------------------------------------------- Mon May 13 12:42:04 UTC 2013 - coolo@suse.com - do not package directories as %config - especially not as noreplace ------------------------------------------------------------------- Tue Apr 23 20:11:39 UTC 2013 - opensuse@cboltz.de - enable python and ruby subpackages (using %bcond_without) - update/fix paths in %files for python and ruby subpackages ------------------------------------------------------------------- Tue Apr 2 18:56:56 UTC 2013 - opensuse@cboltz.de - add Requires: insserv to parser package (needed by initscript) ------------------------------------------------------------------- Tue Mar 5 17:49:42 UTC 2013 - opensuse@cboltz.de - nscd profile: add missing permissions and deny capability block_suspend (bnc#807104, apparmor-profiles-nscd.diff) ------------------------------------------------------------------- Sun Feb 17 09:59:48 UTC 2013 - jengelh@inai.de - Add missing files to SRPM (bnc#777471) ------------------------------------------------------------------- Sun Jan 13 13:46:01 UTC 2013 - opensuse@cboltz.de - update abstractions/mysql with correct paths and add MariaDB paths (bnc#798183) ------------------------------------------------------------------- Thu Jan 10 10:57:40 UTC 2013 - opensuse@cboltz.de - update to AppArmor 2.8.1 (=2.8 branch r2069) Bugfix release, http://wiki.apparmor.net/index.php/ReleaseNotes_2_8_1 Most important changes are: - add various missing parts to profiles and abstractions - fix a possible x conflict with hats or child profiles in apparmor_parser - fix and speedup stdin handling in aa-decode - various other bugfixes - add pkgconfig support to libapparmor - remove upstream(ed) patches ------------------------------------------------------------------- Mon Dec 3 20:58:04 UTC 2012 - opensuse@cboltz.de - verify tarball with gpg-offline ------------------------------------------------------------------- Tue Sep 25 13:55:56 UTC 2012 - coolo@suse.com - fix directory flags for /etc/apparmor.d to be in sync between -parser and -profiles subpackage ------------------------------------------------------------------- Fri Sep 21 19:58:32 UTC 2012 - opensuse@cboltz.de - remove %stop_on_removal for no longer existing aaeventd (bnc#781564) - don't hide TeX output when building the parser and techdoc ------------------------------------------------------------------- Thu Aug 9 23:31:26 UTC 2012 - opensuse@cboltz.de - clear and update inconsistent profile cache (bnc#774529) ------------------------------------------------------------------- Sun Aug 5 16:05:44 UTC 2012 - opensuse@cboltz.de - abstractions/bash: update /bin/ls to also match /usr/bin/ls (usrMerge) ------------------------------------------------------------------- Mon Jul 30 08:17:01 UTC 2012 - werner@suse.de - Add required fonts for new TeXLive 2012 ------------------------------------------------------------------- Fri Jul 6 22:33:39 UTC 2012 - opensuse@cboltz.de - update /bin/ping profile to also match /usr/bin/ping (usrMerge) ------------------------------------------------------------------- Sat Jun 2 19:55:14 UTC 2012 - opensuse@cboltz.de - update to AppArmor 2.8.0 (= r2047) - new utility aa-easyprof - templated profile generation tool (the resulting profile may be less strict than profiles generated with genprof/logprof) - various small bugfixes - removed upstreamed patches ------------------------------------------------------------------- Tue May 8 19:30:23 UTC 2012 - opensuse@cboltz.de - add apparmor-techdoc.patch to remove traces of the build time in PDF files ------------------------------------------------------------------- Sat May 5 20:25:49 UTC 2012 - opensuse@cboltz.de - update to AppArmor 2.8 beta5 (= 2.7.103 / r2031) - new utility aa-exec to confine a program with the specified AppArmor profile - add support for mount rules - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_8 for full upstream changelog - removed upstreamed and backported patches - remove outdated autobuild and "disable repo" patches that were disabled since the AppArmor 2.7 package - create the Immunix::SubDomain compat perl module only for openSUSE <= 12.1 (bnc#720617 #c7) ------------------------------------------------------------------- Mon Apr 16 21:16:41 UTC 2012 - opensuse@cboltz.de - replace patch for dnsmasq profile with upstream patch (bnc#738905) ------------------------------------------------------------------- Fri Apr 13 22:22:27 UTC 2012 - opensuse@cboltz.de - add apparmor-r2022-log-parser-network-bnc755923.patch - logprof didn't create network rules because of changed log format (bnc#755923, lp#800826) - add profile for samba winbindd (bnc#748499) ------------------------------------------------------------------- Fri Apr 6 13:38:11 CEST 2012 - mszeredi@suse.cz - fix dnsmasq profile (bnc#738905) ------------------------------------------------------------------- Thu Feb 9 19:01:07 UTC 2012 - opensuse@cboltz.de - add 0001-fix-for-lp929531.patch to allow reading /sys/devices/system/cpu/online in abstractions/base (lp#929531) ------------------------------------------------------------------- Tue Jan 31 09:53:06 UTC 2012 - opensuse@cboltz.de - Update to AppArmor 2.7.2 (= 2.7 branch / r1894) - move various permissions from httpd2-prefork profile to abstractions/apache2-common. Backward-incompatible change: *.htaccess files are no longer allowed for ^HANDLING_UNTRUSTED_INPUT - allow access for more /usr/lib*/samba/ files for smbd (bnc#725967#c5) - allow various .conf files for dovecot (lp#458922) - disallow wl for *.so in @{HOME}/.pki/nssdb/ in abstractions/private-files and abstractions/private-files-strict (lp#911847) - update abstractions/kde, private-files* and ubuntu-browsers.d/user-files to use ~/.kde4, not only ~/.kde (bnc#741592) - block write access to ~/.kde{,4}/env in abstractions/private-files (lp#914190) - allow write access for personal dictionary etc. in abstractions/aspell (lp#917859) - when using genprof for a script, include read access to the script itsself - automatically include abstractions/python or abstractions/ruby for python/ruby scripts - add profile for smbldap-useradd and allow smbd to call it (bnc#738041) - allow creation of the .config directory in abstractions/enchant (lp#914184) - allow TFTP read-only access in dnsmasq profile (lp#905412) - allow capability dac_read_search for syslog-ng (bnc#731876) - add p11-kit abstraction and include it in abstractions/authentification (lp#912754, lp#912752) - add audacity to abstractions/ubuntu-media-players (lp#899963) - allow software-center, fireclam plugin, [tT]unar, exo-open, kate and /dev/nvidia* in abstractons/ubuntu-browsers.d/* (lp#662906, lp#562831, lp#890894, lp#890894, lp#884748) - fix typo for multiarch gconf-modules in abstractions/base (lp#904548) - allow avahi to do dbus introspection (lp#769148) - allow access to ~/.fonts.conf.d in abstractions/fonts (lp#870992) - allow transmission in abstractions/ubuntu-bittorrent-clients (lp#852062) - allow reading ~/.cups/client.conf and ~/.cups/lpoptions in abstractions/cups-client (lp#887992) - allow read access of /etc/python{2,3}.[0-7]*/sitecustomize.py in abstractions/python (lp#860856) - various updates to the sshd profile (lp#817956) - (and some more changes I already included in the apparmor-2.7-branch.diff) ------------------------------------------------------------------- Tue Jan 3 23:52:38 UTC 2012 - opensuse@cboltz.de - Update to AppArmor 2.7.0 (= r1858) - make traceroute6 work (bnc#733312) - allow access to pyconfig.h in abstractions/python (lp#840734) - fix logprof/genprof for hex-encoded program filenames (= filenames containing space etc.) - add apparmor-2.7-branch.diff with some upstreamed fixes: - usr.sbin.smbd needs read access for /etc/netgroup (bnc#738041) - create /etc/apparmor.d/tunables/multiarch.d as directory, not as file - fix syntax error in abstractons/python ------------------------------------------------------------------- Tue Nov 29 18:34:54 CET 2011 - meissner@suse.de - changed a $ -> % (typo) ------------------------------------------------------------------- Sat Nov 26 21:52:31 UTC 2011 - opensuse@cboltz.de - package subdomain.conf only in -parser, not in -utils package - package libapparmor.so and libimmunix.so only in libapparmor-devel, not in libapparmor1 - make Provides for perl-libapparmor versioned to avoid self-Obsoletes - move libapparmor.a and libimmunix.a from libapparmor1 to libapparmor-devel package ------------------------------------------------------------------- Thu Nov 10 20:16:24 UTC 2011 - opensuse@cboltz.de - update to AppArmor 2.7.0 rc2 Most of the changes since rc1 were already included as patches. Additional changes: - fix logprof/genprof to recognize "mknod" in audit.log - fix libapparmor python bindings to compile with python 3 - fix wrong status message in initscript if apparmor-utils are not installed - parser/Makefile: fix some warnings, always respect CXX and LDFLAGS - fix some warnings in utils/Makefile - remove 4 upstreamed patches - remove mkdir /etc/apparmor.d/disable - that's done by upstream Makefile now - update line numbers in 2 patches ------------------------------------------------------------------- Tue Nov 1 17:39:29 UTC 2011 - opensuse@cboltz.de - make abstractions/winbind working on 64bit systems - allow loading the libraries for samba "vfs objects" also on 32bit systems (bnc#725967) ------------------------------------------------------------------- Wed Oct 26 20:48:16 UTC 2011 - opensuse@cboltz.de - allow loading the libraries for samba "vfs objects" (bnc#725967) ------------------------------------------------------------------- Wed Oct 19 09:53:14 UTC 2011 - opensuse@cboltz.de - include autogenerated profile sniplet for samba shares (bnc#688040) - more helpful error message for "aa-notify -p" if the user is not in the configured group ------------------------------------------------------------------- Thu Oct 13 22:52:24 UTC 2011 - opensuse@cboltz.de - update to AppArmor 2.7.0 rc1 - aa-notify: add --display option and warn if $DISPLAY is not set (important for usage with sudo on openSUSE) - fix syntax error on "rcapparmor stop" - allow read access to /proc/*/mounts in the dovecot profile ------------------------------------------------------------------- Sun Oct 9 19:42:05 UTC 2011 - opensuse@cboltz.de - add patch with upstream changes since 2.7.0 beta2 release - add example parser.conf - print warning if profile cache directory doesn't exist - remove initscript for no longer existing aa-eventd (bnc#720617) - set correct $HOME in aa-notify - enable caching of profiles (= massive speedup) (bnc#689458) - add comments for patches in .spec and comments in some patches - run spec-cleaner ------------------------------------------------------------------- Fri Sep 30 20:07:41 UTC 2011 - coolo@suse.com - add libtool as buildrequire to make the spec file more reliable ------------------------------------------------------------------- Fri Sep 16 15:25:19 UTC 2011 - opensuse@cboltz.de - update to AppArmor 2.7.0 beta2 - includes fixes for bnc#717707, bnc#678749, bnc#685674, bnc#679182, bnc#691072, bnc#705319, bnc#713728 - add some missing perl module Requires to perl-apparmor ------------------------------------------------------------------- Tue Sep 13 18:47:36 UTC 2011 - opensuse@cboltz.de - update to AppArmor 2.7.0 beta1, for details see http://wiki.apparmor.net/index.php/ReleaseNotes_2_7 - removed lots of patches I pushed upstream - disabled apparmor-2.5.1-unified-build (patch to use automake, does not apply to 2.7 and probably won't be accepted upstream) - disabled build of tomcat_apparmor (doesn't build, deprecated upstream) - run spec-cleaner - remove *.la files - move usr.sbin.nscd profile back to apparmor-profiles package ------------------------------------------------------------------- Wed Sep 7 10:35:12 MDT 2011 - jfehlig@suse.com - Update patch apparmor-profiles-usr.sbin.dnsmasq to include /var/lib/libvirt/dnsmasq/*.leases (bnc#694197). ------------------------------------------------------------------- Mon Aug 22 11:54:21 UTC 2011 - opensuse@cboltz.de - install SubDomain.pm compat module (bnc#713408) ------------------------------------------------------------------- Wed Aug 3 02:46:08 CEST 2011 - jeffm@suse.de - Update to 2.6.1. - One patch eliminated - Lots of minor fixes - Split out more common abstractions - Add check_for_apparmor() helper. ------------------------------------------------------------------- Tue Aug 2 17:07:43 CEST 2011 - jeffm@suse.de - dhcpd: Fix apparmor profile (bnc#692428) ------------------------------------------------------------------- Tue Aug 2 09:19:45 UTC 2011 - fcrozat@suse.com - Add apparmor-securityfs-systemd.patch: do not mount securityfs when running under systemd, just access the directory, systemd will automount it (bnc#704460). ------------------------------------------------------------------- Sun Jul 17 20:04:18 UTC 2011 - andrea.turrini@gmail.com - Fixed typos in descriptions and summaries of apparmor.spec ------------------------------------------------------------------- Fri Jun 24 16:02:21 CEST 2011 - jeffm@suse.de - Fixed building of pam_apparmor to properly link libpam (bnc#696553). - Fixed building of apache2-mod_apparmor to properly link (bnc#701821). ------------------------------------------------------------------- Tue Jun 21 09:54:28 UTC 2011 - coolo@novell.com - move the requires and prerequires to the right package ------------------------------------------------------------------- Wed Apr 27 17:28:58 UTC 2011 - opensuse@cboltz.de - make the -doc and -profiles subpackages noarch (again) ------------------------------------------------------------------- Thu Mar 24 21:30:15 CET 2011 - jeffm@suse.de - Added alias from Immunix::SubDomain to Immunix:AppArmor to allow older users of perl-apparmor to work properly. ------------------------------------------------------------------- Tue Mar 22 21:29:49 CET 2011 - jeffm@suse.de - Properly re-created links to old utility names. ------------------------------------------------------------------- Mon Mar 14 19:24:02 CET 2011 - jeffm@suse.de - Added /etc/ethers and /var/run/dnsmasq-forwarders to usr.sbin.dnsmasq (bnc#678749) ------------------------------------------------------------------- Mon Mar 14 16:48:53 CET 2011 - jeffm@suse.de - Update to 2.6.0 - 19 patches eliminated - Lots of minor fixes. - Split out more common abstractions - Added more local includes ------------------------------------------------------------------- Tue Mar 1 09:56:30 UTC 2011 - rhafer@suse.de - Additional libvirt related fixes in usr.sbin.dnsmasq (bnc#675867) ------------------------------------------------------------------- Thu Feb 24 15:52:15 CET 2011 - jeffm@suse.de - Added 'network packet raw' to dhclient profile. ------------------------------------------------------------------- Tue Feb 22 12:45:43 UTC 2011 - bwiedemann@novell.com - Add Requires for used perl packages (bnc#670650). ------------------------------------------------------------------- Tue Jan 25 23:25:28 CET 2011 - jeffm@suse.de - Updated dhclient profile and added dhclient-script profile (bnc#561152). ------------------------------------------------------------------- Tue Jan 25 18:11:00 CET 2011 - jeffm@suse.de - Added ability to completely disable repositories. ------------------------------------------------------------------- Mon Jan 24 21:27:45 CET 2011 - jeffm@suse.de - Properly indent sub-profiles after genprof completion (bnc#480795). ------------------------------------------------------------------- Mon Jan 24 20:16:03 CET 2011 - jeffm@suse.de - Inherit flags in sub-profiles when generating profiles (bnc#496204). ------------------------------------------------------------------- Mon Jan 24 01:02:53 CET 2011 - jeffm@suse.de - Stop treating profiles shipped with the package as config files. - /etc/apparmor.d will still be treated specially. - Add support for parsing network operation events (bnc#665483) ------------------------------------------------------------------- Mon Jan 24 00:23:35 CET 2011 - jeffm@suse.de - Fix for sbin.klogd profile using kernel versions >= 2.6.38-rc1. ------------------------------------------------------------------- Mon Jan 24 00:11:28 CET 2011 - jeffm@suse.de - Update to apparmor-2.5 r1445. - Includes 3 of the fixes below. - Several testsuite fixes. - Update for Thunderbird profile. ------------------------------------------------------------------- Fri Jan 21 19:07:15 CET 2011 - jeffm@suse.de - Add support for libvirt in usr.sbin.dnsmasq (bnc#666090) ------------------------------------------------------------------- Tue Jan 18 10:51:33 UTC 2011 - coolo@novell.com - fix rm call for nscd profile to avoid file conflict ------------------------------------------------------------------- Tue Jan 11 15:24:16 CET 2011 - jeffm@suse.de - profiles: Add openssl abstraction (bnc#623886). ------------------------------------------------------------------- Tue Jan 11 15:12:45 CET 2011 - jeffm@suse.de - Added support for sys_nice to ntpd profile (bnc#657054). ------------------------------------------------------------------- Mon Jan 10 19:27:01 CET 2011 - jeffm@suse.de - apparmor-utils: Support newer auditd formatted messages. - Fix two x transition conflict bugs. (bnc#662928) ------------------------------------------------------------------- Thu Jan 6 16:23:19 UTC 2011 - rhafer@suse.de - Splitted ldap related things from nameservice into separate profile and added some missing paths (bnc#662761) ------------------------------------------------------------------- Wed Dec 22 03:41:43 CET 2010 - jeffm@suse.de - Fixed pod2man macros with older versions of GNU make ------------------------------------------------------------------- Tue Dec 21 00:36:39 CET 2010 - jeffm@suse.de - Fixed building of perl and ruby SWIG modules. The former is required for apparmor-utils to work properly. ------------------------------------------------------------------- Tue Dec 7 18:22:55 CET 2010 - jeffm@suse.de - Fixed use-after-free issue in apparmor_parser. ------------------------------------------------------------------- Tue Dec 7 17:52:59 CET 2010 - jeffm@suse.de - Added fixes for logprof issuing uninitialized variable errors while encountering audit messages for unconfined processes. ------------------------------------------------------------------- Wed Dec 1 19:52:58 CET 2010 - jeffm@suse.de - Updated cupsd profile (bnc#539401) ------------------------------------------------------------------- Wed Dec 1 19:00:56 CET 2010 - jeffm@suse.de - Fix {proc} vs {PROC} macro usage in firefox profile (bnc#436262) ------------------------------------------------------------------- Wed Dec 1 18:41:31 CET 2010 - jeffm@suse.de - Added support for eDirectory nameservice (bnc#621394) ------------------------------------------------------------------- Wed Dec 1 18:05:44 CET 2010 - jeffm@suse.de - Fixed incorrect /proc/*/sys usage in usr.sbin.ntpd profile (bnc#634801) ------------------------------------------------------------------- Wed Dec 1 17:39:08 CET 2010 - jeffm@suse.de - Added fix for another case of whitespace affecting profile removal (bnc#510740) ------------------------------------------------------------------- Tue Nov 30 12:00:00 CET 2010 - jeffm@suse.de - Added support for unified build, which massively simplified the packaging. ------------------------------------------------------------------- Fri Nov 15 21:22:46 CET 2010 - czanik@balabit.hu - Fix for syslog-ng profile to allow upgrade to v3.2 - add mysql support to syslog-ng profile ------------------------------------------------------------------- Thu Oct 21 15:16:38 CEST 2010 - jeffm@suse.de - Added support for enabling/disabling the module automatically during installation/removal (bnc#623246) ------------------------------------------------------------------- Tue Oct 5 17:58:31 CEST 2010 - jeffm@suse.de - Converted archive to tar.bz2. ------------------------------------------------------------------- Tue Oct 5 17:49:16 CEST 2010 - jeffm@suse.de - Updated to 2.5.1-final. - Lots of testcase updates. ------------------------------------------------------------------- Fri Aug 27 21:21:38 CEST 2010 - jeffm@suse.de - Initial packaging of AppArmor 2.5 - Now contained in a single archive so built from a single spec file