0525bb6f3c
- add perl-apparmor-fix-bare-network-keyword-handling.diff: perl-apparmor: Fix handling of network (or network all) (bnc#889650) - add perl-apparmor-handle-bare-capability-keyword.diff: perl-apparmor: Fix handling of capability keyword (bnc#889651) - add perl-apparmor-properly-handle-bare-file-keyword.diff: perl-apparmor: Properly handle bare file keyword (bnc#889652) OBS-URL: https://build.opensuse.org/request/show/243065 OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=90
788 lines
31 KiB
Plaintext
788 lines
31 KiB
Plaintext
-------------------------------------------------------------------
|
|
Wed Jul 30 17:35:13 UTC 2014 - jeffm@suse.com
|
|
|
|
- add perl-apparmor-fix-bare-network-keyword-handling.diff:
|
|
perl-apparmor: Fix handling of network (or network all) (bnc#889650)
|
|
|
|
- add perl-apparmor-handle-bare-capability-keyword.diff:
|
|
perl-apparmor: Fix handling of capability keyword (bnc#889651)
|
|
|
|
- add perl-apparmor-properly-handle-bare-file-keyword.diff:
|
|
perl-apparmor: Properly handle bare file keyword (bnc#889652)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jul 3 14:45:14 UTC 2014 - ddiss@suse.com
|
|
|
|
- add apparmor-profiles-clustered-samba.diff to permit clustered Samba
|
|
access to CTDB socket and databases (bnc#885317)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jul 2 10:30:43 UTC 2014 - chris@computersalat.de
|
|
|
|
- fix problems with dovecot and managesieve
|
|
* usr.lib.dovecot.managesieve-login: network inet6 stream
|
|
* usr.lib.dovecot.managesieve:
|
|
+#include <tunables/dovecot>
|
|
/usr/lib/dovecot/managesieve {
|
|
#include <abstractions/base>
|
|
+ capability setgid,
|
|
+ capability setuid,
|
|
+ network inet stream,
|
|
+ network inet6 stream,
|
|
+ @{DOVECOT_MAILSTORE}/ rw,
|
|
+ @{DOVECOT_MAILSTORE}/** rwkl,
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jun 27 17:47:40 UTC 2014 - chris@computersalat.de
|
|
|
|
- add #include <abstractions/wutmp> to usr.lib.dovecot.auth
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Apr 1 16:06:24 UTC 2014 - lmuelle@suse.com
|
|
|
|
- update usr.sbin.winbindd profile (bnc#870607)
|
|
- restrict rw access to /var/cache/krb5rcache/ instead /var/tmp/
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Mar 28 14:24:19 UTC 2014 - lmuelle@suse.com
|
|
|
|
- update usr.sbin.winbindd profile (bnc#870607)
|
|
- treat passdb.tdb.tmp as passdb.tdb
|
|
- allow rw access to /var/tmp/
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Mar 20 19:58:47 UTC 2014 - opensuse@cboltz.de
|
|
|
|
- add Recommends: libnotify-tools to apparmor-utils (aa-notify -p
|
|
needs notify-send)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Feb 17 11:40:36 UTC 2014 - opensuse@cboltz.de
|
|
|
|
- update to AppArmor 2.8.3 (r2122) bugfix release
|
|
- fix some cache clearing bugs in apparmor_parser
|
|
- various fixes in mod_apparmor
|
|
- several profile updates, most of them were already included as patches
|
|
(except abstractions/winbind (bnc#863226), abstractions/fonts and
|
|
abstractions/p11-kit)
|
|
- see http://wiki.apparmor.net/index.php/ReleaseNotes_2_8_3 for all details
|
|
- update partially upstreamed apparmor-2.8.2-nm-dnsmasq-config.patch
|
|
- remove upstream(ed) patches
|
|
- apparmor-2.8.2-fix-ntpd-profile.diff
|
|
- apparmor-abstractions-r2089-r2090.diff
|
|
- apparmor-abstractions-ssl_certs.diff
|
|
- apparmor-fix-url-in-manpages-r2093.diff
|
|
- apparmor-no-perl-smartmatch-r2088.diff
|
|
- apparmor-profiles-dnsmasq.diff
|
|
- apparmor-profiles-ntpd-r2103.diff
|
|
- apparmor-profiles-samba-create-dirs.diff
|
|
- apparmor-profiles-samba4.diff
|
|
- apparmor-unconfined-lang-r2094.diff
|
|
- apparmor-utils-po-de-r2091.diff
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Feb 1 11:23:45 UTC 2014 - coolo@suse.com
|
|
|
|
- use current ruby macros, the rb_sitearch is obsolete since at least
|
|
12.1
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Jan 26 14:46:43 UTC 2014 - opensuse@cboltz.de
|
|
|
|
- update apparmor-2.8.2-nm-dnsmasq-config.patch - allow access to pid file
|
|
and supplemental config directory (by develop7)
|
|
- update apparmor-profiles-dovecot-bnc851984.diff:
|
|
- do not add access to @{DOVECOT_MAILSTORE} - not required by the main binary
|
|
- add abstractions/mysql
|
|
- allow execution of some more /usr/lib/dovecot/* binaries
|
|
- better restrict access to /var/spool/postfix/private/
|
|
- update usr.lib.dovecot.auth to allow to read mysql config files
|
|
- update usr.lib.dovecot.dict and usr.lib.dovecot.lmtp:
|
|
add abstractions/nameservice instead of allowing more and more files
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Jan 19 14:51:33 UTC 2014 - opensuse@cboltz.de
|
|
|
|
- add Recommends: net-tools to apparmor-utils (needed by aa-unconfined)
|
|
- update usr.lib.dovecot.lmtp (add /proc/*/mounts, /tmp/dovecot.lmtp.*,
|
|
/{var/,}run/dovecot/mounts, deny capability block_suspend)
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jan 17 16:29:54 UTC 2014 - develop7@develop7.info
|
|
|
|
- add apparmor-2.8.2-nm-dnsmasq-config.patch - allow dnsmasq read config
|
|
created by recent NetworkManager (see
|
|
http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=d82669d3fdaa7ec70ef1b64941c101ac810c394b
|
|
for update details)
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Jan 4 12:04:25 UTC 2014 - opensuse@cboltz.de
|
|
|
|
- add apparmor-profiles-samba-create-dirs.diff to allow samba to
|
|
mkdir /var/run/samba and /var/cache/samba (bnc#856651)
|
|
- add abstractions/samba to usr.sbin.winbindd profile
|
|
- add capabilities ipc_lock and setuid to usr.sbin.winbindd profile (bnc#851131)
|
|
|
|
- update dovecot profiles to support dovecot 2.x, and add profiles for
|
|
the parts of dovecot that were not covered yet (bnc#851984)
|
|
NOTE: Please adjust /etc/apparmor.d/tunables/dovecot to your needs.
|
|
(apparmor-profiles-dovecot-bnc851984.diff, usr.lib.dovecot.*)
|
|
|
|
- %restart_on_update (in parser %postun) is "translated" to stop/start by
|
|
the systemd wrapper, which removes AppArmor protection from running
|
|
processes. Fixed by using a custom script instead (bnc#853019)
|
|
NOTE: The %postun from the previously installed apparmor-parser package
|
|
will remove AppArmor protection from running processes a last time.
|
|
Run aa-status to get a list of processes you need to restart, or reboot
|
|
your computer.
|
|
- reload profiles in %post of the apparmor-profiles package
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Nov 25 23:44:40 UTC 2013 - opensuse@cboltz.de
|
|
|
|
- add apparmor-abstractions-ssl_certs.diff to allow access to
|
|
certificates in /var/lib/ca-certificates/ (bnc#852018)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Nov 14 20:54:23 UTC 2013 - opensuse@cboltz.de
|
|
|
|
- add apparmor-profiles-ntpd-r2103.diff with updated driftfile
|
|
location for ntpd (bnc#850374)
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Nov 2 14:15:58 UTC 2013 - opensuse@cboltz.de
|
|
|
|
- apparmor-profiles-samba4.diff, usr.sbin.winbindd: some more profile
|
|
updates for samba 4.x and kerberos (bnc#846586#c12 and #c15)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Oct 30 11:06:39 UTC 2013 - opensuse@cboltz.de
|
|
|
|
- add apparmor-profiles-dnsmasq.diff - add missing permissions for
|
|
libvirt-generated files to dnsmasq profile (bnc#848215)
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Oct 20 11:59:28 UTC 2013 - opensuse@cboltz.de
|
|
|
|
- apparmor-profiles-samba4.diff, usr.sbin.winbindd: some more profile
|
|
updates for samba 4.x (bnc#846054#c5)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Oct 15 20:10:49 UTC 2013 - opensuse@cboltz.de
|
|
|
|
- add apparmor-profiles-samba4.diff - various profile additions for
|
|
samba 4.x (bnc#845867, bnc#846054)
|
|
- update usr.sbin.winbindd for samba 4.x (bnc#845867, bnc#846054)
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Sep 29 15:00:20 UTC 2013 - opensuse@cboltz.de
|
|
|
|
- update apparmor-init.py-gsoc.diff to the final GSoC apparmor/__init__.py
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Sep 20 11:28:20 UTC 2013 - opensuse@cboltz.de
|
|
|
|
- add apparmor-fix-url-in-manpages-r2093.diff: fix URL in manpages
|
|
- add apparmor-unconfined-lang-r2094.diff: fix aa-unconfined to work
|
|
in all languages
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Sep 16 18:23:46 UTC 2013 - seife+obs@b1-systems.com
|
|
|
|
- fix ntp by allowing read access to openssl.cnf
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Sep 13 22:41:18 UTC 2013 - opensuse@cboltz.de
|
|
|
|
- add apparmor-utils-po-de-r2091.diff: fix some (mis)translations
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Sep 12 20:40:38 UTC 2013 - opensuse@cboltz.de
|
|
|
|
- add apparmor-abstractions-r2089-r2090.diff (from upstream 2.8 branch)
|
|
- p11-kit needs access to /usr/share/p11-kit/modules
|
|
- allow reading /etc/machine-id in the dbus-session abstraction
|
|
- add apparmor-init.py-gsoc.diff - make apparmor/__init__.py ready for
|
|
the new tools developed in GSoC
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Aug 23 20:09:59 UTC 2013 - opensuse@cboltz.de
|
|
|
|
- add apparmor-no-perl-smartmatch-r2088.diff: ~~ was marked as experimental
|
|
in perl 5.18 again - use grep instead (upstream 2.8 branch r2088)
|
|
- fix ruby requires
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Aug 16 18:26:20 UTC 2013 - opensuse@cboltz.de
|
|
|
|
- update to AppArmor 2.8.2
|
|
- several fixes for python3 compability
|
|
- various profile improvements:
|
|
- various additions to abstractions/fonts
|
|
- move poppler's cMaps from gnome to fonts; gnome includes fonts
|
|
- deny @{HOME}/.gnome2/keyrings/** to abstractions/private-files-strict
|
|
- add read access to @{PROC}/sys/vm/overcommit_memory to abstractions/base
|
|
(bnc#824577)
|
|
- update pulseaudio directory and cookie file paths
|
|
- add missing permissions to the nscd profile (bnc#807104)
|
|
- deny capability block_suspend to nscd (bnc#807104)
|
|
- MariaDB compatability in abstractions/mysql (bnc#798183)
|
|
- see http://wiki.apparmor.net/index.php/ReleaseNotes_2_8_2 for all details
|
|
- removed upstream(ed) patches
|
|
- apparmor-abstractions-mysql-path.diff
|
|
- apparmor-profiles-nscd.diff
|
|
- apparmor-python3-r2052.diff
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Aug 15 18:59:41 UTC 2013 - opensuse@cboltz.de
|
|
|
|
- swig for python3 is broken on openSUSE 12.2 - build python-apparmor
|
|
(for python2) instead on 12.2
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Aug 15 00:01:46 UTC 2013 - opensuse@cboltz.de
|
|
|
|
- add python3-apparmor subpackage (currently py2 OR py3 package can be
|
|
build, but not both at the same time)
|
|
- add upstream apparmor-python3-r2052.diff to fix various python3 issues
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jun 4 13:06:37 UTC 2013 - kkaempf@suse.com
|
|
|
|
- Ruby 2.0 mkmf gets the path to ruby.h wrong (bnc#822277)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon May 13 12:42:04 UTC 2013 - coolo@suse.com
|
|
|
|
- do not package directories as %config - especially not as noreplace
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Apr 23 20:11:39 UTC 2013 - opensuse@cboltz.de
|
|
|
|
- enable python and ruby subpackages (using %bcond_without)
|
|
- update/fix paths in %files for python and ruby subpackages
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Apr 2 18:56:56 UTC 2013 - opensuse@cboltz.de
|
|
|
|
- add Requires: insserv to parser package (needed by initscript)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Mar 5 17:49:42 UTC 2013 - opensuse@cboltz.de
|
|
|
|
- nscd profile: add missing permissions and deny capability block_suspend
|
|
(bnc#807104, apparmor-profiles-nscd.diff)
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Feb 17 09:59:48 UTC 2013 - jengelh@inai.de
|
|
|
|
- Add missing files to SRPM (bnc#777471)
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Jan 13 13:46:01 UTC 2013 - opensuse@cboltz.de
|
|
|
|
- update abstractions/mysql with correct paths and add MariaDB paths
|
|
(bnc#798183)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jan 10 10:57:40 UTC 2013 - opensuse@cboltz.de
|
|
|
|
- update to AppArmor 2.8.1 (=2.8 branch r2069)
|
|
Bugfix release, http://wiki.apparmor.net/index.php/ReleaseNotes_2_8_1
|
|
Most important changes are:
|
|
- add various missing parts to profiles and abstractions
|
|
- fix a possible x conflict with hats or child profiles in
|
|
apparmor_parser
|
|
- fix and speedup stdin handling in aa-decode
|
|
- various other bugfixes
|
|
- add pkgconfig support to libapparmor
|
|
- remove upstream(ed) patches
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Dec 3 20:58:04 UTC 2012 - opensuse@cboltz.de
|
|
|
|
- verify tarball with gpg-offline
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Sep 25 13:55:56 UTC 2012 - coolo@suse.com
|
|
|
|
- fix directory flags for /etc/apparmor.d to be in sync between
|
|
-parser and -profiles subpackage
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Sep 21 19:58:32 UTC 2012 - opensuse@cboltz.de
|
|
|
|
- remove %stop_on_removal for no longer existing aaeventd (bnc#781564)
|
|
- don't hide TeX output when building the parser and techdoc
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Aug 9 23:31:26 UTC 2012 - opensuse@cboltz.de
|
|
|
|
- clear and update inconsistent profile cache (bnc#774529)
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Aug 5 16:05:44 UTC 2012 - opensuse@cboltz.de
|
|
|
|
- abstractions/bash: update /bin/ls to also match /usr/bin/ls (usrMerge)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jul 30 08:17:01 UTC 2012 - werner@suse.de
|
|
|
|
- Add required fonts for new TeXLive 2012
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jul 6 22:33:39 UTC 2012 - opensuse@cboltz.de
|
|
|
|
- update /bin/ping profile to also match /usr/bin/ping (usrMerge)
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Jun 2 19:55:14 UTC 2012 - opensuse@cboltz.de
|
|
|
|
- update to AppArmor 2.8.0 (= r2047)
|
|
- new utility aa-easyprof - templated profile generation tool (the resulting
|
|
profile may be less strict than profiles generated with genprof/logprof)
|
|
- various small bugfixes
|
|
- removed upstreamed patches
|
|
|
|
-------------------------------------------------------------------
|
|
Tue May 8 19:30:23 UTC 2012 - opensuse@cboltz.de
|
|
|
|
- add apparmor-techdoc.patch to remove traces of the build time in PDF files
|
|
|
|
-------------------------------------------------------------------
|
|
Sat May 5 20:25:49 UTC 2012 - opensuse@cboltz.de
|
|
|
|
- update to AppArmor 2.8 beta5 (= 2.7.103 / r2031)
|
|
- new utility aa-exec to confine a program with the specified AppArmor profile
|
|
- add support for mount rules
|
|
- see http://wiki.apparmor.net/index.php/ReleaseNotes_2_8 for full upstream
|
|
changelog
|
|
- removed upstreamed and backported patches
|
|
- remove outdated autobuild and "disable repo" patches that were disabled since
|
|
the AppArmor 2.7 package
|
|
- create the Immunix::SubDomain compat perl module only for openSUSE <= 12.1
|
|
(bnc#720617 #c7)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Apr 16 21:16:41 UTC 2012 - opensuse@cboltz.de
|
|
|
|
- replace patch for dnsmasq profile with upstream patch (bnc#738905)
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Apr 13 22:22:27 UTC 2012 - opensuse@cboltz.de
|
|
|
|
- add apparmor-r2022-log-parser-network-bnc755923.patch - logprof didn't
|
|
create network rules because of changed log format (bnc#755923, lp#800826)
|
|
- add profile for samba winbindd (bnc#748499)
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Apr 6 13:38:11 CEST 2012 - mszeredi@suse.cz
|
|
|
|
- fix dnsmasq profile (bnc#738905)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Feb 9 19:01:07 UTC 2012 - opensuse@cboltz.de
|
|
|
|
- add 0001-fix-for-lp929531.patch to allow reading
|
|
/sys/devices/system/cpu/online in abstractions/base (lp#929531)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jan 31 09:53:06 UTC 2012 - opensuse@cboltz.de
|
|
|
|
- Update to AppArmor 2.7.2 (= 2.7 branch / r1894)
|
|
- move various permissions from httpd2-prefork profile to
|
|
abstractions/apache2-common. Backward-incompatible change: *.htaccess
|
|
files are no longer allowed for ^HANDLING_UNTRUSTED_INPUT
|
|
- allow access for more /usr/lib*/samba/ files for smbd (bnc#725967#c5)
|
|
- allow various .conf files for dovecot (lp#458922)
|
|
- disallow wl for *.so in @{HOME}/.pki/nssdb/ in abstractions/private-files
|
|
and abstractions/private-files-strict (lp#911847)
|
|
- update abstractions/kde, private-files* and ubuntu-browsers.d/user-files
|
|
to use ~/.kde4, not only ~/.kde (bnc#741592)
|
|
- block write access to ~/.kde{,4}/env in abstractions/private-files
|
|
(lp#914190)
|
|
- allow write access for personal dictionary etc. in abstractions/aspell
|
|
(lp#917859)
|
|
- when using genprof for a script, include read access to the script itsself
|
|
- automatically include abstractions/python or abstractions/ruby for
|
|
python/ruby scripts
|
|
- add profile for smbldap-useradd and allow smbd to call it (bnc#738041)
|
|
- allow creation of the .config directory in abstractions/enchant (lp#914184)
|
|
- allow TFTP read-only access in dnsmasq profile (lp#905412)
|
|
- allow capability dac_read_search for syslog-ng (bnc#731876)
|
|
- add p11-kit abstraction and include it in abstractions/authentification
|
|
(lp#912754, lp#912752)
|
|
- add audacity to abstractions/ubuntu-media-players (lp#899963)
|
|
- allow software-center, fireclam plugin, [tT]unar, exo-open, kate and
|
|
/dev/nvidia* in abstractons/ubuntu-browsers.d/* (lp#662906, lp#562831,
|
|
lp#890894, lp#890894, lp#884748)
|
|
- fix typo for multiarch gconf-modules in abstractions/base (lp#904548)
|
|
- allow avahi to do dbus introspection (lp#769148)
|
|
- allow access to ~/.fonts.conf.d in abstractions/fonts (lp#870992)
|
|
- allow transmission in abstractions/ubuntu-bittorrent-clients (lp#852062)
|
|
- allow reading ~/.cups/client.conf and ~/.cups/lpoptions in
|
|
abstractions/cups-client (lp#887992)
|
|
- allow read access of /etc/python{2,3}.[0-7]*/sitecustomize.py in
|
|
abstractions/python (lp#860856)
|
|
- various updates to the sshd profile (lp#817956)
|
|
- (and some more changes I already included in the apparmor-2.7-branch.diff)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jan 3 23:52:38 UTC 2012 - opensuse@cboltz.de
|
|
|
|
- Update to AppArmor 2.7.0 (= r1858)
|
|
- make traceroute6 work (bnc#733312)
|
|
- allow access to pyconfig.h in abstractions/python (lp#840734)
|
|
- fix logprof/genprof for hex-encoded program filenames (= filenames
|
|
containing space etc.)
|
|
- add apparmor-2.7-branch.diff with some upstreamed fixes:
|
|
- usr.sbin.smbd needs read access for /etc/netgroup (bnc#738041)
|
|
- create /etc/apparmor.d/tunables/multiarch.d as directory, not as file
|
|
- fix syntax error in abstractons/python
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Nov 29 18:34:54 CET 2011 - meissner@suse.de
|
|
|
|
- changed a $ -> % (typo)
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Nov 26 21:52:31 UTC 2011 - opensuse@cboltz.de
|
|
|
|
- package subdomain.conf only in -parser, not in -utils package
|
|
- package libapparmor.so and libimmunix.so only in libapparmor-devel,
|
|
not in libapparmor1
|
|
- make Provides for perl-libapparmor versioned to avoid self-Obsoletes
|
|
- move libapparmor.a and libimmunix.a from libapparmor1 to
|
|
libapparmor-devel package
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Nov 10 20:16:24 UTC 2011 - opensuse@cboltz.de
|
|
|
|
- update to AppArmor 2.7.0 rc2
|
|
Most of the changes since rc1 were already included as patches.
|
|
Additional changes:
|
|
- fix logprof/genprof to recognize "mknod" in audit.log
|
|
- fix libapparmor python bindings to compile with python 3
|
|
- fix wrong status message in initscript if apparmor-utils are not installed
|
|
- parser/Makefile: fix some warnings, always respect CXX and LDFLAGS
|
|
- fix some warnings in utils/Makefile
|
|
- remove 4 upstreamed patches
|
|
- remove mkdir /etc/apparmor.d/disable - that's done by upstream Makefile now
|
|
- update line numbers in 2 patches
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Nov 1 17:39:29 UTC 2011 - opensuse@cboltz.de
|
|
|
|
- make abstractions/winbind working on 64bit systems
|
|
- allow loading the libraries for samba "vfs objects" also on 32bit
|
|
systems (bnc#725967)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Oct 26 20:48:16 UTC 2011 - opensuse@cboltz.de
|
|
|
|
- allow loading the libraries for samba "vfs objects" (bnc#725967)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Oct 19 09:53:14 UTC 2011 - opensuse@cboltz.de
|
|
|
|
- include autogenerated profile sniplet for samba shares (bnc#688040)
|
|
- more helpful error message for "aa-notify -p" if the user is not in
|
|
the configured group
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Oct 13 22:52:24 UTC 2011 - opensuse@cboltz.de
|
|
|
|
- update to AppArmor 2.7.0 rc1
|
|
- aa-notify: add --display option and warn if $DISPLAY is not set
|
|
(important for usage with sudo on openSUSE)
|
|
- fix syntax error on "rcapparmor stop"
|
|
- allow read access to /proc/*/mounts in the dovecot profile
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Oct 9 19:42:05 UTC 2011 - opensuse@cboltz.de
|
|
|
|
- add patch with upstream changes since 2.7.0 beta2 release
|
|
- add example parser.conf
|
|
- print warning if profile cache directory doesn't exist
|
|
- remove initscript for no longer existing aa-eventd (bnc#720617)
|
|
- set correct $HOME in aa-notify
|
|
- enable caching of profiles (= massive speedup) (bnc#689458)
|
|
- add comments for patches in .spec and comments in some patches
|
|
- run spec-cleaner
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Sep 30 20:07:41 UTC 2011 - coolo@suse.com
|
|
|
|
- add libtool as buildrequire to make the spec file more reliable
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Sep 16 15:25:19 UTC 2011 - opensuse@cboltz.de
|
|
|
|
- update to AppArmor 2.7.0 beta2
|
|
- includes fixes for bnc#717707, bnc#678749, bnc#685674, bnc#679182,
|
|
bnc#691072, bnc#705319, bnc#713728
|
|
- add some missing perl module Requires to perl-apparmor
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Sep 13 18:47:36 UTC 2011 - opensuse@cboltz.de
|
|
|
|
- update to AppArmor 2.7.0 beta1, for details see
|
|
http://wiki.apparmor.net/index.php/ReleaseNotes_2_7
|
|
- removed lots of patches I pushed upstream
|
|
- disabled apparmor-2.5.1-unified-build (patch to use automake,
|
|
does not apply to 2.7 and probably won't be accepted upstream)
|
|
- disabled build of tomcat_apparmor (doesn't build, deprecated upstream)
|
|
- run spec-cleaner
|
|
- remove *.la files
|
|
- move usr.sbin.nscd profile back to apparmor-profiles package
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Sep 7 10:35:12 MDT 2011 - jfehlig@suse.com
|
|
|
|
- Update patch apparmor-profiles-usr.sbin.dnsmasq to include
|
|
/var/lib/libvirt/dnsmasq/*.leases (bnc#694197).
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Aug 22 11:54:21 UTC 2011 - opensuse@cboltz.de
|
|
|
|
- install SubDomain.pm compat module (bnc#713408)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Aug 3 02:46:08 CEST 2011 - jeffm@suse.de
|
|
|
|
- Update to 2.6.1.
|
|
- One patch eliminated
|
|
- Lots of minor fixes
|
|
- Split out more common abstractions
|
|
- Add check_for_apparmor() helper.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Aug 2 17:07:43 CEST 2011 - jeffm@suse.de
|
|
|
|
- dhcpd: Fix apparmor profile (bnc#692428)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Aug 2 09:19:45 UTC 2011 - fcrozat@suse.com
|
|
|
|
- Add apparmor-securityfs-systemd.patch: do not mount securityfs
|
|
when running under systemd, just access the directory, systemd
|
|
will automount it (bnc#704460).
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Jul 17 20:04:18 UTC 2011 - andrea.turrini@gmail.com
|
|
|
|
- Fixed typos in descriptions and summaries of apparmor.spec
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jun 24 16:02:21 CEST 2011 - jeffm@suse.de
|
|
|
|
- Fixed building of pam_apparmor to properly link libpam (bnc#696553).
|
|
- Fixed building of apache2-mod_apparmor to properly link (bnc#701821).
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jun 21 09:54:28 UTC 2011 - coolo@novell.com
|
|
|
|
- move the requires and prerequires to the right package
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Apr 27 17:28:58 UTC 2011 - opensuse@cboltz.de
|
|
|
|
- make the -doc and -profiles subpackages noarch (again)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Mar 24 21:30:15 CET 2011 - jeffm@suse.de
|
|
|
|
- Added alias from Immunix::SubDomain to Immunix:AppArmor to allow
|
|
older users of perl-apparmor to work properly.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Mar 22 21:29:49 CET 2011 - jeffm@suse.de
|
|
|
|
- Properly re-created links to old utility names.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Mar 14 19:24:02 CET 2011 - jeffm@suse.de
|
|
|
|
- Added /etc/ethers and /var/run/dnsmasq-forwarders to
|
|
usr.sbin.dnsmasq (bnc#678749)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Mar 14 16:48:53 CET 2011 - jeffm@suse.de
|
|
|
|
- Update to 2.6.0
|
|
- 19 patches eliminated
|
|
- Lots of minor fixes.
|
|
- Split out more common abstractions
|
|
- Added more local includes
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Mar 1 09:56:30 UTC 2011 - rhafer@suse.de
|
|
|
|
- Additional libvirt related fixes in usr.sbin.dnsmasq (bnc#675867)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Feb 24 15:52:15 CET 2011 - jeffm@suse.de
|
|
|
|
- Added 'network packet raw' to dhclient profile.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Feb 22 12:45:43 UTC 2011 - bwiedemann@novell.com
|
|
|
|
- Add Requires for used perl packages (bnc#670650).
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jan 25 23:25:28 CET 2011 - jeffm@suse.de
|
|
|
|
- Updated dhclient profile and added dhclient-script profile (bnc#561152).
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jan 25 18:11:00 CET 2011 - jeffm@suse.de
|
|
|
|
- Added ability to completely disable repositories.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jan 24 21:27:45 CET 2011 - jeffm@suse.de
|
|
|
|
- Properly indent sub-profiles after genprof completion (bnc#480795).
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jan 24 20:16:03 CET 2011 - jeffm@suse.de
|
|
|
|
- Inherit flags in sub-profiles when generating profiles (bnc#496204).
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jan 24 01:02:53 CET 2011 - jeffm@suse.de
|
|
|
|
- Stop treating profiles shipped with the package as config files.
|
|
- /etc/apparmor.d will still be treated specially.
|
|
- Add support for parsing network operation events (bnc#665483)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jan 24 00:23:35 CET 2011 - jeffm@suse.de
|
|
|
|
- Fix for sbin.klogd profile using kernel versions >= 2.6.38-rc1.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jan 24 00:11:28 CET 2011 - jeffm@suse.de
|
|
|
|
- Update to apparmor-2.5 r1445.
|
|
- Includes 3 of the fixes below.
|
|
- Several testsuite fixes.
|
|
- Update for Thunderbird profile.
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jan 21 19:07:15 CET 2011 - jeffm@suse.de
|
|
|
|
- Add support for libvirt in usr.sbin.dnsmasq (bnc#666090)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jan 18 10:51:33 UTC 2011 - coolo@novell.com
|
|
|
|
- fix rm call for nscd profile to avoid file conflict
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jan 11 15:24:16 CET 2011 - jeffm@suse.de
|
|
|
|
- profiles: Add openssl abstraction (bnc#623886).
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jan 11 15:12:45 CET 2011 - jeffm@suse.de
|
|
|
|
- Added support for sys_nice to ntpd profile (bnc#657054).
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jan 10 19:27:01 CET 2011 - jeffm@suse.de
|
|
|
|
- apparmor-utils: Support newer auditd formatted messages.
|
|
- Fix two x transition conflict bugs. (bnc#662928)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jan 6 16:23:19 UTC 2011 - rhafer@suse.de
|
|
|
|
- Splitted ldap related things from nameservice into separate
|
|
profile and added some missing paths (bnc#662761)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Dec 22 03:41:43 CET 2010 - jeffm@suse.de
|
|
|
|
- Fixed pod2man macros with older versions of GNU make
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Dec 21 00:36:39 CET 2010 - jeffm@suse.de
|
|
|
|
- Fixed building of perl and ruby SWIG modules. The former
|
|
is required for apparmor-utils to work properly.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Dec 7 18:22:55 CET 2010 - jeffm@suse.de
|
|
|
|
- Fixed use-after-free issue in apparmor_parser.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Dec 7 17:52:59 CET 2010 - jeffm@suse.de
|
|
|
|
- Added fixes for logprof issuing uninitialized variable errors
|
|
while encountering audit messages for unconfined processes.
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Dec 1 19:52:58 CET 2010 - jeffm@suse.de
|
|
|
|
- Updated cupsd profile (bnc#539401)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Dec 1 19:00:56 CET 2010 - jeffm@suse.de
|
|
|
|
- Fix {proc} vs {PROC} macro usage in firefox profile (bnc#436262)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Dec 1 18:41:31 CET 2010 - jeffm@suse.de
|
|
|
|
- Added support for eDirectory nameservice (bnc#621394)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Dec 1 18:05:44 CET 2010 - jeffm@suse.de
|
|
|
|
- Fixed incorrect /proc/*/sys usage in usr.sbin.ntpd profile (bnc#634801)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Dec 1 17:39:08 CET 2010 - jeffm@suse.de
|
|
|
|
- Added fix for another case of whitespace affecting profile
|
|
removal (bnc#510740)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Nov 30 12:00:00 CET 2010 - jeffm@suse.de
|
|
|
|
- Added support for unified build, which massively simplified
|
|
the packaging.
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Nov 15 21:22:46 CET 2010 - czanik@balabit.hu
|
|
|
|
- Fix for syslog-ng profile to allow upgrade to v3.2
|
|
- add mysql support to syslog-ng profile
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Oct 21 15:16:38 CEST 2010 - jeffm@suse.de
|
|
|
|
- Added support for enabling/disabling the module automatically
|
|
during installation/removal (bnc#623246)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Oct 5 17:58:31 CEST 2010 - jeffm@suse.de
|
|
|
|
- Converted archive to tar.bz2.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Oct 5 17:49:16 CEST 2010 - jeffm@suse.de
|
|
|
|
- Updated to 2.5.1-final.
|
|
- Lots of testcase updates.
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Aug 27 21:21:38 CEST 2010 - jeffm@suse.de
|
|
|
|
- Initial packaging of AppArmor 2.5
|
|
- Now contained in a single archive so built from a single spec file
|
|
|