From 4876125855e6d1210bb6d2004443752d45fff59e3634e2c21b2e73ab4c539fba Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Sat, 11 Oct 2008 14:29:05 +0000 Subject: [PATCH] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/vim?expand=0&rev=30 --- vim-7.0-filetype_apparmor.patch | 190 ------------------------- vim-7.2-filetype_apparmor.patch | 239 ++++++++++++++++++++++++++++++++ vim.changes | 5 + vim.spec | 7 +- 4 files changed, 248 insertions(+), 193 deletions(-) delete mode 100644 vim-7.0-filetype_apparmor.patch create mode 100644 vim-7.2-filetype_apparmor.patch diff --git a/vim-7.0-filetype_apparmor.patch b/vim-7.0-filetype_apparmor.patch deleted file mode 100644 index d18c121..0000000 --- a/vim-7.0-filetype_apparmor.patch +++ /dev/null @@ -1,190 +0,0 @@ -Index: vim71/runtime/filetype.vim -=================================================================== ---- vim71.orig/runtime/filetype.vim -+++ vim71/runtime/filetype.vim -@@ -110,6 +110,10 @@ au BufNewFile,BufRead proftpd.conf* cal - au BufNewFile,BufRead .htaccess setf apache - au BufNewFile,BufRead httpd.conf*,srm.conf*,access.conf*,apache.conf*,apache2.conf*,/etc/apache2/*.conf* call s:StarSetf('apache') - -+" AppArmor -+au BufNewFile,BufRead */etc/apparmor.d/* setf apparmor -+au BufNewFile,BufRead */etc/apparmor/profiles/* setf apparmor -+ - " XA65 MOS6510 cross assembler - au BufNewFile,BufRead *.a65 setf a65 - -Index: vim71/runtime/syntax/apparmor.vim -=================================================================== ---- /dev/null -+++ vim71/runtime/syntax/apparmor.vim -@@ -0,0 +1,170 @@ -+" $Id$ -+" -+" ---------------------------------------------------------------------- -+" Copyright (c) 2005 Novell, Inc. All Rights Reserved. -+" Copyright (c) 2006 Christian Boltz. All Rights Reserved. -+" -+" This program is free software; you can redistribute it and/or -+" modify it under the terms of version 2 of the GNU General Public -+" License as published by the Free Software Foundation. -+" -+" This program is distributed in the hope that it will be useful, -+" but WITHOUT ANY WARRANTY; without even the implied warranty of -+" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+" GNU General Public License for more details. -+" -+" You should have received a copy of the GNU General Public License -+" along with this program; if not, contact Novell, Inc. -+" -+" To contact Novell about this file by physical or electronic mail, -+" you may find current contact information at www.novell.com. -+" -+" To contact Christian Boltz about this file by physical or electronic -+" mail, you may find current contact information at www.cboltz.de. -+" ---------------------------------------------------------------------- -+" -+" stick this file into ~/.vim/syntax/ and add these commands into your .vimrc -+" to have vim automagically use this syntax file for these directories: -+" -+" autocmd BufNewFile,BufRead /etc/apparmor.d/* set syntax=apparmor -+" autocmd BufNewFile,BufRead /etc/apparmor/profiles/* set syntax=apparmor -+ -+ -+" color setup... -+ -+" adjust colors according to the background -+ -+" switching colors depending on the background color doesn't work -+" unfortunately, so we use colors that work with light and dark background. -+" Patches welcome ;-) -+ -+"if &background == "light" -+" light background -+ hi sdProfileName ctermfg=lightblue -+ hi sdHatName ctermfg=darkblue -+ hi sdGlob ctermfg=darkmagenta -+ hi sdEntryWriteExec ctermfg=black ctermbg=yellow -+ hi sdEntryUX ctermfg=darkred cterm=underline -+ hi sdEntryCUX ctermfg=darkred -+ hi sdEntryIX ctermfg=darkcyan -+ hi sdEntryM ctermfg=darkcyan -+ hi sdEntryPX ctermfg=darkgreen cterm=underline -+ hi sdEntryCPX ctermfg=darkgreen -+ hi sdEntryW ctermfg=darkyellow -+ hi sdCap ctermfg=lightblue -+ hi sdNetwork ctermfg=lightblue -+ hi sdNetworkDanger ctermfg=darkred -+ hi sdCapKey cterm=underline ctermfg=lightblue -+ hi sdCapDanger ctermfg=darkred -+ hi def link sdEntryR Normal -+ hi def link sdEntryK Normal -+ hi def link sdFlags Normal -+ hi sdEntryChangeProfile ctermfg=darkgreen cterm=underline -+"else -+" dark background -+" hi sdProfileName ctermfg=white -+" hi sdHatName ctermfg=white -+" hi sdGlob ctermfg=magenta -+" hi sdEntryWriteExec ctermfg=black ctermbg=yellow -+" hi sdEntryUX ctermfg=red cterm=underline -+" hi sdEntryCUX ctermfg=red -+" hi sdEntryIX ctermfg=cyan -+" hi sdEntryM ctermfg=cyan -+" hi sdEntryPX ctermfg=green cterm=underline -+" hi sdEntryCPX ctermfg=green -+" hi sdEntryW ctermfg=yellow -+" hi sdCap ctermfg=lightblue -+" hi sdCapKey cterm=underline ctermfg=lightblue -+" hi def link sdEntryR Normal -+" hi def link sdFlags Normal -+" hi sdCapDanger ctermfg=red -+"endif -+ -+hi def link sdInclude Include -+high def link sdComment Comment -+high def link sdFlagKey TODO -+high def link sdError ErrorMsg -+ -+ -+" always sync from the start. should be relatively quick since we don't have -+" that many rules and profiles shouldn't be _extremely_ large... -+ syn sync fromstart -+ -+syn keyword sdFlagKey complain audit debug -+ -+" highlight some invalid syntax -+"syn match sdError /\v.+$/ " causes false positives on '}' :-( -+syn match sdError /{/ contained -+syn match sdError /}/ -+syn match sdError /^.*$/ "highlight all non-valid lines as error -+ -+syn match sdGlob /\v\?|\*|\{.*,.*\}|[[^\]]\+\]|\@\{[a-zA-Z]*\}/ -+ -+syn cluster sdEntry contains=sdEntryWriteExec,sdEntryR,sdEntryW,sdEntryIX,sdEntryPX,sdEntryCPX,sdEntryUX,sdEntryCUX,sdEntryM,sdCap -+ -+ -+" Capability line -+syn keyword sdCapKey chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease -+syn keyword sdCapDanger sys_admin -+ -+syn match sdCap /\v^\s*capability\s+\S+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdCapKey,sdCapDanger nextgroup=@sdEntry,sdComment,sdError,sdInclude -+ -+" Network line -+" Syntax: network domain (inet, ...) type (stream, ...) protocol (tcp, ...) -+syn keyword sdNetworkDanger raw -+syn match sdNetwork /\v^\s*network(\s+(inet|ax25|ipx|appletalk|netrom|bridge|atmpvc|x25|inet6|rose|netbeui|security|key|packet|ash|econet|atmsvc|sna|irda|pppox|wanpipe|bluetooth))?(\s+(stream|dgram|seqpacket|raw|rdm|packet))?(\s+(tcp|udp|icmp))?,(\s*$|(\s*#.*$)\@=)/ contains=sdNetworkDanger nextgroup=@sdEntry,sdComment,sdError,sdInclude -+"syn match sdNetworkDanger /\v^\s*network(\s+(inet|ax25|ipx|appletalk|netrom|bridge|atmpvc|x25|inet6|rose|netbeui|security|key|packet|ash|econet|atmsvc|sna|irda|pppox|wanpipe|bluetooth))?(\s+(raw))?(\s+(tcp|udp|icmp))?,(\s*$|(\s*#.*$)\@=)/ -+ -+syn match sdEntryChangeProfile /\v^\s*change_profile\s+(\/|\@\{\S*\})\S*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob nextgroup=@sdEntry,sdComment,sdError,sdInclude -+ -+" file permissions -+" -+" write + exec/mmap - danger! -+" known bug: accepts 'aw' to keep things simple -+syn match sdEntryWriteExec /\v^\s*(\/|\@\{\S*\})\S*\s+(l|r|w|a|m|k|[iuUpP]x)+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob nextgroup=@sdEntry,sdComment,sdError,sdInclude -+ -+" ux(mr) - unconstrained entry, flag the line red -+syn match sdEntryUX /\v^\s*(\/|\@\{\S*\})\S*\s+(r|m|k|ux)+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob nextgroup=@sdEntry,sdComment,sdError,sdInclude -+" Ux(mr) - like ux + clean environment -+syn match sdEntryCUX /\v^\s*(\/|\@\{\S*\})\S*\s+(r|m|k|Ux)+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob nextgroup=@sdEntry,sdComment,sdError,sdInclude -+" px(mr) - standard exec entry, flag the line blue -+syn match sdEntryPX /\v^\s*(\/|\@\{\S*\})\S*\s+(r|m|k|px)+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob nextgroup=@sdEntry,sdComment,sdError,sdInclude -+" Px(mr) - like px + clean environment -+syn match sdEntryCPX /\v^\s*(\/|\@\{\S*\})\S*\s+(r|m|k|Px)+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob nextgroup=@sdEntry,sdComment,sdError,sdInclude -+" ix(mr) - standard exec entry, flag the line green -+syn match sdEntryIX /\v^\s*(\/|\@\{\S*\})\S*\s+(r|m|k|ix)+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob nextgroup=@sdEntry,sdComment,sdError,sdInclude -+" mr - mmap with PROT_EXEC -+syn match sdEntryM /\v^\s*(\/|\@\{\S*\})\S*\s+(r|m|k)+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob nextgroup=@sdEntry,sdComment,sdError,sdInclude -+ -+" if we've got u or i without x, it's an error -+syn match sdError /\v^\s*(\/|\@\{\S*\})\S*\s+(l|r|w|k|u|p|i)+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob nextgroup=@sdEntry,sdComment,sdError,sdInclude -+ -+" write + append is an error also -+syn match sdError /\v^\s*(\/|\@\{\S*\})\S*\s+([lrkupi]*w[lrkupi]*a[lrkupi]*|[lrkupi]*a[lrkupi]*w[lrkupi]*)\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob nextgroup=@sdEntry,sdComment,sdError,sdInclude -+ -+" write entry, flag the line yellow -+syn match sdEntryW /\v^\s*(\/|\@\{\S*\})\S*\s+(l|r|w|k)+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob nextgroup=@sdEntry,sdComment,sdError,sdInclude -+" append entry, flag the line yellow -+syn match sdEntryW /\v^\s*(\/|\@\{\S*\})\S*\s+(l|r|k|a)+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob nextgroup=@sdEntry,sdComment,sdError,sdInclude -+ -+" read entry + locking, currently no highlighting -+syn match sdEntryK /\v^\s*(\/|\@\{\S*\})\S*\s+[rlk]+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob nextgroup=@sdEntry,sdComment,sdError -+" read entry, no highlighting -+syn match sdEntryR /\v^\s*(\/|\@\{\S*\})\S*\s+[rl]+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob nextgroup=@sdEntry,sdComment,sdError -+ -+syn match sdProfileName /\v^\/\S+\s+(flags\=\(\S+\)\s+)=\{/ contains=sdProfileStart,sdHatName,sdFlags -+syn match sdProfileStart /{/ contained -+syn match sdProfileEnd /}/ " contained -+syn match sdHatName /\v^\s+\^\S+\s+(flags\=\(\S+\)\s+)=\{/ contains=sdProfileStart,sdFlags -+syn match sdHatStart /{/ contained -+syn match sdHatEnd /}/ contained -+syn match sdFlags /\vflags\=\(\S+\)/ contained contains=sdFlagKey -+ -+syn match sdComment /\s*#.*$/ -+syn match sdInclude /\s*#include.*$/ -+ -+" basic profile block... -+" \s+ does not work in end=, therefore using \s\s* -+syn region Normal start=/\v^\s*\^\S+\s+(flags\=\(\S+\)\s+)=\{/ matchgroup=sdProfileEnd end=/^}\s*$/ contains=sdProfileName,Hat,@sdEntry,sdComment,sdError,sdInclude -+syn region Hat start=/\v^\s+\^\S+\s+(flags\=\(\S+\)\s+)=\{/ matchgroup=sdHatEnd end=/^\s\s*}\s*$/ contained contains=sdHatName,@sdEntry,sdComment,sdError,sdInclude -+ diff --git a/vim-7.2-filetype_apparmor.patch b/vim-7.2-filetype_apparmor.patch new file mode 100644 index 0000000..448a4c5 --- /dev/null +++ b/vim-7.2-filetype_apparmor.patch @@ -0,0 +1,239 @@ +Index: vim72/runtime/filetype.vim +=================================================================== +--- vim72.orig/runtime/filetype.vim 2008-10-09 11:29:24.000000000 +0200 ++++ vim72/runtime/filetype.vim 2008-10-09 11:29:45.000000000 +0200 +@@ -113,6 +113,10 @@ au BufNewFile,BufRead proftpd.conf* cal + au BufNewFile,BufRead .htaccess setf apache + au BufNewFile,BufRead httpd.conf*,srm.conf*,access.conf*,apache.conf*,apache2.conf*,/etc/apache2/*.conf* call s:StarSetf('apache') + ++" AppArmor ++au BufNewFile,BufRead */etc/apparmor.d/* setf apparmor ++au BufNewFile,BufRead */etc/apparmor/profiles/* setf apparmor ++ + " XA65 MOS6510 cross assembler + au BufNewFile,BufRead *.a65 setf a65 + +Index: vim72/runtime/syntax/apparmor.vim +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ vim72/runtime/syntax/apparmor.vim 2008-10-09 11:33:16.000000000 +0200 +@@ -0,0 +1,219 @@ ++" $Id: apparmor.vim.in,v 1.6 2008/09/25 00:13:43 cb Exp $ ++" ++" ---------------------------------------------------------------------- ++" Copyright (c) 2005 Novell, Inc. All Rights Reserved. ++" Copyright (c) 2006-2008 Christian Boltz. All Rights Reserved. ++" ++" This program is free software; you can redistribute it and/or ++" modify it under the terms of version 2 of the GNU General Public ++" License as published by the Free Software Foundation. ++" ++" This program is distributed in the hope that it will be useful, ++" but WITHOUT ANY WARRANTY; without even the implied warranty of ++" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++" GNU General Public License for more details. ++" ++" You should have received a copy of the GNU General Public License ++" along with this program; if not, contact Novell, Inc. ++" ++" To contact Novell about this file by physical or electronic mail, ++" you may find current contact information at www.novell.com. ++" ++" To contact Christian Boltz about this file by physical or electronic ++" mail, you may find current contact information at www.cboltz.de/en/kontakt. ++" ---------------------------------------------------------------------- ++" ++" stick this file into ~/.vim/syntax/ and add these commands into your .vimrc ++" to have vim automagically use this syntax file for these directories: ++" ++" autocmd BufNewFile,BufRead /etc/apparmor.d/* set syntax=apparmor ++" autocmd BufNewFile,BufRead /etc/apparmor/profiles/* set syntax=apparmor ++ ++" profiles are case sensitive ++syntax case match ++ ++" color setup... ++ ++" adjust colors according to the background ++ ++" switching colors depending on the background color doesn't work ++" unfortunately, so we use colors that work with light and dark background. ++" Patches welcome ;-) ++ ++"if &background == "light" ++" light background ++ hi sdProfileName ctermfg=lightblue ++ hi sdHatName ctermfg=darkblue ++ hi sdExtHat ctermfg=darkblue ++" hi sdComment2 ctermfg=darkblue ++ hi sdGlob ctermfg=darkmagenta ++ hi sdAlias ctermfg=darkmagenta ++ hi sdEntryWriteExec ctermfg=black ctermbg=yellow ++ hi sdEntryUX ctermfg=darkred cterm=underline ++ hi sdEntryUXe ctermfg=darkred ++ hi sdEntryIX ctermfg=darkcyan ++ hi sdEntryM ctermfg=darkcyan ++ hi sdEntryPX ctermfg=darkgreen cterm=underline ++ hi sdEntryPXe ctermfg=darkgreen ++ hi sdEntryW ctermfg=darkyellow ++ hi sdCap ctermfg=lightblue ++ hi sdSetCap ctermfg=black ctermbg=yellow ++ hi sdNetwork ctermfg=lightblue ++ hi sdNetworkDanger ctermfg=darkred ++ hi sdCapKey cterm=underline ctermfg=lightblue ++ hi sdCapDanger ctermfg=darkred ++ hi sdRLimit ctermfg=lightblue ++ hi def link sdEntryR Normal ++ hi def link sdEntryK Normal ++ hi def link sdFlags Normal ++ hi sdEntryChangeProfile ctermfg=darkgreen cterm=underline ++"else ++" dark background ++" hi sdProfileName ctermfg=white ++" hi sdHatName ctermfg=white ++" hi sdGlob ctermfg=magenta ++" hi sdEntryWriteExec ctermfg=black ctermbg=yellow ++" hi sdEntryUX ctermfg=red cterm=underline ++" hi sdEntryUXe ctermfg=red ++" hi sdEntryIX ctermfg=cyan ++" hi sdEntryM ctermfg=cyan ++" hi sdEntryPX ctermfg=green cterm=underline ++" hi sdEntryPXe ctermfg=green ++" hi sdEntryW ctermfg=yellow ++" hi sdCap ctermfg=lightblue ++" hi sdCapKey cterm=underline ctermfg=lightblue ++" hi def link sdEntryR Normal ++" hi def link sdFlags Normal ++" hi sdCapDanger ctermfg=red ++"endif ++ ++hi def link sdInclude Include ++high def link sdComment Comment ++"high def link sdComment2 Comment ++high def link sdFlagKey TODO ++high def link sdError ErrorMsg ++ ++ ++" always sync from the start. should be relatively quick since we don't have ++" that many rules and profiles shouldn't be _extremely_ large... ++syn sync fromstart ++ ++syn keyword sdFlagKey complain audit debug ++ ++" highlight invalid syntax ++syn match sdError /{/ contained ++syn match sdError /}/ ++syn match sdError /^.*$/ contains=sdComment "highlight all non-valid lines as error ++" TODO: do not mark lines containing only whitespace as error ++ ++" TODO: the sdGlob pattern is not anchored with ^ and $, so it matches all lines matching ^@{...}.* ++" This allows incorrect lines also and should be checked better. ++syn match sdGlob /\v\?|\*|\{.*,.*\}|[[^\]]\+\]|\@\{[a-zA-Z_]*\}/ ++ ++syn match sdAlias /\v^alias\s+(\/|\@\{\S*\})\S*\s+-\>\s+(\/|\@\{\S*\})\S*\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob ++ ++"syn match sdComment /#.*/ ++ ++syn cluster sdEntry contains=sdEntryWriteExec,sdEntryR,sdEntryW,sdEntryIX,sdEntryPX,sdEntryPXe,sdEntryUX,sdEntryUXe,sdEntryM,sdCap,sdSetCap,sdExtHat,sdRLimit,sdNetwork,sdNetworkDanger,sdEntryChangeProfile ++ ++ ++" TODO: support audit and deny keywords for all rules (not only for files) ++" TODO: higlight audit and deny keywords everywhere ++ ++" Capability line ++ ++" normal capabilities - really keep this list? syn match sdCap should be enough... (difference: sdCapKey words would loose underlining) ++syn keyword sdCapKey chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_servğice net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_boot sys_nice sys_resouğrce sys_time sys_tty_config mknod lease ++ ++" dangerous capabilities - highlighted separately ++syn keyword sdCapDanger sys_admin ++ ++" full line. Keywords are from sdCapKey + sdCapDanger ++syn match sdCap /\v^\s*capability\s+(chown|dac_override|dac_read_search|fowner|fsetid|kill|setgid|setuid|setpcap|linux_immutable|net_bind_servğice|net_broadcast|net_admin|net_raw|ipc_lock|ipc_owner|sys_module|sys_rawio|sys_chroot|sys_ptrace|sys_pacct|sys_boot|sys_nice|sys_resouğrce|sys_time|sys_tty_config|mknod|lease|sys_admin)\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdCapKey,sdCapDanger,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude ++syn match sdSetCap /\v^\s*set\s+capability\s+(chown|dac_override|dac_read_search|fowner|fsetid|kill|setgid|setuid|setpcap|linux_immutable|net_bind_servğice|net_broadcast|net_admin|net_raw|ipc_lock|ipc_owner|sys_module|sys_rawio|sys_chroot|sys_ptrace|sys_pacct|sys_boot|sys_nice|sys_resouğrce|sys_time|sys_tty_config|mknod|lease|sys_admin)\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdCapKey,sdCapDanger,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude ++ ++ ++" Network line ++" Syntax: network domain (inet, ...) type (stream, ...) protocol (tcp, ...) ++syn match sdNetwork /\v^\s*network(\s+(inet|ax25|ipx|appletalk|netrom|bridge|atmpvc|x25|inet6|rose|netbeui|security|key|packet|ash|econet|atmsvc|sna|irda|pppox|wanpipe|bluetooth))?(\s+(stream|dgram|seqpacket|rdm|packet))?(\s+(tcp|udp|icmp))?\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude ++" network rules containing 'raw' ++syn match sdNetworkDanger /\v^\s*network(\s+(inet|ax25|ipx|appletalk|netrom|bridge|atmpvc|x25|inet6|rose|netbeui|security|key|packet|ash|econet|atmsvc|sna|irda|pppox|wanpipe|bluetooth))?(\s+(raw))(\s+(tcp|udp|icmp))?\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude ++" 'all networking' includes raw -> mark as dangerous ++syn match sdNetworkDanger /\v^\s*network\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude ++ ++ ++" Change Profile ++syn match sdEntryChangeProfile /\v^\s*change_profile\s+-\>\s+\S+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude ++ ++ ++" rlimit ++" ++"syn match sdRLimit /\v^\s*rlimit\s+()\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdComment ++syn match sdRLimit /\v^\s*rlimit\s+(nofile|locks|sigpending|nproc|rtprio)\s+[0-9]+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdComment ++syn match sdRLimit /\v^\s*rlimit\s+(fsize|data|stack|core|rss|as|memlock|msgqueue)\s+\<\=\s+[0-9]+([KMG])?\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdComment ++syn match sdRLimit /\v^\s*rlimit\s+nice\s+(-1?[0-9]|-20|1?[0-9])\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdComment ++ ++" link rules ++syn match sdEntryW /\v^\s+link\s+(subset\s+)?(\/|\@\{\S*\})\S*\s+-\>\s+(\/|\@\{\S*\})\S*\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob ++ ++ ++" file permissions ++" ++" write + exec/mmap - danger! ++" known bug: accepts 'aw' to keep things simple ++syn match sdEntryWriteExec /\v^\s*((owner\s+)|(audit\s+)|(deny\s+))*(\/|\@\{\S*\})\S*\s+(l|r|w|a|m|k|[iuUpPcC]x)+(\s+-\>\s+\S+)?\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude ++ ++" ux(mr) - unconstrained entry, flag the line red ++syn match sdEntryUX /\v^\s*((owner\s+)|(audit\s+)|(deny\s+))*(\/|\@\{\S*\})\S*\s+(r|m|k|ux)+(\s+-\>\s+\S+)?\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude ++" Ux(mr) - like ux + clean environment ++syn match sdEntryUXe /\v^\s*((owner\s+)|(audit\s+)|(deny\s+))*(\/|\@\{\S*\})\S*\s+(r|m|k|Ux)+(\s+-\>\s+\S+)?\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude ++" px/cx/pix/cix(mrk) - standard exec entry, flag the line blue ++syn match sdEntryPX /\v^\s*((owner\s+)|(audit\s+)|(deny\s+))*(\/|\@\{\S*\})\S*\s+(r|m|k|px|cx|pix|cix)+(\s+-\>\s+\S+)?\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude ++" Px/Cx/Pix/Cix(mrk) - like px/cx + clean environment ++syn match sdEntryPXe /\v^\s*((owner\s+)|(audit\s+)|(deny\s+))*(\/|\@\{\S*\})\S*\s+(r|m|k|Px|Cx|Pix|Cix)+(\s+-\>\s+\S+)?\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude ++" ix(mr) - standard exec entry, flag the line green ++syn match sdEntryIX /\v^\s*((owner\s+)|(audit\s+)|(deny\s+))*(\/|\@\{\S*\})\S*\s+(r|m|k|ix)+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude ++" mr - mmap with PROT_EXEC ++syn match sdEntryM /\v^\s*((owner\s+)|(audit\s+)|(deny\s+))*(\/|\@\{\S*\})\S*\s+(r|m|k)+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude ++ ++" if we've got u or i without x, it's an error ++" rule is superfluous because of the '/.*/ is an error' rule ;-) ++"syn match sdError /\v^\s*((owner\s+)|(audit\s+)|(deny\s+))*(\/|\@\{\S*\})\S*\s+(l|r|w|k|u|p|i)+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude ++ ++" write + append is an error also ++"syn match sdError /\v^\s*((owner\s+)|(audit\s+)|(deny\s+))*(\/|\@\{\S*\})\S*\s+(\S*r\S*a\S*|\S*a\S*w\S*)\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude ++syn match sdError /\v^\s*((owner\s+)|(audit\s+)|(deny\s+))*(\/|\@\{\S*\})\S*\s+\S*(w\S*a|a\S*w)\S*\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude ++ ++" write entry, flag the line yellow ++syn match sdEntryW /\v^\s*((owner\s+)|(audit\s+)|(deny\s+))*(\/|\@\{\S*\})\S*\s+(l|r|w|k)+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude ++" append entry, flag the line yellow ++syn match sdEntryW /\v^\s*((owner\s+)|(audit\s+)|(deny\s+))*(\/|\@\{\S*\})\S*\s+(l|r|a|k)+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude ++ ++" read entry + locking, currently no highlighting ++syn match sdEntryK /\v^\s*((owner\s+)|(audit\s+)|(deny\s+))*(\/|\@\{\S*\})\S*\s+[rlk]+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude ++" read entry, no highlighting ++syn match sdEntryR /\v^\s*((owner\s+)|(audit\s+)|(deny\s+))*(\/|\@\{\S*\})\S*\s+[rl]+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob,sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude ++ ++syn match sdExtHat /\v^\s+(\^|profile\s+)\S+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdComment " hat without {...} ++ ++ ++ ++ ++syn match sdProfileName /\v^((profile\s+)?\/\S+|profile\s+\S+)\s+(flags\=\((complain|audit)\)\s+)=\{/ contains=sdProfileStart,sdHatName,sdFlags,sdComment ++syn match sdProfileStart /{/ contained ++syn match sdProfileEnd /^}\s*(#.*)?$/ contained " TODO: syn region does not (yet?) allow usage of comment in end= ++ " TODO: Removing the $ mark from end= will allow non-comments also :-( ++syn match sdHatName /\v^\s+(\^|profile\s+)\S+\s+(flags\=\((complain|audit)\)\s+)=\{/ contains=sdProfileStart,sdFlags,sdComment ++syn match sdHatStart /{/ contained ++syn match sdHatEnd /}/ contained " TODO: allow comments + [same as for syn match sdProfileEnd] ++syn match sdFlags /\vflags\=\((complain|audit)\)/ contained contains=sdFlagKey ++ ++syn match sdComment /\s*#.*$/ ++syn match sdInclude /\s*#include.*$/ ++ ++" basic profile block... ++" \s+ does not work in end=, therefore using \s\s* ++syn region Normal start=/\v^(profile\s+)?\S+\s+(flags\=\(\S+\)\s+)=\{/ matchgroup=sdProfileEnd end=/^}\s*$/ contains=sdProfileName,Hat,@sdEntry,sdComment,sdError,sdInclude ++syn region Hat start=/\v^\s+(\^|profile\s+)\S+\s+(flags\=\(\S+\)\s+)=\{/ matchgroup=sdHatEnd end=/^\s\s*}\s*$/ contains=sdHatName,@sdEntry,sdComment,sdError,sdInclude ++ ++ diff --git a/vim.changes b/vim.changes index d32faad..f6122d1 100644 --- a/vim.changes +++ b/vim.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Thu Oct 9 11:42:03 CEST 2008 - mkoenig@suse.de + +- update apparmor.vim [bnc#425848] + ------------------------------------------------------------------- Wed Oct 1 15:00:46 CEST 2008 - mkoenig@suse.de diff --git a/vim.spec b/vim.spec index 39147a4..62b4a94 100644 --- a/vim.spec +++ b/vim.spec @@ -20,7 +20,7 @@ Name: vim Version: 7.2 -Release: 5 +Release: 6 # License: Other uncritical OpenSource License; http://vimdoc.sourceforge.net/htmldoc/uganda.html#license Group: Productivity/Editors/Vi @@ -70,7 +70,6 @@ Source13: vitmp.c Source14: vitmp.1 Source15: vim132 Source16: gvim.png -#Source17: apparmor.vim Source18: missing-vim-client Source19: gvim.desktop Source99: vim-7.1-rpmlintrc @@ -86,7 +85,7 @@ Patch10: %{name}-7.0-name_vimrc.patch Patch11: %{name}-7.0-mktemp_tutor.patch Patch12: %{name}-7.0-ruby_ldflags_configure.patch Patch14: %{name}-7.0-grub.patch -Patch15: vim-7.0-filetype_apparmor.patch +Patch15: vim-7.2-filetype_apparmor.patch Patch16: %{name}-7.0-flex-array.diff Patch18: vim-7.1-filetype_spec.patch Patch19: vim-7.1-diff_check.patch @@ -673,6 +672,8 @@ fi %endif %changelog +* Thu Oct 09 2008 mkoenig@suse.de +- update apparmor.vim [bnc#425848] * Wed Oct 01 2008 mkoenig@suse.de - add directories /usr/share/vim/site/{autoload,colors,doc,plugin}