Overview Repositories Revisions Requests Users Attributes Meta

Revisions of apparmor

Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1204991 from Christian Boltz's avatar Christian Boltz (cboltz) (revision 216) 
- add mesa-cachedir.diff: new cachedir in Mesa 24.2.2

- update to AppArmor 4.0.3
  - several small bugfixes
  - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_4.0.3
    for the full release notes (forwarded request 1204990 from cboltz)
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1195595 from Christian Boltz's avatar Christian Boltz (cboltz) (revision 215) 
- remove dependency on /usr/bin/python3 using
  %python3_fix_shebang macro, [bsc#1212476] (forwarded request 1195292 from pgajdos)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1189676 from Christian Boltz's avatar Christian Boltz (cboltz) (revision 214) 
- update to AppArmor 4.0.2
  - bugfix release with lots of fixes in all areas
  - add new userns profiles for balena-etcher, chromium and wike
  - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_4.0.2
    for the detailed upstream changelog
- drop upstream(ed) patches:
  - aa-remove-unknown-fix-unconfined.diff
  - logprof-mount-empty-source.diff
  - plasmashell.diff
  - sampa-rpcd-witness.diff
  - sddm-xauth.diff
  - teardown-unconfined.diff
  - test-aa-notify.diff
  - tools-fix-redefinition.diff
  - utils-relax-mount-rules-2.diff
  - utils-relax-mount-rules.diff
- refresh GPG key (was expired)


Note: I checked the GPG signature with both the expired and the refreshed key, and it validated with both. (forwarded request 1189675 from cboltz)
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1183251 from Christian Boltz's avatar Christian Boltz (cboltz) (revision 213) 
- add sampa-rpcd-witness.diff: allow samba-dcerpcd to execute
  rpcd_witness (boo#1225811) (forwarded request 1183249 from cboltz)
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1180048 from Christian Boltz's avatar Christian Boltz (cboltz) (revision 212) 
- add logprof-mount-empty-source.diff: add support for mount rules
  with quoted paths and empty source (boo#1226031) (forwarded request 1180047 from cboltz)
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1178600 from Christian Boltz's avatar Christian Boltz (cboltz) (revision 211) 
- add sddm-xauth.diff - sddm uses a new path for xauth (boo#1223900)
- add plasmashell.diff - fix QtWebEngineProcess path to prevent a
  crash in plasmashell (boo#1225961) (forwarded request 1178599 from cboltz)
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1177757 from Christian Boltz's avatar Christian Boltz (cboltz) (revision 210) 
- Also exclude podman profile - boo#1225608 (forwarded request 1177727 from Guillaume_G)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1177466 from Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) (revision 209) 
- Exclude the crun profile in addition to runc (forwarded request 1177448 from favogt)
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1177404 from Christian Boltz's avatar Christian Boltz (cboltz) (revision 208) 
Note: Unfortunately my SR earlier today didn't fix everything that was reported by openQA :-(

This SR adds two more fixes. Especially teardown-unconfined.diff makes this SR a "fast track" candidate.

- add utils-relax-mount-rules.diff and utils-relax-mount-rules-2.diff:
  Relax handling of mount rules in utils to avoid errors when
  parsing valid profiles
- add teardown-unconfined.diff to fix aa-teardown for 'unconfined'
  profiles (boo#1225457)
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1177352 from Christian Boltz's avatar Christian Boltz (cboltz) (revision 207) 
- exclude runc profile until updated runc packages (including
  updated profile with "signal peer=runc") have arrived

- add aa-remove-unknown-fix-unconfined.diff to fix
  aa-remove-unknown for 'unconfined' profiles (boo#1225457)
- set permissions for %ghost files (boo#1223578) (forwarded request 1177351 from cboltz)
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1176730 from Christian Boltz's avatar Christian Boltz (cboltz) (revision 206) 
- fix bashism in %post profiles

- Update to AppArmor 4.0.1
  Too many changes to list them here. See
  https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_4.0.1
  for the detailed upstream release notes
- add tools-fix-redefinition.diff: fix redefinition of _ in tools
- add test-aa-notify.diff: relax test-aa-notify to avoid a mismatch
  with argparse on Leap 15.5
- drop upstreamed patches:
  - apparmor-abstractions-openssl-allow-version-specific-en.patch
  - dovecot-unix_chkpwd.diff
  - smbd-unix_chkpwd.diff
- apparmor-lessopen-profile.patch: update lessopen profile to
  abi/4.0
- mark local/* as %ghost so that these dummy files don't get
  installed anymore (changed existing local/files will be kept,
  unchanged files will be deleted)
- switch to gitlab tarballs (without pregenerated libapparmor
  configure script and prebuilt techdoc.pdf)
  - run libapparmor autogen.sh (needs additional BuildRequires
    autoconf, autoconf-archive, automake and libtool)
  - no longer package techdoc.pdf - old documentation, not worth
    the texlive BuildRequires we would need to build it
- drop old (up to 2.12) cache location /var/lib/apparmor/ and the
  /etc/apparmor.d/cache symlink pointing to it
- drop apparmor-samba-include-permissions-for-shares.diff - no
  longer needed, update-apparmor-samba-profile in Tumbleweed works
  without a pre-existing local/usr.sbin.smbd-shares file
- drop ruby-2_0-mkmf-destdir.patch - this ancient patch doesn't
  change a single bit in the resulting build (anymore?)
- drop apparmor-lessopen-nfs-workaround.diff - no longer needed
  since Kernel 6.0 (see https://bugs.launchpad.net/bugs/1784499)
- drop ancient, unused update-trans.sh


Note: %post profiles contains a for loop calling "rm" (to delete unchanged /etc/apparmor.d/local/* files). Please double-check for possible side effects I didn't consider.
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1165715 from Christian Boltz's avatar Christian Boltz (cboltz) (revision 205) 
Use full URLs for source tarball and signature. (forwarded request 1165684 from badshah400)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1154197 from Christian Boltz's avatar Christian Boltz (cboltz) (revision 204) 
- Remove workaround for boo#853019 in %postun parser -
  apparmor.service contains a more safe workaround.
  This also fixes boo#1220708 (missing daemon-reload).

- Add smbd-unix_chkpwd.diff to allow smbd to execute
  unix_chkpwd and fix other pam related denies; (boo#1220032).

- Only run utils and profiles make check if kernel LSM is enabled
  (bsc#1220084)
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1151926 from Christian Boltz's avatar Christian Boltz (cboltz) (revision 203) 
- Fix systemd userdb access in unix-chkpwd (forwarded request 1151902 from lnussel)
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1147947 from Christian Boltz's avatar Christian Boltz (cboltz) (revision 202) 
Prepare for RPM 4.20 (forwarded request 1147750 from dimstar)
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1147189 from Christian Boltz's avatar Christian Boltz (cboltz) (revision 201) 
- Add apparmor-abstractions-openssl-allow-version-specific-en.patch to
  allow version specific engdef & engines openssl paths (boo#1219571) (forwarded request 1145034 from dmdiss)
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1144685 from Christian Boltz's avatar Christian Boltz (cboltz) (revision 200) 
- Update to AppArmor 3.1.7
  - aa-logprof: don't skip exec events in hats
  - fix aa-cleanprof to work with named profiles
  - add permissions in various abstractions
  - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.7
    for the full list of changes
- drop upstreamed apparmor-systemd-sessions.patch (forwarded request 1144684 from cboltz)
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1142650 from Christian Boltz's avatar Christian Boltz (cboltz) (revision 199) 
- Add dovecot-unix_chkpwd.diff to allow dovecot-auth to execute
  unix_chkpwd, and add a profile for unix_chkpwd. This is needed
  for PAM 1.6 (boo#1219139)
- Refresh apparmor.keyring - the key was renewed (forwarded request 1142649 from cboltz)
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1124276 from Christian Boltz's avatar Christian Boltz (cboltz) (revision 198) 
- Add apparmor-systemd-sessions.patch to allow read access to
  /run/systemd/sessions/ (bsc#1216878)
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1113527 from Christian Boltz's avatar Christian Boltz (cboltz) (revision 197) 
- Fix pam_apparmor %post and %postun scripts to handle pam-config errors
  (bsc#1215596) (forwarded request 1113476 from dmdiss)
Displaying revisions 1 - 20 of 216
openSUSE Build Service is sponsored by
Places