Richard Brown (RBrownFactory) accepted request 990296 from Christian Boltz (cboltz) over 2 years ago (revision 176)

- Add apparmor-setuptools61-mr897.patch
  https://gitlab.com/apparmor/apparmor/-/merge_requests/897
- Add buildtime dependencies on python-rpm-macros and setuptools

• Files Changed
• Browse Source

Dominique Leuenberger (dimstar_suse) accepted request 985682 from Christian Boltz (cboltz) over 2 years ago (revision 175)

- update zgrep-profile-mr870.diff: allow zgrep to execute egrep and fgrep
  (poo#113108) (forwarded request 985681 from cboltz)

• Files Changed
• Browse Source

Dominique Leuenberger (dimstar_suse) accepted request 977392 from Christian Boltz (cboltz) over 2 years ago (revision 174)

- add dovecot-profiles-boo1199535-mr881.diff: update dovecot profiles
  for latest dovecot (boo#1199535) (forwarded request 977391 from cboltz)

• Files Changed
• Browse Source

Dominique Leuenberger (dimstar_suse) accepted request 976602 from Christian Boltz (cboltz) over 2 years ago (revision 173)

- Update samba-new-dcerpcd.patch for aarch64 which needs some
  additional rules; (bnc#1198309). (forwarded request 976576 from npower)

• Files Changed
• Browse Source

Dominique Leuenberger (dimstar_suse) accepted request 975636 from Christian Boltz (cboltz) over 2 years ago (revision 172)

- Add python310-help-mr848.patch so that Tumbleweed can switch
  python3 to Python 3.10
  (https://gitlab.com/apparmor/apparmor/-/merge_requests/848) (forwarded request 975634 from bnavigator)

• Files Changed
• Browse Source

Dominique Leuenberger (dimstar_suse) accepted request 974768 from Christian Boltz (cboltz) over 2 years ago (revision 171)

- add php8-fpm-mr876.patch so that php8 php-fpm can read its config
  (boo#1186267#c11)
- parser: add conflict with apparmor-utils < 3.0 to avoid aa-status
  file conflict on upgrade (boo#1198958)
- utils: add missing dependency on apparmor-parser (boo#1198958#c4)

• Files Changed
• Browse Source

Dominique Leuenberger (dimstar_suse) accepted request 973180 from Christian Boltz (cboltz) over 2 years ago (revision 170)

- Enhance zgrep-profile-mr870.diff to also allow/support zstd
  (boo#1198922). (forwarded request 973084 from dimstar)

• Files Changed
• Browse Source

Dominique Leuenberger (dimstar_suse) accepted request 970466 from Christian Boltz (cboltz) over 2 years ago (revision 169)

- update zgrep-profile-mr870.diff to allow executing 'expr' (boo#1198531) (forwarded request 970465 from cboltz)

• Files Changed
• Browse Source

Dominique Leuenberger (dimstar_suse) accepted request 970238 from Christian Boltz (cboltz) over 2 years ago (revision 168)

- Add samba-new-dcerpcd.patch, samba-4.16 has a new dcerpcd daemon
  which now will spawn new additional services on demand. We need to
  modify the existing smbd/winbind profiles and additionally add a
  new set of profiles to cater for the new functionality;
  (bnc#1198309);
  

- Add samba_deny_net_admin.patch to add new rule to deny
  noisy setsockopt calls from systemd; (bnc#1196850). (forwarded request 970229 from npower)

• Files Changed
• Browse Source

Dominique Leuenberger (dimstar_suse) accepted request 968253 from Christian Boltz (cboltz) over 2 years ago (revision 167)

- add profile for zgrep and xzgrep to prevent CVE-2022-1271
  (zgrep-profile-mr870.diff) (forwarded request 968252 from cboltz)

• Files Changed
• Browse Source

Dominique Leuenberger (dimstar_suse) accepted request 966667 from Christian Boltz (cboltz) over 2 years ago (revision 166)

- ensure precompiled cache files are newer than (text) profiles
- reload profiles in %posttrans instead of %post to ensure both
  -profiles and -abstractons package are updated before the cache
  in /var/cache/apparmor/ gets built (boo#1195463 #c20) (forwarded request 966666 from cboltz)

• Files Changed
• Browse Source

Dominique Leuenberger (dimstar_suse) accepted request 964948 from Christian Boltz (cboltz) over 2 years ago (revision 165)

- Add update-samba-bgqd.diff to add new rule to fix 'DENIED' open on
  /proc/{pid}/fd for samba-bgqd (bnc#1196850).
- Add update-usr-sbin-smbd.diff to add new rule to allow reading of
  openssl.cnf (bnc#1195463).

• Files Changed
• Browse Source

Dominique Leuenberger (dimstar_suse) accepted request 953284 from Christian Boltz (cboltz) almost 3 years ago (revision 164)

- update to AppArmor 3.0.4
  - various fixes in profiles, abstractions, apparmor_parser and utils
    (some of them were already included as patches)
  - add support for mctp address family
  - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.4
    for the full upstream changelog
- remove upstream(ed) patches:
  - aa-notify-more-arch-mr809.diff
  - ruby-3.1-build-fix.diff
  - add-samba-bgqd.diff
  - openssl-engdef-mr818.diff
  - profiles-python-3.10-mr783.diff
  - update-samba-abstractions-ldb2.diff
- refresh patches:
  - apparmor-samba-include-permissions-for-shares.diff
  - ruby-2_0-mkmf-destdir.patch

AppArmor 3.0.4 also includes a fix for the issue with 'mctp' found via
https://build.opensuse.org/request/show/951354
so you might want to pick this SR into Staging:O (forwarded request 953283 from cboltz)

• Files Changed
• Browse Source

Dominique Leuenberger (dimstar_suse) accepted request 949320 from Christian Boltz (cboltz) almost 3 years ago (revision 163)

- add ruby-3.1-build-fix.diff: fix build with ruby 3.1 (boo#1194221,
  MR 827) (forwarded request 949319 from cboltz)

• Files Changed
• Browse Source

Dominique Leuenberger (dimstar_suse) accepted request 947042 from Christian Boltz (cboltz) almost 3 years ago (revision 162)

- add update-samba-abstractions-ldb2.diff: Cater for changes to ldb
  packaging to allow parallel installation with libldb;
  (bsc#1192684). (forwarded request 947009 from scabrero)

• Files Changed
• Browse Source

Dominique Leuenberger (dimstar_suse) accepted request 941697 from Christian Boltz (cboltz) almost 3 years ago (revision 161)

-  Modify add-samba-bgqd.diff: Add new rule to fix new "DENIED
   operation="file_mmap" violation in SLE15-SP4; (bsc#1192336).

• Files Changed
• Browse Source

Dominique Leuenberger (dimstar_suse) accepted request 941547 from Christian Boltz (cboltz) almost 3 years ago (revision 160)

- add openssl-engdef-mr818.diff: Allow reading /etc/ssl/engdef.d/ and
  /etc/ssl/engines.d/ in abstractions/openssl which were introduced
  with the latest openssl update

NOTE: Without this patch, dovecot is spamming the audit.log with denials. Please accept ASAP.

• Files Changed
• Browse Source

Dominique Leuenberger (dimstar_suse) accepted request 930527 from Christian Boltz (cboltz) about 3 years ago (revision 159)

- add aa-notify-more-arch-mr809.diff: Add support for reading s390x
  and aarch64 wtmp files (boo#1181155) (forwarded request 930526 from cboltz)

• Files Changed
• Browse Source

Dominique Leuenberger (dimstar_suse) accepted request 925557 from Christian Boltz (cboltz) about 3 years ago (revision 158)

- add add-samba-bgqd.diff: add profile for samba-bgqd (boo#1191532)

• Files Changed
• Browse Source

Dominique Leuenberger (dimstar_suse) accepted request 920054 from Christian Boltz (cboltz) about 3 years ago (revision 157)

- lessopen.sh profile: allow reading files that live on NFS over UDP
  (added to apparmor-lessopen-nfs-workaround.diff) (boo#1190552) (forwarded request 920053 from cboltz)

• Files Changed
• Browse Source