Overview Repositories Revisions Requests Users Attributes Meta

Revisions of apparmor

Marco Strigl's avatar Marco Strigl (mstrigl) committed (revision 6) 
- Remove workaround for boo#853019 in %postun parser -
  apparmor.service contains a more safe workaround.
  This also fixes boo#1220708 (missing daemon-reload).

- Add smbd-unix_chkpwd.diff to allow smbd to execute
  unix_chkpwd and fix other pam related denies; (boo#1220032).

- Fix systemd userdb access in unix-chkpwd

- Use %patch -P N instead of deprecated %patchN.

- Only run utils and profiles make check if kernel LSM is enabled
  (bsc#1220084)
Daniel Mach's avatar Daniel Mach (dmach) committed (revision 5) 
- Add apparmor-abstractions-openssl-allow-version-specific-en.patch to
  allow version specific engdef & engines openssl paths (boo#1219571)
Ruediger Oertel's avatar Ruediger Oertel (oertel) committed (revision 4) 
Mirrored from OBS SR#1144722
Update AppArmor to the latest bugfix release

  Updating AppArmor in 15.6 was decided in
  https://code.opensuse.org/leap/features/issue/117
  and I'll assume this includes the latest bugfix release ;-)

  Details:

  - Update to AppArmor 3.1.7
    - aa-logprof: don't skip exec events in hats
    - fix aa-cleanprof to work with named profiles
    - add permissions in various abstractions
    - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.7
      for the full list of changes
  - drop upstreamed apparmor-systemd-sessions.patch

  - Add dovecot-unix_chkpwd.diff to allow dovecot-auth to execute
    unix_chkpwd, and add a profile for unix_chkpwd. This is needed
    for PAM 1.6 (boo#1219139)
  - Refresh apparmor.keyring - the key was renewed

  - Actually apply the previously added patch for bsc#1216878

  - Add apparmor-systemd-sessions.patch to allow read access to
    /run/systemd/sessions/ (bsc#1216878)
Marco Strigl's avatar Marco Strigl (mstrigl) committed (revision 3) 
- Fix pam_apparmor %post and %postun scripts to handle pam-config errors
  (bsc#1215596)
Marcus Rueckert's avatar Marcus Rueckert (darix) committed (revision 2) 
- update to AppArmor 3.1.6 (jsc#PED-5600)
  - fix regression in mount rules (boo#1211989)
  - some additions to the base and authentification abstractions
  - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.6
    for the full upstream changelog

- update to AppArmor 3.1.5
  - fix handling of mount rules in apparmor_parser
  - minor additions to abstractions/base and snap_browsers
  - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.5
    for the full upstream changelog
- remove upstreamed aa-status-fix-json-mr1046.patch
- split off apparmor-enable-precompiled-cache.diff from
  apparmor-enable-profile-cache.diff so that the precompiled cache
  path doesn't get added in parser.conf for Tumbleweed builds.
  This prevents a warning about the non-existing directory when
  loading profiles.

- fix aa-status --json output (aa-status-fix-json-mr1046.patch,
  boo#1211980#c12)

- update to AppArmor 3.1.4
  - parser: fix mount rules encoding (CVE-2016-1585)
  - aa-logprof: fix error when choosing named exec with plain profile names
  - aa-status: fix json output
  - several fixes for profiles and abstractions
  - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.4
    for the full upstream changelog
Marcus Rueckert's avatar Marcus Rueckert (darix) committed (revision 1) 
initialize package
Displaying all 6 revisions
openSUSE Build Service is sponsored by
Places