| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: pam_apparmor | Distribution: SUSE Linux Enterprise 15 |
| Version: 3.0.4 | Vendor: SUSE LLC <https://www.suse.com/> |
| Release: 150500.9.3 | Build date: Wed May 17 16:11:06 2023 |
| Group: Productivity/Security | Build host: ibs-arm-5 |
| Size: 67352 | Source RPM: apparmor-3.0.4-150500.9.3.src.rpm |
| Packager: https://www.suse.com/ | |
| Url: https://launchpad.net/apparmor | |
| Summary: PAM module for AppArmor change_hat | |
The pam_apparmor module provides the means for any PAM applications that call pam_open_session() to automatically perform an AppArmor change_hat operation in order to switch to a user-specific security policy.
GPL-2.0-only AND LGPL-2.1-or-later
* Fri Dec 23 2022 scabrero@suse.de
- Add samba-4-17.patch to update the samba profiles for samba
version 4.17 (bsc#1206626);
* Fri Aug 26 2022 ddiss@suse.com
- add profiles-permit-php-fpm-pid-files-directly-under-run.patch
https://gitlab.com/apparmor/apparmor/-/merge_requests/914 (bsc#1202344)
* Fri Apr 29 2022 suse-beta@cboltz.de
- add php8-fpm-mr876.patch so that php8 php-fpm can read its config
(boo#1186267#c11)
- parser: add conflict with apparmor-utils < 3.0 to avoid aa-status
file conflict on upgrade (boo#1198958)
- utils: add missing dependency on apparmor-parser (boo#1198958#c4)
* Wed Apr 27 2022 dimstar@opensuse.org
- Enhance zgrep-profile-mr870.diff to also allow/support zstd
(boo#1198922).
* Sat Apr 16 2022 suse-beta@cboltz.de
- update zgrep-profile-mr870.diff to allow executing 'expr' (boo#1198531)
* Wed Apr 13 2022 nopower@suse.com
- Add samba-new-dcerpcd.patch, samba-4.16 has a new dcerpcd daemon
which now will spawn new additional services on demand. We need to
modify the existing smbd/winbind profiles and additionally add a
new set of profiles to cater for the new functionality;
(bnc#1198309);
* Mon Apr 11 2022 nopower@suse.com
- Add samba_deny_net_admin.patch to add new rule to deny
noisy setsockopt calls from systemd; (bnc#1196850).
* Sun Apr 10 2022 suse-beta@cboltz.de
- add profile for zgrep and xzgrep to prevent CVE-2022-1271
(zgrep-profile-mr870.diff)
* Tue Mar 29 2022 suse-beta@cboltz.de
- ensure precompiled cache files are newer than (text) profiles
- reload profiles in %posttrans instead of %post to ensure both
- profiles and -abstractons package are updated before the cache
in /var/cache/apparmor/ gets built (boo#1195463 #c20)
* Thu Mar 24 2022 nopower@suse.com
- Add update-samba-bgqd.diff to add new rule to fix 'DENIED' open on
/proc/{pid}/fd for samba-bgqd (bnc#1196850).
- Add update-usr-sbin-smbd.diff to add new rule to allow reading of
openssl.cnf (bnc#1195463).
* Thu Feb 10 2022 suse-beta@cboltz.de
- update to AppArmor 3.0.4
- various fixes in profiles, abstractions, apparmor_parser and utils
(some of them were already included as patches)
- add support for mctp address family
- see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.4
for the full upstream changelog
- remove upstream(ed) patches:
- aa-notify-more-arch-mr809.diff
- ruby-3.1-build-fix.diff
- add-samba-bgqd.diff
- openssl-engdef-mr818.diff
- profiles-python-3.10-mr783.diff
- update-samba-abstractions-ldb2.diff
- refresh patches:
- apparmor-samba-include-permissions-for-shares.diff
- ruby-2_0-mkmf-destdir.patch
* Wed Jan 26 2022 suse-beta@cboltz.de
- add ruby-3.1-build-fix.diff: fix build with ruby 3.1 (boo#1194221,
MR 827)
* Mon Jan 17 2022 scabrero@suse.de
- add update-samba-abstractions-ldb2.diff: Cater for changes to ldb
packaging to allow parallel installation with libldb (bsc#1192684).
* Mon Dec 20 2021 nopower@suse.com
- Modify add-samba-bgqd.diff: Add new rule to fix new "DENIED
operation="file_mmap" violation in SLE15-SP4; (bsc#1192336).
* Sun Dec 19 2021 suse-beta@cboltz.de
- add openssl-engdef-mr818.diff: Allow reading /etc/ssl/engdef.d/ and
/etc/ssl/engines.d/ in abstractions/openssl which were introduced
with the latest openssl update
* Tue Nov 09 2021 suse-beta@cboltz.de
- add aa-notify-more-arch-mr809.diff: Add support for reading s390x
and aarch64 wtmp files (boo#1181155)
* Fri Oct 15 2021 suse-beta@cboltz.de
- add add-samba-bgqd.diff: add profile for samba-bgqd (boo#1191532)
* Sat Sep 18 2021 suse-beta@cboltz.de
- lessopen.sh profile: allow reading files that live on NFS over UDP
(added to apparmor-lessopen-nfs-workaround.diff) (boo#1190552)
* Wed Aug 11 2021 suse-beta@cboltz.de
- add profiles-python-3.10-mr783.diff: update abstractions/python and
profiles for python 3.10
* Sat Aug 07 2021 suse-beta@cboltz.de
- update to AppArmor 3.0.3
- fix a failure in the parser tests
- see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.3
for the detailed upstream changelog
* Fri Aug 06 2021 suse-beta@cboltz.de
- update to AppArmor 3.0.2
- add missing permissions to several profiles and abstractions
(including boo#1188296)
- bugfixes in utils and parser (including boo#1180766 and boo#1184779)
- see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.2
for the detailed upstream changelog
- remove upstreamed patches:
- apparmor-dovecot-stats-metrics.diff
- abstractions-php8.diff
- crypto-policies-mr720.diff
* Thu Jul 15 2021 michael@stroeder.com
- added apparmor-dovecot-stats-metrics.diff to allow Prometheus metrics end-point
* Mon Jun 07 2021 suse-beta@cboltz.de
- move Requires: python3 back to the python3-apparmor subpackage -
readline usage is in the python modules, not in apparmor-utils
* Tue May 25 2021 mcepl@suse.com
- Remove python symbols (python means currently python2), work
only with python3 ones (fallout from bsc#1185588).
* Fri May 21 2021 suse-beta@cboltz.de
- add abstractions-php8.diff to support PHP8 in abstractions/php (boo#1186267)
* Tue Apr 27 2021 suse-beta@cboltz.de
- add crypto-policies-mr720.diff to allow reading crypto policies
in abstractions/ssl_certs (boo#1183597)
* Sat Mar 27 2021 suse-beta@cboltz.de
- replace %{?systemd_requires} with %{?systemd_ordering} to avoid dragging in
systemd into containers just because apparmor-parser ships a *.service file
* Thu Feb 11 2021 suse-beta@cboltz.de
- merge libapparmor.changes into apparmor.changes
* Mon Feb 08 2021 lnussel@suse.de
- avoid file listed twice error
* Tue Feb 02 2021 suse-beta@cboltz.de
- define %_pamdir for <= 15.x to fix the build on those releases
* Fri Jan 22 2021 suse-beta@cboltz.de
- add apache-extra-profile-include-if-exists.diff: make <apache2.d>
include in apache extra profile optional to avoid problems with empty
profile directory (boo#1178527)
* Wed Jan 13 2021 lnussel@suse.de
- prepare usrmerge (boo#1029961)
* use %_pamdir
* Wed Dec 02 2020 suse-beta@cboltz.de
- update to AppArmor 3.0.1
- minor additions to profiles and abstractions
- some bugfixes in libapparmor, apparmor_parser and the aa-* utils
- see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.1
for the detailed upstream changelog
- removed upstream(ed) patches:
- changes-since-3.0.0.diff
- extra-profiles-fix-Pux.diff
- utils-fix-hotkey-conflict.diff
* Wed Dec 02 2020 dimstar@opensuse.org
- Use apache provided variables for the module_directry:
+ Use %apache_libexecdir
+ Add apache-rpm-macros BuildRequires
* Sat Oct 31 2020 suse-beta@cboltz.de
- add utils-fix-hotkey-conflict.diff to fix a hotkey conflict in
de, id and sv translations (and fix the test) (MR 675)
- add extra-profiles-fix-Pux.diff to fix an inactive profile -
prevents a crash in aa-logprof and aa-genprof when creating a new
profile (MR 676)
* Sun Oct 25 2020 suse-beta@cboltz.de
- update to AppArmor 3.0.0
- introduce feature abi declaration in profiles to enable use of
new rule types (for openSUSE: dbus and unix rules)
- support xattr attachment conditionals
- experimental support for kill and unconfined profile modes
- rewritten aa-status (in C), including support for new profile modes
- rewritten aa-notify (in python), finally dropping the perl
requirement at runtime
- new tool aa-features-abi for extracting feature abis from the kernel
- update profiles to have profile names and to use 3.0 feature abi
- introduce @{etc_ro} and @{etc_rw} profile variables
- new profile for php-fpm
- several updates to profiles and abstractions (including boo#1166007)
- fully support 'include if exists' in the aa-* tools
- rewrite handling of alias, include, link and variable rules in
the aa-* tools
- rewrite and simplify log handling in the aa-logprof and aa-genprof
- see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0
for the detailed upstream changelog
- patches:
- add changes-since-3.0.0.diff with upstream fixes since the 3.0.0
release up to 3e18c0785abc03ee42a022a67a27a085516a7921
- drop upstreamed usr-etc-abstractions-base-nameservice.diff
- drop 2.13-only libapparmor-so-number.diff
- refresh apparmor-enable-profile-cache.diff - partially upstreamed
- update apparmor-samba-include-permissions-for-shares.diff and
apparmor-lessopen-profile.patch - switch to "include if exists"
- apparmor-lessopen-profile.patch: add abi rule to lessopen profile
- refresh apparmor-lessopen-nfs-workaround.diff
- move away very loose apache profile that doesn't even match the
apache2 binary path in openSUSE to avoid confusion (boo#872984)
- move rewritten aa-status from utils to parser subpackage
- add aa-features-abi to parser subpackage
- replace perl and libnotify-tools requires with requiring
python3-notify2 and python3-psutil (needed by the rewritten
aa-notify)
- drop ancient cleanup for /etc/init.d/subdomain from parser %pre
- drop (never enabled) conditionals to build with python2 and to
build the python-apparmor subpackage (upstream dropped python2
support)
- drop setting PYTHON and PYTHON_VERSIONS env variable, no longer needed
- set PYFLAKES path for utils check
- add precompiled_cache build conditional to allow faster local
builds without using kvm
- remove duplicated BuildRequires: swig
* Sat Oct 17 2020 suse-beta@cboltz.de
- update to AppArmor 2.13.5
- add missing permissions to several profiles and abstractions
- bugfixes in parser and tools
- fix two potential build failures in libapparmor
- see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_2.13.5
for the detailed upstream changelog
- remove upstream(ed) patches
- changes-since-2.13.4.diff
- abstractions-X-xauth-mr582.diff
- sevdb-caps-mr589.diff
- libvirt-leaseshelper.patch
- cap_checkpoint_restore.diff
- add libapparmor-so-number.diff to fix libapparmor so version (!658)
* Wed Oct 14 2020 suse-beta@cboltz.de
- add CAP_CHECKPOINT_RESTORE to severity.db (MR 656,
cap_checkpoint_restore.diff)
* Thu Oct 08 2020 suse-beta@cboltz.de
- %service_del_postun_without_restart only works for Tumbleweed,
keep using DISABLE_RESTART_ON_UPDATE for Leap 15.x
* Fri Sep 11 2020 fbui@suse.com
- Make use of %service_del_postun_without_restart
And stop using DISABLE_RESTART_ON_UPDATE as this interface is
obsolete.
* Thu Sep 03 2020 jfehlig@suse.com
- libvirt-leaseshelper.patch: add /usr/libexec as a path to the
libvirt leaseshelper script (jsc#SLE-14253)
* Fri Aug 07 2020 suse-beta@cboltz.de
- sevdb-caps-mr589.diff: add new capabilities CAP_BPF and CAP_PERFMON
to severity.db (lp#1890547)
* Mon Jul 20 2020 suse-beta@cboltz.de
- add abstractions-X-xauth-mr582.diff to allow reading the xauth file
from its new sddm location (boo#1174290, boo#1174293)
* Thu May 21 2020 suse-beta@cboltz.de
- add changes-since-2.13.4.diff with upstream changes and fixes
since 2.13.4 up to 5f61bd4c:
- add several abstractions related to xdg-open:
dbus-network-manager-strict, exo-open, gio-open, gvfs-open,
kde-open5, xdg-open
- introduce @{run} variable
- update dnsmasq and winbindd profile
- update mdns, mesa and nameservice abstraction
- some bugfixes in the aa-* tools, including a remote bugfix in the
YaST AppArmor module (boo#1171315)
- drop upstream(ed) patches (now part of changes-since-2.13.4.diff):
- make-4.3-capabilities.diff
- make-4.3-capabilities-vim.diff
- make-4.3-fix-utils-network-test.diff
- make-4.3-network.diff
- abstractions-add-etc-mdns.allow-to-etc-apparmor.d-abstractions-mdns.patch
- apply usr-etc-abstractions-base-nameservice.diff only for
Tumbleweed, but not for Leap 15.x where it's not needed
- refresh usr-etc-abstractions-base-nameservice.diff
* Thu Apr 09 2020 rgoldwyn@suse.com
- Add abstractions-add-etc-mdns.allow-to-etc-apparmor.d-abstractions-mdns.patch
(bsc#1168306)
* Sat Mar 28 2020 suse-beta@cboltz.de
- fix build with make 4.3 by backporting some commits from upstream
master (boo#1167953):
- make-4.3-capabilities.diff
- make-4.3-capabilities-vim.diff
- make-4.3-network.diff
- make-4.3-fix-utils-network-test.diff
* Thu Mar 12 2020 suse-beta@cboltz.de
- update to AppArmor 2.13.4
- several abstraction updates (including boo#1153162)
- disallow writing to fontconfig cache in abstractions/fonts
- some bugfixes in the aa-* tools
- fix log parsing for logs with an embedded newline
- see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_2.13.4
for the detailed upstream changelog
- drop upstreamed patches:
- abstractions-ssl-certbot-paths.diff
- apparmor-krb5-conf-d.diff
- libapparmor-python3.8.diff
- usr-etc-abstractions-authentification.diff
- refresh usr-etc-abstractions-base-nameservice.diff
* Sat Jan 25 2020 suse-beta@cboltz.de
- add usr-etc-abstractions-base-nameservice.diff to adjust
abstractions/base and nameservice for /usr/etc/ (boo#1161756)
* Mon Nov 18 2019 tchvatal@suse.com
- Properly pull in full python3 interpreter
* Sat Nov 02 2019 suse-beta@cboltz.de
- add libapparmor-python3.8.diff to fix building the libapparmor python
bindings (deb#943657)
* Mon Oct 07 2019 suse-beta@cboltz.de
- add usr-etc-abstractions-authentification.diff to allow reading
/usr/etc/pam.d/* and some other authentification-related files (boo#1153162)
* Sat Sep 28 2019 suse-beta@cboltz.de
- add abstractions-ssl-certbot-paths.diff - add certbot paths to
abstractions/ssl_certs and abstractions/ssl_keys
* Fri Sep 27 2019 luizluca@tre-sc.jus.br
- add apparmor-krb5-conf-d.diff for kerberos client
* Tue Jun 18 2019 suse-beta@cboltz.de
- update to 2.13.3
- profile updates for dnsmasq, dovecot, identd, syslog-ng
- new "lsb_release" profile (only used when using "Px -> lsb_release")
- fix buggy syntax in tunables/share
- several abstraction updates
- parser: fix "Px -> foo-bar" (the "-" was rejected before)
- several bugfixes in aa-genprof and aa-logprof
- some fixes in cache handling
- see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13.3
for the detailed upstream changelog
- drop upstream(ed) patches:
- apparmor-nameservice-resolv-conf-link.patch
- profile_filename_cornercase.diff
- dnsmasq-libvirtd.diff
- dnsmasq-revert-alternation.diff
- usrmerge-fixes.diff
- libapparmor-swig-4.diff
- re-number remaining patches
* Wed Jun 05 2019 suse-beta@cboltz.de
- add upstream libapparmor-swig-4.diff: fix libapparmor tests with swig
4.0 (boo#1135751)
* Tue Apr 23 2019 mliska@suse.cz
- Disable LTO (boo#1133091).
* Sun Apr 14 2019 suse-beta@cboltz.de
- update lessopen.sh profile for usrMerge (bash and tar) (boo#1132350)
* Thu Mar 07 2019 suse-beta@cboltz.de
- add usrmerge-fixes.diff: fix test failures when /bin/sh is handled by
update-alternatives (boo#1127877)
* Wed Feb 27 2019 suse-beta@cboltz.de
- add dnsmasq-revert-alternation.diff: revert path alternation in
dnsmasq profile and re-add peer=/usr/sbin/libvirtd rules to avoid
breaking libvirtd (boo#1127073)
* Thu Jan 24 2019 suse-beta@cboltz.de
- add dnsmasq-libvirtd.diff: allow peer=libvirtd in the dnsmasq profile
to match the newly added libvirtd profile name (boo#1118952#c3)
* Mon Jan 14 2019 kukuk@suse.de
- Use %license instead of %doc [bsc#1082318]
* Sun Jan 06 2019 suse-beta@cboltz.de
- add apparmor-lessopen-nfs-workaround.diff: allow network access in
lessopen.sh for reading files on NFS (workaround for boo#1119937 /
lp#1784499)
* Wed Jan 02 2019 suse-beta@cboltz.de
- add profile_filename_cornercase.diff: drop check that lets aa-logprof
error out in a corner-case (log event for a non-existing profile while
a profile file with the default filename for that non-existing profile
exists) (boo#1120472)
* Fri Dec 21 2018 mt@suse.de
- netconfig: write resolv.conf to /run with link to /etc (fate#325872,
boo#1097370) [patch apparmor-nameservice-resolv-conf-link.patch]
* Fri Dec 21 2018 suse-beta@cboltz.de
- update to AppArmor 2.13.2
- add profile names to most profiles
- update dnsmasq profile (pid file and logfile path) (boo#1111342)
- add vulkan abstraction
- add letsencrypt certificate path to abstractions/ssl_*
- ignore *.orig and *.rej files when loading profiles
- fix aa-complain etc. to handle named profiles
- several bugfixes and small profile improvements
- see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13.2
for the detailed upstream changelog
- remove upstreamed fix-syntax-error-in-rc.apparmor.functions.patch
* Sun Oct 14 2018 suse-beta@cboltz.de
- update to 2.13.1
- add qt5 and qt5-compose-cache-write abstractions
- add @{uid} and @{uids} kernel var placeholders
- several profile and abstraction updates
- ignore "abi" rules in parser and tools (instead of erroring out)
- utils: fix overwriting of child profile flags if they differ from
the main profile
- several bugfixes (including boo#1100779)
- see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13.1
for the detailed upstream changelog
- remove upstream(ed) patches:
- aa-teardown-path.diff
- fix-apparmor-systemd-perms.diff
- logprof-skip-cache-d.diff
- fix-samba-profiles.patch
- make-pyflakes-happy.diff
- dnsmasq-Add-permission-to-open-log-files.patch
- refresh apparmor-samba-include-permissions-for-shares.diff
- add fix-syntax-error-in-rc.apparmor.functions.patch
* Wed Oct 10 2018 suse-beta@cboltz.de
- update rpmlintrc:
- whitelist .features file which is part of the pre-compiled cache
- comment out filters for the disabled tomcat_apparmor subpackage
* Wed Oct 10 2018 pvorel@suse.cz
- Backport dnsmasq fix:
025c7dc6 - dnsmasq-Add-permission-to-open-log-files.patch
(boo#1111342)
* Wed Aug 22 2018 suse-beta@cboltz.de
- add make-pyflakes-happy.diff to fix an unused variable (SR 629206)
* Tue May 08 2018 scabrero@suse.de
- add fix-samba-profiles.patch - smbd loads new shared libraries.
Allow winbindd to access new kerberos credential cache location
(boo#1092099)
* Sun Apr 29 2018 suse-beta@cboltz.de
- exclude the /etc/apparmor.d/cache.d/ directory from aa-logprof parsing
(logprof-skip-cache-d.diff)
* Mon Apr 23 2018 suse-beta@cboltz.de
- add fix-apparmor-systemd-perms.diff - fix permissions of
/lib/apparmor/apparmor.systemd (boo#1090545)
* Thu Apr 19 2018 suse-beta@cboltz.de
- create and package precompiled cache (/usr/share/apparmor/cache,
read-only) (boo#1069906, boo#1074429)
- change (writeable) cache directory to /var/cache/apparmor/ - with the
new btrfs layout, the only reason for using /var/lib/apparmor/cache/
(which was "it's part of the / subvolume") is gone, and /var/cache
makes more sense for the cache
- adjust parser.conf (via apparmor-enable-profile-cache.diff) to use both
cache locations
- clear cache also in %post of abstractions package
* Thu Apr 19 2018 suse-beta@cboltz.de
- update to AppArmor 2.13
- add support for multiple cache directories and cache overlays
(boo#1069906, boo#1074429)
- add support for conditional includes in policy
- remove group restrictions from aa-notify (boo#1058787)
- aa-complain etc.: set flags for profiles represented by a glob
- aa-status: split profile from exec name
- several profile and abstraction updates
- see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13
for the detailed upstream changelog
- drop upstreamed patches and files:
- aa-teardown
- apparmor.service
- apparmor.systemd
- 32-bit-no-uid.diff
- disable-cache-on-ro-fs.diff
- dovecot-stats.diff
- parser-write-cache-warn-only.diff
- set-flags-for-profiles-represented-by-glob.patch
- fix-regression-in-set-flags.patch
- drop spec code that handled installing aa-teardown, apparmor.service
and apparmor.systemd (now part of upstream Makefile)
- simplify "make -C profiles parser-check" call (upstream Makefile bug
that required to call "cd" was fixed)
- add aa-teardown-path.diff - install aa-teardown in /usr/sbin/
- move 'exec' symlink to parser package (belongs to aa-exec)
* Thu Apr 19 2018 rgoldwyn@suse.com
- Set flags for profiles represented by glob (bsc#1086154)
set-flags-for-profiles-represented-by-glob.patch
fix-regression-in-set-flags.patch
* Wed Apr 11 2018 suse-beta@cboltz.de
- add dovecot-stats.diff:
- add dovecot/stats profile and allow dovecot to run it (boo#1088161)
- allow dovecot/auth to write /run/dovecot/old-stats-user (part of boo#1087753)
- update 32-bit-no-uid.diff with upstream fix
* Fri Mar 02 2018 rgoldwyn@suse.com
- Change of path of rpm in lessopen.sh (boo#1082956)
* Thu Jan 11 2018 kukuk@suse.de
- add disable-cache-on-ro-fs.diff - disable write cache if filesystem is
read-only and don't bail out (bsc#1069906, bsc#1074429)
* Thu Jan 04 2018 suse-beta@cboltz.de
- add parser-write-cache-warn-only.diff to make cache write failures a
warning instead of an error (boo#1069906, boo#1074429)
- reduce dependeny on libnotify-tools (used by aa-notify -p) to "Suggests"
to avoid pulling in several Gnome packages on servers (boo#1067477)
* Mon Dec 25 2017 suse-beta@cboltz.de
- update to AppArmor 2.12
- add support for 'owner' rules in aa-logprof and aa-genprof
- add support for includes with absolute path in aa-logprof etc. (lp#1733700)
- update aa-decode to also decode PROCTITLE (lp#1736841)
- several profile and abstraction updates, including boo#1069470
- preserve errno across aa_*_unref() functions
- see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.12
for the detailed upstream changelog
- drop upstreamed patches:
- read_inactive_profile-exactly-once.patch
- utils-fix-sorted-save_profiles-regression.diff
- lessopen profile: change all 'rix' rules to 'mrix'
- add 32-bit-no-uid.diff to fix handling of log events without ouid on
32 bit systems
- no longer package static libapparmor.a
* Thu Nov 30 2017 suse-beta@cboltz.de
- update to AppArmor 2.11.95 aka 2.12 beta1
- add JSON interface to aa-logprof and aa-genprof (used by YaST)
- drop old YaST interface code
- update audio, base and nameservice abstractions
- allow @{pid} to match 7-digit pids
- see http://wiki.apparmor.net/index.php/ReleaseNotes_2_11_95
for the detailed upstream changelog
- drop upstreamed patches
- apparmor-yast-cleanup.patch
- apparmor-json-support.patch
- nameservice-libtirpc.diff
- drop obsolete perl modules (YaST no longer needs them)
- drop patches that were only needed by the obsolete perl modules:
- apparmor-utils-string-split
- apparmor-abstractions-no-multiline.diff
- drop profiles-sockets-temporary-fix.patch - obsoleted by a fix in
apparmor_parser
- refresh utils-fix-sorted-save_profiles-regression.diff
- add aa-teardown (new script to unload all profiles)
- make ExecStop in apparmor.service a no-op (workaround for a systemd
restriction, see boo#996520 and boo#853019 for details)
- lessopen profile: allow capability dac_read_search and dac_override,
allow groff to execute several helpers (boo#1065388)
* Wed Nov 29 2017 rgoldwyn@suse.com
- read_inactive_profile-exactly-once.patch (bsc#1069346)
Perform reading of inactive profiles exactly once.
* Wed Oct 25 2017 suse-beta@cboltz.de
- update to AppArmor 2.11.1
- add permissions to several profiles and abstractions (including
lp#1650827 and boo#1057900)
- several fixes in the aa-* tools (including lp#1689667, lp#1628286,
lp#1661766 and boo#1062667)
- fix downgrading/converting of 'unix' rules (will be supported in
kernel 4.15) to 'network unix' rules in apparmor_parser (boo#1061195)
- see http://wiki.apparmor.net/index.php/ReleaseNotes_2_11_1 for
upstream changelog
- remove upstream(ed) patches
- upstream-changes-r3616..3628.diff
- upstream-changes-r3629..3648.diff
- parser-tests-dbus-duplicated-conditionals.diff
- apparmor-fix-podsyntax.patch
- sshd-profile-drop-local-include-r3615.diff
- refresh apparmor-yast-cleanup.patch
- add utils-fix-sorted-save_profiles-regression.diff to fix a regression
in displaying the "changed profiles" list in aa-logprof
* Tue Oct 17 2017 suse-beta@cboltz.de
- add nameservice-libtirpc.diff to fix NIS/YP logins (boo#1062244)
* Tue Oct 03 2017 rgoldwyn@suse.com
- profiles-sockets-temporary-fix.patch to cater to nameservices with the
new sockets mediation, until unix rules are upstreamed (boo#1061195)
* Sun Sep 24 2017 coolo@suse.com
- add apparmor-fix-podsyntax.patch from mailing list to fix
compilation with perl 5.26
* Fri Aug 11 2017 jmatejek@suse.com
- do not require exact X.Y version of "python3"
- require also matching python(abi) which is arguably more important
* Fri Jul 14 2017 suse-beta@cboltz.de
- don't rely on implementation details for reload in %post
* Wed Jul 12 2017 rgoldwyn@suse.com
- add JSON support. Required for FATE#323380.
(apparmor-yast-cleanup.patch, apparmor-json-support.patch)
* Sat Mar 25 2017 suse-beta@cboltz.de
- add upstream-changes-r3629..3648.diff:
- preserve unknown profiles when reloading apparmor.service
(CVE-2017-6507, lp#1668892, boo#1029696)
- add aa-remove-unknown utility to unload unknown profiles (lp#1668892)
- update nvidia abstraction for newer nvidia drivers
- don't enforce ordering of dbus rule attributes in utils (lp#1628286)
- add --parser, --base and --Include option to aa-easyprof to allow
non-standard paths (useful for tests) (lp#1521031)
- move initialization code in apparmor.aa to init_aa(). This allows to
run all utils tests even if /etc/apparmor.d/ or /sbin/apparmor_parser
don't exist.
- several improvements in the utils tests
- drop upstreamed python3-drop-re-locale.patch
- no longer delete/skip some of the utils tests (to allow this, add
parser-tests-dbus-duplicated-conditionals.diff)
- add var.mount dependeny to apparmor.service (boo#1016259#c34)
* Thu Mar 16 2017 kukuk@suse.com
- Cleanup spec file:
- don't use insserv if we afterwards call systemd, this can
have bad side effects
- remove dead code
- remove now obsolete 'distro' checks
- Replace init.d script with new wrapper working with systemd
* Thu Feb 16 2017 jmatejek@suse.com
- add python3-drop-re-locale.patch: remove deprecated re.LOCALE
flag in Python UI as it was dropped from Python 3.6 (lp#1661766)
* Sat Feb 11 2017 jengelh@inai.de
- Fix RPM groups
* Mon Jan 30 2017 suse-beta@cboltz.de
- add upstream-changes-r3616..3628.diff:
- update abstractions/base, abstractions/apache2-common and dovecot profiles
- merge ask_the_questions() of aa-logprof and aa-mergeprof
- pass LDFLAGS when building parser, libapparmor perl bindings and pam_apparmor
- adjust deleting the cache in profiles %post to the new cache location
- silence errors when deleting the cache (boo#976914)
* Sat Jan 28 2017 suse-beta@cboltz.de
- split libapparmor into separate spec to get rid of build loop
involving mariadb, systemd, apparmor, libapr and mariadb again
(see the discussion in SR 448871 for details)
- libapparmor.spec is based on the AppArmor 2.11 apparmor.spec, but
with minimum BuildRequires
* Fri Jan 27 2017 suse-beta@cboltz.de
- update to AppArmor 2.11.0
- apparmor_parser now supports parallel compiles and loads
- add full support for dbus, ptrace and signal rules and events to the
utils
- full rewrite of the file rule handling in the utils
- lots of improvements and fixes
- see http://wiki.apparmor.net/index.php/ReleaseNotes_2_11 for the
detailed changelog
- patches:
- add sshd-profile-drop-local-include-r3615.diff to fix 'make check'
- drop aa-unconfined-fix-netstat-call-2.10r3380.diff, no longer needed
- refresh apparmor-abstractions-no-multiline.diff
- refresh apparmor-samba-include-permissions-for-shares.diff
- spec changes:
- aa-unconfined switched to using ss (from iproute2), adjust Recommends:
- move libapparmor to /usr/lib*/
- drop %if %suse_version checks for 12.x
- change several Obsoletes from %version to < 2.9. Those package names
weren't used since years, and 2.9 is still a careful choice
- include apparmor.service independent of %suse_version
- techdoc.pdf is now shipped in upstream tarball to reduce BuildRequires
- drop latex2html, texlive-* and w3m BuildRequires
- techdoc.txt and techdoc.html not included, drop them from the package
- run most of utils/ make check (some tests expect /etc/apparmor.d/ and
/sbin/apparmor_parser to exist, skip them)
- BuildRequires python3-pyflakes (utils tests) and dejagnu (libapparmor tests)
- drop sed'ing python3 into aa-* shebang (upstreamed)
- build binutils
- aa-exec is now written in C and lives in /usr/bin/, move it to the
apparmor_parser package and create a compability symlink in /usr/sbin/
- aa-exec manpage moved to section 1
- aa-enabled is a small new tool to find out if AppArmor is enabled
- package new aa_stack_profile(2) manpage
* Tue Jan 24 2017 suse-beta@cboltz.de
- change /etc/apparmor.d/cache symlink to /var/lib/apparmor/cache/.
This is part of the root partition (at least with default partitioning)
and should be available earlier than /var/cache/apparmor/
(boo#1015249, boo#980081, bsc#1016259)
- add dependency on var-lib.mount to apparmor.service as safety net
* Tue Jan 10 2017 suse-beta@cboltz.de
- update to AppArmor 2.10.2 maintenance release
- lots of bugfixes and profile updates (including boo#1000201,
boo#1009964, boo#1014463)
- see http://wiki.apparmor.net/index.php/ReleaseNotes_2_10_2 for details
- add aa-unconfined-fix-netstat-call-2.10r3380.diff to fix a regression
in aa-unconfined
- drop upstream(ed) patches:
- changes-since-2.10.1--r3326..3346.diff
- changes-since-2.10.1--r3347..3353.diff
- libapparmor-fix-import-path.diff (upstream fix is slightly different)
- nscd-var-lib.diff
- refresh apparmor-abstractions-no-multiline.diff
* Sun Oct 23 2016 suse-beta@cboltz.de
- add nscd-var-lib.diff to allow /var/lib/nscd/ in the nscd profile and
abstractions/nameservice (path changed in latest nscd in Tumbleweed)
* Thu Oct 13 2016 suse-beta@cboltz.de
- add changes-since-2.10.1--r3347..3353.diff with upstream changes and
fixes in the 2.10 branch, including
- allow writing *.qf files (for disk-based buffering) in syslog-ng profile
- add several permissions to the dovecot profiles (deb#835826)
- add a missing path in the traceroute profile
* Fri Aug 26 2016 suse-beta@cboltz.de
- add changes-since-2.10.1--r3326..3346.diff with upstream changes and
fixes since the 2.10.1 release, including
- allow dac_override in winbindd profile (boo#990006#c5)
- allow mr for /usr/lib*/ldb/*.so in samba abstractions (needed since
Samba 4.4.x, boo#990006)
- abstractions/nameservice: also support ConnMan-managed resolv.conf
- let aa-genprof ask about profiles in extra dir (again)
- fix aa-logprof "add hat" endless loop (lp#1538306)
- honor 'chown' file events in logparser.py
- ignore log file events with a request mask of 'send' or 'receive'
because they are actually network events (lp#1577051, lp#1582374)
- accept hostname with dots when parsing logs (lp#1453300 comments #1 and #2)
- fix python LibAppArmor import failures with swig > 3.0.8 (boo#987607)
(libapparmor-fix-import-path.diff)
- refresh apparmor-abstractions-no-multiline.diff
- drop upstreamed profiles-ping-inet6-r3449.diff
- add %check section - runs libapparmor (including swig bindings),
parser and profiles tests
- add BuildRequires: perl(Locale::gettext) - needed for parser tests
* Tue May 24 2016 suse-beta@cboltz.de
- add profiles-ping-inet6-r3449.diff - latest ping also does IPv6 (boo#980596)
* Fri Apr 22 2016 suse-beta@cboltz.de
- update to AppArmor 2.10.1 (2.10 branch r3326):
- fix incorrect output of child profile names (apparmor_parser -N) which
caused 'rcapparmor reload' to remove child profiles and hats (lp#1551950)
- fix a crash in aa-logprof / logparser.py for change_hat log events
(lp#1523297) and log events that look like file events, but aren't
(lp#1540562, lp#1525119, lp#1466812)
- write unix rules when saving a profile (lp#1522938, boo#954104#c3)
- several fixes for variable handling in aa-logprof
- map c (create) log events to w instead of a
- add python to the "no Px rule" list in logprof.conf
- let aa-logprof check for duplicate profiles
- let aa-status work without the apparmor.fail python module (boo#971917,
lp#1480492)
- add permissions in several profiles (including boo#948584, boo#948753,
boo#954959, boo#954958, boo#971790, boo#964971, boo#921098, boo#923201 and
boo#921098#c15).
- and many more fixes, see the full changelog at
http://wiki.apparmor.net/index.php/ReleaseNotes_2_10_1
- drop upstream(ed) patches:
- fix-initscript-aa_log_end_msg.diff
- syslog-ng-profile-boo948584.diff
- upstream-profile-updates-r3205-3241.diff
- refresh patches:
- apparmor-abstractions-no-multiline.diff
- apparmor-samba-include-permissions-for-shares.diff
- drop libapparmor autogen.sh call (broke the build) and remove libtool BR
* Wed Oct 07 2015 opensuse@cboltz.de
- add syslog-ng-profile-boo948584.diff - add several permissions needed
by latest syslog-ng (boo#948584, boo#948753)
- add upstream-profile-updates-r3205-3241.diff with several profile updates:
- add /usr/share/locale-bundle/** to abstractions/base
- allow dnsmask to use /bin/sh (boo#940749) and /bin/dash
- allow dovecot imap to read /run/dovecot/mounts
- allow avahi-daemon to write to /run/systemd/notify
- allow ntpd to read $PATH directory listings (boo#945592, boo#948752)
- update dhclient profile
- allow skype to read @{PROC}/@{pid}/net/dev (boo#939568)
- and some other small updates
- drop upstreamed apparmor-winbindd-r3213.diff (included in the
upstream-profile-updates patch)
* Sun Sep 13 2015 opensuse@cboltz.de
- netstat moved to net-tools-deprecated in Tumbleweed (boo#944904)
* Thu Jul 30 2015 opensuse@cboltz.de
- add apparmor-winbindd-r3213.diff - add missing k permissions for
/etc/samba/smbd.tmp/msg/* in winbindd profile (boo#921098 #c15..19)
* Thu Jul 23 2015 opensuse@cboltz.de
- add fix-initscript-aa_log_end_msg.diff - fixes ugly initscript
output (boo#862170)
* Thu Jul 16 2015 opensuse@cboltz.de
- update to AppArmor 2.10 (trunk r3205)
- profile names can now contain variables
- improved profile compile time in apparmor_parser
- lots of improvements, refactoring and bugfixes in the aa-* tools
- new apis for managing and loading profile caches into the kernel in
libapparmor
- lots of profile updates
- see http://wiki.apparmor.net/index.php/ReleaseNotes_2_10 for the
complete changelog with more details
- add new apparmor_private.h and the aa_query_label(2), aa_features(3),
aa_kernel_interface(3), aa_policy_cache(3), aa_splitcon(3) manpages
to libapparmor-devel
- drop apparmor-2.5.1-edirectory-profile patch - it's most probably
no longer needed (see boo#621394 for details)
- drop upstreamed samba-4.2-profiles.diff
- refresh apparmor-samba-include-permissions-for-shares.diff
* Mon Jun 15 2015 opensuse@cboltz.de
- systemd-rpm-macros and %systemd_requires were at the wrong place,
move them to the parser package (boo#931792)
* Fri Apr 24 2015 opensuse@cboltz.de
- update to AppArmor 2.9.2 (2.9 branch r2911)
- lots of bugfixes in the parser and the aa-* tools (including
boo#918787)
- update dovecot and dnsmasq profiles and several abstractions
(including boo#911001)
- see http://wiki.apparmor.net/index.php/ReleaseNotes_2_9_2 for the
full changelog
- remove upstream(ed) patches apparmor-changes-since-2.9.1.diff and
apparmor-fix-stl-ostream.diff
- replace GPG key with new AppArmor GPG signing key, see
https://launchpad.net/apparmor/+announcement/13404
* Fri Apr 17 2015 opensuse@cboltz.de
- make sure %service_del_postun doesn't call systemctl try-restart
(boo#853019, bare systemd edition)
- add samba-4.2-profiles.diff: update samba (winbindd and nmb)
profiles for samba 4.2 (boo#921098, boo#923201)
* Sun Apr 12 2015 opensuse@cboltz.de
- only install apparmor.service for openSUSE > 13.2
* Wed Apr 01 2015 crrodriguez@opensuse.org
- Add a native systemd unit which *at the moment* only
wraps/masks the early boot script.
* Tue Feb 24 2015 rguenther@suse.com
- add apparmor-fix-stl-ostream.diff which fixes odd uses of
std::ostream which are not valid. Fixes build with GCC 5
* Fri Feb 20 2015 opensuse@cboltz.de
- allow lessopen.sh to run /usr/bin/unzip-plain (boo#906858)
* Thu Feb 12 2015 opensuse@cboltz.de
- add Requires: python3 to python3-apparmor package - readline isn't
part of python3-base (boo#917577)
* Tue Jan 20 2015 opensuse@cboltz.de
- add apparmor-changes-since-2.9.1.diff with upstream fixes since the
2.9.1 release
- update logparser.py to support changed syslog format (lp#1399027)
- update usr.sbin.dovecot and usr.lib.dovecot.imap{, -login} profiles
(lp#1296667)
- update the mysqld profile
- fix network rule description in apparmor.d(5) manpage
- drop upstreamed dnsmasq-profile-fixes.patch
- update expired GPG key
* Thu Jan 01 2015 opensuse@cboltz.de
- update to AppArmor 2.9.1 (2.9 branch r2831)
- fix log parsing for 3.16 kernels and syslog-style logs (boo#905368)
- several fixes and performance improvements in the aa-* utils
- profile updates for dnsmasq (boo#907870), nscd (boo#904620#c14 and
bnc#908856), useradd, sendmail, man and passwd
- see http://wiki.apparmor.net/index.php/ReleaseNotes_2_9_1
for full release notes
- refresh dnsmasq-profile-fixes.patch
* Mon Dec 22 2014 cbosdonnat@suse.com
- Fix dnsmasq profile to allow executing bash to run the --dhcp-script
argument. Also fixed /usr/lib -> /usr/{lib,lib64} to get libvirt
leasehealper script to run even on x86_64.
dnsmasq-profile-fixes.patch. boo#911001
* Sun Dec 21 2014 opensuse@cboltz.de
- rename lessopen.sh profile file to usr.bin.lessopen.sh to match the
script filename
* Wed Dec 10 2014 meissner@suse.com
- add apparmor-lessopen-profile.patch: /usr/bin/lessopen.sh needs
confinement. bnc#906858
* Sun Nov 16 2014 opensuse@cboltz.de
- delete cache in apparmor-profiles %post (workaround for
bnc#904620#c8 / lp#1392042)
* Fri Nov 14 2014 dimstar@opensuse.org
- No longer perform gpg validation; osc source_validator does it
implicit:
+ Drop gpg-offline BuildRequires.
+ No longer execute gpg_verify.
* Sun Nov 09 2014 ledest@gmail.com
- fix bashism in post script
* Sat Oct 18 2014 opensuse@cboltz.de
- update to AppArmor 2.9.0 (r2759)
- change aa-mergeprof to the final commandline syntax
- lots of bugfixes in the aa-* tools (bnc#900163, lp#1328707 and several
bugs without a formal bugreport)
- small additions to gnome, freedesktop.org, ubuntu-browsers.d/java
and user-mail abstractions
- fix mod_apparmor to not break basic auth
- update perl modules to support signal, unix and ptrace rules (bnc#900013)
- don't warn about rules not supported by the kernel
- fix logging of "audit capability" (lp#1378091)
- add support for the "hat" keyword in apparmor.vim
- build html version of apparmor.vim manpage again (lp#1366572)
- see also http://wiki.apparmor.net/index.php/ReleaseNotes_2_9_0
- update apparmor-abstractions-no-multiline.diff
- remove upstreamed apparmor-profiles-ntpd-pid-location.diff
/lib64/security/pam_apparmor.so
Generated by rpm2html 1.8.1
Fabrice Bellet, Sat Aug 9 15:05:49 2025