Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

libapparmor1-3.0.4-150400.3.3 RPM for x86_64

From OpenSuSE Leap 15.4 for x86_64

Name: libapparmor1 Distribution: SUSE Linux Enterprise 15
Version: 3.0.4 Vendor: SUSE LLC <>
Release: 150400.3.3 Build date: Sat May 7 23:18:20 2022
Group: System/Libraries Build host: sheep13
Size: 81584 Source RPM: libapparmor-3.0.4-150400.3.3.src.rpm
Summary: Utility library for AppArmor
This package provides the libapparmor library, which contains the
change_hat(2) symbol, used for sub-process confinement by AppArmor, as
well as functions to parse AppArmor log messages.






* Fri Apr 29 2022
  - add php8-fpm-mr876.patch so that php8 php-fpm can read its config
  - parser: add conflict with apparmor-utils < 3.0 to avoid aa-status
    file conflict on upgrade (boo#1198958)
  - utils: add missing dependency on apparmor-parser (boo#1198958#c4)
* Wed Apr 27 2022
  - Enhance zgrep-profile-mr870.diff to also allow/support zstd
* Sat Apr 16 2022
  - update zgrep-profile-mr870.diff to allow executing 'expr' (boo#1198531)
* Wed Apr 13 2022
  - Add samba-new-dcerpcd.patch, samba-4.16 has a new dcerpcd daemon
    which now will spawn new additional services on demand. We need to
    modify the existing smbd/winbind profiles and additionally add a
    new set of profiles to cater for the new functionality;
* Mon Apr 11 2022
  - Add samba_deny_net_admin.patch to add new rule to deny
    noisy setsockopt calls from systemd; (bnc#1196850).
* Sun Apr 10 2022
  - add profile for zgrep and xzgrep to prevent CVE-2022-1271
* Tue Mar 29 2022
  - ensure precompiled cache files are newer than (text) profiles
  - reload profiles in %posttrans instead of %post to ensure both
    - profiles and -abstractons package are updated before the cache
    in /var/cache/apparmor/ gets built (boo#1195463 #c20)
* Thu Mar 24 2022
  - Add update-samba-bgqd.diff to add new rule to fix 'DENIED' open on
    /proc/{pid}/fd for samba-bgqd (bnc#1196850).
  - Add update-usr-sbin-smbd.diff to add new rule to allow reading of
    openssl.cnf (bnc#1195463).
* Thu Feb 10 2022
  - update to AppArmor 3.0.4
    - various fixes in profiles, abstractions, apparmor_parser and utils
      (some of them were already included as patches)
    - add support for mctp address family
    - see
      for the full upstream changelog
  - remove upstream(ed) patches:
    - aa-notify-more-arch-mr809.diff
    - ruby-3.1-build-fix.diff
    - add-samba-bgqd.diff
    - openssl-engdef-mr818.diff
    - profiles-python-3.10-mr783.diff
    - update-samba-abstractions-ldb2.diff
  - refresh patches:
    - apparmor-samba-include-permissions-for-shares.diff
    - ruby-2_0-mkmf-destdir.patch
* Wed Jan 26 2022
  - add ruby-3.1-build-fix.diff: fix build with ruby 3.1 (boo#1194221,
    MR 827)
* Mon Jan 17 2022
  - add update-samba-abstractions-ldb2.diff: Cater for changes to ldb
    packaging to allow parallel installation with libldb (bsc#1192684).
* Mon Dec 20 2021
  -  Modify add-samba-bgqd.diff: Add new rule to fix new "DENIED
    operation="file_mmap" violation in SLE15-SP4; (bsc#1192336).
* Sun Dec 19 2021
  - add openssl-engdef-mr818.diff: Allow reading /etc/ssl/engdef.d/ and
    /etc/ssl/engines.d/ in abstractions/openssl which were introduced
    with the latest openssl update
* Tue Nov 09 2021
  - add aa-notify-more-arch-mr809.diff: Add support for reading s390x
    and aarch64 wtmp files (boo#1181155)
* Fri Oct 15 2021
  - add add-samba-bgqd.diff: add profile for samba-bgqd (boo#1191532)
* Sat Sep 18 2021
  - profile: allow reading files that live on NFS over UDP
    (added to apparmor-lessopen-nfs-workaround.diff) (boo#1190552)
* Wed Aug 11 2021
  - add profiles-python-3.10-mr783.diff: update abstractions/python and
    profiles for python 3.10
* Sat Aug 07 2021
  - update to AppArmor 3.0.3
    - fix a failure in the parser tests
    - see
      for the detailed upstream changelog
* Fri Aug 06 2021
  - update to AppArmor 3.0.2
    - add missing permissions to several profiles and abstractions
      (including boo#1188296)
    - bugfixes in utils and parser (including boo#1180766 and boo#1184779)
    - see
      for the detailed upstream changelog
  - remove upstreamed patches:
    - apparmor-dovecot-stats-metrics.diff
    - abstractions-php8.diff
    - crypto-policies-mr720.diff
* Thu Jul 15 2021
  - added apparmor-dovecot-stats-metrics.diff to allow Prometheus metrics end-point
* Mon Jun 07 2021
  - move Requires: python3 back to the python3-apparmor subpackage -
    readline usage is in the python modules, not in apparmor-utils
* Tue May 25 2021
  - Remove python symbols (python means currently python2), work
    only with python3 ones (fallout from bsc#1185588).
* Fri May 21 2021
  - add abstractions-php8.diff to support PHP8 in abstractions/php (boo#1186267)
* Tue Apr 27 2021
  - add crypto-policies-mr720.diff to allow reading crypto policies
    in abstractions/ssl_certs (boo#1183597)
* Sat Mar 27 2021
  - replace %{?systemd_requires} with %{?systemd_ordering} to avoid dragging in
    systemd into containers just because apparmor-parser ships a *.service file
* Thu Feb 11 2021
  - merge libapparmor.changes into apparmor.changes
* Mon Feb 08 2021
  - avoid file listed twice error
* Tue Feb 02 2021
  - define %_pamdir for <= 15.x to fix the build on those releases
* Fri Jan 22 2021
  - add apache-extra-profile-include-if-exists.diff: make <apache2.d>
    include in apache extra profile optional to avoid problems with empty
    profile directory (boo#1178527)
* Wed Jan 13 2021
  - prepare usrmerge (boo#1029961)
    * use %_pamdir
* Wed Dec 02 2020
  - update to AppArmor 3.0.1
    - minor additions to profiles and abstractions
    - some bugfixes in libapparmor, apparmor_parser and the aa-* utils
    - see
      for the detailed upstream changelog
  - removed upstream(ed) patches:
    - changes-since-3.0.0.diff
    - extra-profiles-fix-Pux.diff
    - utils-fix-hotkey-conflict.diff
* Wed Dec 02 2020
  - Use apache provided variables for the module_directry:
    + Use %apache_libexecdir
    + Add apache-rpm-macros BuildRequires
* Sat Oct 31 2020
  - add utils-fix-hotkey-conflict.diff to fix a hotkey conflict in
    de, id and sv translations (and fix the test) (MR 675)
  - add extra-profiles-fix-Pux.diff to fix an inactive profile -
    prevents a crash in aa-logprof and aa-genprof when creating a new
    profile (MR 676)
* Sun Oct 25 2020
  - update to AppArmor 3.0.0
    - introduce feature abi declaration in profiles to enable use of
      new rule types (for openSUSE: dbus and unix rules)
    - support xattr attachment conditionals
    - experimental support for kill and unconfined profile modes
    - rewritten aa-status (in C), including support for new profile modes
    - rewritten aa-notify (in python), finally dropping the perl
      requirement at runtime
    - new tool aa-features-abi for extracting feature abis from the kernel
    - update profiles to have profile names and to use 3.0 feature abi
    - introduce @{etc_ro} and @{etc_rw} profile variables
    - new profile for php-fpm
    - several updates to profiles and abstractions (including boo#1166007)
    - fully support 'include if exists' in the aa-* tools
    - rewrite handling of alias, include, link and variable rules in
      the aa-* tools
    - rewrite and simplify log handling in the aa-logprof and aa-genprof
    - see
      for the detailed upstream changelog
  - patches:
    - add changes-since-3.0.0.diff with upstream fixes since the 3.0.0
      release up to 3e18c0785abc03ee42a022a67a27a085516a7921
    - drop upstreamed usr-etc-abstractions-base-nameservice.diff
    - drop 2.13-only libapparmor-so-number.diff
    - refresh apparmor-enable-profile-cache.diff - partially upstreamed
    - update apparmor-samba-include-permissions-for-shares.diff and
      apparmor-lessopen-profile.patch - switch to "include if exists"
    - apparmor-lessopen-profile.patch: add abi rule to lessopen profile
    - refresh apparmor-lessopen-nfs-workaround.diff
  - move away very loose apache profile that doesn't even match the
    apache2 binary path in openSUSE to avoid confusion (boo#872984)
  - move rewritten aa-status from utils to parser subpackage
  - add aa-features-abi to parser subpackage
  - replace perl and libnotify-tools requires with requiring
    python3-notify2 and python3-psutil (needed by the rewritten
  - drop ancient cleanup for /etc/init.d/subdomain from parser %pre
  - drop (never enabled) conditionals to build with python2 and to
    build the python-apparmor subpackage (upstream dropped python2
  - drop setting PYTHON and PYTHON_VERSIONS env variable, no longer needed
  - set PYFLAKES path for utils check
  - add precompiled_cache build conditional to allow faster local
    builds without using kvm
  - remove duplicated BuildRequires: swig
* Sat Oct 17 2020
  - update to AppArmor 2.13.5
    - add missing permissions to several profiles and abstractions
    - bugfixes in parser and tools
    - fix two potential build failures in libapparmor
    - see
      for the detailed upstream changelog
  - remove upstream(ed) patches
    - changes-since-2.13.4.diff
    - abstractions-X-xauth-mr582.diff
    - sevdb-caps-mr589.diff
    - libvirt-leaseshelper.patch
    - cap_checkpoint_restore.diff
  - add libapparmor-so-number.diff to fix libapparmor so version (!658)
* Wed Oct 14 2020
  - add CAP_CHECKPOINT_RESTORE to severity.db (MR 656,
* Thu Oct 08 2020
  - %service_del_postun_without_restart only works for Tumbleweed,
    keep using DISABLE_RESTART_ON_UPDATE for Leap 15.x
* Fri Sep 11 2020
  - Make use of %service_del_postun_without_restart
    And stop using DISABLE_RESTART_ON_UPDATE as this interface is
* Thu Sep 03 2020
  - libvirt-leaseshelper.patch: add /usr/libexec as a path to the
    libvirt leaseshelper script (jsc#SLE-14253)
* Fri Aug 07 2020
  - sevdb-caps-mr589.diff: add new capabilities CAP_BPF and CAP_PERFMON
    to severity.db (lp#1890547)
* Mon Jul 20 2020
  - add abstractions-X-xauth-mr582.diff to allow reading the xauth file
    from its new sddm location (boo#1174290, boo#1174293)
* Thu May 21 2020
  - add changes-since-2.13.4.diff with upstream changes and fixes
    since 2.13.4 up to 5f61bd4c:
    - add several abstractions related to xdg-open:
      dbus-network-manager-strict, exo-open, gio-open, gvfs-open,
      kde-open5, xdg-open
    - introduce @{run} variable
    - update dnsmasq and winbindd profile
    - update mdns, mesa and nameservice abstraction
    - some bugfixes in the aa-* tools, including a remote bugfix in the
      YaST AppArmor module (boo#1171315)
  - drop upstream(ed) patches (now part of changes-since-2.13.4.diff):
    - make-4.3-capabilities.diff
    - make-4.3-capabilities-vim.diff
    - make-4.3-fix-utils-network-test.diff
    - make-4.3-network.diff
    - abstractions-add-etc-mdns.allow-to-etc-apparmor.d-abstractions-mdns.patch
  - apply usr-etc-abstractions-base-nameservice.diff only for
    Tumbleweed, but not for Leap 15.x where it's not needed
  - refresh usr-etc-abstractions-base-nameservice.diff
* Thu Apr 09 2020
  - Add abstractions-add-etc-mdns.allow-to-etc-apparmor.d-abstractions-mdns.patch
* Sat Mar 28 2020
  - fix build with make 4.3 by backporting some commits from upstream
    master (boo#1167953):
    - make-4.3-capabilities.diff
    - make-4.3-capabilities-vim.diff
    - make-4.3-network.diff
    - make-4.3-fix-utils-network-test.diff
* Thu Mar 12 2020
  - update to AppArmor 2.13.4
    - several abstraction updates (including boo#1153162)
    - disallow writing to fontconfig cache in abstractions/fonts
    - some bugfixes in the aa-* tools
    - fix log parsing for logs with an embedded newline
    - see
      for the detailed upstream changelog
  - drop upstreamed patches:
    - abstractions-ssl-certbot-paths.diff
    - apparmor-krb5-conf-d.diff
    - libapparmor-python3.8.diff
    - usr-etc-abstractions-authentification.diff
  - refresh usr-etc-abstractions-base-nameservice.diff
* Sat Jan 25 2020
  - add usr-etc-abstractions-base-nameservice.diff to adjust
    abstractions/base and nameservice for /usr/etc/ (boo#1161756)
* Mon Nov 18 2019
  - Properly pull in full python3 interpreter
* Sat Nov 02 2019
  - add libapparmor-python3.8.diff to fix building the libapparmor python
    bindings (deb#943657)
* Mon Oct 07 2019
  - add usr-etc-abstractions-authentification.diff to allow reading
    /usr/etc/pam.d/* and some other authentification-related files (boo#1153162)
* Sat Sep 28 2019
  - add abstractions-ssl-certbot-paths.diff - add certbot paths to
    abstractions/ssl_certs and abstractions/ssl_keys
* Fri Sep 27 2019
  - add apparmor-krb5-conf-d.diff for kerberos client
* Tue Jun 18 2019
  - update to 2.13.3
    - profile updates for dnsmasq, dovecot, identd, syslog-ng
    - new "lsb_release" profile (only used when using "Px -> lsb_release")
    - fix buggy syntax in tunables/share
    - several abstraction updates
    - parser: fix "Px -> foo-bar" (the "-" was rejected before)
    - several bugfixes in aa-genprof and aa-logprof
    - some fixes in cache handling
    - see
      for the detailed upstream changelog
  - drop upstream(ed) patches:
    - apparmor-nameservice-resolv-conf-link.patch
    - profile_filename_cornercase.diff
    - dnsmasq-libvirtd.diff
    - dnsmasq-revert-alternation.diff
    - usrmerge-fixes.diff
    - libapparmor-swig-4.diff
  - re-number remaining patches
* Wed Jun 05 2019
  - add upstream libapparmor-swig-4.diff: fix libapparmor tests with swig
    4.0 (boo#1135751)
* Tue Apr 23 2019
  - Disable LTO (boo#1133091).
* Sun Apr 14 2019
  - update profile for usrMerge (bash and tar) (boo#1132350)
* Thu Mar 07 2019
  - add usrmerge-fixes.diff: fix test failures when /bin/sh is handled by
    update-alternatives (boo#1127877)
* Wed Feb 27 2019
  - add dnsmasq-revert-alternation.diff: revert path alternation in
    dnsmasq profile and re-add peer=/usr/sbin/libvirtd rules to avoid
    breaking libvirtd (boo#1127073)
* Thu Jan 24 2019
  - add dnsmasq-libvirtd.diff: allow peer=libvirtd in the dnsmasq profile
    to match the newly added libvirtd profile name (boo#1118952#c3)
* Mon Jan 14 2019
  - Use %license instead of %doc [bsc#1082318]
* Sun Jan 06 2019
  - add apparmor-lessopen-nfs-workaround.diff: allow network access in for reading files on NFS (workaround for boo#1119937 /
* Wed Jan 02 2019
  - add profile_filename_cornercase.diff: drop check that lets aa-logprof
    error out in a corner-case (log event for a non-existing profile while
    a profile file with the default filename for that non-existing profile
    exists) (boo#1120472)
* Fri Dec 21 2018
  - netconfig: write resolv.conf to /run with link to /etc (fate#325872,
    boo#1097370) [patch apparmor-nameservice-resolv-conf-link.patch]
* Fri Dec 21 2018
  - update to AppArmor 2.13.2
    - add profile names to most profiles
    - update dnsmasq profile (pid file and logfile path) (boo#1111342)
    - add vulkan abstraction
    - add letsencrypt certificate path to abstractions/ssl_*
    - ignore *.orig and *.rej files when loading profiles
    - fix aa-complain etc. to handle named profiles
    - several bugfixes and small profile improvements
    - see
      for the detailed upstream changelog
  - remove upstreamed fix-syntax-error-in-rc.apparmor.functions.patch
* Sun Oct 14 2018
  - update to 2.13.1
    - add qt5 and qt5-compose-cache-write abstractions
    - add @{uid} and @{uids} kernel var placeholders
    - several profile and abstraction updates
    - ignore "abi" rules in parser and tools (instead of erroring out)
    - utils: fix overwriting of child profile flags if they differ from
      the main profile
    - several bugfixes (including boo#1100779)
    - see
      for the detailed upstream changelog
  - remove upstream(ed) patches:
    - aa-teardown-path.diff
    - fix-apparmor-systemd-perms.diff
    - logprof-skip-cache-d.diff
    - fix-samba-profiles.patch
    - make-pyflakes-happy.diff
    - dnsmasq-Add-permission-to-open-log-files.patch
  - refresh apparmor-samba-include-permissions-for-shares.diff
  - add fix-syntax-error-in-rc.apparmor.functions.patch
* Wed Oct 10 2018
  - update rpmlintrc:
    - whitelist .features file which is part of the pre-compiled cache
    - comment out filters for the disabled tomcat_apparmor subpackage
* Wed Oct 10 2018
  - Backport dnsmasq fix:
    025c7dc6 - dnsmasq-Add-permission-to-open-log-files.patch
* Wed Aug 22 2018
  - add make-pyflakes-happy.diff to fix an unused variable (SR 629206)
* Tue May 08 2018
  - add fix-samba-profiles.patch - smbd loads new shared libraries.
    Allow winbindd to access new kerberos credential cache location
* Sun Apr 29 2018
  - exclude the /etc/apparmor.d/cache.d/ directory from aa-logprof parsing
* Mon Apr 23 2018
  - add fix-apparmor-systemd-perms.diff - fix permissions of
    /lib/apparmor/apparmor.systemd (boo#1090545)
* Thu Apr 19 2018
  - create and package precompiled cache (/usr/share/apparmor/cache,
    read-only) (boo#1069906, boo#1074429)
  - change (writeable) cache directory to /var/cache/apparmor/ - with the
    new btrfs layout, the only reason for using /var/lib/apparmor/cache/
    (which was "it's part of the / subvolume") is gone, and /var/cache
    makes more sense for the cache
  - adjust parser.conf (via apparmor-enable-profile-cache.diff) to use both
    cache locations
  - clear cache also in %post of abstractions package
* Thu Apr 19 2018
  - update to AppArmor 2.13
    - add support for multiple cache directories and cache overlays
      (boo#1069906, boo#1074429)
    - add support for conditional includes in policy
    - remove group restrictions from aa-notify (boo#1058787)
    - aa-complain etc.: set flags for profiles represented by a glob
    - aa-status: split profile from exec name
    - several profile and abstraction updates
    - see
      for the detailed upstream changelog
  - drop upstreamed patches and files:
    - aa-teardown
    - apparmor.service
    - apparmor.systemd
    - 32-bit-no-uid.diff
    - disable-cache-on-ro-fs.diff
    - dovecot-stats.diff
    - parser-write-cache-warn-only.diff
    - set-flags-for-profiles-represented-by-glob.patch
    - fix-regression-in-set-flags.patch
  - drop spec code that handled installing aa-teardown, apparmor.service
    and apparmor.systemd (now part of upstream Makefile)
  - simplify "make -C profiles parser-check" call (upstream Makefile bug
    that required to call "cd" was fixed)
  - add aa-teardown-path.diff - install aa-teardown in /usr/sbin/
  - move 'exec' symlink to parser package (belongs to aa-exec)
* Thu Apr 19 2018
  - Set flags for profiles represented by glob (bsc#1086154)
* Wed Apr 11 2018
  - add dovecot-stats.diff:
    - add dovecot/stats profile and allow dovecot to run it (boo#1088161)
    - allow dovecot/auth to write /run/dovecot/old-stats-user (part of boo#1087753)
  - update 32-bit-no-uid.diff with upstream fix
* Fri Mar 02 2018
  - Change of path of rpm in (boo#1082956)
* Thu Jan 11 2018
  - add disable-cache-on-ro-fs.diff - disable write cache if filesystem is
    read-only and don't bail out (bsc#1069906, bsc#1074429)
* Thu Jan 04 2018
  - add parser-write-cache-warn-only.diff to make cache write failures a
    warning instead of an error (boo#1069906, boo#1074429)
  - reduce dependeny on libnotify-tools (used by aa-notify -p) to "Suggests"
    to avoid pulling in several Gnome packages on servers (boo#1067477)
* Mon Dec 25 2017
  - update to AppArmor 2.12
    - add support for 'owner' rules in aa-logprof and aa-genprof
    - add support for includes with absolute path in aa-logprof etc. (lp#1733700)
    - update aa-decode to also decode PROCTITLE (lp#1736841)
    - several profile and abstraction updates, including boo#1069470
    - preserve errno across aa_*_unref() functions
    - see
      for the detailed upstream changelog
  - drop upstreamed patches:
    - read_inactive_profile-exactly-once.patch
    - utils-fix-sorted-save_profiles-regression.diff
  - lessopen profile: change all 'rix' rules to 'mrix'
  - add 32-bit-no-uid.diff to fix handling of log events without ouid on
    32 bit systems
  - no longer package static libapparmor.a
* Thu Nov 30 2017
  - update to AppArmor 2.11.95 aka 2.12 beta1
    - add JSON interface to aa-logprof and aa-genprof (used by YaST)
    - drop old YaST interface code
    - update audio, base and nameservice abstractions
    - allow @{pid} to match 7-digit pids
    - see
      for the detailed upstream changelog
  - drop upstreamed patches
    - apparmor-yast-cleanup.patch
    - apparmor-json-support.patch
    - nameservice-libtirpc.diff
  - drop obsolete perl modules (YaST no longer needs them)
  - drop patches that were only needed by the obsolete perl modules:
    - apparmor-utils-string-split
    - apparmor-abstractions-no-multiline.diff
  - drop profiles-sockets-temporary-fix.patch - obsoleted by a fix in
  - refresh utils-fix-sorted-save_profiles-regression.diff
  - add aa-teardown (new script to unload all profiles)
  - make ExecStop in apparmor.service a no-op (workaround for a systemd
    restriction, see boo#996520 and boo#853019 for details)
  - lessopen profile: allow capability dac_read_search and dac_override,
    allow groff to execute several helpers (boo#1065388)
* Wed Nov 29 2017
  - read_inactive_profile-exactly-once.patch (bsc#1069346)
    Perform reading of inactive profiles exactly once.
* Wed Oct 25 2017
  - update to AppArmor 2.11.1
    - add permissions to several profiles and abstractions (including
      lp#1650827 and boo#1057900)
    - several fixes in the aa-* tools (including lp#1689667, lp#1628286,
      lp#1661766 and boo#1062667)
    - fix downgrading/converting of 'unix' rules (will be supported in
      kernel 4.15) to 'network unix' rules in apparmor_parser (boo#1061195)
    - see for
      upstream changelog
  - remove upstream(ed) patches
    - upstream-changes-r3616..3628.diff
    - upstream-changes-r3629..3648.diff
    - parser-tests-dbus-duplicated-conditionals.diff
    - apparmor-fix-podsyntax.patch
    - sshd-profile-drop-local-include-r3615.diff
  - refresh apparmor-yast-cleanup.patch
  - add utils-fix-sorted-save_profiles-regression.diff to fix a regression
    in displaying the "changed profiles" list in aa-logprof
* Tue Oct 17 2017
  - add nameservice-libtirpc.diff to fix NIS/YP logins (boo#1062244)
* Tue Oct 03 2017
  - profiles-sockets-temporary-fix.patch to cater to nameservices with the
    new sockets mediation, until unix rules are upstreamed (boo#1061195)
* Sun Sep 24 2017
  - add apparmor-fix-podsyntax.patch from mailing list to fix
    compilation with perl 5.26
* Fri Aug 11 2017
  - do not require exact X.Y version of "python3"
  - require also matching python(abi) which is arguably more important
* Fri Jul 14 2017
  - don't rely on implementation details for reload in %post
* Wed Jul 12 2017
  - add JSON support. Required for FATE#323380.
    (apparmor-yast-cleanup.patch, apparmor-json-support.patch)
* Sat Mar 25 2017
  - add upstream-changes-r3629..3648.diff:
    - preserve unknown profiles when reloading apparmor.service
      (CVE-2017-6507, lp#1668892, boo#1029696)
    - add aa-remove-unknown utility to unload unknown profiles (lp#1668892)
    - update nvidia abstraction for newer nvidia drivers
    - don't enforce ordering of dbus rule attributes in utils (lp#1628286)
    - add --parser, --base and --Include option to aa-easyprof to allow
      non-standard paths (useful for tests) (lp#1521031)
    - move initialization code in apparmor.aa to init_aa(). This allows to
      run all utils tests even if /etc/apparmor.d/ or /sbin/apparmor_parser
      don't exist.
    - several improvements in the utils tests
  - drop upstreamed python3-drop-re-locale.patch
  - no longer delete/skip some of the utils tests (to allow this, add
  - add var.mount dependeny to apparmor.service (boo#1016259#c34)
* Thu Mar 16 2017
  - Cleanup spec file:
    - don't use insserv if we afterwards call systemd, this can
      have bad side effects
    - remove dead code
    - remove now obsolete 'distro' checks
  - Replace init.d script with new wrapper working with systemd
* Thu Feb 16 2017
  - add python3-drop-re-locale.patch: remove deprecated re.LOCALE
    flag in Python UI as it was dropped from Python 3.6 (lp#1661766)
* Sat Feb 11 2017
  - Fix RPM groups
* Mon Jan 30 2017
  - add upstream-changes-r3616..3628.diff:
    - update abstractions/base, abstractions/apache2-common and dovecot profiles
    - merge ask_the_questions() of aa-logprof and aa-mergeprof
    - pass LDFLAGS when building parser, libapparmor perl bindings and pam_apparmor
  - adjust deleting the cache in profiles %post to the new cache location
  - silence errors when deleting the cache (boo#976914)
* Sat Jan 28 2017
  - split libapparmor into separate spec to get rid of build loop
    involving mariadb, systemd, apparmor, libapr and mariadb again
    (see the discussion in SR 448871 for details)
  - libapparmor.spec is based on the AppArmor 2.11 apparmor.spec, but
    with minimum BuildRequires
* Fri Jan 27 2017
  - update to AppArmor 2.11.0
    - apparmor_parser now supports parallel compiles and loads
    - add full support for dbus, ptrace and signal rules and events to the
    - full rewrite of the file rule handling in the utils
    - lots of improvements and fixes
    - see for the
      detailed changelog
  - patches:
    - add sshd-profile-drop-local-include-r3615.diff to fix 'make check'
    - drop aa-unconfined-fix-netstat-call-2.10r3380.diff, no longer needed
    - refresh apparmor-abstractions-no-multiline.diff
    - refresh apparmor-samba-include-permissions-for-shares.diff
  - spec changes:
    - aa-unconfined switched to using ss (from iproute2), adjust Recommends:
    - move libapparmor to /usr/lib*/
    - drop %if %suse_version checks for 12.x
    - change several Obsoletes from %version to < 2.9. Those package names
      weren't used since years, and 2.9 is still a careful choice
    - include apparmor.service independent of %suse_version
    - techdoc.pdf is now shipped in upstream tarball to reduce BuildRequires
    - drop latex2html, texlive-* and w3m BuildRequires
    - techdoc.txt and techdoc.html not included, drop them from the package
    - run most of utils/ make check (some tests expect /etc/apparmor.d/ and
      /sbin/apparmor_parser to exist, skip them)
    - BuildRequires python3-pyflakes (utils tests) and dejagnu (libapparmor tests)
    - drop sed'ing python3 into aa-* shebang (upstreamed)
    - build binutils
    - aa-exec is now written in C and lives in /usr/bin/, move it to the
      apparmor_parser package and create a compability symlink in /usr/sbin/
    - aa-exec manpage moved to section 1
    - aa-enabled is a small new tool to find out if AppArmor is enabled
    - package new aa_stack_profile(2) manpage
* Tue Jan 24 2017
  - change /etc/apparmor.d/cache symlink to /var/lib/apparmor/cache/.
    This is part of the root partition (at least with default partitioning)
    and should be available earlier than /var/cache/apparmor/
    (boo#1015249, boo#980081, bsc#1016259)
  - add dependency on var-lib.mount to apparmor.service as safety net
* Tue Jan 10 2017
  - update to AppArmor 2.10.2 maintenance release
    - lots of bugfixes and profile updates (including boo#1000201,
      boo#1009964, boo#1014463)
    - see for details
  - add aa-unconfined-fix-netstat-call-2.10r3380.diff to fix a regression
    in aa-unconfined
  - drop upstream(ed) patches:
    - changes-since-2.10.1--r3326..3346.diff
    - changes-since-2.10.1--r3347..3353.diff
    - libapparmor-fix-import-path.diff (upstream fix is slightly different)
    - nscd-var-lib.diff
  - refresh apparmor-abstractions-no-multiline.diff
* Sun Oct 23 2016
  - add nscd-var-lib.diff to allow /var/lib/nscd/ in the nscd profile and
    abstractions/nameservice (path changed in latest nscd in Tumbleweed)
* Thu Oct 13 2016
  - add changes-since-2.10.1--r3347..3353.diff with upstream changes and
    fixes in the 2.10 branch, including
    - allow writing *.qf files (for disk-based buffering) in syslog-ng profile
    - add several permissions to the dovecot profiles (deb#835826)
    - add a missing path in the traceroute profile
* Fri Aug 26 2016
  - add changes-since-2.10.1--r3326..3346.diff with upstream changes and
    fixes since the 2.10.1 release, including
    - allow dac_override in winbindd profile (boo#990006#c5)
    - allow mr for /usr/lib*/ldb/*.so in samba abstractions (needed since
      Samba 4.4.x, boo#990006)
    - abstractions/nameservice: also support ConnMan-managed resolv.conf
    - let aa-genprof ask about profiles in extra dir (again)
    - fix aa-logprof "add hat" endless loop (lp#1538306)
    - honor 'chown' file events in
    - ignore log file events with a request mask of 'send' or 'receive'
      because they are actually network events (lp#1577051, lp#1582374)
    - accept hostname with dots when parsing logs (lp#1453300 comments #1 and #2)
  - fix python LibAppArmor import failures with swig > 3.0.8 (boo#987607)
  - refresh apparmor-abstractions-no-multiline.diff
  - drop upstreamed profiles-ping-inet6-r3449.diff
  - add %check section - runs libapparmor (including swig bindings),
    parser and profiles tests
  - add BuildRequires: perl(Locale::gettext) - needed for parser tests
* Tue May 24 2016
  - add profiles-ping-inet6-r3449.diff - latest ping also does IPv6 (boo#980596)
* Fri Apr 22 2016
  - update to AppArmor 2.10.1 (2.10 branch r3326):
    - fix incorrect output of child profile names (apparmor_parser -N) which
      caused 'rcapparmor reload' to remove child profiles and hats (lp#1551950)
    - fix a crash in aa-logprof / for change_hat log events
      (lp#1523297) and log events that look like file events, but aren't
      (lp#1540562, lp#1525119, lp#1466812)
    - write unix rules when saving a profile (lp#1522938, boo#954104#c3)
    - several fixes for variable handling in aa-logprof
    - map c (create) log events to w instead of a
    - add python to the "no Px rule" list in logprof.conf
    - let aa-logprof check for duplicate profiles
    - let aa-status work without the python module (boo#971917,
    - add permissions in several profiles (including boo#948584, boo#948753,
      boo#954959, boo#954958, boo#971790, boo#964971, boo#921098, boo#923201 and
    - and many more fixes, see the full changelog at
  - drop upstream(ed) patches:
    - fix-initscript-aa_log_end_msg.diff
    - syslog-ng-profile-boo948584.diff
    - upstream-profile-updates-r3205-3241.diff
  - refresh patches:
    - apparmor-abstractions-no-multiline.diff
    - apparmor-samba-include-permissions-for-shares.diff
  - drop libapparmor call (broke the build) and remove libtool BR
* Wed Oct 07 2015
  - add syslog-ng-profile-boo948584.diff - add several permissions needed
    by latest syslog-ng (boo#948584, boo#948753)
  - add upstream-profile-updates-r3205-3241.diff with several profile updates:
    - add /usr/share/locale-bundle/** to abstractions/base
    - allow dnsmask to use /bin/sh (boo#940749) and /bin/dash
    - allow dovecot imap to read /run/dovecot/mounts
    - allow avahi-daemon to write to /run/systemd/notify
    - allow ntpd to read $PATH directory listings (boo#945592, boo#948752)
    - update dhclient profile
    - allow skype to read @{PROC}/@{pid}/net/dev (boo#939568)
    - and some other small updates
  - drop upstreamed apparmor-winbindd-r3213.diff (included in the
    upstream-profile-updates patch)
* Sun Sep 13 2015
  - netstat moved to net-tools-deprecated in Tumbleweed (boo#944904)
* Thu Jul 30 2015
  - add apparmor-winbindd-r3213.diff - add missing k permissions for
    /etc/samba/smbd.tmp/msg/* in winbindd profile (boo#921098 #c15..19)
* Thu Jul 23 2015
  - add fix-initscript-aa_log_end_msg.diff - fixes ugly initscript
    output (boo#862170)
* Thu Jul 16 2015
  - update to AppArmor 2.10 (trunk r3205)
    - profile names can now contain variables
    - improved profile compile time in apparmor_parser
    - lots of improvements, refactoring and bugfixes in the aa-* tools
    - new apis for managing and loading profile caches into the kernel in
    - lots of profile updates
    - see for the
      complete changelog with more details
  - add new apparmor_private.h and the aa_query_label(2), aa_features(3),
    aa_kernel_interface(3), aa_policy_cache(3), aa_splitcon(3) manpages
    to libapparmor-devel
  - drop apparmor-2.5.1-edirectory-profile patch - it's most probably
    no longer needed (see boo#621394 for details)
  - drop upstreamed samba-4.2-profiles.diff
  - refresh apparmor-samba-include-permissions-for-shares.diff
* Mon Jun 15 2015
  - systemd-rpm-macros and %systemd_requires were at the wrong place,
    move them to the parser package (boo#931792)
* Fri Apr 24 2015
  - update to AppArmor 2.9.2 (2.9 branch r2911)
    - lots of bugfixes in the parser and the aa-* tools (including
    - update dovecot and dnsmasq profiles and several abstractions
      (including boo#911001)
    - see for the
      full changelog
  - remove upstream(ed) patches apparmor-changes-since-2.9.1.diff and
  - replace GPG key with new AppArmor GPG signing key, see
* Fri Apr 17 2015
  - make sure %service_del_postun doesn't call systemctl try-restart
    (boo#853019, bare systemd edition)
  - add samba-4.2-profiles.diff: update samba (winbindd and nmb)
    profiles for samba 4.2 (boo#921098, boo#923201)
* Sun Apr 12 2015
  - only install apparmor.service for openSUSE > 13.2
* Wed Apr 01 2015
  - Add a native systemd unit which *at the moment* only
    wraps/masks the early boot script.
* Tue Feb 24 2015
  - add apparmor-fix-stl-ostream.diff which fixes odd uses of
    std::ostream which are not valid.  Fixes build with GCC 5
* Fri Feb 20 2015
  - allow to run /usr/bin/unzip-plain (boo#906858)
* Thu Feb 12 2015
  - add Requires: python3 to python3-apparmor package - readline isn't
    part of python3-base (boo#917577)
* Tue Jan 20 2015
  - add apparmor-changes-since-2.9.1.diff with upstream fixes since the
    2.9.1 release
    - update to support changed syslog format (lp#1399027)
    - update usr.sbin.dovecot and usr.lib.dovecot.imap{, -login} profiles
    - update the mysqld profile
    - fix network rule description in apparmor.d(5) manpage
  - drop upstreamed dnsmasq-profile-fixes.patch
  - update expired GPG key
* Thu Jan 01 2015
  - update to AppArmor 2.9.1 (2.9 branch r2831)
    - fix log parsing for 3.16 kernels and syslog-style logs (boo#905368)
    - several fixes and performance improvements in the aa-* utils
    - profile updates for dnsmasq (boo#907870), nscd (boo#904620#c14 and
      bnc#908856), useradd, sendmail, man and passwd
    - see
      for full release notes
  - refresh dnsmasq-profile-fixes.patch
* Mon Dec 22 2014
  - Fix dnsmasq profile to allow executing bash to run the --dhcp-script
    argument. Also fixed /usr/lib -> /usr/{lib,lib64} to get libvirt
    leasehealper script to run even on x86_64.
    dnsmasq-profile-fixes.patch. boo#911001
* Sun Dec 21 2014
  - rename profile file to to match the
    script filename
* Wed Dec 10 2014
  - add apparmor-lessopen-profile.patch: /usr/bin/ needs
    confinement. bnc#906858
* Sun Nov 16 2014
  - delete cache in apparmor-profiles %post (workaround for
    bnc#904620#c8 / lp#1392042)
* Fri Nov 14 2014
  - No longer perform gpg validation; osc source_validator does it
    + Drop gpg-offline BuildRequires.
    + No longer execute gpg_verify.
* Sun Nov 09 2014
  - fix bashism in post script
* Sat Oct 18 2014
  - update to AppArmor 2.9.0 (r2759)
    - change aa-mergeprof to the final commandline syntax
    - lots of bugfixes in the aa-* tools (bnc#900163, lp#1328707 and several
      bugs without a formal bugreport)
    - small additions to gnome,, ubuntu-browsers.d/java
      and user-mail abstractions
    - fix mod_apparmor to not break basic auth
    - update perl modules to support signal, unix and ptrace rules (bnc#900013)
    - don't warn about rules not supported by the kernel
    - fix logging of "audit capability" (lp#1378091)
    - add support for the "hat" keyword in apparmor.vim
    - build html version of apparmor.vim manpage again (lp#1366572)
    - see also
  - update apparmor-abstractions-no-multiline.diff
  - remove upstreamed apparmor-profiles-ntpd-pid-location.diff



Generated by rpm2html 1.8.1

Fabrice Bellet, Sun Jun 9 15:51:30 2024