Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

apparmor-profiles-2.13.4-lp152.2.3.1 RPM for noarch

From OpenSuSE Leap 15.2 updates for noarch

Name: apparmor-profiles Distribution: openSUSE Leap 15.2
Version: 2.13.4 Vendor: openSUSE
Release: lp152.2.3.1 Build date: Thu Jul 23 19:03:13 2020
Group: Productivity/Security Build host: lamb03
Size: 1446618 Source RPM: apparmor-2.13.4-lp152.2.3.1.src.rpm
Summary: AppArmor profiles that are loaded into the apparmor kernel module
Base profiles. AppArmor is a file and network mandatory access control
mechanism. AppArmor confines processes to the resources allowed by the
systems administrator and can constrain the scope of potential security

This package is part of a suite of tools that used to be named




GPL-2.0-only AND LGPL-2.1-or-later


* Tue Jun 09 2020 Goldwyn Rodrigues <>
  - Add UI_Showfile so Yast may show the file correctly (bsc#1172040)
    - Split-out-UI_ShowFile-from-UI_Changes.patch
    - Fix-showing-the-local-inactive-profile-in-json-mode.patch
* Thu Apr 09 2020 Goldwyn Rodrigues <>
  - Add abstractions-add-etc-mdns.allow-to-etc-apparmor.d-abstractions-mdns.patch
* Sat Mar 28 2020 Christian Boltz <>
  - fix build with make 4.3 by backporting some commits from upstream
    master (boo#1167953):
    - make-4.3-capabilities.diff
    - make-4.3-capabilities-vim.diff
    - make-4.3-network.diff
    - make-4.3-fix-utils-network-test.diff
* Thu Mar 12 2020 Christian Boltz <>
  - update to AppArmor 2.13.4
    - several abstraction updates (including boo#1153162)
    - disallow writing to fontconfig cache in abstractions/fonts
    - some bugfixes in the aa-* tools
    - see
      for the detailed upstream changelog
  - drop upstreamed patches:
    - abstractions-ssl-certbot-paths.diff
    - apparmor-krb5-conf-d.diff
    - libapparmor-python3.8.diff
    - usr-etc-abstractions-authentification.diff
  - refresh usr-etc-abstractions-base-nameservice.diff
* Sat Jan 25 2020 Christian Boltz <>
  - add usr-etc-abstractions-base-nameservice.diff to adjust
    abstractions/base and nameservice for /usr/etc/ (boo#1161756)
* Mon Nov 18 2019 Tomáš Chvátal <>
  - Properly pull in full python3 interpreter
* Sat Nov 02 2019 Christian Boltz <>
  - add libapparmor-python3.8.diff to fix building the libapparmor python
    bindings (deb#943657)
* Mon Oct 07 2019 Christian Boltz <>
  - add usr-etc-abstractions-authentification.diff to allow reading
    /usr/etc/pam.d/* and some other authentification-related files (boo#1153162)
* Sat Sep 28 2019 Christian Boltz <>
  - add abstractions-ssl-certbot-paths.diff - add certbot paths to
    abstractions/ssl_certs and abstractions/ssl_keys
* Fri Sep 27 2019 Luiz Angelo Daros de Luca <>
  - add apparmor-krb5-conf-d.diff for kerberos client
* Tue Jun 18 2019 Christian Boltz <>
  - update to 2.13.3
    - profile updates for dnsmasq, dovecot, identd, syslog-ng
    - new "lsb_release" profile (only used when using "Px -> lsb_release")
    - fix buggy syntax in tunables/share
    - several abstraction updates
    - parser: fix "Px -> foo-bar" (the "-" was rejected before)
    - several bugfixes in aa-genprof and aa-logprof
    - see
      for the detailed upstream changelog
  - drop upstream(ed) patches:
    - apparmor-nameservice-resolv-conf-link.patch
    - profile_filename_cornercase.diff
    - dnsmasq-libvirtd.diff
    - dnsmasq-revert-alternation.diff
    - usrmerge-fixes.diff
    - libapparmor-swig-4.diff
  - re-number remaining patches
* Wed Jun 05 2019 Christian Boltz <>
  - add upstream libapparmor-swig-4.diff: fix libapparmor tests with swig
    4.0 (boo#1135751)
* Tue Apr 23 2019 Martin Liška <>
  - Disable LTO (boo#1133091).
* Sun Apr 14 2019 Christian Boltz <>
  - update profile for usrMerge (bash and tar) (boo#1132350)
* Thu Mar 07 2019 Christian Boltz <>
  - add usrmerge-fixes.diff: fix test failures when /bin/sh is handled by
    update-alternatives (boo#1127877)
* Wed Feb 27 2019 Christian Boltz <>
  - add dnsmasq-revert-alternation.diff: revert path alternation in
    dnsmasq profile and re-add peer=/usr/sbin/libvirtd rules to avoid
    breaking libvirtd (boo#1127073)
* Thu Jan 24 2019 Christian Boltz <>
  - add dnsmasq-libvirtd.diff: allow peer=libvirtd in the dnsmasq profile
    to match the newly added libvirtd profile name (boo#1118952#c3)
* Mon Jan 14 2019
  - Use %license instead of %doc [bsc#1082318]
* Sun Jan 06 2019 Christian Boltz <>
  - add apparmor-lessopen-nfs-workaround.diff: allow network access in for reading files on NFS (workaround for boo#1119937 /
* Wed Jan 02 2019 Christian Boltz <>
  - add profile_filename_cornercase.diff: drop check that lets aa-logprof
    error out in a corner-case (log event for a non-existing profile while
    a profile file with the default filename for that non-existing profile
    exists) (boo#1120472)
* Fri Dec 21 2018
  - netconfig: write resolv.conf to /run with link to /etc (fate#325872,
    boo#1097370) [patch apparmor-nameservice-resolv-conf-link.patch]
* Fri Dec 21 2018 Christian Boltz <>
  - update to AppArmor 2.13.2
    - add profile names to most profiles
    - update dnsmasq profile (pid file and logfile path) (boo#1111342)
    - add vulkan abstraction
    - add letsencrypt certificate path to abstractions/ssl_*
    - ignore *.orig and *.rej files when loading profiles
    - fix aa-complain etc. to handle named profiles
    - several bugfixes and small profile improvements
    - see
      for the detailed upstream changelog
  - remove upstreamed fix-syntax-error-in-rc.apparmor.functions.patch
* Sun Oct 14 2018 Christian Boltz <>
  - update to 2.13.1
    - add qt5 and qt5-compose-cache-write abstractions
    - add @{uid} and @{uids} kernel var placeholders
    - several profile and abstraction updates
    - ignore "abi" rules in parser and tools (instead of erroring out)
    - utils: fix overwriting of child profile flags if they differ from
      the main profile
    - several bugfixes (including boo#1100779)
    - see
      for the detailed upstream changelog
  - remove upstream(ed) patches:
    - aa-teardown-path.diff
    - fix-apparmor-systemd-perms.diff
    - logprof-skip-cache-d.diff
    - fix-samba-profiles.patch
    - make-pyflakes-happy.diff
    - dnsmasq-Add-permission-to-open-log-files.patch
  - refresh apparmor-samba-include-permissions-for-shares.diff
  - add fix-syntax-error-in-rc.apparmor.functions.patch
* Wed Oct 10 2018 Christian Boltz <>
  - update rpmlintrc:
    - whitelist .features file which is part of the pre-compiled cache
    - comment out filters for the disabled tomcat_apparmor subpackage
* Wed Oct 10 2018 Petr Vorel <>
  - Backport dnsmasq fix:
    025c7dc6 - dnsmasq-Add-permission-to-open-log-files.patch
* Wed Aug 22 2018
  - add make-pyflakes-happy.diff to fix an unused variable (SR 629206)
* Tue May 08 2018
  - add fix-samba-profiles.patch - smbd loads new shared libraries.
    Allow winbindd to access new kerberos credential cache location
* Sun Apr 29 2018
  - exclude the /etc/apparmor.d/cache.d/ directory from aa-logprof parsing
* Mon Apr 23 2018
  - add fix-apparmor-systemd-perms.diff - fix permissions of
    /lib/apparmor/apparmor.systemd (boo#1090545)
* Thu Apr 19 2018
  - create and package precompiled cache (/usr/share/apparmor/cache,
    read-only) (boo#1069906, boo#1074429)
  - change (writeable) cache directory to /var/cache/apparmor/ - with the
    new btrfs layout, the only reason for using /var/lib/apparmor/cache/
    (which was "it's part of the / subvolume") is gone, and /var/cache
    makes more sense for the cache
  - adjust parser.conf (via apparmor-enable-profile-cache.diff) to use both
    cache locations
  - clear cache also in %post of abstractions package
* Thu Apr 19 2018
  - update to AppArmor 2.13
    - add support for multiple cache directories and cache overlays
      (boo#1069906, boo#1074429)
    - add support for conditional includes in policy
    - remove group restrictions from aa-notify (boo#1058787)
    - aa-complain etc.: set flags for profiles represented by a glob
    - aa-status: split profile from exec name
    - several profile and abstraction updates
    - see
      for the detailed upstream changelog
  - drop upstreamed patches and files:
    - aa-teardown
    - apparmor.service
    - apparmor.systemd
    - 32-bit-no-uid.diff
    - disable-cache-on-ro-fs.diff
    - dovecot-stats.diff
    - parser-write-cache-warn-only.diff
    - set-flags-for-profiles-represented-by-glob.patch
    - fix-regression-in-set-flags.patch
  - drop spec code that handled installing aa-teardown, apparmor.service
    and apparmor.systemd (now part of upstream Makefile)
  - simplify "make -C profiles parser-check" call (upstream Makefile bug
    that required to call "cd" was fixed)
  - add aa-teardown-path.diff - install aa-teardown in /usr/sbin/
  - move 'exec' symlink to parser package (belongs to aa-exec)
* Thu Apr 19 2018
  - Set flags for profiles represented by glob (bsc#1086154)
* Wed Apr 11 2018
  - add dovecot-stats.diff:
    - add dovecot/stats profile and allow dovecot to run it (boo#1088161)
    - allow dovecot/auth to write /run/dovecot/old-stats-user (part of boo#1087753)
  - update 32-bit-no-uid.diff with upstream fix
* Fri Mar 02 2018
  - Change of path of rpm in (boo#1082956)
* Thu Jan 11 2018
  - add disable-cache-on-ro-fs.diff - disable write cache if filesystem is
    read-only and don't bail out (bsc#1069906, bsc#1074429)
* Thu Jan 04 2018
  - add parser-write-cache-warn-only.diff to make cache write failures a
    warning instead of an error (boo#1069906, boo#1074429)
  - reduce dependeny on libnotify-tools (used by aa-notify -p) to "Suggests"
    to avoid pulling in several Gnome packages on servers (boo#1067477)
* Mon Dec 25 2017
  - update to AppArmor 2.12
    - add support for 'owner' rules in aa-logprof and aa-genprof
    - add support for includes with absolute path in aa-logprof etc. (lp#1733700)
    - update aa-decode to also decode PROCTITLE (lp#1736841)
    - several profile and abstraction updates, including boo#1069470
    - see
      for the detailed upstream changelog
  - drop upstreamed patches:
    - read_inactive_profile-exactly-once.patch
    - utils-fix-sorted-save_profiles-regression.diff
  - lessopen profile: change all 'rix' rules to 'mrix'
  - add 32-bit-no-uid.diff to fix handling of log events without ouid on
    32 bit systems
* Thu Nov 30 2017
  - update to AppArmor 2.11.95 aka 2.12 beta1
    - add JSON interface to aa-logprof and aa-genprof (used by YaST)
    - drop old YaST interface code
    - update audio, base and nameservice abstractions
    - allow @{pid} to match 7-digit pids
    - see
      for the detailed upstream changelog
  - drop upstreamed patches
    - apparmor-yast-cleanup.patch
    - apparmor-json-support.patch
    - nameservice-libtirpc.diff
  - drop obsolete perl modules (YaST no longer needs them)
  - drop patches that were only needed by the obsolete perl modules:
    - apparmor-utils-string-split
    - apparmor-abstractions-no-multiline.diff
  - drop profiles-sockets-temporary-fix.patch - obsoleted by a fix in
  - refresh utils-fix-sorted-save_profiles-regression.diff
  - add aa-teardown (new script to unload all profiles)
  - make ExecStop in apparmor.service a no-op (workaround for a systemd
    restriction, see boo#996520 and boo#853019 for details)
  - lessopen profile: allow capability dac_read_search and dac_override,
    allow groff to execute several helpers (boo#1065388)
* Wed Nov 29 2017
  - read_inactive_profile-exactly-once.patch (bsc#1069346)
    Perform reading of inactive profiles exactly once.
* Wed Oct 25 2017
  - update to AppArmor 2.11.1
    - add permissions to several profiles and abstractions (including
      lp#1650827 and boo#1057900)
    - several fixes in the aa-* tools (including lp#1689667, lp#1628286,
      lp#1661766 and boo#1062667)
    - fix downgrading/converting of 'unix' rules (will be supported in
      kernel 4.15) to 'network unix' rules in apparmor_parser (boo#1061195)
    - see for
      upstream changelog
  - remove upstream(ed) patches
    - upstream-changes-r3616..3628.diff
    - upstream-changes-r3629..3648.diff
    - parser-tests-dbus-duplicated-conditionals.diff
    - apparmor-fix-podsyntax.patch
    - sshd-profile-drop-local-include-r3615.diff
  - refresh apparmor-yast-cleanup.patch
  - add utils-fix-sorted-save_profiles-regression.diff to fix a regression
    in displaying the "changed profiles" list in aa-logprof
* Tue Oct 17 2017
  - add nameservice-libtirpc.diff to fix NIS/YP logins (boo#1062244)
* Tue Oct 03 2017
  - profiles-sockets-temporary-fix.patch to cater to nameservices with the
    new sockets mediation, until unix rules are upstreamed (boo#1061195)
* Sun Sep 24 2017
  - add apparmor-fix-podsyntax.patch from mailing list to fix
    compilation with perl 5.26
* Fri Aug 11 2017
  - do not require exact X.Y version of "python3"
  - require also matching python(abi) which is arguably more important
* Fri Jul 14 2017
  - don't rely on implementation details for reload in %post
* Wed Jul 12 2017
  - add JSON support. Required for FATE#323380.
    (apparmor-yast-cleanup.patch, apparmor-json-support.patch)
* Sat Mar 25 2017
  - add upstream-changes-r3629..3648.diff:
    - preserve unknown profiles when reloading apparmor.service
      (CVE-2017-6507, lp#1668892, boo#1029696)
    - add aa-remove-unknown utility to unload unknown profiles (lp#1668892)
    - update nvidia abstraction for newer nvidia drivers
    - don't enforce ordering of dbus rule attributes in utils (lp#1628286)
    - add --parser, --base and --Include option to aa-easyprof to allow
      non-standard paths (useful for tests) (lp#1521031)
    - move initialization code in apparmor.aa to init_aa(). This allows to
      run all utils tests even if /etc/apparmor.d/ or /sbin/apparmor_parser
      don't exist.
    - several improvements in the utils tests
  - drop upstreamed python3-drop-re-locale.patch
  - no longer delete/skip some of the utils tests (to allow this, add
  - add var.mount dependeny to apparmor.service (boo#1016259#c34)
* Thu Mar 16 2017
  - Cleanup spec file:
    - don't use insserv if we afterwards call systemd, this can
      have bad side effects
    - remove dead code
    - remove now obsolete 'distro' checks
  - Replace init.d script with new wrapper working with systemd
* Thu Feb 16 2017
  - add python3-drop-re-locale.patch: remove deprecated re.LOCALE
    flag in Python UI as it was dropped from Python 3.6 (lp#1661766)
* Mon Jan 30 2017
  - add upstream-changes-r3616..3628.diff:
    - update abstractions/base, abstractions/apache2-common and dovecot profiles
    - merge ask_the_questions() of aa-logprof and aa-mergeprof
    - pass LDFLAGS when building parser, libapparmor perl bindings and pam_apparmor
  - adjust deleting the cache in profiles %post to the new cache location
  - silence errors when deleting the cache (boo#976914)
* Sat Jan 28 2017
  - split libapparmor into separate spec to get rid of build loop
    involving mariadb, systemd, apparmor, libapr and mariadb again
    (see the discussion in SR 448871 for details)
* Fri Jan 27 2017
  - update to AppArmor 2.11.0
    - apparmor_parser now supports parallel compiles and loads
    - add full support for dbus, ptrace and signal rules and events to the
    - full rewrite of the file rule handling in the utils
    - lots of improvements and fixes
    - see for the
      detailed changelog
  - patches:
    - add sshd-profile-drop-local-include-r3615.diff to fix 'make check'
    - drop aa-unconfined-fix-netstat-call-2.10r3380.diff, no longer needed
    - refresh apparmor-abstractions-no-multiline.diff
    - refresh apparmor-samba-include-permissions-for-shares.diff
  - spec changes:
    - aa-unconfined switched to using ss (from iproute2), adjust Recommends:
    - move libapparmor to /usr/lib*/
    - drop %if %suse_version checks for 12.x
    - change several Obsoletes from %version to < 2.9. Those package names
      weren't used since years, and 2.9 is still a careful choice
    - include apparmor.service independent of %suse_version
    - techdoc.pdf is now shipped in upstream tarball to reduce BuildRequires
    - drop latex2html, texlive-* and w3m BuildRequires
    - techdoc.txt and techdoc.html not included, drop them from the package
    - run most of utils/ make check (some tests expect /etc/apparmor.d/ and
      /sbin/apparmor_parser to exist, skip them)
    - BuildRequires python3-pyflakes (utils tests) and dejagnu (libapparmor tests)
    - drop sed'ing python3 into aa-* shebang (upstreamed)
    - build binutils
    - aa-exec is now written in C and lives in /usr/bin/, move it to the
      apparmor_parser package and create a compability symlink in /usr/sbin/
    - aa-exec manpage moved to section 1
    - aa-enabled is a small new tool to find out if AppArmor is enabled
    - package new aa_stack_profile(2) manpage
* Tue Jan 24 2017
  - change /etc/apparmor.d/cache symlink to /var/lib/apparmor/cache/.
    This is part of the root partition (at least with default partitioning)
    and should be available earlier than /var/cache/apparmor/
    (boo#1015249, boo#980081, bsc#1016259)
  - add dependency on var-lib.mount to apparmor.service as safety net
* Tue Jan 10 2017
  - update to AppArmor 2.10.2 maintenance release
    - lots of bugfixes and profile updates (including boo#1000201,
      boo#1009964, boo#1014463)
    - see for details
  - add aa-unconfined-fix-netstat-call-2.10r3380.diff to fix a regression
    in aa-unconfined
  - drop upstream(ed) patches:
    - changes-since-2.10.1--r3326..3346.diff
    - changes-since-2.10.1--r3347..3353.diff
    - libapparmor-fix-import-path.diff (upstream fix is slightly different)
    - nscd-var-lib.diff
  - refresh apparmor-abstractions-no-multiline.diff
* Sun Oct 23 2016
  - add nscd-var-lib.diff to allow /var/lib/nscd/ in the nscd profile and
    abstractions/nameservice (path changed in latest nscd in Tumbleweed)
* Thu Oct 13 2016
  - add changes-since-2.10.1--r3347..3353.diff with upstream changes and
    fixes in the 2.10 branch, including
    - allow writing *.qf files (for disk-based buffering) in syslog-ng profile
    - add several permissions to the dovecot profiles (deb#835826)
    - add a missing path in the traceroute profile
* Fri Aug 26 2016
  - add changes-since-2.10.1--r3326..3346.diff with upstream changes and
    fixes since the 2.10.1 release, including
    - allow dac_override in winbindd profile (boo#990006#c5)
    - allow mr for /usr/lib*/ldb/*.so in samba abstractions (needed since
      Samba 4.4.x, boo#990006)
    - abstractions/nameservice: also support ConnMan-managed resolv.conf
    - let aa-genprof ask about profiles in extra dir (again)
    - fix aa-logprof "add hat" endless loop (lp#1538306)
    - honor 'chown' file events in
    - ignore log file events with a request mask of 'send' or 'receive'
      because they are actually network events (lp#1577051, lp#1582374)
    - accept hostname with dots when parsing logs (lp#1453300 comments #1 and #2)
  - fix python LibAppArmor import failures with swig > 3.0.8 (boo#987607)
  - refresh apparmor-abstractions-no-multiline.diff
  - drop upstreamed profiles-ping-inet6-r3449.diff
  - add %check section - runs libapparmor (including swig bindings),
    parser and profiles tests
  - add BuildRequires: perl(Locale::gettext) - needed for parser tests
* Tue May 24 2016
  - add profiles-ping-inet6-r3449.diff - latest ping also does IPv6 (boo#980596)
* Fri Apr 22 2016
  - update to AppArmor 2.10.1 (2.10 branch r3326):
    - fix incorrect output of child profile names (apparmor_parser -N) which
      caused 'rcapparmor reload' to remove child profiles and hats (lp#1551950)
    - fix a crash in aa-logprof / for change_hat log events
      (lp#1523297) and log events that look like file events, but aren't
      (lp#1540562, lp#1525119, lp#1466812)
    - write unix rules when saving a profile (lp#1522938, boo#954104#c3)
    - several fixes for variable handling in aa-logprof
    - map c (create) log events to w instead of a
    - add python to the "no Px rule" list in logprof.conf
    - let aa-logprof check for duplicate profiles
    - let aa-status work without the python module (boo#971917,
    - add permissions in several profiles (including boo#948584, boo#948753,
      boo#954959, boo#954958, boo#971790, boo#964971, boo#921098, boo#923201 and
    - and many more fixes, see the full changelog at
  - drop upstream(ed) patches:
    - fix-initscript-aa_log_end_msg.diff
    - syslog-ng-profile-boo948584.diff
    - upstream-profile-updates-r3205-3241.diff
  - refresh patches:
    - apparmor-abstractions-no-multiline.diff
    - apparmor-samba-include-permissions-for-shares.diff
  - drop libapparmor call (broke the build) and remove libtool BR
* Wed Oct 07 2015
  - add syslog-ng-profile-boo948584.diff - add several permissions needed
    by latest syslog-ng (boo#948584, boo#948753)
  - add upstream-profile-updates-r3205-3241.diff with several profile updates:
    - add /usr/share/locale-bundle/** to abstractions/base
    - allow dnsmask to use /bin/sh (boo#940749) and /bin/dash
    - allow dovecot imap to read /run/dovecot/mounts
    - allow avahi-daemon to write to /run/systemd/notify
    - allow ntpd to read $PATH directory listings (boo#945592, boo#948752)
    - update dhclient profile
    - allow skype to read @{PROC}/@{pid}/net/dev (boo#939568)
    - and some other small updates
  - drop upstreamed apparmor-winbindd-r3213.diff (included in the
    upstream-profile-updates patch)
* Sun Sep 13 2015
  - netstat moved to net-tools-deprecated in Tumbleweed (boo#944904)
* Thu Jul 30 2015
  - add apparmor-winbindd-r3213.diff - add missing k permissions for
    /etc/samba/smbd.tmp/msg/* in winbindd profile (boo#921098 #c15..19)
* Thu Jul 23 2015
  - add fix-initscript-aa_log_end_msg.diff - fixes ugly initscript
    output (boo#862170)
* Thu Jul 16 2015
  - update to AppArmor 2.10 (trunk r3205)
    - profile names can now contain variables
    - improved profile compile time in apparmor_parser
    - lots of improvements, refactoring and bugfixes in the aa-* tools
    - new apis for managing and loading profile caches into the kernel in
    - lots of profile updates
    - see for the
      complete changelog with more details
  - add new apparmor_private.h and the aa_query_label(2), aa_features(3),
    aa_kernel_interface(3), aa_policy_cache(3), aa_splitcon(3) manpages
    to libapparmor-devel
  - drop apparmor-2.5.1-edirectory-profile patch - it's most probably
    no longer needed (see boo#621394 for details)
  - drop upstreamed samba-4.2-profiles.diff
  - refresh apparmor-samba-include-permissions-for-shares.diff
* Mon Jun 15 2015
  - systemd-rpm-macros and %systemd_requires were at the wrong place,
    move them to the parser package (boo#931792)
* Fri Apr 24 2015
  - update to AppArmor 2.9.2 (2.9 branch r2911)
    - lots of bugfixes in the parser and the aa-* tools (including
    - update dovecot and dnsmasq profiles and several abstractions
      (including boo#911001)
    - see for the
      full changelog
  - remove upstream(ed) patches apparmor-changes-since-2.9.1.diff and
  - replace GPG key with new AppArmor GPG signing key, see
* Fri Apr 17 2015
  - make sure %service_del_postun doesn't call systemctl try-restart
    (boo#853019, bare systemd edition)
  - add samba-4.2-profiles.diff: update samba (winbindd and nmb)
    profiles for samba 4.2 (boo#921098, boo#923201)
* Sun Apr 12 2015
  - only install apparmor.service for openSUSE > 13.2
* Wed Apr 01 2015
  - Add a native systemd unit which *at the moment* only
    wraps/masks the early boot script.
* Tue Feb 24 2015
  - add apparmor-fix-stl-ostream.diff which fixes odd uses of
    std::ostream which are not valid.  Fixes build with GCC 5
* Fri Feb 20 2015
  - allow to run /usr/bin/unzip-plain (boo#906858)
* Thu Feb 12 2015
  - add Requires: python3 to python3-apparmor package - readline isn't
    part of python3-base (boo#917577)
* Tue Jan 20 2015
  - add apparmor-changes-since-2.9.1.diff with upstream fixes since the
    2.9.1 release
    - update to support changed syslog format (lp#1399027)
    - update usr.sbin.dovecot and usr.lib.dovecot.imap{, -login} profiles
    - update the mysqld profile
    - fix network rule description in apparmor.d(5) manpage
  - drop upstreamed dnsmasq-profile-fixes.patch
  - update expired GPG key
* Thu Jan 01 2015
  - update to AppArmor 2.9.1 (2.9 branch r2831)
    - fix log parsing for 3.16 kernels and syslog-style logs (boo#905368)
    - several fixes and performance improvements in the aa-* utils
    - profile updates for dnsmasq (boo#907870), nscd (boo#904620#c14 and
      bnc#908856), useradd, sendmail, man and passwd
    - see
      for full release notes
  - refresh dnsmasq-profile-fixes.patch
* Mon Dec 22 2014
  - Fix dnsmasq profile to allow executing bash to run the --dhcp-script
    argument. Also fixed /usr/lib -> /usr/{lib,lib64} to get libvirt
    leasehealper script to run even on x86_64.
    dnsmasq-profile-fixes.patch. boo#911001
* Sun Dec 21 2014
  - rename profile file to to match the
    script filename
* Wed Dec 10 2014
  - add apparmor-lessopen-profile.patch: /usr/bin/ needs
    confinement. bnc#906858
* Sun Nov 16 2014
  - delete cache in apparmor-profiles %post (workaround for
    bnc#904620#c8 / lp#1392042)
* Fri Nov 14 2014
  - No longer perform gpg validation; osc source_validator does it
    + Drop gpg-offline BuildRequires.
    + No longer execute gpg_verify.
* Sun Nov 09 2014 Led <>
  - fix bashism in post script
* Sat Oct 18 2014
  - update to AppArmor 2.9.0 (r2759)
    - change aa-mergeprof to the final commandline syntax
    - lots of bugfixes in the aa-* tools (bnc#900163, lp#1328707 and several
      bugs without a formal bugreport)
    - small additions to gnome,, ubuntu-browsers.d/java
      and user-mail abstractions
    - fix mod_apparmor to not break basic auth
    - update perl modules to support signal, unix and ptrace rules (bnc#900013)
    - don't warn about rules not supported by the kernel
    - fix logging of "audit capability" (lp#1378091)
    - add support for the "hat" keyword in apparmor.vim
    - build html version of apparmor.vim manpage again (lp#1366572)
    - see also
  - update apparmor-abstractions-no-multiline.diff
  - remove upstreamed apparmor-profiles-ntpd-pid-location.diff



Generated by rpm2html 1.8.1

Fabrice Bellet, Fri Feb 9 14:20:07 2024