Hello community,
here is the log from the commit of package apparmor for openSUSE:11.4
checked in at Mon Jun 27 00:08:22 CEST 2011.
--------
--- old-versions/11.4/all/apparmor/apparmor.changes 2011-02-22
13:47:19.000000000 +0100
+++ 11.4/apparmor/apparmor.changes 2011-06-24 15:59:53.000000000 +0200
@@ -1,0 +2,42 @@
+Fri Jun 24 15:59:17 CEST 2011 - je...@suse.de
+
+- Fixed building of pam_apparmor to properly link libpam (bnc#696553).
+
+-------------------------------------------------------------------
+Thu Jun 23 19:13:40 CEST 2011 - je...@suse.de
+
+- Fixed building of apache2-mod_apparmor to properly link (bnc#701821).
+
+-------------------------------------------------------------------
+Thu Apr 7 19:59:50 CEST 2011 - je...@suse.de
+
+- Added perl-File-Tail dependency for aa-eventd (bnc#666450).
+
+-------------------------------------------------------------------
+Thu Apr 7 19:55:46 CEST 2011 - je...@suse.de
+
+- Add raw network access to traceroute profile (bnc#685674).
+
+-------------------------------------------------------------------
+Tue Mar 29 22:59:39 CEST 2011 - je...@suse.de
+
+- Updated dovecot profile (bnc#681267).
+
+-------------------------------------------------------------------
+Sun Mar 27 18:04:05 CEST 2011 - je...@suse.de
+
+- Changed apparmor-docs and apparmor-profiles back to noarch
+ (bnc#682909 bnc#682912).
+
+-------------------------------------------------------------------
+Mon Mar 14 19:57:01 CET 2011 - je...@suse.de
+
+- Add config files to samba profiles (bnc#666450 bnc#679182).
+
+-------------------------------------------------------------------
+Mon Mar 14 19:04:13 CET 2011 - je...@suse.de
+
+- Added /etc/ethers and /var/run/dnsmasq-forwarders to
+ usr.sbin.dnsmasq (bnc#678749).
+
+-------------------------------------------------------------------
Package does not exist at destination yet. Using Fallback
old-versions/11.4/all/apparmor
Destination is old-versions/11.4/UPDATES/all/apparmor
calling whatdependson for 11.4-i586
Old:
----
apparmor-2.5.1-dnsmasq-libvirt-profile-fix
New:
----
apparmor-profiles-dovecot
apparmor-profiles-samba
apparmor-profiles-traceroute
apparmor-profiles-usr.sbin.dnsmasq
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ apparmor.spec ++++++
--- /var/tmp/diff_new_pack.BTHlE5/_old 2011-06-27 00:06:40.000000000 +0200
+++ /var/tmp/diff_new_pack.BTHlE5/_new 2011-06-27 00:06:40.000000000 +0200
@@ -49,7 +49,7 @@
%endif
Summary: AppArmor userlevel parser utility
Version: %{srcversion}.%{bzr_commit}
-Release: 52.<RELEASE2>
+Release: 52.<RELEASE57>
Group: Productivity/Networking/Security
Source0: apparmor-%{srcversion}.tar.bz2
Source1: %{name}-profile-editor.png
@@ -90,10 +90,13 @@
Patch32: apparmor-remove-repo
Patch33: apparmor-2.5.1-ntpd-sys_nice
Patch34: apparmor-2.5.1-ssl-fix
-Patch35: apparmor-2.5.1-dnsmasq-libvirt-profile-fix
+Patch35: apparmor-profiles-usr.sbin.dnsmasq
Patch36: klog-needs-CAP_SYSLOG
Patch37: apparmor-2.5.1-network-fixes
Patch38: apparmor-profiles-dhclient
+Patch39: apparmor-profiles-samba
+Patch40: apparmor-profiles-dovecot
+Patch41: apparmor-profiles-traceroute
License: GPLv2+
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Url: https://launchpad.net/apparmor
@@ -177,6 +180,7 @@
License: GPLv2+
Summary: AppArmor Documentation package
Group: Documentation/Other
+BuildArch: noarch
%description docs
This package contains documentation for AppArmor.
@@ -321,6 +325,7 @@
Obsoletes: subdomain-profiles < %{version}
Provides: subdomain-profiles = %{version}
Requires: apparmor-parser(CAP_SYSLOG)
+BuildArch: noarch
%description profiles
Base profiles. AppArmor is a file and network mandatory access control
@@ -344,6 +349,7 @@
Requires: perl = %{perl_version}
Requires: libapparmor1 = %{version}
Requires: perl-apparmor = %{version}
+Requires: perl-File-Tail
BuildArch: noarch
%description utils
@@ -503,6 +509,9 @@
%patch36 -p1
%patch37 -p1
%patch38 -p1
+%patch39 -p1
+%patch40 -p1
+%patch41 -p1
%build
export SUSE_ASNEEDED=0
@@ -747,7 +756,6 @@
%files -n apache2-mod_apparmor
%defattr(-,root,root)
%{apache_module_path}/mod_apparmor.so
-%{apache_module_path}/mod_apparmor.la
%doc %{_mandir}/man8/mod_apparmor.8.gz
%endif
++++++ apparmor-2.5.1-unified-build ++++++
--- /var/tmp/diff_new_pack.BTHlE5/_old 2011-06-27 00:06:40.000000000 +0200
+++ /var/tmp/diff_new_pack.BTHlE5/_new 2011-06-27 00:06:40.000000000 +0200
@@ -131,6 +131,94 @@
libraries/libapparmor/config.guess | 1502 -
libraries/libapparmor/config.sub | 1714 -
libraries/libapparmor/configure |13962
----------
+ AUTHORS | 1
+ ChangeLog | 1
+ INSTALL | 365
+ Makefile.am | 2
+ NEWS | 1
+ README | 1
+ changehat/Makefile.am | 1
+ changehat/mod_apparmor/Makefile.am | 23
+ changehat/mod_apparmor/apache2-mod_apparmor.spec.in | 216
+ changehat/pam_apparmor/COPYING | 39
+ changehat/pam_apparmor/Makefile.am | 9
+ changehat/pam_apparmor/pam_apparmor.changes | 49
+ changehat/pam_apparmor/pam_apparmor.spec.in | 83
+ changehat/tomcat_apparmor/Makefile.am | 1
+ changehat/tomcat_apparmor/tomcat_5_0/Makefile.am | 2
+ changehat/tomcat_apparmor/tomcat_5_5/Makefile.am | 13
+ changehat/tomcat_apparmor/tomcat_5_5/build.xml | 11
+ changehat/tomcat_apparmor/tomcat_5_5/src/Makefile.am | 1
+ changehat/tomcat_apparmor/tomcat_5_5/src/jni_src/Makefile.am | 17
+ config.rpath | 666
+ configure.in | 220
+ deprecated/Makefile.am | 2
+ deprecated/management/Makefile.am | 1
+ deprecated/management/apparmor-dbus/Makefile.am | 2
+ deprecated/management/apparmor-dbus/src/Makefile.am | 3
+ deprecated/management/applets/Makefile.am | 1
+ deprecated/management/applets/apparmorapplet-gnome/Makefile.am | 4
+ deprecated/management/applets/apparmorapplet-gnome/po/Makefile | 30
+ deprecated/management/applets/apparmorapplet-gnome/po/Makefile.in.in | 258
+ deprecated/management/applets/apparmorapplet-gnome/src/Makefile.am | 8
+ deprecated/management/profile-editor/Makefile.am | 2
+ deprecated/management/profile-editor/src/Makefile.am | 6
+ deprecated/management/profile-editor/src/wxStyledTextCtrl/Makefile.am | 4
+ libraries/Makefile.am | 1
+ libraries/libapparmor/AUTHORS | 2
+ libraries/libapparmor/ChangeLog | 1
+ libraries/libapparmor/INSTALL | 236
+ libraries/libapparmor/NEWS | 1
+ libraries/libapparmor/README | 1
+ libraries/libapparmor/autogen.sh | 42
+ libraries/libapparmor/compile | 143
+ libraries/libapparmor/config.guess | 1502 -
+ libraries/libapparmor/config.sub | 1714 -
+ libraries/libapparmor/configure |13962
----------
+ AUTHORS | 1
+ ChangeLog | 1
+ INSTALL | 365
+ Makefile.am | 2
+ NEWS | 1
+ README | 1
+ changehat/Makefile.am | 1
+ changehat/mod_apparmor/Makefile.am | 23
+ changehat/mod_apparmor/apache2-mod_apparmor.spec.in | 216
+ changehat/pam_apparmor/COPYING | 39
+ changehat/pam_apparmor/Makefile.am | 9
+ changehat/pam_apparmor/pam_apparmor.changes | 49
+ changehat/pam_apparmor/pam_apparmor.spec.in | 83
+ changehat/tomcat_apparmor/Makefile.am | 1
+ changehat/tomcat_apparmor/tomcat_5_0/Makefile.am | 2
+ changehat/tomcat_apparmor/tomcat_5_5/Makefile.am | 13
+ changehat/tomcat_apparmor/tomcat_5_5/build.xml | 11
+ changehat/tomcat_apparmor/tomcat_5_5/src/Makefile.am | 1
+ changehat/tomcat_apparmor/tomcat_5_5/src/jni_src/Makefile.am | 17
+ config.rpath | 666
+ configure.in | 220
+ deprecated/Makefile.am | 2
+ deprecated/management/Makefile.am | 1
+ deprecated/management/apparmor-dbus/Makefile.am | 2
+ deprecated/management/apparmor-dbus/src/Makefile.am | 3
+ deprecated/management/applets/Makefile.am | 1
+ deprecated/management/applets/apparmorapplet-gnome/Makefile.am | 4
+ deprecated/management/applets/apparmorapplet-gnome/po/Makefile | 30
+ deprecated/management/applets/apparmorapplet-gnome/po/Makefile.in.in | 258
+ deprecated/management/applets/apparmorapplet-gnome/src/Makefile.am | 8
+ deprecated/management/profile-editor/Makefile.am | 2
+ deprecated/management/profile-editor/src/Makefile.am | 6
+ deprecated/management/profile-editor/src/wxStyledTextCtrl/Makefile.am | 4
+ libraries/Makefile.am | 1
+ libraries/libapparmor/AUTHORS | 2
+ libraries/libapparmor/ChangeLog | 1
+ libraries/libapparmor/INSTALL | 236
+ libraries/libapparmor/NEWS | 1
+ libraries/libapparmor/README | 1
+ libraries/libapparmor/autogen.sh | 42
+ libraries/libapparmor/compile | 143
+ libraries/libapparmor/config.guess | 1502 -
+ libraries/libapparmor/config.sub | 1714 -
+ libraries/libapparmor/configure |13962
----------
libraries/libapparmor/doc/Makefile.am | 14
libraries/libapparmor/install-sh | 520
libraries/libapparmor/libapparmor1.spec | 178
@@ -168,7 +256,7 @@
utils/Makefile.PL | 15
utils/Makefile.am | 39
utils/po/Makefile | 8
- 81 files changed, 4904 insertions(+), 22096 deletions(-)
+ 81 files changed, 4908 insertions(+), 22096 deletions(-)
--- /dev/null
+++ b/AUTHORS
@@ -565,18 +653,22 @@
+SUBDIRS = mod_apparmor pam_apparmor tomcat_apparmor
--- /dev/null
+++ b/changehat/mod_apparmor/Makefile.am
-@@ -0,0 +1,19 @@
+@@ -0,0 +1,23 @@
+if HAVE_APACHE
-+apache_module_LTLIBRARIES = mod_apparmor.la
-+mod_apparmor_la_SOURCES = mod_apparmor.la
-+mod_apparmor_la_LDFLAGS = -module -avoid-version
-+mod_apparmor_la_LIBADD = ../../libraries/libapparmor/src/libapparmor.la
-+
-+man_MANS = mod_apparmor.8
+INCLUDES = "-I../../libraries/libapparmor/src"
++LIBAPPARMOR="../../libraries/libapparmor/src/libapparmor.la"
++
++all-local: module
+
-+#.c.so:
-+# $(APXS) $(APXS_FLAGS) -c $<
++module: mod_apparmor.c
++ if test "$(srcdir)" != "."; then $(CP) $(srcdir)/mod_apparmor.c . ; fi
++ $(APXS) -c $(INCLUDES) $(LIBAPPARMOR) $<
++
++install-exec-local: module
++ $(MKDIR_P) $(DESTDIR)$(apache_moduledir)
++ $(APXS) -S LIBEXECDIR=$(DESTDIR)$(apache_moduledir) -i mod_apparmor.la
++
++man_MANS = mod_apparmor.8
+
+PODARGS = --center=AppArmor --release=NOVELL/SUSE
+
@@ -854,7 +946,7 @@
+security_LTLIBRARIES = pam_apparmor.la
+pam_apparmor_la_SOURCES = pam_apparmor.c get_options.c
+pam_apparmor_la_LDFLAGS = -module -avoid-version
-+pam_apparmor_la_LIBADD = ../../libraries/libapparmor/src/libapparmor.la
++pam_apparmor_la_LIBADD = ../../libraries/libapparmor/src/libapparmor.la -lpam
+
+INCLUDES = "-I../../libraries/libapparmor/src"
+endif
++++++ apparmor-profiles-dovecot ++++++
---
profiles/apparmor.d/usr.lib.dovecot.imap | 3 +++
profiles/apparmor.d/usr.sbin.dovecot | 11 +++++++----
2 files changed, 10 insertions(+), 4 deletions(-)
--- a/profiles/apparmor.d/usr.lib.dovecot.imap
+++ b/profiles/apparmor.d/usr.lib.dovecot.imap
@@ -11,6 +11,9 @@
@{HOME} r,
@{HOME}/Maildir/ rw,
@{HOME}/Maildir/** klrw,
+ @{HOME}/Mail/ rw,
+ @{HOME}/Mail/* klrw,
+ @{HOME}/Mail/.imap/** klrw,
@{HOME}/mail/ rw,
@{HOME}/mail/* klrw,
@{HOME}/mail/.imap/** klrw,
--- a/profiles/apparmor.d/usr.sbin.dovecot
+++ b/profiles/apparmor.d/usr.sbin.dovecot
@@ -13,9 +13,12 @@
capability setgid,
capability setuid,
capability sys_chroot,
+ capability fsetid,
/etc/dovecot/** r,
/etc/mtab r,
+ /etc/lsb-release r,
+ /etc/SuSE-release r,
/usr/lib/dovecot/dovecot-auth Pxmr,
/usr/lib/dovecot/imap Pxmr,
/usr/lib/dovecot/imap-login Pxmr,
@@ -26,8 +29,8 @@
/usr/lib/dovecot/managesieve-login Pxmr,
/usr/lib/dovecot/ssl-build-param ixr,
/usr/sbin/dovecot mr,
- /var/lib/dovecot/ w,
- /var/lib/dovecot/* krw,
- /var/run/dovecot/ rw,
- /var/run/dovecot/** rw,
+ /var/lib/dovecot/ wl,
+ /var/lib/dovecot/* krwl,
+ /var/run/dovecot/ rwl,
+ /var/run/dovecot/** rwl,
}
++++++ apparmor-profiles-samba ++++++
From: Jeff Mahoney <je...@suse.com>
Subject: apparmor-profiles: Add samba config files
References: bnc#679182 bnc#666450
Signed-off-by: Jeff Mahoney <je...@suse.com>
---
profiles/apparmor.d/abstractions/samba | 5 +++--
profiles/apparmor.d/usr.sbin.nmbd | 6 ++++--
profiles/apparmor.d/usr.sbin.smbd | 3 +++
3 files changed, 10 insertions(+), 4 deletions(-)
--- a/profiles/apparmor.d/abstractions/samba
+++ b/profiles/apparmor.d/abstractions/samba
@@ -10,10 +10,11 @@
#
# ------------------------------------------------------------------
- /etc/samba/smb.conf r,
+ /etc/samba/* r,
/usr/share/samba/*.dat r,
/var/lib/samba/**.tdb rwk,
- /var/log/samba/cores/* w,
+ /var/log/samba/cores/ rw,
+ /var/log/samba/cores/* rw,
/var/log/samba/log.* w,
/var/run/samba/*.tdb rw,
--- a/profiles/apparmor.d/usr.sbin.nmbd
+++ b/profiles/apparmor.d/usr.sbin.nmbd
@@ -11,9 +11,11 @@
/usr/sbin/nmbd mr,
/var/cache/samba/browse.dat* rw,
+ /var/lib/samba/browse.dat* rw,
/var/lib/samba/wins.dat* rw,
- /var/run/samba/** rk,
- /var/run/samba/nmbd.pid rw,
+ /var/run/samba/** rwk,
+ /var/log/samba/cores rw,
+ /var/log/samba/cores/ rw,
/var/log/samba/cores/nmbd/ rw,
/var/log/samba/cores/nmbd/** rw,
}
--- a/profiles/apparmor.d/usr.sbin.smbd
+++ b/profiles/apparmor.d/usr.sbin.smbd
@@ -22,6 +22,9 @@
/etc/printcap r,
/proc/*/mounts r,
/usr/sbin/smbd mr,
+ /etc/samba/* rwk,
+ /etc/samba/passdb.tdb rwk,
+ /etc/samba/secrets.tdb rwk,
/var/cache/samba/** rwk,
/var/cache/samba/printing/printers.tdb mrw,
/var/lib/samba/** rwk,
++++++ apparmor-profiles-traceroute ++++++
---
profiles/apparmor.d/usr.sbin.traceroute | 2 ++
1 file changed, 2 insertions(+)
--- a/profiles/apparmor.d/usr.sbin.traceroute
+++ b/profiles/apparmor.d/usr.sbin.traceroute
@@ -18,6 +18,8 @@
capability net_raw,
+ network inet raw,
+
/usr/sbin/traceroute rmix,
@{PROC}/net/route r,
}
++++++ apparmor-profiles-usr.sbin.dnsmasq ++++++
From: Jeff Mahoney <je...@suse.com>
Subject: dnsmasq: Profile fixes
References: bnc#666090 bnc#678749
Signed-off-by: Jeff Mahoney <je...@suse.com>
---
profiles/apparmor.d/usr.sbin.dnsmasq | 12 ++++++++++++
1 file changed, 12 insertions(+)
--- a/profiles/apparmor.d/usr.sbin.dnsmasq
+++ b/profiles/apparmor.d/usr.sbin.dnsmasq
@@ -8,16 +8,28 @@
capability setgid,
capability setuid,
capability dac_override,
+ capability net_admin, # for DHCP server
+ capability net_raw, # for DHCP server ping checks
+ network inet raw,
/etc/dnsmasq.conf r,
/etc/dnsmasq.d/ r,
/etc/dnsmasq.d/* r,
+ /etc/ethers r,
/usr/sbin/dnsmasq mr,
/var/run/*dnsmasq*.pid w,
+ /var/run/dnsmasq-forwarders r,
/var/run/dnsmasq/ r,
/var/run/dnsmasq/* rw,
/var/lib/misc/dnsmasq.leases rw, # Required only for DHCP server usage
+
+ # libvirt pid files for dnsmasq
+ /var/run/libvirt/network/ r,
+ /var/run/libvirt/network/*.pid rw,
+ /var/lib/libvirt/dnsmasq/ r,
+ /var/lib/libvirt/dnsmasq/*.hostsfile r,
+
}
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
