Hello community, here is the log from the commit of package apparmor for openSUSE:12.1:Update:Test checked in at 2012-02-07 17:36:33 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.1:Update:Test/apparmor (Old) and /work/SRC/openSUSE:12.1:Update:Test/.apparmor.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "apparmor", Maintainer is "mszer...@suse.com" Changes: -------- --- /work/SRC/openSUSE:12.1:Update:Test/apparmor/apparmor.changes 2012-02-07 17:36:37.000000000 +0100 +++ /work/SRC/openSUSE:12.1:Update:Test/.apparmor.new/apparmor.changes 2012-02-07 17:36:38.000000000 +0100 @@ -1,0 +2,79 @@ +Tue Jan 31 09:53:06 UTC 2012 - opens...@cboltz.de + +- Update to AppArmor 2.7.2 (= 2.7 branch / r1894) + - move various permissions from httpd2-prefork profile to + abstractions/apache2-common. Backward-incompatible change: *.htaccess + files are no longer allowed for ^HANDLING_UNTRUSTED_INPUT + - allow access for more /usr/lib*/samba/ files for smbd (bnc#725967#c5) + - allow various .conf files for dovecot (lp#458922) + - disallow wl for *.so in @{HOME}/.pki/nssdb/ in abstractions/private-files + and abstractions/private-files-strict (lp#911847) + - update abstractions/kde, private-files* and ubuntu-browsers.d/user-files + to use ~/.kde4, not only ~/.kde (bnc#741592) + - block write access to ~/.kde{,4}/env in abstractions/private-files + (lp#914190) + - allow write access for personal dictionary etc. in abstractions/aspell + (lp#917859) + - when using genprof for a script, include read access to the script itsself + - automatically include abstractions/python or abstractions/ruby for + python/ruby scripts + - add profile for smbldap-useradd and allow smbd to call it (bnc#738041) + - allow creation of the .config directory in abstractions/enchant (lp#914184) + - allow TFTP read-only access in dnsmasq profile (lp#905412) + - allow capability dac_read_search for syslog-ng (bnc#731876) + - add p11-kit abstraction and include it in abstractions/authentification + (lp#912754, lp#912752) + - add audacity to abstractions/ubuntu-media-players (lp#899963) + - allow software-center, fireclam plugin, [tT]unar, exo-open, kate and + /dev/nvidia* in abstractons/ubuntu-browsers.d/* (lp#662906, lp#562831, + lp#890894, lp#890894, lp#884748) + - fix typo for multiarch gconf-modules in abstractions/base (lp#904548) + - allow avahi to do dbus introspection (lp#769148) + - allow access to ~/.fonts.conf.d in abstractions/fonts (lp#870992) + - allow transmission in abstractions/ubuntu-bittorrent-clients (lp#852062) + - allow reading ~/.cups/client.conf and ~/.cups/lpoptions in + abstractions/cups-client (lp#887992) + - allow read access of /etc/python{2,3}.[0-7]*/sitecustomize.py in + abstractions/python (lp#860856) + - various updates to the sshd profile (lp#817956) + - (and some more changes I already included in the apparmor-2.7-branch.diff) + +------------------------------------------------------------------- +Tue Jan 3 23:52:38 UTC 2012 - opens...@cboltz.de + +- Update to AppArmor 2.7.0 (= r1858) + - make traceroute6 work (bnc#733312) + - allow access to pyconfig.h in abstractions/python (lp#840734) + - fix logprof/genprof for hex-encoded program filenames (= filenames + containing space etc.) +- add apparmor-2.7-branch.diff with some upstreamed fixes: + - usr.sbin.smbd needs read access for /etc/netgroup (bnc#738041) + - create /etc/apparmor.d/tunables/multiarch.d as directory, not as file + - fix syntax error in abstractons/python + +------------------------------------------------------------------- +Tue Nov 29 18:34:54 CET 2011 - meiss...@suse.de + +- changed a $ -> % (typo) + +------------------------------------------------------------------- +Sat Nov 26 21:52:31 UTC 2011 - opens...@cboltz.de + +- make Provides for perl-libapparmor versioned to avoid self-Obsoletes + +------------------------------------------------------------------- +Thu Nov 10 20:16:24 UTC 2011 - opens...@cboltz.de + +- update to AppArmor 2.7.0 rc2 + Most of the changes since rc1 were already included as patches. + Additional changes: + - fix logprof/genprof to recognize "mknod" in audit.log + - fix libapparmor python bindings to compile with python 3 + - fix wrong status message in initscript if apparmor-utils are not installed + - parser/Makefile: fix some warnings, always respect CXX and LDFLAGS + - fix some warnings in utils/Makefile +- remove 4 upstreamed patches +- remove mkdir /etc/apparmor.d/disable - that's done by upstream Makefile now +- update line numbers in 2 patches + +------------------------------------------------------------------- Old: ---- apparmor-2.5.1-ldapclient-profile apparmor-2.7.0rc1-aa-notify-better-error-message.diff apparmor-2.7.rc1.tar.gz apparmor-abstractions-winbind-64bit.diff apparmor-samba-vfs-objects.diff New: ---- apparmor-2.7.2.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ apparmor.spec ++++++ --- /var/tmp/diff_new_pack.gmGaoX/_old 2012-02-07 17:36:38.000000000 +0100 +++ /var/tmp/diff_new_pack.gmGaoX/_new 2012-02-07 17:36:38.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package apparmor # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -15,7 +15,6 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # - %bcond_with tomcat %bcond_without pam %bcond_without apache @@ -43,31 +42,23 @@ %if ! %{?distro:1}0 %define distro suse %endif -Version: 2.7.rc1 -Release: 1 -%define versiondir 2.7.0~rc1 +Version: 2.7.2 +Release: 0 +%define versiondir 2.7.2 Summary: AppArmor userlevel parser utility +License: GPL-2.0+ Group: Productivity/Networking/Security Source0: apparmor-%{version}.tar.gz Source1: %{name}-profile-editor.png Source2: %{name}-profile-editor.desktop Source3: update-trans.sh -# more helpful error message for "aa-notify -p" if the user is not in the configured group. Commited upstream after 2.7rc1. -Patch: apparmor-2.7.0rc1-aa-notify-better-error-message.diff - # enable caching of profiles (= massive performance speedup when loading profiles) Patch1: apparmor-enable-profile-cache.diff # include autogenerated profile sniplet for samba shares (bnc#688040) Patch2: apparmor-samba-include-permissions-for-shares.diff -# allow samba "vfs objects" (bnc#725967). Commited upstream after 2.7rc1. -Patch3: apparmor-samba-vfs-objects.diff - -# make abstractions/winbind working on 64bit systems. Commited upstream after 2.7rc1. -Patch4: apparmor-abstractions-winbind-64bit.diff - # split a long string in AppArmor.pm. Not accepted upstream because they want a solution without hardcoded width. Patch5: apparmor-utils-string-split @@ -78,8 +69,6 @@ # Add support for eDirectory calls in abstractions/nameservice. Not accepted upstream (yet) because of open questions Patch12: apparmor-2.5.1-edirectory-profile -# split ldap related things from abstractions/nameservice to abstractions/ldapclient and add sasl support. Commited upstream after 2.7rc1. -Patch13: apparmor-2.5.1-ldapclient-profile # obsolete, upstream implemented this in another way Patch15: apparmor-remove-repo @@ -87,7 +76,6 @@ # remove after 12.1 release - bnc#720617 #c7 Patch21: apparmor-utils-subdomain-compat -License: GPLv2+ Url: https://launchpad.net/apparmor PreReq: sed BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -150,8 +138,8 @@ %endif %package parser -License: GPLv2+ Summary: AppArmor userlevel parser utility +License: GPL-2.0+ Group: Productivity/Networking/Security Obsoletes: subdomain_parser < %{version} Obsoletes: subdomain-parser < %{version} @@ -175,8 +163,8 @@ SubDomain. %package docs -License: GPLv2+ Summary: AppArmor Documentation package +License: GPL-2.0+ Group: Documentation/Other BuildArch: noarch @@ -189,8 +177,8 @@ %if %{with apache} %package -n apache2-mod_apparmor -License: GPLv2+ Summary: AppArmor module for apache2 +License: GPL-2.0+ Group: Productivity/Security %description -n apache2-mod_apparmor @@ -206,12 +194,12 @@ %endif %package -n libapparmor1 -License: LGPLv2.1+ Summary: Utility library for AppArmor +License: LGPL-2.1+ Group: Development/Libraries/C and C++ %ifarch ppc64 Obsoletes: libapparmor-64bit < %{version} -Provides: libapparmor-64bit = ${version} +Provides: libapparmor-64bit = %{version} %endif Provides: libapparmor = %{version} Provides: libimmunix = %{version} @@ -224,8 +212,8 @@ well as functions to parse AppArmor log messages. %package -n libapparmor-devel -License: LGPLv2.1+ Summary: Development headers and libraries for libapparmor +License: LGPL-2.1+ Group: Development/Libraries/C and C++ Requires: libapparmor1 = %{version} Provides: libapparmor:/usr/include/sys/apparmor.h @@ -235,8 +223,8 @@ AppArmor API. %package -n perl-apparmor -License: GPLv2 ; LGPLv2.1+ Summary: Perl interface for libapparmor functions +License: GPL-2.0 ; LGPL-2.1+ Group: Development/Libraries/Perl Requires: libapparmor1 = %{version} Requires: perl = %{perl_version} @@ -246,7 +234,7 @@ Requires: perl(RPC::XML) Requires: perl(Term::ReadKey) Requires: perl(Term::ReadKey) -Provides: perl-libapparmor +Provides: perl-libapparmor = %{version} Obsoletes: perl-libapparmor < 2.5 %description -n perl-apparmor @@ -256,8 +244,8 @@ %if %{with python} %package -n python-apparmor -License: GPLv2 ; LGPLv2.1+ Summary: Python interface for libapparmor functions +License: GPL-2.0 ; LGPL-2.1+ Group: Development/Libraries/Python BuildRequires: python Requires: libapparmor1 = %{version} @@ -274,8 +262,8 @@ %if %{with ruby} %package -n ruby-apparmor -License: GPLv2 ; LGPLv2.1+ Summary: Ruby interface for libapparmor functions +License: GPL-2.0 ; LGPL-2.1+ Group: Development/Libraries/Ruby Requires: libapparmor1 = %{version} Requires: ruby = %{ruby_version} @@ -289,8 +277,8 @@ %endif %package profiles -License: GPLv2 ; LGPLv2.1+ Summary: AppArmor profiles that are loaded into the apparmor kernel module +License: GPL-2.0 ; LGPL-2.1+ Group: Productivity/Security Requires: apparmor-parser(CAP_SYSLOG) Obsoletes: subdomain-profiles < %{version} @@ -307,8 +295,8 @@ SubDomain. %package utils -License: GPLv2 ; LGPLv2.1+ Summary: AppArmor User-Level Utilities Useful for Creating AppArmor Profiles +License: GPL-2.0 ; LGPL-2.1+ Group: Productivity/Security Requires: libapparmor1 = %{version} Requires: perl = %{perl_version} @@ -324,8 +312,8 @@ %if %{with tomcat} %package -n tomcat_apparmor -License: GPLv2 ; LGPLv2.1+ Summary: Tomcat 6 plugin for AppArmor change_hat +License: GPL-2.0 ; LGPL-2.1+ Group: System/Libraries Requires: libapparmor1 = %{version} Requires: tomcat6 @@ -342,8 +330,8 @@ %if %{with pam} %package -n pam_apparmor -License: GPLv2 ; LGPLv2.1+ Summary: PAM module for AppArmor change_hat +License: GPL-2.0 ; LGPL-2.1+ Group: Productivity/Security BuildRequires: pam-devel PreReq: pam @@ -362,8 +350,8 @@ %if %{with dbus} %package dbus -License: GPLv2 ; LGPLv2.1+ Summary: Audit dispatcher for sending AppArmor events over DBUS +License: GPL-2.0 ; LGPL-2.1+ Group: System/Monitoring %description dbus @@ -375,8 +363,8 @@ %if %{with editor} %package profile-editor -License: GPLv2 ; LGPLv2.1+ Summary: AppArmor profile editor +License: GPL-2.0 ; LGPL-2.1+ Group: Productivity/Editors/Other %description profile-editor @@ -387,8 +375,8 @@ %if %{with gnome} %package -n apparmorapplet-gnome -License: GPLv2 ; LGPLv2.1+ Summary: An AppArmor event notification applet for GNOME +License: GPL-2.0 ; LGPL-2.1+ Group: System/GUI/GNOME %description -n apparmorapplet-gnome @@ -412,16 +400,12 @@ %prep %setup -q -n %{name}-%{versiondir} -%patch -p0 %patch1 -p1 %patch2 -p0 -%patch3 -p0 -%patch4 -p0 %patch5 -p1 #%patch10 -p1 # disabled, see above #%patch11 -p1 # disabled, see above %patch12 -p1 -%patch13 -p1 #%patch15 -p1 # obsolete, see above %patch21 -p1 @@ -505,7 +489,6 @@ mkdir -p %{buildroot}%{_localstatedir}/log/apparmor %makeinstall -C profiles -mkdir %{buildroot}%{_sysconfdir}/apparmor.d/disable %makeinstall -C parser # default cache dir is /etc/apparmor.d/cache - not the best location. ++++++ apparmor-2.5.1-edirectory-profile ++++++ --- /var/tmp/diff_new_pack.gmGaoX/_old 2012-02-07 17:36:38.000000000 +0100 +++ /var/tmp/diff_new_pack.gmGaoX/_new 2012-02-07 17:36:38.000000000 +0100 @@ -17,7 +17,7 @@ --- a/profiles/apparmor.d/abstractions/nameservice +++ b/profiles/apparmor.d/abstractions/nameservice -@@ -72,6 +72,9 @@ +@@ -70,6 +70,9 @@ # kerberos #include <abstractions/kerberosclient> ++++++ apparmor-2.7.rc1.tar.gz -> apparmor-2.7.2.tar.gz ++++++ ++++ 3868 lines of diff (skipped) ++++++ apparmor-samba-include-permissions-for-shares.diff ++++++ --- /var/tmp/diff_new_pack.gmGaoX/_old 2012-02-07 17:36:38.000000000 +0100 +++ /var/tmp/diff_new_pack.gmGaoX/_new 2012-02-07 17:36:38.000000000 +0100 @@ -20,7 +20,7 @@ === modified file 'profiles/apparmor.d/usr.sbin.smbd' --- profiles/apparmor.d/usr.sbin.smbd 2011-08-27 18:50:42 +0000 +++ profiles/apparmor.d/usr.sbin.smbd 2011-10-19 09:37:04 +0000 -@@ -40,6 +40,10 @@ +@@ -46,6 +46,10 @@ @{HOMEDIRS}/** lrwk, -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org