Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package hostapd for openSUSE:Factory checked in at 2021-03-03 18:34:55 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/hostapd (Old) and /work/SRC/openSUSE:Factory/.hostapd.new.2378 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "hostapd" Wed Mar 3 18:34:55 2021 rev:40 rq:876389 version:2.9 Changes: -------- --- /work/SRC/openSUSE:Factory/hostapd/hostapd.changes 2020-09-29 19:05:21.438026817 +0200 +++ /work/SRC/openSUSE:Factory/.hostapd.new.2378/hostapd.changes 2021-03-03 18:34:56.655380675 +0100 @@ -1,0 +2,5 @@ +Tue Feb 23 19:33:56 UTC 2021 - Michael Str??der <[email protected]> + +- added AppArmor profile (source apparmor-usr.sbin.hostapd) + +------------------------------------------------------------------- New: ---- apparmor-usr.sbin.hostapd ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ hostapd.spec ++++++ --- /var/tmp/diff_new_pack.DLERuk/_old 2021-03-03 18:34:57.319381158 +0100 +++ /var/tmp/diff_new_pack.DLERuk/_new 2021-03-03 18:34:57.323381161 +0100 @@ -1,7 +1,7 @@ # # spec file for package hostapd # -# Copyright (c) 2020 SUSE LLC +# Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,6 +16,8 @@ # +%bcond_without apparmor + Name: hostapd Version: 2.9 Release: 0 @@ -29,6 +31,7 @@ Source2: %{name}.keyring Source3: config Source4: hostapd.service +Source5: apparmor-usr.sbin.hostapd Patch1: CVE-2019-16275.patch Patch2: CVE-2020-12695.patch BuildRequires: libnl3-devel @@ -38,6 +41,11 @@ BuildRequires: pkgconfig(libnl-3.0) >= 3.0 BuildRequires: pkgconfig(systemd) %{?systemd_requires} +%if %{with apparmor} +BuildRequires: apparmor-abstractions +BuildRequires: apparmor-rpm-macros +Recommends: apparmor-abstractions +%endif %description hostapd is a user space daemon for access point and authentication @@ -74,12 +82,20 @@ install -m 600 hostapd.wpa_psk %{buildroot}%{_sysconfdir} install -m 644 hostapd.8 %{buildroot}/%{_mandir}/man8 install -D -m 0644 %{SOURCE4} %{buildroot}%{_unitdir}/hostapd.service +%if %{with apparmor} +# AppArmor profile +mkdir -p %{buildroot}%{_sysconfdir}/apparmor.d +install -m 0644 %{SOURCE5} %{buildroot}%{_sysconfdir}/apparmor.d/usr.sbin.hostapd +%endif %pre %service_add_pre hostapd.service %post %service_add_post hostapd.service +%if %{with apparmor} +%apparmor_reload %{_sysconfdir}/apparmor.d/usr.sbin.hostapd +%endif %preun %service_del_preun hostapd.service @@ -89,6 +105,10 @@ %files %config(noreplace) %{_sysconfdir}/hostapd.* +%if %{with apparmor} +%dir %{_sysconfdir}/apparmor.d +%config %{_sysconfdir}/apparmor.d/usr.sbin.hostapd +%endif %{_sbindir}/* %license COPYING %doc hostapd/ChangeLog hostapd/README hostapd/wired.conf hostapd/hostapd.conf ++++++ apparmor-usr.sbin.hostapd ++++++ abi <abi/3.0>, #include <tunables/global> profile hostapd /usr/sbin/hostapd { #include <abstractions/base> #include <abstractions/nameservice> capability net_admin, capability net_raw, network packet, network raw, # for RADIUS network inet dgram, network inet6 dgram, # grant read access to config files /etc/hostapd.* r, /etc/libnl/classid r, #/proc/*/net/psched r, # grant access to RFKILL control device /dev/rfkill rw, /run/hostapd/ rw, /run/hostapd/* rw, }
