Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package apparmor for openSUSE:Factory checked in at 2024-05-27 11:44:44 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/apparmor (Old) and /work/SRC/openSUSE:Factory/.apparmor.new.24587 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "apparmor" Mon May 27 11:44:44 2024 rev:206 rq:1176730 version:4.0.1 Changes: -------- --- /work/SRC/openSUSE:Factory/apparmor/apparmor.changes 2024-04-07 22:04:35.403491144 +0200 +++ /work/SRC/openSUSE:Factory/.apparmor.new.24587/apparmor.changes 2024-05-27 11:45:24.410817633 +0200 @@ -1,0 +2,41 @@ +Fri May 24 12:21:18 UTC 2024 - Christian Boltz <suse-b...@cboltz.de> + +- fix bashism in %post profiles + +------------------------------------------------------------------- +Sun May 5 19:53:21 UTC 2024 - Christian Boltz <suse-b...@cboltz.de> + +- Update to AppArmor 4.0.1 + Too many changes to list them here. See + https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_4.0.1 + for the detailed upstream release notes +- add tools-fix-redefinition.diff: fix redefinition of _ in tools +- add test-aa-notify.diff: relax test-aa-notify to avoid a mismatch + with argparse on Leap 15.5 +- drop upstreamed patches: + - apparmor-abstractions-openssl-allow-version-specific-en.patch + - dovecot-unix_chkpwd.diff + - smbd-unix_chkpwd.diff +- apparmor-lessopen-profile.patch: update lessopen profile to + abi/4.0 +- mark local/* as %ghost so that these dummy files don't get + installed anymore (changed existing local/files will be kept, + unchanged files will be deleted) +- switch to gitlab tarballs (without pregenerated libapparmor + configure script and prebuilt techdoc.pdf) + - run libapparmor autogen.sh (needs additional BuildRequires + autoconf, autoconf-archive, automake and libtool) + - no longer package techdoc.pdf - old documentation, not worth + the texlive BuildRequires we would need to build it +- drop old (up to 2.12) cache location /var/lib/apparmor/ and the + /etc/apparmor.d/cache symlink pointing to it +- drop apparmor-samba-include-permissions-for-shares.diff - no + longer needed, update-apparmor-samba-profile in Tumbleweed works + without a pre-existing local/usr.sbin.smbd-shares file +- drop ruby-2_0-mkmf-destdir.patch - this ancient patch doesn't + change a single bit in the resulting build (anymore?) +- drop apparmor-lessopen-nfs-workaround.diff - no longer needed + since Kernel 6.0 (see https://bugs.launchpad.net/bugs/1784499) +- drop ancient, unused update-trans.sh + +------------------------------------------------------------------- Old: ---- apparmor-3.1.7.tar.gz apparmor-3.1.7.tar.gz.asc apparmor-abstractions-openssl-allow-version-specific-en.patch apparmor-lessopen-nfs-workaround.diff apparmor-samba-include-permissions-for-shares.diff dovecot-unix_chkpwd.diff ruby-2_0-mkmf-destdir.patch smbd-unix_chkpwd.diff update-trans.sh New: ---- apparmor-v4.0.1.tar.gz apparmor-v4.0.1.tar.gz.asc test-aa-notify.diff tools-fix-redefinition.diff BETA DEBUG BEGIN: Old:- drop upstreamed patches: - apparmor-abstractions-openssl-allow-version-specific-en.patch - dovecot-unix_chkpwd.diff Old: change a single bit in the resulting build (anymore?) - drop apparmor-lessopen-nfs-workaround.diff - no longer needed since Kernel 6.0 (see https://bugs.launchpad.net/bugs/1784499) Old: /etc/apparmor.d/cache symlink pointing to it - drop apparmor-samba-include-permissions-for-shares.diff - no longer needed, update-apparmor-samba-profile in Tumbleweed works Old: - apparmor-abstractions-openssl-allow-version-specific-en.patch - dovecot-unix_chkpwd.diff - smbd-unix_chkpwd.diff Old: without a pre-existing local/usr.sbin.smbd-shares file - drop ruby-2_0-mkmf-destdir.patch - this ancient patch doesn't change a single bit in the resulting build (anymore?) Old: - dovecot-unix_chkpwd.diff - smbd-unix_chkpwd.diff - apparmor-lessopen-profile.patch: update lessopen profile to BETA DEBUG END: BETA DEBUG BEGIN: New:- add tools-fix-redefinition.diff: fix redefinition of _ in tools - add test-aa-notify.diff: relax test-aa-notify to avoid a mismatch with argparse on Leap 15.5 New: for the detailed upstream release notes - add tools-fix-redefinition.diff: fix redefinition of _ in tools - add test-aa-notify.diff: relax test-aa-notify to avoid a mismatch BETA DEBUG END: ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ apparmor.spec ++++++ --- /var/tmp/diff_new_pack.wfkVGt/_old 2024-05-27 11:45:27.186919337 +0200 +++ /var/tmp/diff_new_pack.wfkVGt/_new 2024-05-27 11:45:27.190919485 +0200 @@ -49,22 +49,23 @@ %endif %define CATALINA_HOME /usr/share/tomcat6 -#define APPARMOR_DOC_DIR /usr/share/doc/packages/apparmor-docs/ -#define JNI_SO libJNIChangeHat.so %define JAR_FILE changeHatValve.jar +%define tarversion v4.0.1 +%define pyeggversion 4.0.1 + Name: apparmor -Version: 3.1.7 +Version: 4.0.1 Release: 0 Summary: AppArmor userlevel parser utility License: GPL-2.0-or-later Group: Productivity/Networking/Security -URL: https://launchpad.net/apparmor -Source0: https://launchpad.net/apparmor/3.1/%{version}/+download/apparmor-%{version}.tar.gz -Source1: https://launchpad.net/apparmor/3.1/%{version}/+download/apparmor-%{version}.tar.gz.asc +URL: https://gitlab.com/apparmor/apparmor/ +Source0: https://gitlab.com/apparmor/apparmor/-/archive/%{tarversion}/apparmor-%{tarversion}.tar.gz +# from https://gitlab.com/apparmor/apparmor/-/wikis/%{version}_Signatures +Source1: apparmor-%{tarversion}.tar.gz.asc Source2: %{name}.keyring -Source5: update-trans.sh Source6: baselibs.conf Source7: apparmor-rpmlintrc @@ -72,49 +73,37 @@ # and set cache-loc in parser.conf and apparmor.service accordingly Patch1: apparmor-enable-profile-cache.diff -# include autogenerated profile sniplet for samba shares (bnc#688040) - include rule upstreamed in 3.0.5 (MR 838), now "just" creates the local/ sniplet -# (technically only needed in Leap 15.x, the samba script in Tumbleweed also works if the local/ sniplet doesn't exist - but dropping the local/ sniplet will move existing autogenerated sniplets to *.rpmsave) -Patch2: apparmor-samba-include-permissions-for-shares.diff - -# Ruby 2.0 mkmf prefixes everything with $(DESTDIR), bnc#822277, kkae...@suse.de -Patch3: ruby-2_0-mkmf-destdir.patch - # bug 906858 - confine lessopen.sh (submitted upstream 2014-12-21) Patch4: apparmor-lessopen-profile.patch -# workaround for boo#1119937 / lp#1784499 - allow network access for reading files on NFS (proper solution needs kernel fix) -# fixed in Kernel 6.0 and later (see comment in https://bugs.launchpad.net/bugs/1784499) -Patch5: apparmor-lessopen-nfs-workaround.diff - # make <apache2.d> include in apache extra profile optional to make openQA happy (boo#1178527) Patch6: apache-extra-profile-include-if-exists.diff # add path for precompiled cache (only done/applied if precompiled_cache is enabled) Patch7: apparmor-enable-precompiled-cache.diff -# allow dovecot-auth to execute unix_chkpwd, and add a profile for unix_chkpwd. This is needed for PAM 1.6 (boo#1219139) -Patch9: dovecot-unix_chkpwd.diff - -# abstractions/openssl: allow version specific engdef & engines paths (boo#1219571) -Patch10: apparmor-abstractions-openssl-allow-version-specific-en.patch +# fix redefinition of _ in tools (merged upstream 2024-04-22 https://gitlab.com/apparmor/apparmor/-/merge_requests/1218) +Patch10: tools-fix-redefinition.diff -# allow smbd to execute unix_chkpwd (boo#1220032) -# https://gitlab.com/apparmor/apparmor/-/merge_requests/1159 -Patch11: smbd-unix_chkpwd.diff +# make test-aa-notify a bit more relaxed to allow different argparse wording on Leap 15.5 (merged upstream 2024-05-06 (4.0 and master) https://gitlab.com/apparmor/apparmor/-/merge_requests/1226) +Patch11: test-aa-notify.diff PreReq: sed BuildRoot: %{_tmppath}/%{name}-%{version}-build +BuildRequires: autoconf +BuildRequires: autoconf-archive +BuildRequires: automake BuildRequires: bison BuildRequires: dejagnu BuildRequires: flex BuildRequires: gcc-c++ BuildRequires: iproute2 +BuildRequires: libtool BuildRequires: pcre-devel BuildRequires: pkg-config BuildRequires: python3 -BuildRequires: perl(Locale::gettext) - BuildRequires: swig +BuildRequires: perl(Locale::gettext) %if %{with python3} BuildRequires: python-rpm-macros @@ -355,21 +344,17 @@ %lang_package -n apparmor-parser %prep -%setup -q +%setup -q -n %{name}-%{tarversion} # very loose profile that doesn't even match the apache2 binary path in openSUSE. Move it away instead of confusing people (boo#872984) mv -v profiles/apparmor.d/usr.lib.apache2.mpm-prefork.apache2 profiles/apparmor/profiles/extras/ %patch -P 1 -%patch -P 2 -%patch -P 3 -p1 %patch -P 4 -%patch -P 5 %patch -P 6 %if %{with precompiled_cache} %patch -P 7 %endif -%patch -P 9 -p1 %patch -P 10 -p1 %patch -P 11 -p1 @@ -379,6 +364,7 @@ # libapparmor: ( cd ./libraries/libapparmor + sh ./autogen.sh && \ %configure \ %if %{with perl} --with-perl \ @@ -429,6 +415,20 @@ parser/apparmor_parser --config-file $(pwd)/parser/parser.conf --write-cache -QT -L $(pwd)/profiles/cache -I profiles/apparmor.d/ profiles/apparmor.d/ %endif +# create filelist of previously (up to 3.1.x) shipped local/* files +# (adding them as %ghost prevents modified files from being moved to *.rpmsave) +for oldlocal in \ + bin.ping lsb_release nvidia_modprobe php-fpm samba-bgqd samba-dcerpcd samba-rpcd samba-rpcd-classic samba-rpcd-spoolss sbin.klogd sbin.syslogd sbin.syslog-ng \ + usr.bin.lessopen.sh usr.lib.dovecot.anvil usr.lib.dovecot.auth usr.lib.dovecot.config usr.lib.dovecot.deliver usr.lib.dovecot.dict usr.lib.dovecot.director \ + usr.lib.dovecot.doveadm-server usr.lib.dovecot.dovecot-auth usr.lib.dovecot.dovecot-lda usr.lib.dovecot.imap usr.lib.dovecot.imap-login usr.lib.dovecot.lmtp \ + usr.lib.dovecot.log usr.lib.dovecot.managesieve usr.lib.dovecot.managesieve-login usr.lib.dovecot.pop3 usr.lib.dovecot.pop3-login usr.lib.dovecot.replicator \ + usr.lib.dovecot.script-login usr.lib.dovecot.ssl-params usr.lib.dovecot.stats usr.sbin.apache2 usr.sbin.avahi-daemon usr.sbin.dnsmasq usr.sbin.dovecot \ + usr.sbin.identd usr.sbin.mdnsd usr.sbin.nmbd usr.sbin.nscd usr.sbin.ntpd usr.sbin.smbd usr.sbin.smbd-shares usr.sbin.smbldap-useradd usr.sbin.traceroute \ + usr.sbin.winbindd zgrep +do + echo "%ghost /etc/apparmor.d/local/$oldlocal" +done > oldlocal.files + %check make check -C libraries/libapparmor make check -C parser @@ -479,10 +479,6 @@ %endif %makeinstall SBINDIR="%{buildroot}%{sbindir}" APPARMOR_BIN_PREFIX="%{buildroot}%{apparmor_bin_prefix}" -C parser -# default cache dir (up to 2.12) is /etc/apparmor.d/cache - not the best location. -# Use /var/lib/apparmor/cache and make /etc/apparmor.d/cache a symlink to it -mkdir -p %{buildroot}%{_localstatedir}/lib/apparmor/cache -( cd %{buildroot}/%{_sysconfdir}/apparmor.d/ && ln -s ../../%{_localstatedir}/lib/apparmor/cache cache ) # default cache dir (starting with 2.13) is /etc/apparmor.d/cache.d - also not the best location # Use /var/cache/apparmor and make /etc/apparmor.d/cache.d a symlink to it mkdir -p %{buildroot}%{_localstatedir}/cache/apparmor @@ -535,7 +531,7 @@ %doc parser/*.[1-9].html %doc utils/vim/apparmor.vim.5.html %doc common/apparmor.css -%doc parser/techdoc.pdf +#doc parser/techdoc.pdf # apparmor.vim is included in the vim package. Ideally it should be in a -devel package, but that's overmuch for one file %dir %{_datadir}/apparmor %{_datadir}/apparmor/apparmor.vim @@ -548,6 +544,7 @@ %{_bindir}/aa-enabled %{_bindir}/aa-exec %{_bindir}/aa-features-abi +%{_sbindir}/aa-load %{_sbindir}/aa-status %{_sbindir}/apparmor_status %{_sbindir}/status @@ -555,12 +552,10 @@ %{_sbindir}/exec %dir %attr(-, root, root) %{_sysconfdir}/apparmor %dir %{_sysconfdir}/apparmor.d -%{_sysconfdir}/apparmor.d/cache %{_sysconfdir}/apparmor.d/cache.d %{sbindir}/rcapparmor %{_unitdir}/apparmor.service %config(noreplace) %{_sysconfdir}/apparmor/parser.conf -%{_localstatedir}/lib/apparmor %{_localstatedir}/cache/apparmor %dir %attr(-, root, root) %{apparmor_bin_prefix} %{apparmor_bin_prefix}/rc.apparmor.functions @@ -590,6 +585,7 @@ %dir %{_sysconfdir}/apparmor.d/ %dir %{_sysconfdir}/apparmor.d/abi %config(noreplace) %{_sysconfdir}/apparmor.d/abi/3.0 +%config(noreplace) %{_sysconfdir}/apparmor.d/abi/4.0 %config(noreplace) %{_sysconfdir}/apparmor.d/abi/kernel-5.4-outoftree-network %config(noreplace) %{_sysconfdir}/apparmor.d/abi/kernel-5.4-vanilla %dir %{_sysconfdir}/apparmor.d/abstractions @@ -599,23 +595,117 @@ %dir %{_sysconfdir}/apparmor.d/tunables %config(noreplace) %{_sysconfdir}/apparmor.d/tunables/* -%files profiles +%files profiles -f oldlocal.files %defattr(644,root,root,755) %dir %{_sysconfdir}/apparmor.d/apache2.d -%config(noreplace) %{_sysconfdir}/apparmor.d/apache2.d/phpsysinfo %config(noreplace) %{_sysconfdir}/apparmor.d/bin.* %config(noreplace) %{_sysconfdir}/apparmor.d/sbin.* %config(noreplace) %{_sysconfdir}/apparmor.d/usr.* + +%config(noreplace) %{_sysconfdir}/apparmor.d/1password +%config(noreplace) %{_sysconfdir}/apparmor.d/Discord +%config(noreplace) %{_sysconfdir}/apparmor.d/MongoDB_Compass +%config(noreplace) %{_sysconfdir}/apparmor.d/QtWebEngineProcess +%config(noreplace) %{_sysconfdir}/apparmor.d/brave +%config(noreplace) %{_sysconfdir}/apparmor.d/buildah +%config(noreplace) %{_sysconfdir}/apparmor.d/busybox +%config(noreplace) %{_sysconfdir}/apparmor.d/cam +%config(noreplace) %{_sysconfdir}/apparmor.d/ch-checkns +%config(noreplace) %{_sysconfdir}/apparmor.d/ch-run +%config(noreplace) %{_sysconfdir}/apparmor.d/chrome +%config(noreplace) %{_sysconfdir}/apparmor.d/code +%config(noreplace) %{_sysconfdir}/apparmor.d/crun +%config(noreplace) %{_sysconfdir}/apparmor.d/devhelp +%config(noreplace) %{_sysconfdir}/apparmor.d/element-desktop +%config(noreplace) %{_sysconfdir}/apparmor.d/epiphany +%config(noreplace) %{_sysconfdir}/apparmor.d/evolution +%config(noreplace) %{_sysconfdir}/apparmor.d/firefox +%config(noreplace) %{_sysconfdir}/apparmor.d/flatpak +%config(noreplace) %{_sysconfdir}/apparmor.d/foliate +%config(noreplace) %{_sysconfdir}/apparmor.d/geary +%config(noreplace) %{_sysconfdir}/apparmor.d/github-desktop +%config(noreplace) %{_sysconfdir}/apparmor.d/goldendict +%config(noreplace) %{_sysconfdir}/apparmor.d/ipa_verify +%config(noreplace) %{_sysconfdir}/apparmor.d/kchmviewer +%config(noreplace) %{_sysconfdir}/apparmor.d/keybase +%config(noreplace) %{_sysconfdir}/apparmor.d/lc-compliance +%config(noreplace) %{_sysconfdir}/apparmor.d/libcamerify +%config(noreplace) %{_sysconfdir}/apparmor.d/linux-sandbox +%config(noreplace) %{_sysconfdir}/apparmor.d/loupe %config(noreplace) %{_sysconfdir}/apparmor.d/lsb_release +%config(noreplace) %{_sysconfdir}/apparmor.d/lxc-attach +%config(noreplace) %{_sysconfdir}/apparmor.d/lxc-create +%config(noreplace) %{_sysconfdir}/apparmor.d/lxc-destroy +%config(noreplace) %{_sysconfdir}/apparmor.d/lxc-execute +%config(noreplace) %{_sysconfdir}/apparmor.d/lxc-stop +%config(noreplace) %{_sysconfdir}/apparmor.d/lxc-unshare +%config(noreplace) %{_sysconfdir}/apparmor.d/lxc-usernsexec +%config(noreplace) %{_sysconfdir}/apparmor.d/mmdebstrap +%config(noreplace) %{_sysconfdir}/apparmor.d/msedge +%config(noreplace) %{_sysconfdir}/apparmor.d/nautilus +%config(noreplace) %{_sysconfdir}/apparmor.d/notepadqq %config(noreplace) %{_sysconfdir}/apparmor.d/nvidia_modprobe +%config(noreplace) %{_sysconfdir}/apparmor.d/obsidian +%config(noreplace) %{_sysconfdir}/apparmor.d/opam +%config(noreplace) %{_sysconfdir}/apparmor.d/opera +%config(noreplace) %{_sysconfdir}/apparmor.d/pageedit +%config(noreplace) %{_sysconfdir}/apparmor.d/plasmashell %config(noreplace) %{_sysconfdir}/apparmor.d/php-fpm +%config(noreplace) %{_sysconfdir}/apparmor.d/podman +%config(noreplace) %{_sysconfdir}/apparmor.d/polypane +%config(noreplace) %{_sysconfdir}/apparmor.d/privacybrowser +%config(noreplace) %{_sysconfdir}/apparmor.d/qcam +%config(noreplace) %{_sysconfdir}/apparmor.d/qmapshack +%config(noreplace) %{_sysconfdir}/apparmor.d/qutebrowser +%config(noreplace) %{_sysconfdir}/apparmor.d/rootlesskit +%config(noreplace) %{_sysconfdir}/apparmor.d/rpm +%config(noreplace) %{_sysconfdir}/apparmor.d/rssguard +%config(noreplace) %{_sysconfdir}/apparmor.d/runc %config(noreplace) %{_sysconfdir}/apparmor.d/samba-bgqd %config(noreplace) %{_sysconfdir}/apparmor.d/samba-dcerpcd %config(noreplace) %{_sysconfdir}/apparmor.d/samba-rpcd %config(noreplace) %{_sysconfdir}/apparmor.d/samba-rpcd-* +%config(noreplace) %{_sysconfdir}/apparmor.d/sbuild +%config(noreplace) %{_sysconfdir}/apparmor.d/sbuild-abort +%config(noreplace) %{_sysconfdir}/apparmor.d/sbuild-adduser +%config(noreplace) %{_sysconfdir}/apparmor.d/sbuild-apt +%config(noreplace) %{_sysconfdir}/apparmor.d/sbuild-checkpackages +%config(noreplace) %{_sysconfdir}/apparmor.d/sbuild-clean +%config(noreplace) %{_sysconfdir}/apparmor.d/sbuild-createchroot +%config(noreplace) %{_sysconfdir}/apparmor.d/sbuild-destroychroot +%config(noreplace) %{_sysconfdir}/apparmor.d/sbuild-distupgrade +%config(noreplace) %{_sysconfdir}/apparmor.d/sbuild-hold +%config(noreplace) %{_sysconfdir}/apparmor.d/sbuild-shell +%config(noreplace) %{_sysconfdir}/apparmor.d/sbuild-unhold +%config(noreplace) %{_sysconfdir}/apparmor.d/sbuild-update +%config(noreplace) %{_sysconfdir}/apparmor.d/sbuild-upgrade +%config(noreplace) %{_sysconfdir}/apparmor.d/scide +%config(noreplace) %{_sysconfdir}/apparmor.d/signal-desktop +%config(noreplace) %{_sysconfdir}/apparmor.d/slack +%config(noreplace) %{_sysconfdir}/apparmor.d/slirp4netns +%config(noreplace) %{_sysconfdir}/apparmor.d/steam +%config(noreplace) %{_sysconfdir}/apparmor.d/stress-ng +%config(noreplace) %{_sysconfdir}/apparmor.d/surfshark +%config(noreplace) %{_sysconfdir}/apparmor.d/systemd-coredump +%config(noreplace) %{_sysconfdir}/apparmor.d/thunderbird +%config(noreplace) %{_sysconfdir}/apparmor.d/toybox +%config(noreplace) %{_sysconfdir}/apparmor.d/transmission +%config(noreplace) %{_sysconfdir}/apparmor.d/trinity +%config(noreplace) %{_sysconfdir}/apparmor.d/tup +%config(noreplace) %{_sysconfdir}/apparmor.d/tuxedo-control-center %config(noreplace) %{_sysconfdir}/apparmor.d/unix-chkpwd +%config(noreplace) %{_sysconfdir}/apparmor.d/unprivileged_userns +%config(noreplace) %{_sysconfdir}/apparmor.d/userbindmount +%config(noreplace) %{_sysconfdir}/apparmor.d/uwsgi-core +%config(noreplace) %{_sysconfdir}/apparmor.d/vdens +%config(noreplace) %{_sysconfdir}/apparmor.d/virtiofsd +%config(noreplace) %{_sysconfdir}/apparmor.d/vivaldi-bin +%config(noreplace) %{_sysconfdir}/apparmor.d/vpnns +%config(noreplace) %{_sysconfdir}/apparmor.d/wpcom %config(noreplace) %{_sysconfdir}/apparmor.d/zgrep -%config(noreplace) %{_sysconfdir}/apparmor.d/local/* + +%config(noreplace) %{_sysconfdir}/apparmor.d/apache2.d/phpsysinfo +%config(noreplace) %{_sysconfdir}/apparmor.d/local/README %dir /usr/share/apparmor/ %if %{with precompiled_cache} /usr/share/apparmor/cache/ @@ -697,7 +787,7 @@ %files -n python3-apparmor %defattr(-,root,root) -%{python3_sitearch}/LibAppArmor-%{version}-py*.egg-info +%{python3_sitearch}/LibAppArmor-%{pyeggversion}-py*.egg-info %dir %{python3_sitearch}/LibAppArmor %dir %{python3_sitearch}/LibAppArmor/__pycache__ %{python3_sitearch}/LibAppArmor/_LibAppArmor.cpython-*.so @@ -706,7 +796,7 @@ %{python3_sitearch}/LibAppArmor/__init__.py %{python3_sitearch}/LibAppArmor/LibAppArmor.py %{python3_sitelib}/apparmor/ -%{python3_sitelib}/apparmor-%{version}-py*.egg-info +%{python3_sitelib}/apparmor-%{pyeggversion}-py*.egg-info %endif %if %{with ruby} @@ -758,24 +848,38 @@ #restart_on_update apparmor - but non-broken (bnc#853019) systemctl is-active -q apparmor && systemctl reload apparmor ||: +%post profiles +# delete old cache (location up to 2.12) +rm -f /var/lib/apparmor/cache/* 2>/dev/null + +# cleanup old, unchanged local/* files +for oldlocal in \ + bin.ping lsb_release nvidia_modprobe php-fpm samba-bgqd samba-dcerpcd samba-rpcd samba-rpcd-classic samba-rpcd-spoolss sbin.klogd sbin.syslogd sbin.syslog-ng \ + usr.bin.lessopen.sh usr.lib.dovecot.anvil usr.lib.dovecot.auth usr.lib.dovecot.config usr.lib.dovecot.deliver usr.lib.dovecot.dict usr.lib.dovecot.director \ + usr.lib.dovecot.doveadm-server usr.lib.dovecot.dovecot-auth usr.lib.dovecot.dovecot-lda usr.lib.dovecot.imap usr.lib.dovecot.imap-login usr.lib.dovecot.lmtp \ + usr.lib.dovecot.log usr.lib.dovecot.managesieve usr.lib.dovecot.managesieve-login usr.lib.dovecot.pop3 usr.lib.dovecot.pop3-login usr.lib.dovecot.replicator \ + usr.lib.dovecot.script-login usr.lib.dovecot.ssl-params usr.lib.dovecot.stats usr.sbin.apache2 usr.sbin.avahi-daemon usr.sbin.dnsmasq usr.sbin.dovecot \ + usr.sbin.identd usr.sbin.mdnsd usr.sbin.nmbd usr.sbin.nscd usr.sbin.ntpd usr.sbin.smbd usr.sbin.smbd-shares usr.sbin.smbldap-useradd usr.sbin.traceroute \ + usr.sbin.winbindd zgrep +do + if [ -f "/etc/apparmor.d/local/$oldlocal" ] && [ "$(cat /etc/apparmor.d/local/$oldlocal)" = "# Site-specific additions and overrides for '$oldlocal'" ] ; then + rm "/etc/apparmor.d/local/$oldlocal" || : + fi +done + %posttrans profiles # workaround for bnc#904620#c8 / lp#1392042 -# old cache location up to 2.12 -rm -f /var/lib/apparmor/cache/* 2>/dev/null -# cache location starting with 2.13 rm -f /var/cache/apparmor/* 2>/dev/null #restart_on_update apparmor - but non-broken (bnc#853019) systemctl is-active -q apparmor && systemctl reload apparmor ||: %if %{with tomcat} - %post -n tomcat_apparmor -p /sbin/ldconfig %postun -n tomcat_apparmor -p /sbin/ldconfig %endif %if %{with pam} - %post -n pam_apparmor if [ $1 -eq 1 ]; then pam-config --add --apparmor || : ++++++ libapparmor.spec ++++++ --- /var/tmp/diff_new_pack.wfkVGt/_old 2024-05-27 11:45:27.222920656 +0200 +++ /var/tmp/diff_new_pack.wfkVGt/_new 2024-05-27 11:45:27.222920656 +0200 @@ -17,18 +17,26 @@ # +%define tarversion v4.0.1 + Name: libapparmor -Version: 3.1.7 +Version: 4.0.1 Release: 0 Summary: Utility library for AppArmor License: LGPL-2.1-or-later Group: Development/Libraries/C and C++ -URL: https://launchpad.net/apparmor -Source0: https://launchpad.net/apparmor/3.1/%{version}/+download/apparmor-%{version}.tar.gz -Source1: https://launchpad.net/apparmor/3.1/%{version}/+download/apparmor-%{version}.tar.gz.asc +URL: https://gitlab.com/apparmor/apparmor/ +Source0: https://gitlab.com/apparmor/apparmor/-/archive/%{tarversion}/apparmor-%{tarversion}.tar.gz +# from https://gitlab.com/apparmor/apparmor/-/wikis/%{version}_Signatures +Source1: apparmor-%{tarversion}.tar.gz.asc +Source2: apparmor.keyring +BuildRequires: autoconf +BuildRequires: autoconf-archive +BuildRequires: automake BuildRequires: bison BuildRequires: dejagnu BuildRequires: flex +BuildRequires: libtool BuildRequires: pkg-config BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -63,11 +71,12 @@ AppArmor API. %prep -%setup -q -n apparmor-%{version} +%setup -q -n apparmor-%{tarversion} %build ( cd ./libraries/libapparmor + sh ./autogen.sh && %configure \ --without-perl \ --without-python \ ++++++ apparmor-lessopen-profile.patch ++++++ --- /var/tmp/diff_new_pack.wfkVGt/_old 2024-05-27 11:45:27.274922562 +0200 +++ /var/tmp/diff_new_pack.wfkVGt/_new 2024-05-27 11:45:27.278922709 +0200 @@ -5,7 +5,7 @@ @@ -0,0 +1,52 @@ +# vim: ft=apparmor + -+abi <abi/3.0>, ++abi <abi/4.0>, + +#include <tunables/global> + ++++++ test-aa-notify.diff ++++++ https://gitlab.com/apparmor/apparmor/-/merge_requests/1226 >From 715cb711ba26d3ccff490f35f80721cf3678abb6 Mon Sep 17 00:00:00 2001 From: Christian Boltz <appar...@cboltz.de> Date: Sun, 5 May 2024 22:05:43 +0200 Subject: [PATCH] Don't rely on argparse saying "options:" Some argparse versions (for example on openSUSE Leap 15.5) instead say "optional arguments:" Don't rely on the "options:" line to allow both wordings. --- utils/test/test-aa-notify.py | 1 - 1 file changed, 1 deletion(-) diff --git a/utils/test/test-aa-notify.py b/utils/test/test-aa-notify.py index 4f3e540e9..abffd0631 100644 --- a/utils/test/test-aa-notify.py +++ b/utils/test/test-aa-notify.py @@ -194,7 +194,6 @@ Display AppArmor notifications or messages for DENIED entries. expected_output_2 = \ ''' -options: -h, --help show this help message and exit -p, --poll poll AppArmor logs and display notifications --display DISPLAY set the DISPLAY environment variable (might be needed if -- GitLab ++++++ tools-fix-redefinition.diff ++++++ >From 553acd22324ed013d9f468aa8585518cf68b34f7 Mon Sep 17 00:00:00 2001 From: Christian Boltz <appar...@cboltz.de> Date: Sun, 21 Apr 2024 17:32:24 +0200 Subject: [PATCH] Fix redefinition of _ ... which unsurprisingly broke using the translations. This was a regression introduced in 4f51c93f9dc2516a32bfccc79b4dcf4985e61f47 Fixes: https://gitlab.com/apparmor/apparmor/-/issues/387 --- utils/apparmor/tools.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/utils/apparmor/tools.py b/utils/apparmor/tools.py index e8a99bbe6..f7d4a0d36 100644 --- a/utils/apparmor/tools.py +++ b/utils/apparmor/tools.py @@ -90,7 +90,7 @@ class aa_tools: def get_next_for_modechange(self): """common code for mode/flags changes""" - for (program, _, prof_filename) in self.get_next_to_profile(): + for (program, ignored, prof_filename) in self.get_next_to_profile(): output_name = prof_filename if program is None else program if not os.path.isfile(prof_filename) or is_skippable_file(prof_filename): @@ -162,7 +162,7 @@ class aa_tools: def cmd_autodep(self): apparmor.loadincludes() - for (program, _, prof_filename) in self.get_next_to_profile(): + for (program, ignored, prof_filename) in self.get_next_to_profile(): if not program: aaui.UI_Info(_('Please pass an application to generate a profile for, not a profile itself - skipping %s.') % prof_filename) continue -- GitLab
