Hello community,
here is the log from the commit of package apparmor for openSUSE:Factory
checked in at 2017-04-11 12:39:06
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/apparmor (Old)
and /work/SRC/openSUSE:Factory/.apparmor.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "apparmor"
Tue Apr 11 12:39:06 2017 rev:101 rq:482776 version:2.11.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/apparmor/apparmor.changes 2017-03-22
23:17:33.129965921 +0100
+++ /work/SRC/openSUSE:Factory/.apparmor.new/apparmor.changes 2017-04-11
12:39:09.145551563 +0200
@@ -1,0 +2,20 @@
+Sat Mar 25 21:42:10 UTC 2017 - suse-b...@cboltz.de
+
+- add upstream-changes-r3629..3648.diff:
+ - preserve unknown profiles when reloading apparmor.service
+ (CVE-2017-6507, lp#1668892, boo#1029696)
+ - add aa-remove-unknown utility to unload unknown profiles (lp#1668892)
+ - update nvidia abstraction for newer nvidia drivers
+ - don't enforce ordering of dbus rule attributes in utils (lp#1628286)
+ - add --parser, --base and --Include option to aa-easyprof to allow
+ non-standard paths (useful for tests) (lp#1521031)
+ - move initialization code in apparmor.aa to init_aa(). This allows to
+ run all utils tests even if /etc/apparmor.d/ or /sbin/apparmor_parser
+ don't exist.
+ - several improvements in the utils tests
+- drop upstreamed python3-drop-re-locale.patch
+- no longer delete/skip some of the utils tests (to allow this, add
+ parser-tests-dbus-duplicated-conditionals.diff)
+- add var.mount dependeny to apparmor.service (boo#1016259#c34)
+
+-------------------------------------------------------------------
Old:
----
python3-drop-re-locale.patch
New:
----
parser-tests-dbus-duplicated-conditionals.diff
upstream-changes-r3629..3648.diff
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ apparmor.spec ++++++
--- /var/tmp/diff_new_pack.WlqTuj/_old 2017-04-11 12:39:11.161266752 +0200
+++ /var/tmp/diff_new_pack.WlqTuj/_new 2017-04-11 12:39:11.165266187 +0200
@@ -75,8 +75,11 @@
# upstream changes (trunk r3616..3628)
Patch9: upstream-changes-r3616..3628.diff
-# drop deprecated re.LOCALE flag from regexps
-Patch10: python3-drop-re-locale.patch
+# upstream changes (trunk r3629..3648)
+Patch10: upstream-changes-r3629..3648.diff
+
+# add some exceptions to utils/test/test-parser-simple-tests.py (submitted
upstream 2017-03-25)
+Patch11: parser-tests-dbus-duplicated-conditionals.diff
PreReq: sed
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@@ -377,9 +380,10 @@
%patch7 -p1
%patch8
%patch9
-%if %{with python3}
-%patch10 -p1
-%endif
+%patch10
+# patch10 (upstream-changes-r3629..3648.diff) fails to create empty files, do
it manually
+touch libraries/libapparmor/testsuite/test_multi/unconfined-change_hat.err
+%patch11
# search for left-over multiline rules
test -z "$(grep -r '^\s*\(unix\|dbus\)[^,]\(([^)]*)\)*[^,]*$'
profiles/apparmor.d/)"
@@ -457,17 +461,6 @@
# also, check-parser breaks if using 'make -C' (but works if cd'ing into the
directory)
(cd profiles && make check-parser)
-# these tests fail if /etc/apparmor.d/abstractions/* or /sbin/apparmor_parser
don't exist
-# (aa.py doesn't allow to inject in-tree paths early enough)
-rm -v utils/test/test-aa.py
-rm -v utils/test/test-aa-easyprof.py
-rm -v utils/test/test-libapparmor-test_multi.py
-rm -v utils/test/test-mount_parse.py
-rm -v utils/test/test-parser-simple-tests.py
-rm -v utils/test/test-pivot_root_parse.py
-rm -v utils/test/test-regex_matches.py
-rm -v utils/test/test-unix_parse.py
-
make check -C utils
%install
++++++ apparmor.service ++++++
--- /var/tmp/diff_new_pack.WlqTuj/_old 2017-04-11 12:39:11.285249234 +0200
+++ /var/tmp/diff_new_pack.WlqTuj/_new 2017-04-11 12:39:11.289248669 +0200
@@ -3,7 +3,7 @@
DefaultDependencies=no
Before=sysinit.target
After=systemd-journald-audit.socket
-After=var-lib.mount
+After=var.mount var-lib.mount
ConditionSecurity=apparmor
[Service]
++++++ parser-tests-dbus-duplicated-conditionals.diff ++++++
=== modified file 'utils/test/test-parser-simple-tests.py'
--- utils/test/test-parser-simple-tests.py 2017-03-03 12:14:03 +0000
+++ utils/test/test-parser-simple-tests.py 2017-03-25 20:45:42 +0000
@@ -49,6 +49,15 @@
'change_profile/onx_conflict_unsafe1.sd',
'change_profile/onx_conflict_unsafe2.sd',
+ # duplicated conditionals aren't detected by the tools
+ 'generated_dbus/duplicated-conditionals-45127.sd',
+ 'generated_dbus/duplicated-conditionals-45131.sd',
+ 'generated_dbus/duplicated-conditionals-45124.sd',
+ 'generated_dbus/duplicated-conditionals-45130.sd',
+ 'generated_dbus/duplicated-conditionals-45125.sd',
+ 'generated_dbus/duplicated-conditionals-45128.sd',
+ 'generated_dbus/duplicated-conditionals-45129.sd',
+
'dbus/bad_modifier_2.sd',
'dbus/bad_regex_01.sd',
'dbus/bad_regex_02.sd',
++++++ upstream-changes-r3629..3648.diff ++++++
++++ 1736 lines (skipped)
