Hello community, here is the log from the commit of package pure-ftpd for openSUSE:Factory checked in at 2017-05-20 10:14:35 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/pure-ftpd (Old) and /work/SRC/openSUSE:Factory/.pure-ftpd.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "pure-ftpd" Sat May 20 10:14:35 2017 rev:45 rq:496781 version:1.0.43 Changes: -------- --- /work/SRC/openSUSE:Factory/pure-ftpd/pure-ftpd.changes 2016-08-05 18:18:11.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.pure-ftpd.new/pure-ftpd.changes 2017-05-20 10:14:37.739696337 +0200 @@ -1,0 +2,6 @@ +Fri May 19 13:32:57 UTC 2017 - [email protected] + +- pure-ftpd-apparmor.patch: Add an AppArmor profile (based on the + one from SLE11). [fate#321125] + +------------------------------------------------------------------- New: ---- pure-ftpd-apparmor.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ pure-ftpd.spec ++++++ --- /var/tmp/diff_new_pack.f59jaL/_old 2017-05-20 10:14:38.675564109 +0200 +++ /var/tmp/diff_new_pack.f59jaL/_new 2017-05-20 10:14:38.679563543 +0200 @@ -1,7 +1,7 @@ # # spec file for package pure-ftpd # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -45,6 +45,7 @@ # PATCH-FIX-OPENSUSE: bnc#789833 # won't be upstreamed, can be dropped when systemd will be only one init system and kernel get AUDIT_LOGINUID_IMMUTABLE Patch9: pure-ftpd-1.0.36-cap-audit-control.patch +Patch10: pure-ftpd-apparmor.patch BuildRequires: libcap-devel BuildRequires: mysql-devel BuildRequires: openldap2-devel @@ -80,6 +81,7 @@ %patch7 %patch8 %patch9 -p1 +%patch10 -p2 %build CFLAGS="%{optflags} -DLDAP_DEPRECATED -fstack-protector -fvisibility=hidden" @@ -132,6 +134,8 @@ install -d %{buildroot}%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/ install -m 644 %{SOURCE7} %{buildroot}%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/%{name} +install -D -m 0644 usr.sbin.pure-ftpd %{buildroot}%{_sysconfdir}/apparmor/profiles/extras/usr.sbin.pure-ftpd + %if 0%{?suse_version} > 1140 install -D -m0644 %{SOURCE8} %{buildroot}%{_unitdir}/%{name}.service ln -sf service %{buildroot}%{_sbindir}/rc%{name} @@ -174,7 +178,7 @@ %files %defattr(-, root, root) %doc AUTHORS CONTACT COPYING NEWS THANKS README README.Contrib -%doc README.Configuration-File HISTORY README.Virtual-Users +%doc README.Configuration-File HISTORY README.Virtual-Users README.AppArmor %doc README.LDAP pureftpd-ldap.conf README.MySQL README.PGSQL README.TLS %{_mandir}/man8/* %{_bindir}/* @@ -183,11 +187,16 @@ %dir %{_sysconfdir}/openldap/schema %dir %{_sysconfdir}/%{name} %dir %{_sysconfdir}/%{name}/vhosts +%dir %{_sysconfdir}/apparmor +%dir %{_sysconfdir}/apparmor/profiles +%dir %{_sysconfdir}/apparmor/profiles/extras %config %{_sysconfdir}/openldap/schema/pureftpd.schema %config %{_sysconfdir}/pam.d/pure-ftpd %config(noreplace) %{_sysconfdir}/%{name}/pure-ftpd.conf %config(noreplace) %{_sysconfdir}/xinetd.d/pure-ftpd %config(noreplace) %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/%{name} +%config(noreplace) %{_sysconfdir}/apparmor/profiles/extras/usr.sbin.pure-ftpd + %if 0%{?suse_version} > 1140 %{_unitdir}/%{name}.service %else ++++++ pure-ftpd-apparmor.patch ++++++ Index: pure-ftpd-1.0.20-sles/AppArmor/README.AppArmor =================================================================== --- /dev/null +++ pure-ftpd-1.0.20-sles/AppArmor/README.AppArmor @@ -0,0 +1,13 @@ + +---------------------- Using the AppArmor profile ---------------------- + +Make sure that AppArmor is installed and enabled. + +To utilize the security provided by AppArmor, ensure that the supplied +AppArmor profile (the file 'usr.sbin.pure-ftpd') for Pure-FTPd is present in +the '/etc/apparmor.d/' directory. If it is not present, copy it from +the '/usr/share/doc/packages/pure-ftpd/' directory. + +This profile takes care of most of the typical use cases. You can use +YaST->Novell AppArmor to fine-tune the profile for your specific needs. + Index: pure-ftpd-1.0.20-sles/AppArmor/usr.sbin.pure-ftpd =================================================================== --- /dev/null +++ pure-ftpd-1.0.20-sles/AppArmor/usr.sbin.pure-ftpd @@ -0,0 +1,38 @@ +# vim:syntax=apparmor +# ------------------------------------------------------------------ +# +# Copyright (C) 2006 Novell, Inc. +# +# ------------------------------------------------------------------ + +#include <tunables/global> + +/usr/sbin/pure-ftpd { + #include <abstractions/base> + #include <abstractions/nameservice> + #include <abstractions/authentication> + #include <abstractions/user-tmp> + + capability net_bind_service, + capability setgid, + capability setuid, + capability sys_chroot, + + / r, + /etc/ftpusers r, + /etc/pure-ftpd/* r, + /etc/shells r, + /etc/ssl/private/pure-ftpd.pem r, + /proc/*/loginuid w, + /proc/loadavg r, + /proc/net/tcp* r, + /usr/sbin/pure-ftpd mr, + + /var/run/pure-ftpd rw, + /var/run/pure-ftpd.pid w, + /var/run/pure-ftpd/client-* rw, + + @{HOMEDIRS}* r, + @{HOME}/** rwl, + @{HOME}/.k5login r, +}
