Hello community, here is the log from the commit of package apparmor for openSUSE:Factory checked in at 2020-08-17 11:59:28 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/apparmor (Old) and /work/SRC/openSUSE:Factory/.apparmor.new.3399 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "apparmor" Mon Aug 17 11:59:28 2020 rev:140 rq:824913 version:2.13.4 Changes: -------- --- /work/SRC/openSUSE:Factory/apparmor/apparmor.changes 2020-07-26 16:17:39.896714070 +0200 +++ /work/SRC/openSUSE:Factory/.apparmor.new.3399/apparmor.changes 2020-08-17 11:59:40.462503472 +0200 @@ -1,0 +2,6 @@ +Fri Aug 7 21:01:02 UTC 2020 - Christian Boltz <[email protected]> + +- sevdb-caps-mr589.diff: add new capabilities CAP_BPF and CAP_PERFMON + to severity.db (lp#1890547) + +------------------------------------------------------------------- New: ---- sevdb-caps-mr589.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ apparmor.spec ++++++ --- /var/tmp/diff_new_pack.cco5PH/_old 2020-08-17 11:59:42.142504409 +0200 +++ /var/tmp/diff_new_pack.cco5PH/_new 2020-08-17 11:59:42.146504411 +0200 @@ -74,6 +74,9 @@ # allow /{,var/}run/user/*/xauth_* r, in abstractions/X (submitted upstream 2020-07-20 https://gitlab.com/apparmor/apparmor/-/merge_requests/581 (master), https://gitlab.com/apparmor/apparmor/-/merge_requests/582 (2.11..2.13)) Patch11: abstractions-X-xauth-mr582.diff +# add CAP_BPF and CAP_PERFMON to severity.db (merged upstream 2020-08-07 https://gitlab.com/apparmor/apparmor/-/merge_requests/589 (2.11..master)) +Patch12: sevdb-caps-mr589.diff + PreReq: sed BuildRoot: %{_tmppath}/%{name}-%{version}-build %define apparmor_bin_prefix /lib/apparmor @@ -370,6 +373,7 @@ %endif %patch11 -p1 +%patch12 -p1 %build %define _lto_cflags %{nil} ++++++ sevdb-caps-mr589.diff ++++++ https://gitlab.com/apparmor/apparmor/-/merge_requests/589 commit ae012502095596df4675555da635c868e3b3c04a Author: Christian Boltz <[email protected]> Date: Fri Aug 7 22:37:19 2020 +0200 Add CAP_BPF and CAP_PERFMON to severity.db These capabilities were introduced in Linux 5.8 References: https://bugs.launchpad.net/bugs/1890547 diff --git a/utils/severity.db b/utils/severity.db index 3c028400..3e07d44e 100644 --- a/utils/severity.db +++ b/utils/severity.db @@ -2,6 +2,7 @@ # # Copyright (C) 2002-2005 Novell/SUSE # Copyright (C) 2014 Canonical Ltd. +# Copyright (C) 2020 Christian Boltz # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public @@ -28,6 +29,7 @@ CAP_SETGID 9 CAP_SETUID 9 CAP_FOWNER 9 + CAP_BPF 9 # Denial of service, bypass audit controls, information leak CAP_SYS_TIME 8 CAP_NET_ADMIN 8 @@ -49,6 +51,7 @@ CAP_BLOCK_SUSPEND 8 CAP_DAC_READ_SEARCH 7 CAP_AUDIT_READ 7 + CAP_PERFMON 7 # unused CAP_NET_BROADCAST 0
