Hello community, here is the log from the commit of package apparmor for openSUSE:Factory checked in at 2014-10-23 14:19:45 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/apparmor (Old) and /work/SRC/openSUSE:Factory/.apparmor.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "apparmor" Changes: -------- --- /work/SRC/openSUSE:Factory/apparmor/apparmor.changes 2014-10-09 12:52:14.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.apparmor.new/apparmor.changes 2014-10-23 14:19:48.000000000 +0200 @@ -1,0 +2,25 @@ +Sat Oct 18 09:43:19 UTC 2014 - opens...@cboltz.de + +- update to AppArmor 2.9.0 (r2759) + - change aa-mergeprof to the final commandline syntax + - lots of bugfixes in the aa-* tools (bnc#900163, lp#1328707 and several + bugs without a formal bugreport) + - small additions to gnome, freedesktop.org, ubuntu-browsers.d/java + and user-mail abstractions + - fix mod_apparmor to not break basic auth + - update perl modules to support signal, unix and ptrace rules (bnc#900013) + - don't warn about rules not supported by the kernel + - fix logging of "audit capability" (lp#1378091) + - add support for the "hat" keyword in apparmor.vim + - build html version of apparmor.vim manpage again (lp#1366572) + - see also http://wiki.apparmor.net/index.php/ReleaseNotes_2_9_0 +- update apparmor-abstractions-no-multiline.diff +- remove upstreamed apparmor-profiles-ntpd-pid-location.diff + +------------------------------------------------------------------- +Fri Oct 10 23:22:26 UTC 2014 - opens...@cboltz.de + +- add apparmor-abstractions-no-multiline.diff: change all multiline + rules into one line. Needed for yast2-apparmor (bnc#900013) + +------------------------------------------------------------------- Old: ---- apparmor-2.8.97.tar.gz apparmor-2.8.97.tar.gz.asc apparmor-profiles-ntpd-pid-location.diff New: ---- apparmor-2.9.0.tar.gz apparmor-2.9.0.tar.gz.asc apparmor-abstractions-no-multiline.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ apparmor.spec ++++++ --- /var/tmp/diff_new_pack.UPM3lv/_old 2014-10-23 14:19:50.000000000 +0200 +++ /var/tmp/diff_new_pack.UPM3lv/_new 2014-10-23 14:19:50.000000000 +0200 @@ -60,7 +60,7 @@ %if ! %{?distro:1}0 %define distro suse %endif -Version: 2.8.97 +Version: 2.9.0 Release: 0 Summary: AppArmor userlevel parser utility License: GPL-2.0+ @@ -88,8 +88,9 @@ # Ruby 2.0 mkmf prefixes everything with $(DESTDIR), bnc#822277, kkae...@suse.de Patch5: ruby-2_0-mkmf-destdir.patch -# Allow new pid location in ntpd profile (bnc#899746 - commited upstream trunk r2723, 2.8 branch r2145) -Patch6: apparmor-profiles-ntpd-pid-location.diff +# change multiline rules in abstractions to one line - needed because YaST still uses the perl module, which doesn't support multiline rules +# (bnc#900013, not for upstream) +Patch6: apparmor-abstractions-no-multiline.diff Url: https://launchpad.net/apparmor PreReq: sed @@ -431,6 +432,8 @@ %endif %patch6 +# search for left-over multiline rules +test -z "$(grep -r '^\s*\(unix\|dbus\)[^,]\(([^)]*)\)*[^,]*$' profiles/apparmor.d/)" %build echo _libdir: %{_libdir} ruby: %{rb_sitearch} python: %{python3_sitearch} # test if _libdir breaks it or if it's broken by default on <= 12.1 @@ -590,6 +593,7 @@ %files docs %defattr(-,root,root) %doc parser/*.[1-9].html +%doc utils/vim/apparmor.vim.5.html %doc common/apparmor.css %doc parser/techdoc.pdf parser/techdoc/techdoc.html parser/techdoc/techdoc.css parser/techdoc.txt # apparmor.vim is included in the vim package. Ideally it should be in a -devel package, but that's overmuch for one file ++++++ apparmor-2.8.97.tar.gz -> apparmor-2.9.0.tar.gz ++++++ ++++ 4914 lines of diff (skipped) ++++++ apparmor-abstractions-no-multiline.diff ++++++ === modified file 'profiles/apparmor.d/abstractions/X' Index: profiles/apparmor.d/abstractions/X =================================================================== --- profiles/apparmor.d/abstractions/X.orig 2014-10-18 13:11:18.498652324 +0200 +++ profiles/apparmor.d/abstractions/X 2014-10-18 13:11:31.097494817 +0200 @@ -23,9 +23,7 @@ # the unix socket to use to connect to the display /tmp/.X11-unix/* w, - unix (connect, receive, send) - type=stream - peer=(addr="@/tmp/.X11-unix/X[0-9]*"), + unix (connect, receive, send) type=stream peer=(addr="@/tmp/.X11-unix/X[0-9]*"), /usr/include/X11/ r, /usr/include/X11/** r, Index: profiles/apparmor.d/abstractions/dbus-accessibility-strict =================================================================== --- profiles/apparmor.d/abstractions/dbus-accessibility-strict.orig 2014-10-18 13:11:18.498652324 +0200 +++ profiles/apparmor.d/abstractions/dbus-accessibility-strict 2014-10-18 13:11:31.098494805 +0200 @@ -9,9 +9,4 @@ # # ------------------------------------------------------------------ - dbus send - bus=accessibility - path=/org/freedesktop/DBus - interface=org.freedesktop.DBus - member={Hello,AddMatch,RemoveMatch,GetNameOwner,NameHasOwner,StartServiceByName} - peer=(name=org.freedesktop.DBus), + dbus send bus=accessibility path=/org/freedesktop/DBus interface=org.freedesktop.DBus member={Hello,AddMatch,RemoveMatch,GetNameOwner,NameHasOwner,StartServiceByName} peer=(name=org.freedesktop.DBus), Index: profiles/apparmor.d/abstractions/dbus-session-strict =================================================================== --- profiles/apparmor.d/abstractions/dbus-session-strict.orig 2014-10-18 13:11:18.498652324 +0200 +++ profiles/apparmor.d/abstractions/dbus-session-strict 2014-10-18 13:11:31.098494805 +0200 @@ -13,13 +13,6 @@ /etc/machine-id r, /var/lib/dbus/machine-id r, - unix (connect, receive, send) - type=stream - peer=(addr="@/tmp/dbus-*"), + unix (connect, receive, send) type=stream peer=(addr="@/tmp/dbus-*"), - dbus send - bus=session - path=/org/freedesktop/DBus - interface=org.freedesktop.DBus - member={Hello,AddMatch,RemoveMatch,GetNameOwner,NameHasOwner,StartServiceByName} - peer=(name=org.freedesktop.DBus), + dbus send bus=session path=/org/freedesktop/DBus interface=org.freedesktop.DBus member={Hello,AddMatch,RemoveMatch,GetNameOwner,NameHasOwner,StartServiceByName} peer=(name=org.freedesktop.DBus), Index: profiles/apparmor.d/abstractions/dbus-strict =================================================================== --- profiles/apparmor.d/abstractions/dbus-strict.orig 2014-10-18 13:11:18.498652324 +0200 +++ profiles/apparmor.d/abstractions/dbus-strict 2014-10-18 13:11:31.098494805 +0200 @@ -11,9 +11,4 @@ /{,var/}run/dbus/system_bus_socket rw, - dbus send - bus=system - path=/org/freedesktop/DBus - interface=org.freedesktop.DBus - member={Hello,AddMatch,RemoveMatch,GetNameOwner,NameHasOwner,StartServiceByName} - peer=(name=org.freedesktop.DBus), + dbus send bus=system path=/org/freedesktop/DBus interface=org.freedesktop.DBus member={Hello,AddMatch,RemoveMatch,GetNameOwner,NameHasOwner,StartServiceByName} peer=(name=org.freedesktop.DBus), Index: profiles/apparmor.d/abstractions/ubuntu-unity7-base =================================================================== --- profiles/apparmor.d/abstractions/ubuntu-unity7-base.orig 2014-10-18 13:11:18.497652337 +0200 +++ profiles/apparmor.d/abstractions/ubuntu-unity7-base 2014-10-18 13:11:31.098494805 +0200 @@ -16,41 +16,16 @@ #include <abstractions/gnome> # Allow connecting to session bus and where to connect to services - dbus (send) - bus=session - path=/org/freedesktop/DBus - interface=org.freedesktop.DBus - member=Hello - peer=(name=org.freedesktop.DBus), - dbus (send) - bus=session - path=/org/freedesktop/{db,DB}us - interface=org.freedesktop.DBus - member={Add,Remove}Match - peer=(name=org.freedesktop.DBus), + dbus (send) bus=session path=/org/freedesktop/DBus interface=org.freedesktop.DBus member=Hello peer=(name=org.freedesktop.DBus), + dbus (send) bus=session path=/org/freedesktop/{db,DB}us interface=org.freedesktop.DBus member={Add,Remove}Match peer=(name=org.freedesktop.DBus), # NameHasOwner and GetNameOwner could leak running processes and apps # depending on how services are implemented - dbus (send) - bus=session - path=/org/freedesktop/DBus - interface=org.freedesktop.DBus - member=GetNameOwner - peer=(name=org.freedesktop.DBus), - dbus (send) - bus=session - path=/org/freedesktop/DBus - interface=org.freedesktop.DBus - member=NameHasOwner - peer=(name=org.freedesktop.DBus), + dbus (send) bus=session path=/org/freedesktop/DBus interface=org.freedesktop.DBus member=GetNameOwner peer=(name=org.freedesktop.DBus), + dbus (send) bus=session path=/org/freedesktop/DBus interface=org.freedesktop.DBus member=NameHasOwner peer=(name=org.freedesktop.DBus), # Allow starting services on the session bus (actual communications with # the service are mediated elsewhere) - dbus (send) - bus=session - path=/org/freedesktop/DBus - interface=org.freedesktop.DBus - member=StartServiceByName - peer=(name=org.freedesktop.DBus), + dbus (send) bus=session path=/org/freedesktop/DBus interface=org.freedesktop.DBus member=StartServiceByName peer=(name=org.freedesktop.DBus), # Allow connecting to system bus and where to connect to services. Put these # here so we don't need to repeat these rules in multiple places (actual @@ -58,108 +33,47 @@ # allow apps to brute-force enumerate system services, but our system # services aren't a secret. /{,var/}run/dbus/system_bus_socket rw, - dbus (send) - bus=system - path=/org/freedesktop/DBus - interface=org.freedesktop.DBus - member=Hello - peer=(name=org.freedesktop.DBus), - dbus (send) - bus=system - path=/org/freedesktop/{db,DB}us - interface=org.freedesktop.DBus - member={Add,Remove}Match - peer=(name=org.freedesktop.DBus), + dbus (send) bus=system path=/org/freedesktop/DBus interface=org.freedesktop.DBus member=Hello peer=(name=org.freedesktop.DBus), + dbus (send) bus=system path=/org/freedesktop/{db,DB}us interface=org.freedesktop.DBus member={Add,Remove}Match peer=(name=org.freedesktop.DBus), # NameHasOwner and GetNameOwner could leak running processes and apps # depending on how services are implemented - dbus (send) - bus=system - path=/org/freedesktop/DBus - interface=org.freedesktop.DBus - member=GetNameOwner - peer=(name=org.freedesktop.DBus), - dbus (send) - bus=system - path=/org/freedesktop/DBus - interface=org.freedesktop.DBus - member=NameHasOwner - peer=(name=org.freedesktop.DBus), + dbus (send) bus=system path=/org/freedesktop/DBus interface=org.freedesktop.DBus member=GetNameOwner peer=(name=org.freedesktop.DBus), + dbus (send) bus=system path=/org/freedesktop/DBus interface=org.freedesktop.DBus member=NameHasOwner peer=(name=org.freedesktop.DBus), # # Access required for connecting to/communication with Unity HUD # - dbus (send) - bus=session - path="/com/canonical/hud", - dbus (send) - bus=session - interface="com.canonical.hud.*", - dbus (send) - bus=session - path="/com/canonical/hud/applications/*", - dbus (receive) - bus=session - path="/com/canonical/hud", - dbus (receive) - bus=session - interface="com.canonical.hud.*", + dbus (send) bus=session path="/com/canonical/hud", + dbus (send) bus=session interface="com.canonical.hud.*", + dbus (send) bus=session path="/com/canonical/hud/applications/*", + dbus (receive) bus=session path="/com/canonical/hud", + dbus (receive) bus=session interface="com.canonical.hud.*", # # Allow access for connecting to/communication with the appmenu # # dbusmenu - dbus (send) - bus=session - interface="com.canonical.AppMenu.*", - dbus (receive, send) - bus=session - path=/com/canonical/menu/**, + dbus (send) bus=session interface="com.canonical.AppMenu.*", + dbus (receive, send) bus=session path=/com/canonical/menu/**, # gmenu - dbus (receive, send) - bus=session - interface=org.gtk.Actions, - dbus (receive, send) - bus=session - interface=org.gtk.Menus, + dbus (receive, send) bus=session interface=org.gtk.Actions, + dbus (receive, send) bus=session interface=org.gtk.Menus, # # Access required for using freedesktop notifications # - dbus (send) - bus=session - path=/org/freedesktop/Notifications - member=GetCapabilities, - dbus (send) - bus=session - path=/org/freedesktop/Notifications - member=GetServerInformation, - dbus (send) - bus=session - path=/org/freedesktop/Notifications - member=Notify, - dbus (receive) - bus=session - member="Notify" - peer=(name="org.freedesktop.DBus"), - dbus (receive) - bus=session - path=/org/freedesktop/Notifications - member=NotificationClosed, - dbus (send) - bus=session - path=/org/freedesktop/Notifications - member=CloseNotification, + dbus (send) bus=session path=/org/freedesktop/Notifications member=GetCapabilities, + dbus (send) bus=session path=/org/freedesktop/Notifications member=GetServerInformation, + dbus (send) bus=session path=/org/freedesktop/Notifications member=Notify, + dbus (receive) bus=session member="Notify" peer=(name="org.freedesktop.DBus"), + dbus (receive) bus=session path=/org/freedesktop/Notifications member=NotificationClosed, + dbus (send) bus=session path=/org/freedesktop/Notifications member=CloseNotification, # accessibility - dbus (send) - bus=session - peer=(name=org.a11y.Bus), - dbus (receive) - bus=session - interface=org.a11y.atspi*, - dbus (receive, send) - bus=accessibility, + dbus (send) bus=session peer=(name=org.a11y.Bus), + dbus (receive) bus=session interface=org.a11y.atspi*, + dbus (receive, send) bus=accessibility, # # Deny potentially dangerous access Index: profiles/apparmor.d/abstractions/ubuntu-unity7-launcher =================================================================== --- profiles/apparmor.d/abstractions/ubuntu-unity7-launcher.orig 2014-10-18 13:11:18.497652337 +0200 +++ profiles/apparmor.d/abstractions/ubuntu-unity7-launcher 2014-10-18 13:11:31.098494805 +0200 @@ -1,7 +1,4 @@ # # Access required for connecting to/communicating with the Unity Launcher # - dbus (send) - bus=session - interface="com.canonical.Unity.LauncherEntry" - member="Update", + dbus (send) bus=session interface="com.canonical.Unity.LauncherEntry" member="Update", Index: profiles/apparmor.d/abstractions/ubuntu-unity7-messaging =================================================================== --- profiles/apparmor.d/abstractions/ubuntu-unity7-messaging.orig 2014-10-18 13:11:18.498652324 +0200 +++ profiles/apparmor.d/abstractions/ubuntu-unity7-messaging 2014-10-18 13:11:31.099494792 +0200 @@ -2,6 +2,4 @@ # Access required for connecting to/communicating with the Unity messaging # indicator # - dbus (receive, send) - bus=session - path="/com/canonical/indicator/messages/*", + dbus (receive, send) bus=session path="/com/canonical/indicator/messages/*", Index: profiles/apparmor.d/abstractions/gnome =================================================================== --- profiles/apparmor.d/abstractions/gnome.orig 2014-10-06 21:06:23.000000000 +0200 +++ profiles/apparmor.d/abstractions/gnome 2014-10-18 13:17:22.661505791 +0200 @@ -88,6 +88,4 @@ # Allow connecting to the GNOME vfs socket (still need corresponding DBus # rules) - unix (send, receive, connect) - type=stream - peer=(addr="@/dbus-vfs-daemon/socket-*"), + unix (send, receive, connect) type=stream peer=(addr="@/dbus-vfs-daemon/socket-*"), -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org