Hello community,
here is the log from the commit of package apparmor-profiles
checked in at Fri Apr 7 12:11:49 CEST 2006.
--------
--- apparmor-profiles/apparmor-profiles.changes 2006-04-05 15:57:35.000000000 +0200
+++ apparmor-profiles/apparmor-profiles.changes 2006-04-07 08:49:57.000000000 +0200
@@ -1,0 +2,7 @@
+Fri Apr 7 08:49:47 CEST 2006 - dreynolds@suse.de
+
+- seth.arnold:
+- Fix for base (ntpd) - #164150
+- Fix for postfix.qmgr - #156446
+
+-------------------------------------------------------------------
Old:
----
apparmor-profiles-2.0-6366.tar.gz
New:
----
apparmor-profiles-2.0-6374.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ apparmor-profiles.spec ++++++
--- /var/tmp/diff_new_pack.4hYj0O/_old 2006-04-07 12:10:15.000000000 +0200
+++ /var/tmp/diff_new_pack.4hYj0O/_new 2006-04-07 12:10:15.000000000 +0200
@@ -16,9 +16,9 @@
%endif
Summary: AppArmor profiles that are loaded into the apparmor kernel module
Version: 2.0
-Release: 20
+Release: 21
Group: Productivity/Security
-Source0: %{name}-%{version}-6366.tar.gz
+Source0: %{name}-%{version}-6374.tar.gz
License: Other License(s), see package, GPL
BuildRoot: %{_tmppath}/%{name}-%{version}-build
URL: http://forge.novell.com/modules/xfmod/project/?apparmor
@@ -77,6 +77,10 @@
%preun
%changelog -n apparmor-profiles
+* Fri Apr 07 2006 - dreynolds@suse.de
+- seth.arnold:
+- Fix for base (ntpd) - #164150
+- Fix for postfix.qmgr - #156446
* Wed Apr 05 2006 - varkoly@suse.de
- Fix for posfix/smtpd postfix/smtp
- New file usr.lib.postfix.anvil
++++++ apparmor-profiles-2.0-6366.tar.gz -> apparmor-profiles-2.0-6374.tar.gz ++++++
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0/abstractions/base new/apparmor-profiles-2.0/abstractions/base
--- old/apparmor-profiles-2.0/abstractions/base 2006-02-04 09:32:33.000000000 +0100
+++ new/apparmor-profiles-2.0/abstractions/base 2006-04-07 15:25:03.000000000 +0200
@@ -1,4 +1,4 @@
-# $Id: base 6231 2006-02-04 08:32:30Z sarnold $
+# $Id: base 6373 2006-04-07 01:16:04Z sarnold $
# ------------------------------------------------------------------
#
# Copyright (C) 2002-2005 Novell/SUSE
@@ -71,4 +71,6 @@
# Sometimes used to determine kernel/user interfaces to use
/proc/sys/kernel/version r,
-
+ # Depending on which glibc routine uses this file, base may not be the
+ # best place -- but many profiles require it, and it is quite harmless.
+ /proc/sys/kernel/ngroups_max r,
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0/apparmor-profiles.spec new/apparmor-profiles-2.0/apparmor-profiles.spec
--- old/apparmor-profiles-2.0/apparmor-profiles.spec 2006-04-04 22:08:53.000000000 +0200
+++ new/apparmor-profiles-2.0/apparmor-profiles.spec 2006-04-07 15:39:41.000000000 +0200
@@ -1,4 +1,4 @@
-# $Id: apparmor-profiles.spec.in 6366 2006-04-04 20:08:39Z sarnold $
+# $Id: apparmor-profiles.spec.in 6375 2006-04-07 06:35:24Z dominic $
# ------------------------------------------------------------------
#
# Copyright (C) 2002-2005 Novell/SUSE
@@ -26,7 +26,7 @@
Version: 2.0
Release: 11.1
Group: Productivity/Security
-Source0: %{name}-%{version}-6366.tar.gz
+Source0: %{name}-%{version}-6374.tar.gz
License: GPL
BuildRoot: %{?_tmppath:}%{!?_tmppath:/var/tmp}/%{name}-%{version}-build
Url: http://forge.novell.com/modules/xfmod/project/?apparmor
@@ -78,6 +78,10 @@
%preun
%changelog
+* Fri Apr 7 2006 Dominic Reynolds 2.0-11.1
+- seth.arnold:
+- Fix for base (ntpd) - #164150
+- Fix for postfix.qmgr - #156446
* Mon Apr 3 2006 Seth Arnold 2.0-11.1
- Fix for postfix/sasl (#159667)
- Fix for NIS/portmapper nameservice capabilities
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0/apparmor-profiles.spec.in new/apparmor-profiles-2.0/apparmor-profiles.spec.in
--- old/apparmor-profiles-2.0/apparmor-profiles.spec.in 2006-04-04 22:08:41.000000000 +0200
+++ new/apparmor-profiles-2.0/apparmor-profiles.spec.in 2006-04-07 15:35:24.000000000 +0200
@@ -1,4 +1,4 @@
-# $Id: apparmor-profiles.spec.in 6366 2006-04-04 20:08:39Z sarnold $
+# $Id: apparmor-profiles.spec.in 6375 2006-04-07 06:35:24Z dominic $
# ------------------------------------------------------------------
#
# Copyright (C) 2002-2005 Novell/SUSE
@@ -78,6 +78,10 @@
%preun
%changelog
+* Fri Apr 7 2006 Dominic Reynolds 2.0-11.1
+- seth.arnold:
+- Fix for base (ntpd) - #164150
+- Fix for postfix.qmgr - #156446
* Mon Apr 3 2006 Seth Arnold 2.0-11.1
- Fix for postfix/sasl (#159667)
- Fix for NIS/portmapper nameservice capabilities
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0/enabled/usr.lib.postfix.anvil new/apparmor-profiles-2.0/enabled/usr.lib.postfix.anvil
--- old/apparmor-profiles-2.0/enabled/usr.lib.postfix.anvil 2006-04-05 15:44:42.000000000 +0200
+++ new/apparmor-profiles-2.0/enabled/usr.lib.postfix.anvil 1970-01-01 01:00:00.000000000 +0100
@@ -1,30 +0,0 @@
-# $Id: usr.lib.postfix.anvil 6222 2006-02-03 23:42:57Z varkoly $
-# ------------------------------------------------------------------
-#
-# Copyright (C) 2002-2006 Novell/SUSE
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of version 2 of the GNU General Public
-# License published by the Free Software Foundation.
-#
-# ------------------------------------------------------------------
-
-#include
-
-/usr/lib/postfix/anvil {
- #include
- #include
- #include
- #include
-
- capability setgid,
- capability setuid,
-
- /usr/lib/postfix/anvil rix,
-
- /etc/postfix/main.cf r,
- /var/spool/postfix/private/anvil rw,
- /var/spool/postfix/pid/unix.anvil rw,
- /proc/net/if_inet6 r,
- /proc/sys/kernel/ngroups_max r,
-}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0/enabled/usr.lib.postfix.master new/apparmor-profiles-2.0/enabled/usr.lib.postfix.master
--- old/apparmor-profiles-2.0/enabled/usr.lib.postfix.master 2006-04-05 15:41:37.000000000 +0200
+++ new/apparmor-profiles-2.0/enabled/usr.lib.postfix.master 2006-02-07 06:07:58.000000000 +0100
@@ -27,7 +27,6 @@
/var/spool/postfix/private/tlsmgr rwl,
/var/spool/postfix/public/{cleanup,flush,pickup,qmgr,showq,tlsmgr} rwl,
- /usr/lib/postfix/anvil px,
/usr/lib/postfix/bounce px,
/usr/lib/postfix/cleanup px,
/usr/lib/postfix/flush px,
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0/enabled/usr.lib.postfix.qmgr new/apparmor-profiles-2.0/enabled/usr.lib.postfix.qmgr
--- old/apparmor-profiles-2.0/enabled/usr.lib.postfix.qmgr 2006-02-04 00:42:59.000000000 +0100
+++ new/apparmor-profiles-2.0/enabled/usr.lib.postfix.qmgr 2006-04-07 15:25:03.000000000 +0200
@@ -1,4 +1,4 @@
-# $Id: usr.lib.postfix.qmgr 6222 2006-02-03 23:42:57Z sarnold $
+# $Id: usr.lib.postfix.qmgr 6374 2006-04-07 01:32:38Z sarnold $
# ------------------------------------------------------------------
#
# Copyright (C) 2002-2006 Novell/SUSE
@@ -51,4 +51,5 @@
/{var/spool/postfix/,}private/rewrite w,
/{var/spool/postfix/,}private/smtp w,
/{var/spool/postfix/,}private/trace w,
+ /{var/spool/postfix/,}private/uucp w,
}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0/enabled/usr.lib.postfix.smtp new/apparmor-profiles-2.0/enabled/usr.lib.postfix.smtp
--- old/apparmor-profiles-2.0/enabled/usr.lib.postfix.smtp 2006-04-05 15:41:37.000000000 +0200
+++ new/apparmor-profiles-2.0/enabled/usr.lib.postfix.smtp 2006-03-10 00:12:41.000000000 +0100
@@ -37,11 +37,6 @@
/proc/sys/kernel/ngroups_max r,
/usr/share/ssl/certs/ca-bundle.crt r,
/usr/share/ssl/openssl.cnf r,
- /usr/lib64/sasl2 r,
- /usr/lib64/sasl2/* r,
- /usr/lib/sasl2 r,
- /usr/lib/sasl2/* r,
-
/var/spool/postfix/pid/unix.smtp rw,
/var/spool/postfix/pid/unix.relay rw,
/etc/postfix/virtual.db r,
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0/enabled/usr.lib.postfix.smtpd new/apparmor-profiles-2.0/enabled/usr.lib.postfix.smtpd
--- old/apparmor-profiles-2.0/enabled/usr.lib.postfix.smtpd 2006-04-05 15:41:37.000000000 +0200
+++ new/apparmor-profiles-2.0/enabled/usr.lib.postfix.smtpd 2006-02-07 06:07:58.000000000 +0100
@@ -37,7 +37,6 @@
/etc/postfix/smtpd_scache.pag rw,
/etc/postfix/main.cf r,
/etc/postfix/prng_exch rw,
- /etc/ssl/servercerts/* r,
/usr/lib64/sasl2 r,
/usr/lib64/sasl2/* r,
@@ -51,10 +50,7 @@
/var/spool/postfix/pid/inet.smtps rw,
/var/spool/postfix/private/proxymap w,
/var/spool/postfix/private/rewrite w,
- /var/spool/postfix/private/anvil w,
- /var/spool/postfix/private/tlsmgr w,
/var/spool/postfix/public/cleanup w,
- /var/run/sasl2/mux w,
/public/cleanup w,
/private/rewrite w,
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0/programs-enabled/files new/apparmor-profiles-2.0/programs-enabled/files
--- old/apparmor-profiles-2.0/programs-enabled/files 1970-01-01 01:00:00.000000000 +0100
+++ new/apparmor-profiles-2.0/programs-enabled/files 2006-01-27 02:14:42.000000000 +0100
@@ -0,0 +1,80 @@
+bin.netstat
+bin.ping
+bin.traceroute
+etc.cron.daily.logrotate
+etc.cron.daily.slocate.cron
+etc.cron.daily.tmpwatch
+lib.ld-2.2.so
+opt.gnome.bin.evolution-2.4
+opt.gnome.bin.gaim
+opt.gnome.lib.bonobo.bonobo-activation-server
+opt.gnome.lib.evolution-data-server-1.2.evolution-data-server-1.4
+opt.gnome.lib.GConf.2.gconfd-2
+opt.MozillaFirefox.bin.firefox.sh
+opt.MozillaFirefox.lib.firefox-bin
+opt.MozillaFirefox.lib.mozilla-xremote-client
+sbin.dhclient
+sbin.dhcpcd
+sbin.klogd
+sbin.portmap
+sbin.rpc.lockd
+sbin.rpc.statd
+sbin.syslogd
+usr.bin.apropos
+usr.bin.fam
+usr.bin.ldd
+usr.bin.man
+usr.bin.opera
+usr.bin.procmail
+usr.bin.spamc
+usr.lib.man-db.man
+usr.lib.postfix.bounce
+usr.lib.postfix.cleanup
+usr.lib.postfix.flush
+usr.lib.postfix.local
+usr.lib.postfix.master
+usr.lib.postfix.nqmgr
+usr.lib.postfix.pickup
+usr.lib.postfix.proxymap
+usr.lib.postfix.qmgr
+usr.lib.postfix.scache
+usr.lib.postfix.showq
+usr.lib.postfix.smtp
+usr.lib.postfix.smtpd
+usr.lib.postfix.tlsmgr
+usr.lib.postfix.trivial-rewrite
+usr.lib.RealPlayer10.realplay
+usr.sbin.dhcpd
+usr.sbin.httpd
+usr.sbin.httpd2-prefork
+usr.sbin.identd
+usr.sbin.imapd
+usr.sbin.in.fingerd
+usr.sbin.in.ftpd
+usr.sbin.in.ntalkd
+usr.sbin.ipop2d
+usr.sbin.ipop3d
+usr.sbin.mysqld
+usr.sbin.named
+usr.sbin.nmbd
+usr.sbin.nscd
+usr.sbin.ntpd
+usr.sbin.postalias
+usr.sbin.postdrop
+usr.sbin.postmap
+usr.sbin.postqueue
+usr.sbin.sendmail
+usr.sbin.sendmail.postfix
+usr.sbin.sendmail.sendmail
+usr.sbin.slapd
+usr.sbin.smbd
+usr.sbin.spamd
+usr.sbin.squid
+usr.sbin.sshd
+usr.sbin.useradd
+usr.sbin.userdel
+usr.sbin.vsftpd
+usr.sbin.xinetd
+usr.X11R6.bin.acroread
+usr.X11R6.bin.ethereal
+usr.X11R6.bin.xfs
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0/programs-enabled/test.sh new/apparmor-profiles-2.0/programs-enabled/test.sh
--- old/apparmor-profiles-2.0/programs-enabled/test.sh 1970-01-01 01:00:00.000000000 +0100
+++ new/apparmor-profiles-2.0/programs-enabled/test.sh 2006-01-27 02:27:38.000000000 +0100
@@ -0,0 +1,8 @@
+#!/bin/bash
+
+for file in `cat files`
+do
+ echo " sed "s/syntax=subdomain/syntax=apparmor/g"< $file > $file.tmp"
+ sed "s/syntax=subdomain/syntax=apparmor/g" < $file > $file.tmp
+ mv $file.tmp $file
+done
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/apparmor-profiles-2.0/programs-enabled/usr.lib.postfix.qmgr new/apparmor-profiles-2.0/programs-enabled/usr.lib.postfix.qmgr
--- old/apparmor-profiles-2.0/programs-enabled/usr.lib.postfix.qmgr 1970-01-01 01:00:00.000000000 +0100
+++ new/apparmor-profiles-2.0/programs-enabled/usr.lib.postfix.qmgr 2006-02-07 06:07:00.000000000 +0100
@@ -0,0 +1,54 @@
+# $Id: usr.lib.postfix.qmgr 6201 2006-02-02 21:10:54Z sarnold $
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2006 Novell/SUSE
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+
+/usr/lib/postfix/qmgr {
+ #include
+ #include
+ #include
+ #include
+
+ /usr/lib/postfix/qmgr rix,
+ /proc/sys/kernel/ngroups_max r,
+ /tmp/.winbindd/pipe w,
+ /{var/spool/postfix/,}active r,
+ /{var/spool/postfix/,}active/[0-9A-F] r,
+ /{var/spool/postfix/,}active/[0-9A-F]/[0-9A-F] rwl,
+ /{var/spool/postfix/,}active/[0-9A-F]/[0-9A-F]/* rwl,
+ /{var/spool/postfix/,}active/[0-9A-F]/[0-9A-F]* rwl,
+ /{var/spool/postfix/,}active/[0-9A-F]* rwl,
+ /{var/spool/postfix/,}defer r,
+ /{var/spool/postfix/,}defer/[0-9A-F] r,
+ /{var/spool/postfix/,}defer/[0-9A-F]/[0-9A-F] rwl,
+ /{var/spool/postfix/,}defer/[0-9A-F]/[0-9A-F]/* rwl,
+ /{var/spool/postfix/,}defer/[0-9A-F]/[0-9A-F]* rwl,
+ /{var/spool/postfix/,}defer/[0-9A-F]* rwl,
+ /{var/spool/postfix/,}deferred r,
+ /{var/spool/postfix/,}deferred/[0-9A-F] r,
+ /{var/spool/postfix/,}deferred/[0-9A-F]/[0-9A-F] r,
+ /{var/spool/postfix/,}deferred/[0-9A-F]/[0-9A-F]/* rwl,
+ /{var/spool/postfix/,}deferred/[0-9A-F]/[0-9A-F]* rwl,
+ /{var/spool/postfix/,}deferred/[0-9A-F]* rwl,
+ /{var/spool/postfix/,}incoming r,
+ /{var/spool/postfix/,}incoming/[0-9A-F] r,
+ /{var/spool/postfix/,}incoming/[0-9A-F]/[0-9A-F] r,
+ /{var/spool/postfix/,}incoming/[0-9A-F]/[0-9A-F]/* rwl,
+ /{var/spool/postfix/,}incoming/[0-9A-F]/[0-9A-F]* rwl,
+ /{var/spool/postfix/,}incoming/[0-9A-F]* rwl,
+ /{var/spool/postfix/,}public/qmgr r,
+ /{var/spool/postfix/,}private/bounce w,
+ /{var/spool/postfix/,}private/defer w,
+ /{var/spool/postfix/,}private/local w,
+ /{var/spool/postfix/,}private/relay w,
+ /{var/spool/postfix/,}private/rewrite w,
+ /{var/spool/postfix/,}private/smtp w,
+ /{var/spool/postfix/,}private/trace w,
+}
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...