Michal Kube��ek changed bug 1000304
What Removed Added
CC   mkubecek@suse.com
Assignee kernel-maintainers@forge.provo.novell.com jeffm@suse.com

Comment # 1 on bug 1000304 from 
> 3ccee46ab487d5b87d0621824efe2500b2857c58..7616ac70d1bb4f2e9d25c1a82d283f3368a7b632

That would be (oldest to newest)

> dcda617a0c51 apparmor: fix refcount bug in profile replacement
> ec34fa24a934 apparmor: fix replacement bug that adds new child to old parent
> b6b1b81b3afb apparmor: fix uninitialized lsm_audit member
> 9049a7922124 apparmor: exec should not be returning ENOENT when it denies
> d671e890205a apparmor: fix update the mtime of the profile file on replacement
> f2e561d190da apparmor: fix disconnected bind mnts reconnection
> bd35db8b8ca6 apparmor: internal paths should be treated as disconnected
> 6059f71f1e94 apparmor: add parameter to control whether policy hashing is used
> f351841f8d41 apparmor: fix put() parent ref after updating the active ref
> bf15cf0c641b apparmor: fix log failures for all profiles in a set
> 7ee6da25dcce apparmor: fix audit full profile hname on successful load
> f7da2de01127 apparmor: ensure the target profile name is always audited
> 23ca7b640b4a apparmor: check that xindex is in trans_table bounds
> 0b938a2e2cf0 apparmor: fix ref count leak when profile sha1 hash is read
> de7c4cc947f9 apparmor: fix refcount race when finding a child profile
> 38dbd7d8be36 apparmor: use list_next_entry instead of list_entry_next
> ff118479a76d apparmor: allow SYS_CAP_RESOURCE to be sufficient to prlimit another task
> 15756178c6a6 apparmor: add missing id bounds check on dfa verification
> 3197f5adf539 apparmor: don't check for vmalloc_addr if kvzalloc() failed
> 5f20fdfed16b apparmor: fix oops in profile_unpack() when policy_db is not present
> 58acf9d911c8 apparmor: fix module parameters can be changed after policy is locked
> f4ee2def2d70 apparmor: do not expose kernel stack
> e89b8081327a apparmor: fix oops, validate buffer size in apparmor_setprocattr()
> d4d03f74a73f apparmor: fix arg_size computation for when setprocattr is null terminated
> 7616ac70d1bb apparmor: fix SECURITY_APPARMOR_HASH_DEFAULT parameter handling

All apply cleanly to SLE12-SP1 except three:

  * b6b1b81b3afb needs some changes due to missing 61e3fb8acaea
      ("apparmor: remove tsk field from the apparmor_audit_struct")
  * ff118479a76d is already in SLE12-SP1
  * 0b938a2e2cf0 just came with 3.12.63

The result builds but someone familiar with the code should take a look.

Also, opening this for Tumbleweed doesn't make much sense as Tumbleweed
is going to get these fixes with 4.8 soon anyway.

You are receiving this mail because: