Hello community, here is the log from the commit of package apparmor for openSUSE:Factory checked in at 2014-09-10 07:27:34 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/apparmor (Old) and /work/SRC/openSUSE:Factory/.apparmor.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "apparmor" Changes: -------- --- /work/SRC/openSUSE:Factory/apparmor/apparmor.changes 2014-08-13 17:07:59.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.apparmor.new/apparmor.changes 2014-09-10 07:27:35.000000000 +0200 @@ -1,0 +2,58 @@ +Sat Sep 6 22:08:57 UTC 2014 - opensuse@cboltz.de + +- update to AppArmor 2.8.96 (aka 2.9 beta2 aka r2652) + - add unix abstract sockets, ptrace, and signal policy generation + - several bugfixes in the python tools and elsewhere + - move program-chunks/postfix-common to abstractions/ + - drop upstreamed patches: + - apparmor-profiles-clustered-samba.diff + - perl-apparmor-fix-bare-network-keyword-handling.diff + - perl-apparmor-handle-bare-capability-keyword.diff + - perl-apparmor-properly-handle-bare-file-keyword.diff +- re-enable installation of perl modules +- move python modules to python3-apparmor package +- create symlinks without aa- prefix only for tools existing in 2.8.x, + but not for new tools added in 2.9 +- make utils filelist explicit to ensure we have the right set of files + without aa- prefix in sbindir +- switch easyprof python module location to python3 +- drop unused defines APPARMOR_DOC_DIR and JNI_SO +- refresh patches: + - apparmor-utils-string-split (file moved) + - apparmor-profiles-dnsmasq-iface-mtu.patch + - apparmor-2.5.1-edirectory-profile + +------------------------------------------------------------------- +Fri Sep 5 12:34:56 UTC 2014 - opensuse@cboltz.de + +(prepared Thu Mar 20 23:35:03 UTC 2014 in home project) +- update to AppArmor 2.8.95 (aka 2.9 beta1) + - complete rewrite of the aa-* tools in python + - new tools: aa-cleanprof, aa-mergeprof + - extra profiles moved to /usr/share/apparmor/extra-profiles/ (bnc#713647) + - and much more, but there's no upstream changelog yet +- drop upstreamed patches and files: + - usr.sbin.winbindd + - usr.lib.dovecot.*, tunables-dovecot, apparmor-profiles-dovecot-bnc851984.diff + - apparmor-init.py-gsoc.diff + - apparmor-2.8.2-nm-dnsmasq-config.patch +- add %bcond_with perl and disable the perl subpackage temporarily (the perl + modules will be back in beta2) +- drop the apparmorapplet-gnome, apparmor-dbus and profile-editor subpackages + (they were disabled since a long time, and upstream no longer ships their code) + and the apparmor-profile-editor.desktop and apparmor-profile-editor.png files +- drop apparmor-utils-subdomain-compat patch (was only included for <= 12.1) +- remove libimmunix Provides/Obsoletes (libimmunix was a compat wrapper + and got finally dropped) +- refresh apparmor-samba-include-permissions-for-shares.diff and + apparmor-2.5.1-edirectory-profile + +------------------------------------------------------------------- +Thu Sep 4 11:39:40 MDT 2014 - jfehlig@suse.com + +- add apparmor-profiles-dnsmasq-iface-mtu.patch to allow dnsmasq + read access to interface mtu in + /proc/sys/net/ipv6/conf/<ifacename>/mtu + (bnc#892374) + +------------------------------------------------------------------- Old: ---- apparmor-2.8.2-nm-dnsmasq-config.patch apparmor-2.8.3.tar.gz apparmor-2.8.3.tar.gz.asc apparmor-init.py-gsoc.diff apparmor-profile-editor.desktop apparmor-profile-editor.png apparmor-profiles-clustered-samba.diff apparmor-profiles-dovecot-bnc851984.diff apparmor-utils-subdomain-compat perl-apparmor-fix-bare-network-keyword-handling.diff perl-apparmor-handle-bare-capability-keyword.diff perl-apparmor-properly-handle-bare-file-keyword.diff tunables-dovecot usr.lib.dovecot.anvil usr.lib.dovecot.auth usr.lib.dovecot.config usr.lib.dovecot.dict usr.lib.dovecot.dovecot-lda usr.lib.dovecot.lmtp usr.lib.dovecot.log usr.lib.dovecot.managesieve usr.lib.dovecot.ssl-params usr.sbin.winbindd New: ---- apparmor-2.8.96.tar.gz apparmor-2.8.96.tar.gz.asc apparmor-profiles-dnsmasq-iface-mtu.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ apparmor.spec ++++++ --- /var/tmp/diff_new_pack.4QrgoG/_old 2014-09-10 07:27:37.000000000 +0200 +++ /var/tmp/diff_new_pack.4QrgoG/_new 2014-09-10 07:27:37.000000000 +0200 @@ -23,6 +23,7 @@ %bcond_with tomcat %bcond_without pam %bcond_without apache +%bcond_without perl %if 0%{?suse_version} > 0 && 0%{?suse_version} <= 1210 # disable python and ruby bindings on openSUSE <= 12.1 to avoid problems with rb_sitearch and python_sitearch %bcond_with python @@ -40,13 +41,10 @@ %bcond_without ruby %endif %endif -%bcond_with gnome -%bcond_with dbus -%bcond_with editor %define CATALINA_HOME /usr/share/tomcat6 -%define APPARMOR_DOC_DIR /usr/share/doc/packages/apparmor-docs/ -%define JNI_SO libJNIChangeHat.so +#define APPARMOR_DOC_DIR /usr/share/doc/packages/apparmor-docs/ +#define JNI_SO libJNIChangeHat.so %define JAR_FILE changeHatValve.jar %define apache_module_path %(/usr/sbin/apxs2 -q LIBEXECDIR) @@ -62,7 +60,7 @@ %if ! %{?distro:1}0 %define distro suse %endif -Version: 2.8.3 +Version: 2.8.96 Release: 0 Summary: AppArmor userlevel parser utility License: GPL-2.0+ @@ -71,27 +69,10 @@ Source1: apparmor-%{version}.tar.gz.asc Source2: %{name}.keyring -Source3: %{name}-profile-editor.png -Source4: %{name}-profile-editor.desktop Source5: update-trans.sh Source6: baselibs.conf Source7: apparmor-rpmlintrc -# profile for winbindd (bnc#748499, submitted upstream 2012-11-06, trunk r2078) -Source10: usr.sbin.winbindd - -# profiles for dovecot 2.x (bnc#851984) - commited upstream trunk r2354, r2355, r2356, updated version commited trunk r2360, r2370 -Source20: usr.lib.dovecot.anvil -Source21: usr.lib.dovecot.auth -Source22: usr.lib.dovecot.config -Source23: usr.lib.dovecot.dict -Source24: usr.lib.dovecot.dovecot-lda -Source25: usr.lib.dovecot.lmtp -Source26: usr.lib.dovecot.log -Source27: usr.lib.dovecot.managesieve -Source28: usr.lib.dovecot.ssl-params -Source29: tunables-dovecot - # enable caching of profiles (= massive performance speedup when loading profiles) Patch1: apparmor-enable-profile-cache.diff @@ -101,36 +82,14 @@ # split a long string in AppArmor.pm. Not accepted upstream because they want a solution without hardcoded width. Patch5: apparmor-utils-string-split -# make apparmor/__init__.py ready for the new tools developed in GSoC. Submitted upstream 2013-09-12 -Patch6: apparmor-init.py-gsoc.diff - # Add support for eDirectory calls in abstractions/nameservice. Not accepted upstream (yet) because of open questions Patch12: apparmor-2.5.1-edirectory-profile -# update dovecot profiles for dovecot 2.x (bnc#851984 - commited upstream trunk r2354, r2356, [updated patch] r2359, [updated patch] r2549) -Patch17: apparmor-profiles-dovecot-bnc851984.diff - -# create Immunix::SubDomain perl module - only included for openSUSE <= 12.1 - bnc#720617 #c7 -Patch21: apparmor-utils-subdomain-compat - # Ruby 2.0 mkmf prefixes everything with $(DESTDIR), bnc#822277, kkaempf@suse.de Patch22: ruby-2_0-mkmf-destdir.patch -# dnsmasq - allow to read config created by recent NetworkManager -# commited upstream trunk r2323, 2.8 branch r2110 - updated version commited trunk r2385, 2.8 r2123 -Patch23: apparmor-2.8.2-nm-dnsmasq-config.patch - -# Permit clustered Samba access to CTDB socket and databases (bnc#885317, commited upstream trunk r2556 - TODO: merge into 2.8 branch) -Patch24: apparmor-profiles-clustered-samba.diff - -# perl-apparmor: Fix handling of network (or network all) (bnc#889650) (commited upstream trunk r2571, 2.8 r2135) -Patch25: perl-apparmor-fix-bare-network-keyword-handling.diff - -# perl-apparmor: Fix handling of capability keyword (bnc#889651) (commited upstream trunk r2572, 2.8 r2136) -Patch26: perl-apparmor-handle-bare-capability-keyword.diff - -# perl-apparmor: Properly handle bare file keyword (bnc#889652) (commited upstream trunk r2573, 2.8 ) -Patch27: perl-apparmor-properly-handle-bare-file-keyword.diff +# allow dnsmasq to read access to IPv6 config (bnc#892374) (commited upstream trunk r2657, 2.8 branch r2140) +Patch28: apparmor-profiles-dnsmasq-iface-mtu.patch Url: https://launchpad.net/apparmor PreReq: sed @@ -183,27 +142,6 @@ BuildRequires: tomcat6 %endif -%if %{with editor} -BuildRequires: gcc-c++ -BuildRequires: update-desktop-files -BuildRequires: wxGTK-devel -%endif - -%if %{with gnome} -BuildRequires: gnome-common -BuildRequires: pkgconfig(dbus-1) -BuildRequires: pkgconfig(gtk+-2.0) -BuildRequires: pkgconfig(libgnome-2.0) -BuildRequires: pkgconfig(libpanelapplet-2.0) -%endif - -%if %{with dbus} -BuildRequires: audit-devel -BuildRequires: libapparmor-devel -BuildRequires: pkg-config -BuildRequires: pkgconfig(dbus-1) -%endif - %package parser Summary: AppArmor userlevel parser utility License: GPL-2.0+ @@ -272,9 +210,9 @@ Provides: libapparmor-64bit = %{version} %endif Provides: libapparmor = %{version} -Provides: libimmunix = %{version} +#Provides: libimmunix = %{version} Obsoletes: libapparmor < %{version} -Obsoletes: libimmunix < %{version} +#Obsoletes: libimmunix < %{version} %description -n libapparmor1 This package provides the libapparmor library, which contains the @@ -292,6 +230,8 @@ These libraries are needed for developing software that makes use of the AppArmor API. +%if %{with perl} + %package -n perl-apparmor Summary: Perl interface for libapparmor functions License: GPL-2.0 and LGPL-2.1+ @@ -311,6 +251,8 @@ This package provides the perl interface to AppArmor. It is used for perl applications interfacing with AppArmor, including the AppArmor utilities. +%endif + %if %{with python} %package -n python-apparmor @@ -385,8 +327,16 @@ License: GPL-2.0 and LGPL-2.1+ Group: Productivity/Security Requires: libapparmor1 = %{version} +# some of the tools are still perl-based (aa-decode, aa-exec and aa-notify) Requires: perl = %{perl_version} Requires: perl-apparmor = %{version} +%if %{with python3} +Requires: python3-apparmor = %{version} +Requires: python3-base +%else +Requires: python-apparmor = %{version} +Requires: python-base +%endif # aa-unconfined needs netstat Recommends: net-tools # aa-notify -p needs notify-send @@ -437,44 +387,6 @@ %endif -%if %{with dbus} - -%package dbus -Summary: Audit dispatcher for sending AppArmor events over DBUS -License: GPL-2.0 and LGPL-2.1+ -Group: System/Monitoring - -%description dbus -An audit dispatcher for sending AppArmor events over the DBUS system -bus. - -%endif - -%if %{with editor} - -%package profile-editor -Summary: AppArmor profile editor -License: GPL-2.0 and LGPL-2.1+ -Group: Productivity/Editors/Other - -%description profile-editor -A syntax highlighting editor for AppArmor profiles. - -%endif - -%if %{with gnome} - -%package -n apparmorapplet-gnome -Summary: An AppArmor event notification applet for GNOME -License: GPL-2.0 and LGPL-2.1+ -Group: System/GUI/GNOME - -%description -n apparmorapplet-gnome -This taskbar applet receives AppArmor events over DBUS, and notifies -the user when AppArmor prevents an application from functioning. - -%endif - %description The AppArmor Parser is a userlevel program that is used to load in program profiles to the AppArmor Security kernel module. @@ -484,9 +396,6 @@ %lang_package -n apparmor-utils %lang_package -n apparmor-parser -%if %{with gnome} -%lang_package -n apparmorapplet-gnome -%endif %prep %{?gpg_verify: %gpg_verify %{S:1} } @@ -494,40 +403,14 @@ %patch1 -p1 %patch2 %patch5 -p1 -%patch6 -%patch12 -p1 -%patch17 - -# only create Immunix::SubDomain perl module for openSUSE <= 12.1 -%if 0%{?suse_version} -%if 0%{?suse_version} <= 1210 -%patch21 -p1 -%endif -%endif +%patch12 # Ruby 2.0 mkmf prefixes every path with $(DESTDIR) %if 0%{?suse_version} > 1230 %patch22 -p1 %endif -# affected NM is shipped since openSUSE >= 13.1 -%if 0%{?suse_version} > 1310 -%patch23 -%endif - -%patch24 -%patch25 -p1 -%patch26 -p1 -%patch27 -p1 - -# profile for winbindd (bnc#748499, commited upstream trunk r2078, updated in trunk r2328) -test ! -e profiles/apparmor.d/usr.sbin.winbindd -cp %{SOURCE10} profiles/apparmor.d/ - -# profiles for dovecot 2.x (bnc#851984) -test ! -e profiles/apparmor.d/tunables/dovecot -cp %{SOURCE20} %{SOURCE21} %{SOURCE22} %{SOURCE23} %{SOURCE24} %{SOURCE25} %{SOURCE26} %{SOURCE27} %{SOURCE28} profiles/apparmor.d/ -cp %{SOURCE29} profiles/apparmor.d/tunables/dovecot +%patch28 -p1 %build echo _libdir: %{_libdir} ruby: %{rb_sitearch} python: %{python3_sitearch} # test if _libdir breaks it or if it's broken by default on <= 12.1 @@ -546,7 +429,10 @@ ( cd ./libraries/libapparmor sh ./autogen.sh - %configure --with-perl \ + %configure \ +%if %{with perl} + --with-perl \ +%endif %if %{with python}%{with python3} --with-python \ %else @@ -566,6 +452,11 @@ make -C utils # make -C utils check +# deprecated/utils (perl modules still needed by YaST) +%if %{with perl} +make -C deprecated/utils +%endif + # parser: make -C parser V=1 # techdoc.txt depends on techdoc.pdf and techdoc/index.html, so make techdoc.txt should be enough @@ -591,17 +482,13 @@ %if %{with tomcat} make -C changehat/tomcat_apparmor/tomcat_5_5 CATALINA_HOME=%{CATALINA_HOME} %endif -%if %{with gnome} -#--with-gnome \ -%endif -%if %{with dbus} -#--with-dbus \ -%endif -%if %{with editor} -#--with-profileeditor \ -%endif %install + +%if %{with python3} +export PYTHON=/usr/bin/python3 +%endif + # libapparmor # override pkgconfigdir for now - TODO: don't redefine libdir when packaging AppArmor 3.0 %makeinstall -C libraries/libapparmor pkgconfigdir=/usr/%{_lib}/pkgconfig/ @@ -610,7 +497,19 @@ # utilities %makeinstall -C utils +test ! -x %{buildroot}/%{_bindir}/aa-easyprof && chmod +x %{buildroot}/%{_bindir}/aa-easyprof # https://bugs.launchpad.net/apparmor/+bug/1366568 mkdir -p %{buildroot}%{_localstatedir}/log/apparmor +%if %{with python3} + # enforce usage of python3 + for file in %{buildroot}/%{_sbindir}/aa-* ; do + sed -i '1s,^#! /usr/bin/env python$,#! /usr/bin/env python3,' "$file" + done +%endif + +# deprecated/utils (perl modules still needed by YaST) +%if %{with perl} +%makeinstall -C deprecated/utils +%endif %makeinstall -C profiles @@ -636,33 +535,31 @@ find %{buildroot} -name .packlist -exec rm -f {} \; find %{buildroot} -name perllocal.pod -exec rm -f {} \; -# Re-create the links to the old names +# Re-create the links to the old names, but only for tools and manpages that had it for historic reasons[tm]. +# Tools and manpages added in >= 2.9 won't get symlinks without aa- prefix for file in %{buildroot}%{_prefix}/{sbin,share/man/man[0-9]}/aa-*; do d=$(dirname $file) f=$(basename $file) + case "${f#aa-}" in + audit | autodep | complain | decode | disable | enforce | exec | genprof | logprof | notify | status | unconfined | \ + audit.8* | autodep.8* | complain.8* | disable.8* | easyprof.8* | enforce.8* | exec.8* | genprof.8* | logprof.8* | notify.8 | status.8 | unconfined.8* ) if [ "${f#aa-}" != "$f" ]; then ln -s $f $d/${f#aa-} fi + ;; + esac done mv -f %{buildroot}%{_mandir}/man8/{status.8,apparmor_status.8} mv -f %{buildroot}%{_mandir}/man8/{notify.8,apparmor_notify.8} rm -f %{buildroot}%{_mandir}/man8/decode.8 -%if %{with editor} -%suse_update_desktop_file -i %{name}-profile-editor Utility TextEditor -%endif - -%if %{with gnome} -%find_lang apparmorapplet-gnome -%endif - for pkg in apparmor-utils apparmor-parser; do %find_lang $pkg done # remove *.la files -rm -fv %{buildroot}%{_libdir}/libapparmor.la %{buildroot}%{_libdir}/libimmunix.la +rm -fv %{buildroot}%{_libdir}/libapparmor.la echo ------------------------------------------------------------------- #find -ls @@ -717,14 +614,11 @@ %files -n libapparmor1 %defattr(-,root,root) %{_libdir}/libapparmor.so.* -%{_libdir}/libimmunix.so.* %files -n libapparmor-devel %defattr(-,root,root) %{_libdir}/libapparmor.a -%{_libdir}/libimmunix.a %{_libdir}/libapparmor.so -%{_libdir}/libimmunix.so /usr/%{_lib}/pkgconfig/libapparmor.pc %doc %{_mandir}/man2/aa_change_hat.2.gz %doc %{_mandir}/man2/change_hat.2.gz @@ -734,10 +628,6 @@ %{_includedir}/sys/apparmor.h %{_includedir}/aalogparse/* -# hrm, still need to enumerate each directory in these paths in files :( -# %define extras_dir %{_sysconfdir}/apparmor/profiles/extras/ -# %define profiles_dir %{_sysconfdir}/apparmor.d/ - %files profiles %defattr(644,root,root,755) %dir %{_sysconfdir}/apparmor.d/ @@ -751,13 +641,10 @@ %config(noreplace) %{_sysconfdir}/apparmor.d/usr.* %dir %{_sysconfdir}/apparmor.d/local %config(noreplace) %{_sysconfdir}/apparmor.d/local/* -%dir %{_sysconfdir}/apparmor.d/program-chunks -%config(noreplace) %{_sysconfdir}/apparmor.d/program-chunks/* %dir %{_sysconfdir}/apparmor.d/tunables %config(noreplace) %{_sysconfdir}/apparmor.d/tunables/* %dir %{_sysconfdir}/apparmor/ -%dir %{_sysconfdir}/apparmor/profiles -%config %{_sysconfdir}/apparmor/profiles/extras/ +/usr/share/apparmor/extra-profiles/ %files utils %defattr(-,root,root) @@ -766,13 +653,21 @@ %config(noreplace) %{_sysconfdir}/apparmor/logprof.conf %config(noreplace) %{_sysconfdir}/apparmor/notify.conf %config(noreplace) %{_sysconfdir}/apparmor/severity.db -%{_sbindir}/* +%{_sbindir}/aa-* +%{_sbindir}/apparmor_status +%{_sbindir}/audit +%{_sbindir}/autodep +%{_sbindir}/complain +%{_sbindir}/decode +%{_sbindir}/disable +%{_sbindir}/enforce +%{_sbindir}/exec +%{_sbindir}/genprof +%{_sbindir}/logprof +%{_sbindir}/notify +%{_sbindir}/status +%{_sbindir}/unconfined %{_bindir}/aa-easyprof -# easyprof python modules are installed into py2 directories -#{python3_sitelib}/apparmor-%{version}-py%{py3_ver}.egg-info -#{python3_sitelib}/apparmor/ -%{python_sitelib}/apparmor-%{version}-py%{python_version}.egg-info -%{python_sitelib}/apparmor/ %dir %{_datadir}/apparmor %{_datadir}/apparmor/easyprof/ %dir %{_localstatedir}/log/apparmor @@ -796,11 +691,13 @@ %files utils-lang -f apparmor-utils.lang +%if %{with perl} %files -n perl-apparmor %defattr(-,root,root) %{perl_vendorlib}/Immunix %{perl_vendorarch}/auto/LibAppArmor/ %{perl_vendorarch}/LibAppArmor.pm +%endif %if %{with python} @@ -811,7 +708,8 @@ %{python_sitearch}/LibAppArmor/_LibAppArmor.so %{python_sitearch}/LibAppArmor/__init__.py %{python_sitearch}/LibAppArmor/__init__.pyc - +%{python_sitelib}/apparmor/ +%{python_sitelib}/apparmor-%{version}-py%{python_version}.egg-info %endif %if %{with python3} @@ -824,7 +722,8 @@ %{python3_sitearch}/LibAppArmor/_LibAppArmor.cpython-*.so %{python3_sitearch}/LibAppArmor/__pycache__/__init__.cpython-*.pyc %{python3_sitearch}/LibAppArmor/__init__.py - +%{python3_sitelib}/apparmor/ +%{python3_sitelib}/apparmor-%{version}-py*.egg-info %endif %if %{with ruby} @@ -858,38 +757,6 @@ %doc %{_mandir}/man8/mod_apparmor.8.gz %endif -%if %{with dbus} - -%files dbus -%defattr(0750, root, root) -%{_bindir}/apparmor-dbus -%endif - -%if %{with editor} - -%files profile-editor -%defattr(-, root, root) -%{_datadir}/applications/%{name}-profile-editor.desktop -%{_datadir}/pixmaps/%{name}-profile-editor.png -%{_bindir}/profileeditor -%{_docdir}/profileeditor/AppArmorProfileEditor.htb -%if 0 -%{_datadir}/doc/profileeditor/AppArmorProfileEditor.htb -%endif -%dir %{_datadir}/doc/profileeditor -%endif - -%if %{with gnome} - -%files -n apparmorapplet-gnome -%defattr(-, root, root) -%{_libdir}/bonobo/servers/*.server -%{_prefix}/lib/apparmorapplet -%{_datadir}/pixmaps/* - -%files -n apparmorapplet-gnome-lang -f apparmorapplet-gnome.lang -%endif - %post parser %if %{distro} == "suse" # SUSE uses insserv ++++++ apparmor-2.5.1-edirectory-profile ++++++ --- /var/tmp/diff_new_pack.4QrgoG/_old 2014-09-10 07:27:37.000000000 +0200 +++ /var/tmp/diff_new_pack.4QrgoG/_new 2014-09-10 07:27:37.000000000 +0200 @@ -15,9 +15,11 @@ profiles/apparmor.d/abstractions/novell-edirectory | 13 +++++++++++++ 2 files changed, 16 insertions(+) ---- a/profiles/apparmor.d/abstractions/nameservice -+++ b/profiles/apparmor.d/abstractions/nameservice -@@ -70,6 +70,9 @@ +Index: profiles/apparmor.d/abstractions/nameservice +=================================================================== +--- profiles/apparmor.d/abstractions/nameservice.orig 2014-09-03 21:21:31.000000000 +0200 ++++ profiles/apparmor.d/abstractions/nameservice 2014-09-07 17:53:18.412834868 +0200 +@@ -81,6 +81,9 @@ # kerberos #include <abstractions/kerberosclient> @@ -27,8 +29,10 @@ # TCP/UDP network access network inet stream, network inet6 stream, ---- /dev/null -+++ b/profiles/apparmor.d/abstractions/novell-edirectory +Index: profiles/apparmor.d/abstractions/novell-edirectory +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ profiles/apparmor.d/abstractions/novell-edirectory 2014-09-07 17:53:18.412834868 +0200 @@ -0,0 +1,13 @@ +# $Id$ +# ------------------------------------------------------------------ ++++++ apparmor-2.8.3.tar.gz -> apparmor-2.8.96.tar.gz ++++++ ++++ 211917 lines of diff (skipped) ++++++ apparmor-profiles-dnsmasq-iface-mtu.patch ++++++ Allow dnsmasq read access to IPv6 config The IPv6 Neighbor Discovery protocol (RFC 2461) suggests implementations provide MTU in Router Advertisement (RA) messages. From section 4.2 MTU SHOULD be sent on links that have a variable MTU (as specified in the document that describes how to run IP over the particular link type). MAY be sent on other links. dnsmasq supports this option and should have read access to an interface's MTU. Index: apparmor-2.8.3/profiles/apparmor.d/usr.sbin.dnsmasq =================================================================== --- apparmor-2.8.3.orig/profiles/apparmor.d/usr.sbin.dnsmasq +++ apparmor-2.8.3/profiles/apparmor.d/usr.sbin.dnsmasq @@ -44,6 +44,10 @@ /var/lib/misc/dnsmasq.leases rw, # Required only for DHCP server usage + # access to iface mtu needed for Router Advertisement messages in IPv6 + # Neighbor Discovery protocol (RFC 2461) + @{PROC}/sys/net/ipv6/conf/*/mtu r, + # for the read-only TFTP server @{TFTP_DIR}/ r, @{TFTP_DIR}/** r, ++++++ apparmor-samba-include-permissions-for-shares.diff ++++++ --- /var/tmp/diff_new_pack.4QrgoG/_old 2014-09-10 07:27:38.000000000 +0200 +++ /var/tmp/diff_new_pack.4QrgoG/_new 2014-09-10 07:27:38.000000000 +0200 @@ -20,7 +20,7 @@ === modified file 'profiles/apparmor.d/usr.sbin.smbd' --- profiles/apparmor.d/usr.sbin.smbd 2011-08-27 18:50:42 +0000 +++ profiles/apparmor.d/usr.sbin.smbd 2011-10-19 09:37:04 +0000 -@@ -51,6 +51,10 @@ +@@ -47,6 +47,10 @@ @{HOMEDIRS}/** lrwk, ++++++ apparmor-utils-string-split ++++++ --- /var/tmp/diff_new_pack.4QrgoG/_old 2014-09-10 07:27:38.000000000 +0200 +++ /var/tmp/diff_new_pack.4QrgoG/_new 2014-09-10 07:27:38.000000000 +0200 @@ -6,8 +6,8 @@ utils/Immunix/AppArmor.pm | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) ---- a/utils/Immunix/AppArmor.pm -+++ b/utils/Immunix/AppArmor.pm +--- a/deprecated/utils/Immunix/AppArmor.pm ++++ b/deprecated/utils/Immunix/AppArmor.pm @@ -6335,7 +6335,12 @@ sub check_qualifiers($) { if ($cfg->{qualifiers}{$program}) { -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org