openSUSE Recommended Update: Recommended update for apparmor ______________________________________________________________________________ Announcement ID: openSUSE-RU-2019:0109-1 Rating: moderate References: #1092099 #1097370 #1100779 Affected Products: openSUSE Leap 42.3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for apparmor fixes the following issues: AppArmor was updated to 2.10.4: - parser: make sure cache write failure doesn't cause load failure - parser: disable cache write on read-only filesystems - add support for conditional includes ("include if exists") - ignore "abi" rules in parser and tools (instead of erroring out) - tools: fix writing alias and "link subset" rules - remove group restriction in aa-notify (boo#1100779) - ignore *.orig and *.rej files when loading profiles - several bugfixes - profile updates for samba (including boo#1092099), netstat, ntpd, syslog-ng, mlmmj-sub, postalias and dovecot - abstraction updates: audio, base, gnupg, kde, nameservice, nvidia, php, python, ssl_certs/keys (add letsencrypt and dehydrated paths), X - add vulkan, qtf and qt5-compose-cache abstractions - tunables: add @{uid} and @{uids} kernel var placeholders Please see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.10.4 for the detailed upstream changelog Additional fixes: - allow netconfig to write resolv.conf to /run with link to /etc (fate#325872, boo#1097370) - fixed a parser crash on invalid abi rules - adjust sssd paths in abstractions/nameservice Patch Instructions: To install this openSUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2019-109=1 Package List: - openSUSE Leap 42.3 (i586 x86_64): apache2-mod_apparmor-2.10.4-19.1 apache2-mod_apparmor-debuginfo-2.10.4-19.1 apparmor-debugsource-2.10.4-19.1 apparmor-parser-2.10.4-19.1 apparmor-parser-debuginfo-2.10.4-19.1 libapparmor-devel-2.10.4-19.1 libapparmor1-2.10.4-19.1 libapparmor1-debuginfo-2.10.4-19.1 pam_apparmor-2.10.4-19.1 pam_apparmor-debuginfo-2.10.4-19.1 perl-apparmor-2.10.4-19.1 perl-apparmor-debuginfo-2.10.4-19.1 python3-apparmor-2.10.4-19.1 python3-apparmor-debuginfo-2.10.4-19.1 ruby-apparmor-2.10.4-19.1 ruby-apparmor-debuginfo-2.10.4-19.1 - openSUSE Leap 42.3 (noarch): apparmor-abstractions-2.10.4-19.1 apparmor-docs-2.10.4-19.1 apparmor-parser-lang-2.10.4-19.1 apparmor-profiles-2.10.4-19.1 apparmor-utils-2.10.4-19.1 apparmor-utils-lang-2.10.4-19.1 - openSUSE Leap 42.3 (x86_64): libapparmor1-32bit-2.10.4-19.1 libapparmor1-debuginfo-32bit-2.10.4-19.1 pam_apparmor-32bit-2.10.4-19.1 pam_apparmor-debuginfo-32bit-2.10.4-19.1 References: https://bugzilla.suse.com/1092099 https://bugzilla.suse.com/1097370 https://bugzilla.suse.com/1100779