Hello community,
here is the log from the commit of package apparmor for openSUSE:Factory checked in at 2017-02-11 01:33:45
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/apparmor (Old)
and /work/SRC/openSUSE:Factory/.apparmor.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "apparmor"
Changes:
--------
--- /work/SRC/openSUSE:Factory/apparmor/apparmor.changes 2017-02-03 17:31:34.092783177 +0100
+++ /work/SRC/openSUSE:Factory/.apparmor.new/apparmor.changes 2017-02-11 01:33:47.991524735 +0100
@@ -1,0 +2,54 @@
+Mon Jan 30 21:37:48 UTC 2017 - suse-beta@cboltz.de
+
+- add upstream-changes-r3616..3628.diff:
+ - update abstractions/base, abstractions/apache2-common and dovecot profiles
+ - merge ask_the_questions() of aa-logprof and aa-mergeprof
+ - pass LDFLAGS when building parser, libapparmor perl bindings and pam_apparmor
+- adjust deleting the cache in profiles %post to the new cache location
+- silence errors when deleting the cache (boo#976914)
+
+-------------------------------------------------------------------
+Sat Jan 28 21:40:11 UTC 2017 - suse-beta@cboltz.de
+
+- split libapparmor into separate spec to get rid of build loop
+ involving mariadb, systemd, apparmor, libapr and mariadb again
+ (see the discussion in SR 448871 for details)
+
+-------------------------------------------------------------------
+Fri Jan 27 20:08:03 UTC 2017 - suse-beta@cboltz.de
+
+- update to AppArmor 2.11.0
+ - apparmor_parser now supports parallel compiles and loads
+ - add full support for dbus, ptrace and signal rules and events to the
+ utils
+ - full rewrite of the file rule handling in the utils
+ - lots of improvements and fixes
+ - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_11 for the
+ detailed changelog
+- patches:
+ - add sshd-profile-drop-local-include-r3615.diff to fix 'make check'
+ - drop aa-unconfined-fix-netstat-call-2.10r3380.diff, no longer needed
+ - refresh apparmor-abstractions-no-multiline.diff
+ - refresh apparmor-samba-include-permissions-for-shares.diff
+- spec changes:
+ - aa-unconfined switched to using ss (from iproute2), adjust Recommends:
+ - move libapparmor to /usr/lib*/
+ - drop %if %suse_version checks for 12.x
+ - change several Obsoletes from %version to < 2.9. Those package names
+ weren't used since years, and 2.9 is still a careful choice
+ - include apparmor.service independent of %suse_version
+ - techdoc.pdf is now shipped in upstream tarball to reduce BuildRequires
+ - drop latex2html, texlive-* and w3m BuildRequires
+ - techdoc.txt and techdoc.html not included, drop them from the package
+ - run most of utils/ make check (some tests expect /etc/apparmor.d/ and
+ /sbin/apparmor_parser to exist, skip them)
+ - BuildRequires python3-pyflakes (utils tests) and dejagnu (libapparmor tests)
+ - drop sed'ing python3 into aa-* shebang (upstreamed)
+ - build binutils
+ - aa-exec is now written in C and lives in /usr/bin/, move it to the
+ apparmor_parser package and create a compability symlink in /usr/sbin/
+ - aa-exec manpage moved to section 1
+ - aa-enabled is a small new tool to find out if AppArmor is enabled
+ - package new aa_stack_profile(2) manpage
+
+-------------------------------------------------------------------
New Changes file:
--- /dev/null 2017-01-26 09:49:33.150892021 +0100
+++ /work/SRC/openSUSE:Factory/.apparmor.new/libapparmor.changes 2017-02-11 01:33:48.099509496 +0100
@@ -0,0 +1,11 @@
+-------------------------------------------------------------------
+Sat Jan 28 21:40:11 UTC 2017 - suse-beta@cboltz.de
+
+- split libapparmor into separate spec to get rid of build loop
+ involving mariadb, systemd, apparmor, libapr and mariadb again
+ (see the discussion in SR 448871 for details)
+- libapparmor.spec is based on the AppArmor 2.11 apparmor.spec, but
+ with minimum BuildRequires
+
+
+
Old:
----
aa-unconfined-fix-netstat-call-2.10r3380.diff
apparmor-2.10.2.tar.gz
apparmor-2.10.2.tar.gz.asc
New:
----
apparmor-2.11.0.tar.gz
apparmor-2.11.0.tar.gz.asc
libapparmor.changes
libapparmor.spec
sshd-profile-drop-local-include-r3615.diff
upstream-changes-r3616..3628.diff
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ apparmor.spec ++++++
--- /var/tmp/diff_new_pack.MgBvpk/_old 2017-02-11 01:33:50.739136973 +0100
+++ /var/tmp/diff_new_pack.MgBvpk/_new 2017-02-11 01:33:50.739136973 +0100
@@ -24,23 +24,9 @@
%bcond_without pam
%bcond_without apache
%bcond_without perl
-%if 0%{?suse_version} > 0 && 0%{?suse_version} <= 1210
- # disable python and ruby bindings on openSUSE <= 12.1 to avoid problems with rb_sitearch and python_sitearch
- %bcond_with python
- %bcond_with python3
- %bcond_with ruby
-%else
-%if 0%{?suse_version} == 1220
- # swig for python3 is broken on 12.2 - probably http://sourceforge.net/p/swig/bugs/1257/ - build python2 bindings instead
- %bcond_without python
- %bcond_with python3
- %bcond_without ruby
-%else
- %bcond_with python
- %bcond_without python3
- %bcond_without ruby
-%endif
-%endif
+%bcond_with python
+%bcond_without python3
+%bcond_without ruby
%define CATALINA_HOME /usr/share/tomcat6
#define APPARMOR_DOC_DIR /usr/share/doc/packages/apparmor-docs/
@@ -60,11 +46,12 @@
%if ! %{?distro:1}0
%define distro suse
%endif
-Version: 2.10.2
+Version: 2.11.0
Release: 0
Summary: AppArmor userlevel parser utility
License: GPL-2.0+
Group: Productivity/Networking/Security
+Url: https://launchpad.net/apparmor
Source0: apparmor-%{version}.tar.gz
Source1: apparmor-%{version}.tar.gz.asc
Source2: %{name}.keyring
@@ -82,9 +69,6 @@
# split a long string in AppArmor.pm. Not accepted upstream because they want a solution without hardcoded width.
Patch3: apparmor-utils-string-split
-# fix regression in aa-unconfined netstat call (taken from upstream 2.10 branch r3380)
-Patch4: aa-unconfined-fix-netstat-call-2.10r3380.diff
-
# Ruby 2.0 mkmf prefixes everything with $(DESTDIR), bnc#822277, kkaempf@suse.de
Patch5: ruby-2_0-mkmf-destdir.patch
@@ -95,7 +79,12 @@
# bug 906858 - confine lessopen.sh (submitted upstream 2014-12-21)
Patch7: apparmor-lessopen-profile.patch
-Url: https://launchpad.net/apparmor
+# drop local/ include from sshd profile to prevent failure in "make check" (taken from upstream bzr trunk r3615)
+Patch8: sshd-profile-drop-local-include-r3615.diff
+
+# upstream changes (trunk r3616..3628)
+Patch9: upstream-changes-r3616..3628.diff
+
PreReq: sed
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%if %{distro} == "suse"
@@ -104,19 +93,14 @@
%endif
%define apparmor_bin_prefix /lib/apparmor
BuildRequires: bison
+BuildRequires: dejagnu
BuildRequires: flex
BuildRequires: gcc-c++
-BuildRequires: latex2html
BuildRequires: pcre-devel
BuildRequires: pkg-config
BuildRequires: python
+BuildRequires: python3-pyflakes
BuildRequires: perl(Locale::gettext)
-%if 0%{?suse_version} > 1220
-BuildRequires: texlive-amsfonts
-BuildRequires: texlive-cm-super
-%endif
-BuildRequires: texlive-latex
-BuildRequires: w3m
BuildRequires: swig
@@ -149,12 +133,12 @@
Summary: AppArmor userlevel parser utility
License: GPL-2.0+
Group: Productivity/Networking/Security
-Obsoletes: libimnxcert < %{version}
-Obsoletes: subdomain-leaf-cert < %{version}
-Obsoletes: subdomain-parser < %{version}
-Obsoletes: subdomain-parser-common < %{version}
-Obsoletes: subdomain-parser-demo < %{version}
-Obsoletes: subdomain_parser < %{version}
+Obsoletes: libimnxcert < 2.9
+Obsoletes: subdomain-leaf-cert < 2.9
+Obsoletes: subdomain-parser < 2.9
+Obsoletes: subdomain-parser-common < 2.9
+Obsoletes: subdomain-parser-demo < 2.9
+Obsoletes: subdomain_parser < 2.9
Provides: libimnxcert = %{version}
Provides: subdomain-leaf-cert = %{version}
Provides: subdomain-parser = %{version}
@@ -166,10 +150,8 @@
# initscript needs /lib/lsb/init-functions from insserv/insserv-compat
Requires: insserv
-%if 0%{?suse_version} > 1320
BuildRequires: systemd-rpm-macros
%{?systemd_requires}
-%endif
%description parser
The AppArmor Parser is a userlevel program that is used to load in
@@ -209,35 +191,6 @@
%endif
-%package -n libapparmor1
-Summary: Utility library for AppArmor
-License: LGPL-2.1+
-Group: Development/Libraries/C and C++
-%ifarch ppc64
-Obsoletes: libapparmor-64bit < %{version}
-Provides: libapparmor-64bit = %{version}
-%endif
-Provides: libapparmor = %{version}
-#Provides: libimmunix = %{version}
-Obsoletes: libapparmor < %{version}
-#Obsoletes: libimmunix < %{version}
-
-%description -n libapparmor1
-This package provides the libapparmor library, which contains the
-change_hat(2) symbol, used for sub-process confinement by AppArmor, as
-well as functions to parse AppArmor log messages.
-
-%package -n libapparmor-devel
-Summary: Development headers and libraries for libapparmor
-License: LGPL-2.1+
-Group: Development/Libraries/C and C++
-Requires: libapparmor1 = %{version}
-Provides: libapparmor:/usr/include/sys/apparmor.h
-
-%description -n libapparmor-devel
-These libraries are needed for developing software that makes use of the
-AppArmor API.
-
%if %{with perl}
%package -n perl-apparmor
@@ -338,7 +291,7 @@
Group: Productivity/Security
Requires: apparmor-abstractions >= %{version}
Requires: apparmor-parser(CAP_SYSLOG)
-Obsoletes: subdomain-profiles < %{version}
+Obsoletes: subdomain-profiles < 2.9
Provides: subdomain-profiles = %{version}
BuildArch: noarch
@@ -356,7 +309,7 @@
License: GPL-2.0 and LGPL-2.1+
Group: Productivity/Security
Requires: libapparmor1 = %{version}
-# some of the tools are still perl-based (aa-decode, aa-exec and aa-notify)
+# some of the tools are still perl-based (aa-decode and aa-notify)
Requires: perl = %{perl_version}
Requires: perl-apparmor = %{version}
%if %{with python3}
@@ -366,12 +319,8 @@
Requires: python-apparmor = %{version}
Requires: python-base
%endif
-# aa-unconfined needs netstat
-%if 0%{?suse_version} > 1320
-Recommends: net-tools-deprecated
-%else
-Recommends: net-tools
-%endif
+# aa-unconfined needs ss
+Recommends: iproute2
# aa-notify -p needs notify-send
Recommends: libnotify-tools
BuildArch: noarch
@@ -435,27 +384,20 @@
%patch1 -p1
%patch2
%patch3 -p1
-%patch4
# Ruby 2.0 mkmf prefixes every path with $(DESTDIR)
-%if 0%{?suse_version} > 1230
%patch5 -p1
-%endif
%patch6
%patch7 -p1
+%patch8
+%patch9
# search for left-over multiline rules
test -z "$(grep -r '^\s*\(unix\|dbus\)[^,]\(([^)]*)\)*[^,]*$' profiles/apparmor.d/)"
%build
-echo _libdir: %{_libdir} ruby: %{rb_sitearch} python: %{python3_sitearch} # test if _libdir breaks it or if it's broken by default on <= 12.1
-
export SUSE_ASNEEDED=0
-# re-define _libdir to /lib or /lib64
-%define _libdir /%{_lib}
-
-echo new _libdir: %{_libdir} ruby: %{rb_sitearch} python: %{python3_sitearch} # test if _libdir breaks it or if it's broken by default on <= 12.1
%if %{with python3}
export PYTHON=/usr/bin/python3
@@ -485,6 +427,9 @@
# Utilities:
make -C utils
+# binutils
+make -C binutils
+
# deprecated/utils (perl modules still needed by YaST)
%if %{with perl}
make -C deprecated/utils
@@ -492,8 +437,6 @@
# parser:
make -C parser V=1
-# techdoc.txt depends on techdoc.pdf and techdoc/index.html, so make techdoc.txt should be enough
-make -C parser V=1 techdoc.txt
# Apache mod_apparmor:
%if %{with apache}
@@ -508,8 +451,6 @@
# Profiles:
make -C profiles
-##configure --disable-static --with-pic \
-#--with-perl \
%if %{with tomcat}
make -C changehat/tomcat_apparmor/tomcat_5_5 CATALINA_HOME=%{CATALINA_HOME}
%endif
@@ -522,11 +463,24 @@
make check -C libraries/libapparmor
make check -C parser
+make check -C binutils
+
# profiles make check fails for the utils (libapparmor PYTHONPATH issues), therefore only do parser-based checks
# also, check-parser breaks if using 'make -C' (but works if cd'ing into the directory)
(cd profiles && make check-parser)
-# utils make check fails if profiles don't exist in /etc/apparmor.d/
-# make check -C utils
+
+# these tests fail if /etc/apparmor.d/abstractions/* or /sbin/apparmor_parser don't exist
+# (aa.py doesn't allow to inject in-tree paths early enough)
+rm -v utils/test/test-aa.py
+rm -v utils/test/test-aa-easyprof.py
+rm -v utils/test/test-libapparmor-test_multi.py
+rm -v utils/test/test-mount_parse.py
+rm -v utils/test/test-parser-simple-tests.py
+rm -v utils/test/test-pivot_root_parse.py
+rm -v utils/test/test-regex_matches.py
+rm -v utils/test/test-unix_parse.py
+
+make check -C utils
%install
@@ -534,22 +488,17 @@
export PYTHON=/usr/bin/python3
%endif
-# libapparmor
-# override pkgconfigdir for now - TODO: don't redefine libdir when packaging AppArmor 3.0
-%makeinstall -C libraries/libapparmor pkgconfigdir=/usr/%{_lib}/pkgconfig/
-# create symlink for old change_hat(2) manpage
-( cd %{buildroot}/%{_mandir}/man2/ && ln -s aa_change_hat.2 change_hat.2 )
+# libapparmor: swig bindings only, libapparmor is packaged via libapparmor.spec
+%makeinstall -C libraries/libapparmor/swig
# utilities
%makeinstall -C utils
test ! -x %{buildroot}/%{_bindir}/aa-easyprof && chmod +x %{buildroot}/%{_bindir}/aa-easyprof # https://bugs.launchpad.net/apparmor/+bug/1366568
mkdir -p %{buildroot}%{_localstatedir}/log/apparmor
-%if %{with python3}
- # enforce usage of python3
- for file in %{buildroot}/%{_sbindir}/aa-* ; do
- sed -i '1s,^#! /usr/bin/env python$,#! /usr/bin/env python3,' "$file"
- done
-%endif
+
+# binutils
+%makeinstall -C binutils
+( cd %{buildroot}/%{_sbindir} && ln -s %{_bindir}/aa-exec exec )
# deprecated/utils (perl modules still needed by YaST)
%if %{with perl}
@@ -569,7 +518,7 @@
%endif
%if %{with pam}
- %makeinstall -C changehat/pam_apparmor SECDIR=%{buildroot}%{_libdir}/security
+ %makeinstall -C changehat/pam_apparmor SECDIR=%{buildroot}/%{_lib}/security
%endif
%if %{with tomcat}
@@ -577,8 +526,8 @@
%makeinstall -C changehat/tomcat_apparmor/tomcat_5_5 CATALINA_HOME=%{buildroot}/%{CATALINA_HOME}
%endif
-find %{buildroot} -name .packlist -exec rm -f {} \;
-find %{buildroot} -name perllocal.pod -exec rm -f {} \;
+find %{buildroot} -name .packlist -exec rm -vf {} \;
+find %{buildroot} -name perllocal.pod -exec rm -vf {} \;
# Re-create the links to the old names, but only for tools and manpages that had it for historic reasons[tm].
# Tools and manpages added in >= 2.9 won't get symlinks without aa- prefix
@@ -587,7 +536,7 @@
f=$(basename $file)
case "${f#aa-}" in
audit | autodep | complain | decode | disable | enforce | exec | genprof | logprof | notify | status | unconfined | \
- audit.8* | autodep.8* | complain.8* | disable.8* | easyprof.8* | enforce.8* | exec.8* | genprof.8* | logprof.8* | notify.8 | status.8 | unconfined.8* )
+ audit.8* | autodep.8* | complain.8* | disable.8* | easyprof.8* | enforce.8* | exec.1* | genprof.8* | logprof.8* | notify.8 | status.8 | unconfined.8* )
if [ "${f#aa-}" != "$f" ]; then
ln -s $f $d/${f#aa-}
fi
@@ -599,16 +548,14 @@
mv -f %{buildroot}%{_mandir}/man8/{notify.8,apparmor_notify.8}
rm -f %{buildroot}%{_mandir}/man8/decode.8
-for pkg in apparmor-utils apparmor-parser; do
+for pkg in apparmor-utils apparmor-parser aa-binutils; do
%find_lang $pkg
done
# remove *.la files
rm -fv %{buildroot}%{_libdir}/libapparmor.la
-%if 0%{?suse_version} > 1320
install -D -m0644 %{S:8} %{buildroot}%{_unitdir}/apparmor.service
-%endif
echo -------------------------------------------------------------------
#find -ls
@@ -621,7 +568,7 @@
%doc parser/*.[1-9].html
%doc utils/vim/apparmor.vim.5.html
%doc common/apparmor.css
-%doc parser/techdoc.pdf parser/techdoc/techdoc.html parser/techdoc/techdoc.css parser/techdoc.txt
+%doc parser/techdoc.pdf
# apparmor.vim is included in the vim package. Ideally it should be in a -devel package, but that's overmuch for one file
%dir %{_datadir}/apparmor
%{_datadir}/apparmor/apparmor.vim
@@ -630,6 +577,8 @@
%defattr(-,root,root)
%doc parser/README parser/COPYING.GPL
/sbin/apparmor_parser
+%{_bindir}/aa-enabled
+%{_bindir}/aa-exec
%dir %attr(-, root, root) %{_sysconfdir}/apparmor
%dir %{_sysconfdir}/apparmor.d
%{_sysconfdir}/apparmor.d/cache
@@ -640,14 +589,15 @@
%else
%{_sysconfdir}/init.d/apparmor
%endif
-%if 0%{?suse_version} > 1320
%{_unitdir}/apparmor.service
-%endif
%config(noreplace) %{_sysconfdir}/apparmor/subdomain.conf
%config(noreplace) %{_sysconfdir}/apparmor/parser.conf
%{_localstatedir}/lib/apparmor
%dir %attr(-, root, root) %{apparmor_bin_prefix}
%{apparmor_bin_prefix}/rc.apparmor.functions
+%doc %{_mandir}/man1/aa-enabled.1.gz
+%doc %{_mandir}/man1/aa-exec.1.gz
+%doc %{_mandir}/man1/exec.1.gz
%doc %{_mandir}/man5/apparmor.d.5.gz
%doc %{_mandir}/man5/apparmor.vim.5.gz
%doc %{_mandir}/man5/subdomain.conf.5.gz
@@ -658,34 +608,10 @@
if [ -f %{_sysconfdir}/init.d/subdomain ] ; then
chkconfig --del subdomain
fi
-%if 0%{?suse_version} > 1320
%service_add_pre apparmor.service
-%endif
-
-%files parser-lang -f apparmor-parser.lang
-%files -n libapparmor1
+%files parser-lang -f apparmor-parser.lang -f aa-binutils.lang
%defattr(-,root,root)
-%{_libdir}/libapparmor.so.*
-
-%files -n libapparmor-devel
-%defattr(-,root,root)
-%{_libdir}/libapparmor.a
-%{_libdir}/libapparmor.so
-/usr/%{_lib}/pkgconfig/libapparmor.pc
-%doc %{_mandir}/man2/aa_change_hat.2.gz
-%doc %{_mandir}/man2/change_hat.2.gz
-%doc %{_mandir}/man2/aa_find_mountpoint.2.gz
-%doc %{_mandir}/man2/aa_getcon.2.gz
-%doc %{_mandir}/man2/aa_query_label.2.gz
-%doc %{_mandir}/man3/aa_features.3.gz
-%doc %{_mandir}/man3/aa_kernel_interface.3.gz
-%doc %{_mandir}/man3/aa_policy_cache.3.gz
-%doc %{_mandir}/man3/aa_splitcon.3.gz
-%dir %{_includedir}/aalogparse
-%{_includedir}/sys/apparmor.h
-%{_includedir}/sys/apparmor_private.h
-%{_includedir}/aalogparse/*
%files abstractions
%defattr(644,root,root,755)
@@ -732,7 +658,6 @@
%dir %{_datadir}/apparmor
%{_datadir}/apparmor/easyprof/
%dir %{_localstatedir}/log/apparmor
-%doc %{_mandir}/man2/aa_change_profile.2.gz
%doc %{_mandir}/man5/logprof.conf.5.gz
%doc %{_mandir}/man8/apparmor_notify.8.gz
%doc %{_mandir}/man8/aa-*.gz
@@ -743,7 +668,6 @@
%doc %{_mandir}/man8/disable.8.gz
%doc %{_mandir}/man8/easyprof.8.gz
%doc %{_mandir}/man8/enforce.8.gz
-%doc %{_mandir}/man8/exec.8.gz
%doc %{_mandir}/man8/genprof.8.gz
%doc %{_mandir}/man8/logprof.8.gz
%doc %{_mandir}/man8/unconfined.8.gz
@@ -800,7 +724,7 @@
%files -n pam_apparmor
%defattr(444,root,root,755)
-%attr(555,root,root) %{_libdir}/security/pam_apparmor.so
+%attr(555,root,root) /%{_lib}/security/pam_apparmor.so
%endif
%if %{with tomcat}
@@ -853,9 +777,7 @@
fi
%endif
-%if 0%{?suse_version} > 1320
%service_add_post apparmor.service
-%endif
%preun parser
if [ "$1" = 0 ] ; then
@@ -867,9 +789,7 @@
%endif
fi
-%if 0%{?suse_version} > 1320
%service_del_preun apparmor.service
-%endif
%postun parser
%if %{distro} == "suse"
@@ -885,11 +805,9 @@
%{insserv_cleanup} || true
%endif
-%if 0%{?suse_version} > 1320
# don't call try-restart, see bnc#853019
export DISABLE_RESTART_ON_UPDATE="yes"
%service_del_postun apparmor.service
-%endif
%post abstractions
%if %{distro} == "suse"
@@ -907,7 +825,7 @@
%post profiles
%if %{distro} == "suse"
# workaround for bnc#904620#c8 / lp#1392042
- rm -f /var/cache/apparmor/*
+ rm -f /var/lib/apparmor/cache/* 2>/dev/null
#restart_on_update boot.apparmor - but non-broken (bnc#853019)
# (copy&paste from parser postun script)
test -n "$FIRST_ARG" || FIRST_ARG=$1
@@ -919,10 +837,6 @@
fi
%endif
-%post -n libapparmor1 -p /sbin/ldconfig
-
-%postun -n libapparmor1 -p /sbin/ldconfig
-
%if %{with tomcat}
%post -n tomcat_apparmor -p /sbin/ldconfig
++++++ libapparmor.spec ++++++
#
# spec file for package libapparmor
#
# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
# Copyright (c) 2011-2017 Christian Boltz
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
Name: libapparmor
Version: 2.11.0
Release: 0
Summary: Utility library for AppArmor
License: LGPL-2.1+
Group: Development/Libraries/C and C++
Url: https://launchpad.net/apparmor
Source0: apparmor-%{version}.tar.gz
Source1: apparmor-%{version}.tar.gz.asc
BuildRequires: bison
BuildRequires: dejagnu
BuildRequires: flex
BuildRequires: pkg-config
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
This package provides the libapparmor library, which contains the
change_hat(2) symbol, used for sub-process confinement by AppArmor, as
well as functions to parse AppArmor log messages.
%package -n libapparmor1
Summary: Utility library for AppArmor
Group: Development/Libraries/C and C++
%ifarch ppc64
Obsoletes: libapparmor-64bit < 2.9
Provides: libapparmor-64bit = %{version}
%endif
Provides: libapparmor = %{version}
Obsoletes: libapparmor < 2.9
%description -n libapparmor1
This package provides the libapparmor library, which contains the
change_hat(2) symbol, used for sub-process confinement by AppArmor, as
well as functions to parse AppArmor log messages.
%package -n libapparmor-devel
Summary: Development headers and libraries for libapparmor
Group: Development/Libraries/C and C++
Requires: libapparmor1 = %{version}
Provides: libapparmor:/usr/include/sys/apparmor.h
%description -n libapparmor-devel
These libraries are needed for developing software that makes use of the
AppArmor API.
%prep
%setup -q -n apparmor-%{version}
%build
(
cd ./libraries/libapparmor
%configure \
--without-perl \
--without-python \
--without-ruby \
make
)
%check
make check -C libraries/libapparmor
%install
%makeinstall -C libraries/libapparmor
# create symlink for old change_hat(2) manpage
( cd %{buildroot}/%{_mandir}/man2/ && ln -s aa_change_hat.2 change_hat.2 )
# remove *.la files
rm -fv %{buildroot}%{_libdir}/libapparmor.la
%post -n libapparmor1 -p /sbin/ldconfig
%postun -n libapparmor1 -p /sbin/ldconfig
%files -n libapparmor1
%defattr(-,root,root)
%{_libdir}/libapparmor.so.*
%files -n libapparmor-devel
%defattr(-,root,root)
%{_libdir}/libapparmor.a
%{_libdir}/libapparmor.so
%{_libdir}/pkgconfig/libapparmor.pc
%doc %{_mandir}/man2/aa_change_hat.2.gz
%doc %{_mandir}/man2/aa_change_profile.2.gz
%doc %{_mandir}/man2/aa_stack_profile.2.gz
%doc %{_mandir}/man2/change_hat.2.gz
%doc %{_mandir}/man2/aa_find_mountpoint.2.gz
%doc %{_mandir}/man2/aa_getcon.2.gz
%doc %{_mandir}/man2/aa_query_label.2.gz
%doc %{_mandir}/man3/aa_features.3.gz
%doc %{_mandir}/man3/aa_kernel_interface.3.gz
%doc %{_mandir}/man3/aa_policy_cache.3.gz
%doc %{_mandir}/man3/aa_splitcon.3.gz
%dir %{_includedir}/aalogparse
%{_includedir}/sys/apparmor.h
%{_includedir}/sys/apparmor_private.h
%{_includedir}/aalogparse/*
%changelog
++++++ apparmor-2.10.2.tar.gz -> apparmor-2.11.0.tar.gz ++++++
++++ 90432 lines of diff (skipped)
++++++ apparmor-abstractions-no-multiline.diff ++++++
--- /var/tmp/diff_new_pack.MgBvpk/_old 2017-02-11 01:33:51.691002638 +0100
+++ /var/tmp/diff_new_pack.MgBvpk/_new 2017-02-11 01:33:51.691002638 +0100
@@ -35,11 +35,11 @@
+ dbus send bus=accessibility path=/org/freedesktop/DBus interface=org.freedesktop.DBus member={Hello,AddMatch,RemoveMatch,GetNameOwner,NameHasOwner,StartServiceByName} peer=(name=org.freedesktop.DBus),
Index: profiles/apparmor.d/abstractions/dbus-session-strict
===================================================================
---- profiles/apparmor.d/abstractions/dbus-session-strict.orig 2014-10-18 13:11:18.498652324 +0200
-+++ profiles/apparmor.d/abstractions/dbus-session-strict 2014-10-18 13:11:31.098494805 +0200
-@@ -13,16 +13,9 @@
- /etc/machine-id r,
+--- profiles/apparmor.d/abstractions/dbus-session-strict.orig 2017-01-11 21:20:01.381935015 +0100
++++ profiles/apparmor.d/abstractions/dbus-session-strict 2017-01-11 21:20:07.641905170 +0100
+@@ -14,16 +14,9 @@
/var/lib/dbus/machine-id r,
+ owner /run/user/*/bus rw,
- unix (connect, receive, send)
- type=stream
@@ -71,92 +71,42 @@
- member={Hello,AddMatch,RemoveMatch,GetNameOwner,NameHasOwner,StartServiceByName}
- peer=(name=org.freedesktop.DBus),
+ dbus send bus=system path=/org/freedesktop/DBus interface=org.freedesktop.DBus member={Hello,AddMatch,RemoveMatch,GetNameOwner,NameHasOwner,StartServiceByName} peer=(name=org.freedesktop.DBus),
-Index: profiles/apparmor.d/abstractions/ubuntu-unity7-base
+Index: profiles/apparmor.d/abstractions/fcitx-strict
===================================================================
---- profiles/apparmor.d/abstractions/ubuntu-unity7-base.orig 2014-10-18 13:11:18.497652337 +0200
-+++ profiles/apparmor.d/abstractions/ubuntu-unity7-base 2014-10-18 13:11:31.098494805 +0200
-@@ -16,41 +16,16 @@
- #include