Hello community, here is the log from the commit of package apparmor for openSUSE:Factory checked in at 2017-04-11 12:39:06 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/apparmor (Old) and /work/SRC/openSUSE:Factory/.apparmor.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "apparmor" Tue Apr 11 12:39:06 2017 rev:101 rq:482776 version:2.11.0 Changes: -------- --- /work/SRC/openSUSE:Factory/apparmor/apparmor.changes 2017-03-22 23:17:33.129965921 +0100 +++ /work/SRC/openSUSE:Factory/.apparmor.new/apparmor.changes 2017-04-11 12:39:09.145551563 +0200 @@ -1,0 +2,20 @@ +Sat Mar 25 21:42:10 UTC 2017 - suse-beta@cboltz.de + +- add upstream-changes-r3629..3648.diff: + - preserve unknown profiles when reloading apparmor.service + (CVE-2017-6507, lp#1668892, boo#1029696) + - add aa-remove-unknown utility to unload unknown profiles (lp#1668892) + - update nvidia abstraction for newer nvidia drivers + - don't enforce ordering of dbus rule attributes in utils (lp#1628286) + - add --parser, --base and --Include option to aa-easyprof to allow + non-standard paths (useful for tests) (lp#1521031) + - move initialization code in apparmor.aa to init_aa(). This allows to + run all utils tests even if /etc/apparmor.d/ or /sbin/apparmor_parser + don't exist. + - several improvements in the utils tests +- drop upstreamed python3-drop-re-locale.patch +- no longer delete/skip some of the utils tests (to allow this, add + parser-tests-dbus-duplicated-conditionals.diff) +- add var.mount dependeny to apparmor.service (boo#1016259#c34) + +------------------------------------------------------------------- Old: ---- python3-drop-re-locale.patch New: ---- parser-tests-dbus-duplicated-conditionals.diff upstream-changes-r3629..3648.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ apparmor.spec ++++++ --- /var/tmp/diff_new_pack.WlqTuj/_old 2017-04-11 12:39:11.161266752 +0200 +++ /var/tmp/diff_new_pack.WlqTuj/_new 2017-04-11 12:39:11.165266187 +0200 @@ -75,8 +75,11 @@ # upstream changes (trunk r3616..3628) Patch9: upstream-changes-r3616..3628.diff -# drop deprecated re.LOCALE flag from regexps -Patch10: python3-drop-re-locale.patch +# upstream changes (trunk r3629..3648) +Patch10: upstream-changes-r3629..3648.diff + +# add some exceptions to utils/test/test-parser-simple-tests.py (submitted upstream 2017-03-25) +Patch11: parser-tests-dbus-duplicated-conditionals.diff PreReq: sed BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -377,9 +380,10 @@ %patch7 -p1 %patch8 %patch9 -%if %{with python3} -%patch10 -p1 -%endif +%patch10 +# patch10 (upstream-changes-r3629..3648.diff) fails to create empty files, do it manually +touch libraries/libapparmor/testsuite/test_multi/unconfined-change_hat.err +%patch11 # search for left-over multiline rules test -z "$(grep -r '^\s*\(unix\|dbus\)[^,]\(([^)]*)\)*[^,]*$' profiles/apparmor.d/)" @@ -457,17 +461,6 @@ # also, check-parser breaks if using 'make -C' (but works if cd'ing into the directory) (cd profiles && make check-parser) -# these tests fail if /etc/apparmor.d/abstractions/* or /sbin/apparmor_parser don't exist -# (aa.py doesn't allow to inject in-tree paths early enough) -rm -v utils/test/test-aa.py -rm -v utils/test/test-aa-easyprof.py -rm -v utils/test/test-libapparmor-test_multi.py -rm -v utils/test/test-mount_parse.py -rm -v utils/test/test-parser-simple-tests.py -rm -v utils/test/test-pivot_root_parse.py -rm -v utils/test/test-regex_matches.py -rm -v utils/test/test-unix_parse.py - make check -C utils %install ++++++ apparmor.service ++++++ --- /var/tmp/diff_new_pack.WlqTuj/_old 2017-04-11 12:39:11.285249234 +0200 +++ /var/tmp/diff_new_pack.WlqTuj/_new 2017-04-11 12:39:11.289248669 +0200 @@ -3,7 +3,7 @@ DefaultDependencies=no Before=sysinit.target After=systemd-journald-audit.socket -After=var-lib.mount +After=var.mount var-lib.mount ConditionSecurity=apparmor [Service] ++++++ parser-tests-dbus-duplicated-conditionals.diff ++++++ === modified file 'utils/test/test-parser-simple-tests.py' --- utils/test/test-parser-simple-tests.py 2017-03-03 12:14:03 +0000 +++ utils/test/test-parser-simple-tests.py 2017-03-25 20:45:42 +0000 @@ -49,6 +49,15 @@ 'change_profile/onx_conflict_unsafe1.sd', 'change_profile/onx_conflict_unsafe2.sd', + # duplicated conditionals aren't detected by the tools + 'generated_dbus/duplicated-conditionals-45127.sd', + 'generated_dbus/duplicated-conditionals-45131.sd', + 'generated_dbus/duplicated-conditionals-45124.sd', + 'generated_dbus/duplicated-conditionals-45130.sd', + 'generated_dbus/duplicated-conditionals-45125.sd', + 'generated_dbus/duplicated-conditionals-45128.sd', + 'generated_dbus/duplicated-conditionals-45129.sd', + 'dbus/bad_modifier_2.sd', 'dbus/bad_regex_01.sd', 'dbus/bad_regex_02.sd', ++++++ upstream-changes-r3629..3648.diff ++++++ ++++ 1736 lines (skipped)