Mailinglist Archive: opensuse-updates (114 mails)

< Previous Next >
openSUSE-RU-2014:1481-1: moderate: AppArmor
openSUSE Recommended Update: AppArmor
______________________________________________________________________________

Announcement ID: openSUSE-RU-2014:1481-1
Rating: moderate
References: #846586 #848215 #850374 #851131 #852018 #853019
#856651 #857122 #863226 #869787 #870607 #885317
#886225 #889650 #889651 #889652 #892374 #899746
#904620
Affected Products:
openSUSE 12.3
______________________________________________________________________________

An update that has 19 recommended fixes can now be
installed.

Description:

This recommended update for AppArmor fixes the following issues:

- NOTE: Please consider a reboot after installing the update to resolve
bnc#853019
- NOTE: The %postun from the previously installed apparmor-parser package
will remove AppArmor protection from running processes a last time. Run
aa-status to get a list of processes you need to restart, or reboot your
computer.

- Update from version 2.8.2 to 2.8.4 and several bugfixes
+ delete cache in apparmor-profiles %post (workaround for bnc#904620#c8
/ lp#1392042)
+ mod_apparmor: try uri hat after AADefaultHatName, not before. Fixes
the regression in 2.8.3 (lp#1322778)
+ libapparmor: fix log parsing memory leaks (lp#1340927)
+ parser: Fix profile loads from cache files that contain multiple
profiles
+ several profiles and abstractions/* updates (including bnc#857122#c2,
bnc#899746, bnc#869787, bnc#886225)
+ see http://wiki.apparmor.net/index.php/ReleaseNotes_2_8_4 for details
+ add Provides: apparmor-abstractions to apparmor-profiles
+ Allow dnsmasq read access to interface mtu in
/proc/sys/net/ipv6/conf/<ifacename>/mtu (bnc#892374)
+ Rename rpmlintrc to %{name}-rpmlintrc to follow the packaging
guidelines.
+ perl-apparmor: Fix handling of network (or network all) (bnc#889650)
+ perl-apparmor: Fix handling of capability keyword (bnc#889651)
+ perl-apparmor: Properly handle bare file keyword (bnc#889652)
+ permit clustered Samba access to CTDB socket and databases (bnc#885317)
+ update usr.sbin.winbindd profile (bnc#870607)
+ restrict rw access to /var/cache/krb5rcache/ instead /var/tmp/
+ update usr.sbin.winbindd profile (bnc#870607)
* treat passdb.tdb.tmp as passdb.tdb
* allow rw access to /var/tmp/
+ add Recommends: libnotify-tools to apparmor-utils (aa-notify -p needs
notify-send)
+ fix some cache clearing bugs in apparmor_parser
+ various fixes in mod_apparmor
+ several profile updates, most of them were already included as patches
(except abstractions/winbind (bnc#863226), abstractions/fonts and
abstractions/p11-kit)
+ see http://wiki.apparmor.net/index.php/ReleaseNotes_2_8_3 for all
details
+ use current ruby macros, the rb_sitearch is obsolete since at least
12.1
+ allow access to pid file and supplemental config directory
+ add Recommends: net-tools to apparmor-utils (needed by aa-unconfined)
+ allow dnsmasq read config created be recent NetworkManager
+ allow samba to mkdir /var/run/samba and /var/cache/samba (bnc#856651)
+ add abstractions/samba to usr.sbin.winbindd profile
+ add capabilities ipc_lock and setuid to usr.sbin.winbindd profile
(bnc#851131)
+ %restart_on_update (in parser %postun) is "translated" to stop/start
by the systemd wrapper, which removes AppArmor protection from running
processes. (bnc#853019)
* NOTE: The %postun from the previously installed apparmor-parser
package will remove AppArmor protection from running processes a
last time. Run aa-status to get a list of processes you need to
restart, or reboot your computer.
+ reload profiles in %post of the apparmor-profiles package
+ allow access to certificates in /var/lib/ca-certificates/ (bnc#852018)
+ updated driftfile location for ntpd (bnc#850374)
+ usr.sbin.winbindd: some more profile updates for samba 4.x and
kerberos (bnc#846586#c12 and #c15)
+ add missing permissions for libvirt-generated files to dnsmasq profile
(bnc#848215)


Patch Instructions:

To install this openSUSE Recommended Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 12.3:

zypper in -t patch openSUSE-2014-708

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 12.3 (i586 x86_64):

apache2-mod_apparmor-2.8.4-3.8.1
apache2-mod_apparmor-debuginfo-2.8.4-3.8.1
apparmor-debugsource-2.8.4-3.8.1
apparmor-parser-2.8.4-3.8.1
apparmor-parser-debuginfo-2.8.4-3.8.1
libapparmor-devel-2.8.4-3.8.1
libapparmor1-2.8.4-3.8.1
libapparmor1-debuginfo-2.8.4-3.8.1
pam_apparmor-2.8.4-3.8.1
pam_apparmor-debuginfo-2.8.4-3.8.1
perl-apparmor-2.8.4-3.8.1
perl-apparmor-debuginfo-2.8.4-3.8.1
python3-apparmor-2.8.4-3.8.1
python3-apparmor-debuginfo-2.8.4-3.8.1
ruby-apparmor-2.8.4-3.8.1
ruby-apparmor-debuginfo-2.8.4-3.8.1

- openSUSE 12.3 (x86_64):

libapparmor1-32bit-2.8.4-3.8.1
libapparmor1-debuginfo-32bit-2.8.4-3.8.1
pam_apparmor-32bit-2.8.4-3.8.1
pam_apparmor-debuginfo-32bit-2.8.4-3.8.1

- openSUSE 12.3 (noarch):

apparmor-docs-2.8.4-3.8.1
apparmor-parser-lang-2.8.4-3.8.1
apparmor-profiles-2.8.4-3.8.1
apparmor-utils-2.8.4-3.8.1
apparmor-utils-lang-2.8.4-3.8.1


References:

https://bugzilla.suse.com/show_bug.cgi?id=846586
https://bugzilla.suse.com/show_bug.cgi?id=848215
https://bugzilla.suse.com/show_bug.cgi?id=850374
https://bugzilla.suse.com/show_bug.cgi?id=851131
https://bugzilla.suse.com/show_bug.cgi?id=852018
https://bugzilla.suse.com/show_bug.cgi?id=853019
https://bugzilla.suse.com/show_bug.cgi?id=856651
https://bugzilla.suse.com/show_bug.cgi?id=857122
https://bugzilla.suse.com/show_bug.cgi?id=863226
https://bugzilla.suse.com/show_bug.cgi?id=869787
https://bugzilla.suse.com/show_bug.cgi?id=870607
https://bugzilla.suse.com/show_bug.cgi?id=885317
https://bugzilla.suse.com/show_bug.cgi?id=886225
https://bugzilla.suse.com/show_bug.cgi?id=889650
https://bugzilla.suse.com/show_bug.cgi?id=889651
https://bugzilla.suse.com/show_bug.cgi?id=889652
https://bugzilla.suse.com/show_bug.cgi?id=892374
https://bugzilla.suse.com/show_bug.cgi?id=899746
https://bugzilla.suse.com/show_bug.cgi?id=904620


< Previous Next >
This Thread
  • No further messages