SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for apparmor-utils-lang-4.0.2-lp154.551.1.noarch.rpm :

* Wed Jul 24 2024 Christian Boltz - update to AppArmor 4.0.2 - bugfix release with lots of fixes in all areas - add new userns profiles for balena-etcher, chromium and wike - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_4.0.2 for the detailed upstream changelog- drop upstream(ed) patches: - aa-remove-unknown-fix-unconfined.diff - logprof-mount-empty-source.diff - plasmashell.diff - sampa-rpcd-witness.diff - sddm-xauth.diff - teardown-unconfined.diff - test-aa-notify.diff - tools-fix-redefinition.diff - utils-relax-mount-rules-2.diff - utils-relax-mount-rules.diff- refresh GPG key (was expired)
* Tue Jun 25 2024 Christian Boltz - add sampa-rpcd-witness.diff: allow samba-dcerpcd to execute rpcd_witness (boo#1225811)
* Tue Jun 11 2024 Christian Boltz - add logprof-mount-empty-source.diff: add support for mount rules with quoted paths and empty source (boo#1226031)
* Tue Jun 04 2024 Christian Boltz - add sddm-xauth.diff - sddm uses a new path for xauth (boo#1223900)- add plasmashell.diff - fix QtWebEngineProcess path to prevent a crash in plasmashell (boo#1225961)
* Thu May 30 2024 Guillaume GARDET - Also exclude podman profile - boo#1225608
* Wed May 29 2024 Fabian Vogt - Exclude the crun profile in addition to runc
* Tue May 28 2024 Christian Boltz - add utils-relax-mount-rules.diff and utils-relax-mount-rules-2.diff: Relax handling of mount rules in utils to avoid errors when parsing valid profiles- add teardown-unconfined.diff to fix aa-teardown for \'unconfined\' profiles (boo#1225457)
* Tue May 28 2024 Christian Boltz - exclude runc profile until updated runc packages (including updated profile with \"signal peer=runc\") have arrived
* Sat May 25 2024 Christian Boltz - add aa-remove-unknown-fix-unconfined.diff to fix aa-remove-unknown for \'unconfined\' profiles (boo#1225457)- set permissions for %ghost files (boo#1223578)
* Fri May 24 2024 Christian Boltz - fix bashism in %post profiles
* Sun May 05 2024 Christian Boltz - Update to AppArmor 4.0.1 Too many changes to list them here. See https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_4.0.1 for the detailed upstream release notes- add tools-fix-redefinition.diff: fix redefinition of _ in tools- add test-aa-notify.diff: relax test-aa-notify to avoid a mismatch with argparse on Leap 15.5- drop upstreamed patches: - apparmor-abstractions-openssl-allow-version-specific-en.patch - dovecot-unix_chkpwd.diff - smbd-unix_chkpwd.diff- apparmor-lessopen-profile.patch: update lessopen profile to abi/4.0- mark local/
* as %ghost so that these dummy files don\'t get installed anymore (changed existing local/files will be kept, unchanged files will be deleted)- switch to gitlab tarballs (without pregenerated libapparmor configure script and prebuilt techdoc.pdf) - run libapparmor autogen.sh (needs additional BuildRequires autoconf, autoconf-archive, automake and libtool) - no longer package techdoc.pdf - old documentation, not worth the texlive BuildRequires we would need to build it- drop old (up to 2.12) cache location /var/lib/apparmor/ and the /etc/apparmor.d/cache symlink pointing to it- drop apparmor-samba-include-permissions-for-shares.diff - no longer needed, update-apparmor-samba-profile in Tumbleweed works without a pre-existing local/usr.sbin.smbd-shares file- drop ruby-2_0-mkmf-destdir.patch - this ancient patch doesn\'t change a single bit in the resulting build (anymore?)- drop apparmor-lessopen-nfs-workaround.diff - no longer needed since Kernel 6.0 (see https://bugs.launchpad.net/bugs/1784499)- drop ancient, unused update-trans.sh
* Fri Apr 05 2024 Atri Bhattacharya - Use full URLs for source tarball and signature.
* Fri Mar 01 2024 Christian Boltz - Remove workaround for boo#853019 in %postun parser - apparmor.service contains a more safe workaround. This also fixes boo#1220708 (missing daemon-reload).
* Tue Feb 27 2024 Noel Power - Add smbd-unix_chkpwd.diff to allow smbd to execute unix_chkpwd and fix other pam related denies; (boo#1220032).
* Mon Feb 26 2024 Ludwig Nussel - Fix systemd userdb access in unix-chkpwd
* Tue Feb 20 2024 Dominique Leuenberger - Use %patch -P N instead of deprecated %patchN.
* Tue Feb 20 2024 David Disseldorp - Only run utils and profiles make check if kernel LSM is enabled (bsc#1220084)
* Thu Feb 08 2024 David Disseldorp - Add apparmor-abstractions-openssl-allow-version-specific-en.patch to allow version specific engdef & engines openssl paths (boo#1219571)
* Mon Feb 05 2024 Christian Boltz - Update to AppArmor 3.1.7 - aa-logprof: don\'t skip exec events in hats - fix aa-cleanprof to work with named profiles - add permissions in various abstractions - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.7 for the full list of changes- drop upstreamed apparmor-systemd-sessions.patch
* Mon Jan 29 2024 Christian Boltz - Add dovecot-unix_chkpwd.diff to allow dovecot-auth to execute unix_chkpwd, and add a profile for unix_chkpwd. This is needed for PAM 1.6 (boo#1219139)- Refresh apparmor.keyring - the key was renewed
* Wed Nov 08 2023 Christian Boltz - Actually apply the previously added patch for bsc#1216878
* Wed Nov 08 2023 Julio Gonzalez Gil - Add apparmor-systemd-sessions.patch to allow read access to /run/systemd/sessions/ (bsc#1216878)
* Mon Sep 25 2023 David Disseldorp - Fix pam_apparmor %post and %postun scripts to handle pam-config errors (bsc#1215596)
* Tue Jul 25 2023 David Disseldorp - Add pam_apparmor README, referenced from online cha-apparmor-pam.html documentation (bsc#1213472)
* Thu Jun 22 2023 Christian Boltz - update to AppArmor 3.1.6 (jsc#PED-5600) - fix regression in mount rules (boo#1211989) - some additions to the base and authentification abstractions - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.6 for the full upstream changelog
* Sun Jun 11 2023 Christian Boltz - update to AppArmor 3.1.5 - fix handling of mount rules in apparmor_parser - minor additions to abstractions/base and snap_browsers - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.5 for the full upstream changelog- remove upstreamed aa-status-fix-json-mr1046.patch- split off apparmor-enable-precompiled-cache.diff from apparmor-enable-profile-cache.diff so that the precompiled cache path doesn\'t get added in parser.conf for Tumbleweed builds. This prevents a warning about the non-existing directory when loading profiles.
* Tue Jun 06 2023 Christian Boltz - fix aa-status --json output (aa-status-fix-json-mr1046.patch, boo#1211980#c12)
* Mon May 29 2023 Christian Boltz - update to AppArmor 3.1.4 - parser: fix mount rules encoding (CVE-2016-1585) - aa-logprof: fix error when choosing named exec with plain profile names - aa-status: fix json output - several fixes for profiles and abstractions - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.4 for the full upstream changelog
* Thu May 04 2023 Frederic Crozat - Add _multibuild to define additional spec files as additional flavors. Eliminates the need for source package links in OBS.
* Tue Feb 28 2023 Christian Boltz - update to AppArmor 3.1.3 - add support for more audit.log formats in libapparmor - add abstractions/groff (boo#1065388) - various additions in abstractions and profiles - several bug fixes in parser and utils - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.3 for the detailed upstream changelog- drop upstreamed patches: - abstractions-openssl-1_1.diff - dnsmasq-cpu-possible.diff - nscd-systemd-userdb.diff
* Mon Feb 06 2023 Christian Boltz - add abstractions-openssl-1_1.diff: allow to read /etc/ssl/openssl-1_1.cnf in abstractions/openssl (boo#1207911)
* Mon Jan 30 2023 Christian Boltz - add nscd-systemd-userdb.diff: allow nscd to read systemd-userdb (boo#1207698)
* Tue Dec 27 2022 Ludwig Nussel - Replace transitional %usrmerged macro with regular version check (boo#1206798)
* Fri Dec 23 2022 Samuel Cabrero - Add samba-4-17.patch to update the samba profiles for samba version 4.17 (bsc#1206626); - samba-4-17.patch superseded by upstream merge: https://gitlab.com/apparmor/apparmor/-/merge_requests/926
* Tue Nov 22 2022 Christian Boltz - update to AppArmor 3.1.2 - lots of cleanups, improvements and bugfixes in all areas - rework internal profile storage and handling in the aa-
* tools - support boolean variable definitions in the aa-
* tools - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.1 and https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.2 for the detailed upstream changelog- remove upstream(ed) patches: - apparmor-3.0.7-egrep.patch - dnsmasq.diff - profiles-permit-php-fpm-pid-files-directly-under-run.patch - zgrep-profile-mr870.diff- no longer ship precompiled profile cache for Tumbleweed (boo#1205659)- BuildRequire iproute2 (needed for aa-unconfined tests)
* Sun Sep 04 2022 Andreas Stieger - aa-decode: use grep -E instead of deprecated egrep (boo#1203092) add apparmor-3.0.7-egrep.patch
* Sun Aug 28 2022 Christian Boltz - update to AppArmor 3.0.7 - fix setuptools version detection in buildpath.py - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.7 for the detailed upstream changelog- add dnsmasq-cpu-possible.diff: allow reading /sys/devices/system/cpu/possible in dnsmasc//libvirt-leaseshelper profile (boo#1202849)
* Fri Aug 26 2022 David Disseldorp - add profiles-permit-php-fpm-pid-files-directly-under-run.patch https://gitlab.com/apparmor/apparmor/-/merge_requests/914 (bsc#1202344)
* Fri Aug 19 2022 Ben Greiner - skip code linting for packaging
* removes pyflakes from the build requirements and thus Ring1
* see also https://gitlab.com/apparmor/apparmor/-/issues/121
* Mon Aug 08 2022 Christian Boltz - add dnsmasq.diff: missing r permissions for dnsmasq//libvirt-leaseshelper (boo#1202161)
* Mon Aug 01 2022 Christian Boltz - update to AppArmor 3.0.6 - fix LTO build in the parser - remove dbus deny rule in abstractions/exo-open - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.6 for the detailed upstream changelog- drop upstream patch dirtest-sort-mr900.diff
* Mon Jul 25 2022 Christian Boltz - update to AppArmor 3.0.5 - several additions to profiles and abstractions - bugfixes in parser and utils - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.5 for the detailed upstream changelog- remove upstream(ed) patchs: - apparmor-setuptools61-mr897.patch - dovecot-profiles-boo1199535-mr881.diff - php8-fpm-mr876.patch - python310-help-mr848.patch - samba-new-dcerpcd.patch - samba_deny_net_admin.patch - update-samba-bgqd.diff - update-usr-sbin-smbd.diff- apparmor-samba-include-permissions-for-shares.diff: remove upstreamed part- add dirtest-sort-mr900.diff to fix random test failures- change apache-extra-profile-include-if-exists.diff to the post-mv path (new quilt executes mv)- stop disabling lto (fixed upstream) (boo#1133091)- package profile-load script in -parser
* Fri Jul 15 2022 Ben Greiner - Add apparmor-setuptools61-mr897.patch https://gitlab.com/apparmor/apparmor/-/merge_requests/897- Add buildtime dependencies on python-rpm-macros and setuptools
* Tue Jun 28 2022 Christian Boltz - update zgrep-profile-mr870.diff: allow zgrep to execute egrep and fgrep (poo#113108)
* Sun May 15 2022 Christian Boltz - add dovecot-profiles-boo1199535-mr881.diff: update dovecot profiles for latest dovecot (boo#1199535)
* Wed May 11 2022 Noel Power - Update samba-new-dcerpcd.patch for aarch64 which needs some additional rules; (bnc#1198309).
* Sun May 08 2022 Ben Greiner - Add python310-help-mr848.patch so that Tumbleweed can switch python3 to Python 3.10 (https://gitlab.com/apparmor/apparmor/-/merge_requests/848)
* Fri Apr 29 2022 Christian Boltz - add php8-fpm-mr876.patch so that php8 php-fpm can read its config (boo#1186267#c11)- parser: add conflict with apparmor-utils < 3.0 to avoid aa-status file conflict on upgrade (boo#1198958)- utils: add missing dependency on apparmor-parser (boo#1198958#c4)
* Wed Apr 27 2022 Dominique Leuenberger - Enhance zgrep-profile-mr870.diff to also allow/support zstd (boo#1198922).
* Sat Apr 16 2022 Christian Boltz - update zgrep-profile-mr870.diff to allow executing \'expr\' (boo#1198531)
* Wed Apr 13 2022 Noel Power - Add samba-new-dcerpcd.patch, samba-4.16 has a new dcerpcd daemon which now will spawn new additional services on demand. We need to modify the existing smbd/winbind profiles and additionally add a new set of profiles to cater for the new functionality; (bnc#1198309);
* Mon Apr 11 2022 Noel Power - Add samba_deny_net_admin.patch to add new rule to deny noisy setsockopt calls from systemd; (bnc#1196850).
* Sun Apr 10 2022 Christian Boltz - add profile for zgrep and xzgrep to prevent CVE-2022-1271 (zgrep-profile-mr870.diff)
* Tue Mar 29 2022 Christian Boltz - ensure precompiled cache files are newer than (text) profiles- reload profiles in %posttrans instead of %post to ensure both - profiles and -abstractons package are updated before the cache in /var/cache/apparmor/ gets built (boo#1195463 #c20)
* Thu Mar 24 2022 Noel Power - Add update-samba-bgqd.diff to add new rule to fix \'DENIED\' open on /proc/{pid}/fd for samba-bgqd (bnc#1196850).- Add update-usr-sbin-smbd.diff to add new rule to allow reading of openssl.cnf (bnc#1195463).
* Thu Feb 10 2022 Christian Boltz - update to AppArmor 3.0.4 - various fixes in profiles, abstractions, apparmor_parser and utils (some of them were already included as patches) - add support for mctp address family - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.4 for the full upstream changelog- remove upstream(ed) patches: - aa-notify-more-arch-mr809.diff - ruby-3.1-build-fix.diff - add-samba-bgqd.diff - openssl-engdef-mr818.diff - profiles-python-3.10-mr783.diff - update-samba-abstractions-ldb2.diff- refresh patches: - apparmor-samba-include-permissions-for-shares.diff - ruby-2_0-mkmf-destdir.patch
* Wed Jan 26 2022 Christian Boltz - add ruby-3.1-build-fix.diff: fix build with ruby 3.1 (boo#1194221, MR 827)
* Mon Jan 17 2022 Samuel Cabrero - add update-samba-abstractions-ldb2.diff: Cater for changes to ldb packaging to allow parallel installation with libldb (bsc#1192684).
* Mon Dec 20 2021 Noel Power - Modify add-samba-bgqd.diff: Add new rule to fix new \"DENIED operation=\"file_mmap\" violation in SLE15-SP4; (bsc#1192336).
* Sun Dec 19 2021 Christian Boltz - add openssl-engdef-mr818.diff: Allow reading /etc/ssl/engdef.d/ and /etc/ssl/engines.d/ in abstractions/openssl which were introduced with the latest openssl update
* Tue Nov 09 2021 Christian Boltz - add aa-notify-more-arch-mr809.diff: Add support for reading s390x and aarch64 wtmp files (boo#1181155)
* Fri Oct 15 2021 Christian Boltz - add add-samba-bgqd.diff: add profile for samba-bgqd (boo#1191532)
* Sat Sep 18 2021 Christian Boltz - lessopen.sh profile: allow reading files that live on NFS over UDP (added to apparmor-lessopen-nfs-workaround.diff) (boo#1190552)
* Wed Aug 11 2021 Christian Boltz - add profiles-python-3.10-mr783.diff: update abstractions/python and profiles for python 3.10
* Sat Aug 07 2021 Christian Boltz - update to AppArmor 3.0.3 - fix a failure in the parser tests - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.3 for the detailed upstream changelog
* Fri Aug 06 2021 Christian Boltz - update to AppArmor 3.0.2 - add missing permissions to several profiles and abstractions (including boo#1188296) - bugfixes in utils and parser (including boo#1180766 and boo#1184779) - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.2 for the detailed upstream changelog- remove upstreamed patches: - apparmor-dovecot-stats-metrics.diff - abstractions-php8.diff - crypto-policies-mr720.diff
* Thu Jul 15 2021 Michael Ströder - added apparmor-dovecot-stats-metrics.diff to allow Prometheus metrics end-point
* Mon Jun 07 2021 Christian Boltz - move Requires: python3 back to the python3-apparmor subpackage - readline usage is in the python modules, not in apparmor-utils
* Tue May 25 2021 Matej Cepl - Remove python symbols (python means currently python2), work only with python3 ones (fallout from bsc#1185588).
* Fri May 21 2021 Christian Boltz - add abstractions-php8.diff to support PHP8 in abstractions/php (boo#1186267)
* Tue Apr 27 2021 Christian Boltz - add crypto-policies-mr720.diff to allow reading crypto policies in abstractions/ssl_certs (boo#1183597)
* Sat Mar 27 2021 Christian Boltz - replace %{?systemd_requires} with %{?systemd_ordering} to avoid dragging in systemd into containers just because apparmor-parser ships a
*.service file
* Thu Feb 11 2021 Christian Boltz - merge libapparmor.changes into apparmor.changes
* Mon Feb 08 2021 Ludwig Nussel - avoid file listed twice error
* Tue Feb 02 2021 Christian Boltz - define %_pamdir for <= 15.x to fix the build on those releases
* Fri Jan 22 2021 Christian Boltz - add apache-extra-profile-include-if-exists.diff: make include in apache extra profile optional to avoid problems with empty profile directory (boo#1178527)
* Wed Jan 13 2021 Ludwig Nussel - prepare usrmerge (boo#1029961)
* use %_pamdir
* Wed Dec 02 2020 Christian Boltz - update to AppArmor 3.0.1 - minor additions to profiles and abstractions - some bugfixes in libapparmor, apparmor_parser and the aa-
* utils - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.1 for the detailed upstream changelog- removed upstream(ed) patches: - changes-since-3.0.0.diff - extra-profiles-fix-Pux.diff - utils-fix-hotkey-conflict.diff
* Wed Dec 02 2020 Dominique Leuenberger - Use apache provided variables for the module_directry: + Use %apache_libexecdir + Add apache-rpm-macros BuildRequires
* Sat Oct 31 2020 Christian Boltz - add utils-fix-hotkey-conflict.diff to fix a hotkey conflict in de, id and sv translations (and fix the test) (MR 675)- add extra-profiles-fix-Pux.diff to fix an inactive profile - prevents a crash in aa-logprof and aa-genprof when creating a new profile (MR 676)
* Sun Oct 25 2020 Christian Boltz - update to AppArmor 3.0.0 - introduce feature abi declaration in profiles to enable use of new rule types (for openSUSE: dbus and unix rules) - support xattr attachment conditionals - experimental support for kill and unconfined profile modes - rewritten aa-status (in C), including support for new profile modes - rewritten aa-notify (in python), finally dropping the perl requirement at runtime - new tool aa-features-abi for extracting feature abis from the kernel - update profiles to have profile names and to use 3.0 feature abi - introduce AATT{etc_ro} and AATT{etc_rw} profile variables - new profile for php-fpm - several updates to profiles and abstractions (including boo#1166007) - fully support \'include if exists\' in the aa-
* tools - rewrite handling of alias, include, link and variable rules in the aa-
* tools - rewrite and simplify log handling in the aa-logprof and aa-genprof - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0 for the detailed upstream changelog- patches: - add changes-since-3.0.0.diff with upstream fixes since the 3.0.0 release up to 3e18c0785abc03ee42a022a67a27a085516a7921 - drop upstreamed usr-etc-abstractions-base-nameservice.diff - drop 2.13-only libapparmor-so-number.diff - refresh apparmor-enable-profile-cache.diff - partially upstreamed - update apparmor-samba-include-permissions-for-shares.diff and apparmor-lessopen-profile.patch - switch to \"include if exists\" - apparmor-lessopen-profile.patch: add abi rule to lessopen profile - refresh apparmor-lessopen-nfs-workaround.diff- move away very loose apache profile that doesn\'t even match the apache2 binary path in openSUSE to avoid confusion (boo#872984)- move rewritten aa-status from utils to parser subpackage- add aa-features-abi to parser subpackage- replace perl and libnotify-tools requires with requiring python3-notify2 and python3-psutil (needed by the rewritten aa-notify)- drop ancient cleanup for /etc/init.d/subdomain from parser %pre- drop (never enabled) conditionals to build with python2 and to build the python-apparmor subpackage (upstream dropped python2 support)- drop setting PYTHON and PYTHON_VERSIONS env variable, no longer needed- set PYFLAKES path for utils check- add precompiled_cache build conditional to allow faster local builds without using kvm- remove duplicated BuildRequires: swig
* Sat Oct 17 2020 Christian Boltz - update to AppArmor 2.13.5 - add missing permissions to several profiles and abstractions - bugfixes in parser and tools - fix two potential build failures in libapparmor - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_2.13.5 for the detailed upstream changelog- remove upstream(ed) patches - changes-since-2.13.4.diff - abstractions-X-xauth-mr582.diff - sevdb-caps-mr589.diff - libvirt-leaseshelper.patch - cap_checkpoint_restore.diff- add libapparmor-so-number.diff to fix libapparmor so version (!658)
* Wed Oct 14 2020 Christian Boltz - add CAP_CHECKPOINT_RESTORE to severity.db (MR 656, cap_checkpoint_restore.diff)
* Thu Oct 08 2020 Christian Boltz - %service_del_postun_without_restart only works for Tumbleweed, keep using DISABLE_RESTART_ON_UPDATE for Leap 15.x
* Fri Sep 11 2020 Franck Bui - Make use of %service_del_postun_without_restart And stop using DISABLE_RESTART_ON_UPDATE as this interface is obsolete.
* Thu Sep 03 2020 James Fehlig - libvirt-leaseshelper.patch: add /usr/libexec as a path to the libvirt leaseshelper script (jsc#SLE-14253)
* Fri Aug 07 2020 Christian Boltz - sevdb-caps-mr589.diff: add new capabilities CAP_BPF and CAP_PERFMON to severity.db (lp#1890547)
* Mon Jul 20 2020 Christian Boltz - add abstractions-X-xauth-mr582.diff to allow reading the xauth file from its new sddm location (boo#1174290, boo#1174293)
* Thu May 21 2020 Christian Boltz - add changes-since-2.13.4.diff with upstream changes and fixes since 2.13.4 up to 5f61bd4c: - add several abstractions related to xdg-open: dbus-network-manager-strict, exo-open, gio-open, gvfs-open, kde-open5, xdg-open - introduce AATT{run} variable - update dnsmasq and winbindd profile - update mdns, mesa and nameservice abstraction - some bugfixes in the aa-
* tools, including a remote bugfix in the YaST AppArmor module (boo#1171315)- drop upstream(ed) patches (now part of changes-since-2.13.4.diff): - make-4.3-capabilities.diff - make-4.3-capabilities-vim.diff - make-4.3-fix-utils-network-test.diff - make-4.3-network.diff - abstractions-add-etc-mdns.allow-to-etc-apparmor.d-abstractions-mdns.patch- apply usr-etc-abstractions-base-nameservice.diff only for Tumbleweed, but not for Leap 15.x where it\'s not needed- refresh usr-etc-abstractions-base-nameservice.diff
* Thu Apr 09 2020 Goldwyn Rodrigues - Add abstractions-add-etc-mdns.allow-to-etc-apparmor.d-abstractions-mdns.patch (bsc#1168306)
* Sat Mar 28 2020 Christian Boltz - fix build with make 4.3 by backporting some commits from upstream master (boo#1167953): - make-4.3-capabilities.diff - make-4.3-capabilities-vim.diff - make-4.3-network.diff - make-4.3-fix-utils-network-test.diff
* Thu Mar 12 2020 Christian Boltz - update to AppArmor 2.13.4 - several abstraction updates (including boo#1153162) - disallow writing to fontconfig cache in abstractions/fonts - some bugfixes in the aa-
* tools - fix log parsing for logs with an embedded newline - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_2.13.4 for the detailed upstream changelog- drop upstreamed patches: - abstractions-ssl-certbot-paths.diff - apparmor-krb5-conf-d.diff - libapparmor-python3.8.diff - usr-etc-abstractions-authentification.diff- refresh usr-etc-abstractions-base-nameservice.diff
* Sat Jan 25 2020 Christian Boltz - add usr-etc-abstractions-base-nameservice.diff to adjust abstractions/base and nameservice for /usr/etc/ (boo#1161756)
* Mon Nov 18 2019 Tomáš Chvátal - Properly pull in full python3 interpreter
* Sat Nov 02 2019 Christian Boltz - add libapparmor-python3.8.diff to fix building the libapparmor python bindings (deb#943657)
* Mon Oct 07 2019 Christian Boltz - add usr-etc-abstractions-authentification.diff to allow reading /usr/etc/pam.d/
* and some other authentification-related files (boo#1153162)
* Sat Sep 28 2019 Christian Boltz - add abstractions-ssl-certbot-paths.diff - add certbot paths to abstractions/ssl_certs and abstractions/ssl_keys
* Fri Sep 27 2019 Luiz Angelo Daros de Luca - add apparmor-krb5-conf-d.diff for kerberos client
* Tue Jun 18 2019 Christian Boltz - update to 2.13.3 - profile updates for dnsmasq, dovecot, identd, syslog-ng - new \"lsb_release\" profile (only used when using \"Px -> lsb_release\") - fix buggy syntax in tunables/share - several abstraction updates - parser: fix \"Px -> foo-bar\" (the \"-\" was rejected before) - several bugfixes in aa-genprof and aa-logprof - some fixes in cache handling - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13.3 for the detailed upstream changelog- drop upstream(ed) patches: - apparmor-nameservice-resolv-conf-link.patch - profile_filename_cornercase.diff - dnsmasq-libvirtd.diff - dnsmasq-revert-alternation.diff - usrmerge-fixes.diff - libapparmor-swig-4.diff- re-number remaining patches
* Wed Jun 05 2019 Christian Boltz - add upstream libapparmor-swig-4.diff: fix libapparmor tests with swig 4.0 (boo#1135751)
* Tue Apr 23 2019 Martin Liška - Disable LTO (boo#1133091).
* Sun Apr 14 2019 Christian Boltz - update lessopen.sh profile for usrMerge (bash and tar) (boo#1132350)
* Thu Mar 07 2019 Christian Boltz - add usrmerge-fixes.diff: fix test failures when /bin/sh is handled by update-alternatives (boo#1127877)
* Wed Feb 27 2019 Christian Boltz - add dnsmasq-revert-alternation.diff: revert path alternation in dnsmasq profile and re-add peer=/usr/sbin/libvirtd rules to avoid breaking libvirtd (boo#1127073)
* Thu Jan 24 2019 Christian Boltz - add dnsmasq-libvirtd.diff: allow peer=libvirtd in the dnsmasq profile to match the newly added libvirtd profile name (boo#1118952#c3)
* Mon Jan 14 2019 kukukAATTsuse.de- Use %license instead of %doc [bsc#1082318]
* Sun Jan 06 2019 Christian Boltz - add apparmor-lessopen-nfs-workaround.diff: allow network access in lessopen.sh for reading files on NFS (workaround for boo#1119937 / lp#1784499)
* Wed Jan 02 2019 Christian Boltz - add profile_filename_cornercase.diff: drop check that lets aa-logprof error out in a corner-case (log event for a non-existing profile while a profile file with the default filename for that non-existing profile exists) (boo#1120472)
* Fri Dec 21 2018 mtAATTsuse.de- netconfig: write resolv.conf to /run with link to /etc (fate#325872, boo#1097370) [patch apparmor-nameservice-resolv-conf-link.patch]
* Fri Dec 21 2018 Christian Boltz - update to AppArmor 2.13.2 - add profile names to most profiles - update dnsmasq profile (pid file and logfile path) (boo#1111342) - add vulkan abstraction - add letsencrypt certificate path to abstractions/ssl_
* - ignore
*.orig and
*.rej files when loading profiles - fix aa-complain etc. to handle named profiles - several bugfixes and small profile improvements - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13.2 for the detailed upstream changelog- remove upstreamed fix-syntax-error-in-rc.apparmor.functions.patch
* Sun Oct 14 2018 Christian Boltz - update to 2.13.1 - add qt5 and qt5-compose-cache-write abstractions - add AATT{uid} and AATT{uids} kernel var placeholders - several profile and abstraction updates - ignore \"abi\" rules in parser and tools (instead of erroring out) - utils: fix overwriting of child profile flags if they differ from the main profile - several bugfixes (including boo#1100779) - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13.1 for the detailed upstream changelog- remove upstream(ed) patches: - aa-teardown-path.diff - fix-apparmor-systemd-perms.diff - logprof-skip-cache-d.diff - fix-samba-profiles.patch - make-pyflakes-happy.diff - dnsmasq-Add-permission-to-open-log-files.patch- refresh apparmor-samba-include-permissions-for-shares.diff- add fix-syntax-error-in-rc.apparmor.functions.patch
* Wed Oct 10 2018 Christian Boltz - update rpmlintrc: - whitelist .features file which is part of the pre-compiled cache - comment out filters for the disabled tomcat_apparmor subpackage
* Wed Oct 10 2018 Petr Vorel - Backport dnsmasq fix: 025c7dc6 - dnsmasq-Add-permission-to-open-log-files.patch (boo#1111342)
* Wed Aug 22 2018 suse-betaAATTcboltz.de- add make-pyflakes-happy.diff to fix an unused variable (SR 629206)
* Tue May 08 2018 scabreroAATTsuse.de- add fix-samba-profiles.patch - smbd loads new shared libraries. Allow winbindd to access new kerberos credential cache location (boo#1092099)
* Sun Apr 29 2018 suse-betaAATTcboltz.de- exclude the /etc/apparmor.d/cache.d/ directory from aa-logprof parsing (logprof-skip-cache-d.diff)
* Mon Apr 23 2018 suse-betaAATTcboltz.de- add fix-apparmor-systemd-perms.diff - fix permissions of /lib/apparmor/apparmor.systemd (boo#1090545)
* Thu Apr 19 2018 suse-betaAATTcboltz.de- create and package precompiled cache (/usr/share/apparmor/cache, read-only) (boo#1069906, boo#1074429)- change (writeable) cache directory to /var/cache/apparmor/ - with the new btrfs layout, the only reason for using /var/lib/apparmor/cache/ (which was \"it\'s part of the / subvolume\") is gone, and /var/cache makes more sense for the cache- adjust parser.conf (via apparmor-enable-profile-cache.diff) to use both cache locations- clear cache also in %post of abstractions package
* Thu Apr 19 2018 suse-betaAATTcboltz.de- update to AppArmor 2.13 - add support for multiple cache directories and cache overlays (boo#1069906, boo#1074429) - add support for conditional includes in policy - remove group restrictions from aa-notify (boo#1058787) - aa-complain etc.: set flags for profiles represented by a glob - aa-status: split profile from exec name - several profile and abstraction updates - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13 for the detailed upstream changelog- drop upstreamed patches and files: - aa-teardown - apparmor.service - apparmor.systemd - 32-bit-no-uid.diff - disable-cache-on-ro-fs.diff - dovecot-stats.diff - parser-write-cache-warn-only.diff - set-flags-for-profiles-represented-by-glob.patch - fix-regression-in-set-flags.patch- drop spec code that handled installing aa-teardown, apparmor.service and apparmor.systemd (now part of upstream Makefile)- simplify \"make -C profiles parser-check\" call (upstream Makefile bug that required to call \"cd\" was fixed)- add aa-teardown-path.diff - install aa-teardown in /usr/sbin/- move \'exec\' symlink to parser package (belongs to aa-exec)
* Thu Apr 19 2018 rgoldwynAATTsuse.com- Set flags for profiles represented by glob (bsc#1086154) set-flags-for-profiles-represented-by-glob.patch fix-regression-in-set-flags.patch
* Wed Apr 11 2018 suse-betaAATTcboltz.de- add dovecot-stats.diff: - add dovecot/stats profile and allow dovecot to run it (boo#1088161) - allow dovecot/auth to write /run/dovecot/old-stats-user (part of boo#1087753)- update 32-bit-no-uid.diff with upstream fix
* Fri Mar 02 2018 rgoldwynAATTsuse.com- Change of path of rpm in lessopen.sh (boo#1082956)
* Thu Jan 11 2018 kukukAATTsuse.de- add disable-cache-on-ro-fs.diff - disable write cache if filesystem is read-only and don\'t bail out (bsc#1069906, bsc#1074429)
* Thu Jan 04 2018 suse-betaAATTcboltz.de- add parser-write-cache-warn-only.diff to make cache write failures a warning instead of an error (boo#1069906, boo#1074429)- reduce dependeny on libnotify-tools (used by aa-notify -p) to \"Suggests\" to avoid pulling in several Gnome packages on servers (boo#1067477)
* Mon Dec 25 2017 suse-betaAATTcboltz.de- update to AppArmor 2.12 - add support for \'owner\' rules in aa-logprof and aa-genprof - add support for includes with absolute path in aa-logprof etc. (lp#1733700) - update aa-decode to also decode PROCTITLE (lp#1736841) - several profile and abstraction updates, including boo#1069470 - preserve errno across aa_
*_unref() functions - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.12 for the detailed upstream changelog- drop upstreamed patches: - read_inactive_profile-exactly-once.patch - utils-fix-sorted-save_profiles-regression.diff- lessopen profile: change all \'rix\' rules to \'mrix\'- add 32-bit-no-uid.diff to fix handling of log events without ouid on 32 bit systems- no longer package static libapparmor.a
* Thu Nov 30 2017 suse-betaAATTcboltz.de- update to AppArmor 2.11.95 aka 2.12 beta1 - add JSON interface to aa-logprof and aa-genprof (used by YaST) - drop old YaST interface code - update audio, base and nameservice abstractions - allow AATT{pid} to match 7-digit pids - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_11_95 for the detailed upstream changelog- drop upstreamed patches - apparmor-yast-cleanup.patch - apparmor-json-support.patch - nameservice-libtirpc.diff- drop obsolete perl modules (YaST no longer needs them)- drop patches that were only needed by the obsolete perl modules: - apparmor-utils-string-split - apparmor-abstractions-no-multiline.diff- drop profiles-sockets-temporary-fix.patch - obsoleted by a fix in apparmor_parser- refresh utils-fix-sorted-save_profiles-regression.diff- add aa-teardown (new script to unload all profiles)- make ExecStop in apparmor.service a no-op (workaround for a systemd restriction, see boo#996520 and boo#853019 for details)- lessopen profile: allow capability dac_read_search and dac_override, allow groff to execute several helpers (boo#1065388)
* Wed Nov 29 2017 rgoldwynAATTsuse.com- read_inactive_profile-exactly-once.patch (bsc#1069346) Perform reading of inactive profiles exactly once.
* Wed Oct 25 2017 suse-betaAATTcboltz.de- update to AppArmor 2.11.1 - add permissions to several profiles and abstractions (including lp#1650827 and boo#1057900) - several fixes in the aa-
* tools (including lp#1689667, lp#1628286, lp#1661766 and boo#1062667) - fix downgrading/converting of \'unix\' rules (will be supported in kernel 4.15) to \'network unix\' rules in apparmor_parser (boo#1061195) - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_11_1 for upstream changelog- remove upstream(ed) patches - upstream-changes-r3616..3628.diff - upstream-changes-r3629..3648.diff - parser-tests-dbus-duplicated-conditionals.diff - apparmor-fix-podsyntax.patch - sshd-profile-drop-local-include-r3615.diff- refresh apparmor-yast-cleanup.patch- add utils-fix-sorted-save_profiles-regression.diff to fix a regression in displaying the \"changed profiles\" list in aa-logprof
* Tue Oct 17 2017 suse-betaAATTcboltz.de- add nameservice-libtirpc.diff to fix NIS/YP logins (boo#1062244)
* Tue Oct 03 2017 rgoldwynAATTsuse.com- profiles-sockets-temporary-fix.patch to cater to nameservices with the new sockets mediation, until unix rules are upstreamed (boo#1061195)
* Sun Sep 24 2017 cooloAATTsuse.com- add apparmor-fix-podsyntax.patch from mailing list to fix compilation with perl 5.26
* Fri Aug 11 2017 jmatejekAATTsuse.com- do not require exact X.Y version of \"python3\"- require also matching python(abi) which is arguably more important
* Fri Jul 14 2017 suse-betaAATTcboltz.de- don\'t rely on implementation details for reload in %post
* Wed Jul 12 2017 rgoldwynAATTsuse.com- add JSON support. Required for FATE#323380. (apparmor-yast-cleanup.patch, apparmor-json-support.patch)
* Sat Mar 25 2017 suse-betaAATTcboltz.de- add upstream-changes-r3629..3648.diff: - preserve unknown profiles when reloading apparmor.service (CVE-2017-6507, lp#1668892, boo#1029696) - add aa-remove-unknown utility to unload unknown profiles (lp#1668892) - update nvidia abstraction for newer nvidia drivers - don\'t enforce ordering of dbus rule attributes in utils (lp#1628286) - add --parser, --base and --Include option to aa-easyprof to allow non-standard paths (useful for tests) (lp#1521031) - move initialization code in apparmor.aa to init_aa(). This allows to run all utils tests even if /etc/apparmor.d/ or /sbin/apparmor_parser don\'t exist. - several improvements in the utils tests- drop upstreamed python3-drop-re-locale.patch- no longer delete/skip some of the utils tests (to allow this, add parser-tests-dbus-duplicated-conditionals.diff)- add var.mount dependeny to apparmor.service (boo#1016259#c34)
* Thu Mar 16 2017 kukukAATTsuse.com- Cleanup spec file: - don\'t use insserv if we afterwards call systemd, this can have bad side effects - remove dead code - remove now obsolete \'distro\' checks- Replace init.d script with new wrapper working with systemd
* Thu Feb 16 2017 jmatejekAATTsuse.com- add python3-drop-re-locale.patch: remove deprecated re.LOCALE flag in Python UI as it was dropped from Python 3.6 (lp#1661766)
* Sat Feb 11 2017 jengelhAATTinai.de- Fix RPM groups
* Mon Jan 30 2017 suse-betaAATTcboltz.de- add upstream-changes-r3616..3628.diff: - update abstractions/base, abstractions/apache2-common and dovecot profiles - merge ask_the_questions() of aa-logprof and aa-mergeprof - pass LDFLAGS when building parser, libapparmor perl bindings and pam_apparmor- adjust deleting the cache in profiles %post to the new cache location- silence errors when deleting the cache (boo#976914)
* Sat Jan 28 2017 suse-betaAATTcboltz.de- split libapparmor into separate spec to get rid of build loop involving mariadb, systemd, apparmor, libapr and mariadb again (see the discussion in SR 448871 for details)- libapparmor.spec is based on the AppArmor 2.11 apparmor.spec, but with minimum BuildRequires
* Fri Jan 27 2017 suse-betaAATTcboltz.de- update to AppArmor 2.11.0 - apparmor_parser now supports parallel compiles and loads - add full support for dbus, ptrace and signal rules and events to the utils - full rewrite of the file rule handling in the utils - lots of improvements and fixes - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_11 for the detailed changelog- patches: - add sshd-profile-drop-local-include-r3615.diff to fix \'make check\' - drop aa-unconfined-fix-netstat-call-2.10r3380.diff, no longer needed - refresh apparmor-abstractions-no-multiline.diff - refresh apparmor-samba-include-permissions-for-shares.diff- spec changes: - aa-unconfined switched to using ss (from iproute2), adjust Recommends: - move libapparmor to /usr/lib
*/ - drop %if %suse_version checks for 12.x - change several Obsoletes from %version to < 2.9. Those package names weren\'t used since years, and 2.9 is still a careful choice - include apparmor.service independent of %suse_version - techdoc.pdf is now shipped in upstream tarball to reduce BuildRequires - drop latex2html, texlive-
* and w3m BuildRequires - techdoc.txt and techdoc.html not included, drop them from the package - run most of utils/ make check (some tests expect /etc/apparmor.d/ and /sbin/apparmor_parser to exist, skip them) - BuildRequires python3-pyflakes (utils tests) and dejagnu (libapparmor tests) - drop sed\'ing python3 into aa-
* shebang (upstreamed) - build binutils - aa-exec is now written in C and lives in /usr/bin/, move it to the apparmor_parser package and create a compability symlink in /usr/sbin/ - aa-exec manpage moved to section 1 - aa-enabled is a small new tool to find out if AppArmor is enabled - package new aa_stack_profile(2) manpage
* Tue Jan 24 2017 suse-betaAATTcboltz.de- change /etc/apparmor.d/cache symlink to /var/lib/apparmor/cache/. This is part of the root partition (at least with default partitioning) and should be available earlier than /var/cache/apparmor/ (boo#1015249, boo#980081, bsc#1016259)- add dependency on var-lib.mount to apparmor.service as safety net
* Tue Jan 10 2017 suse-betaAATTcboltz.de- update to AppArmor 2.10.2 maintenance release - lots of bugfixes and profile updates (including boo#1000201, boo#1009964, boo#1014463) - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_10_2 for details- add aa-unconfined-fix-netstat-call-2.10r3380.diff to fix a regression in aa-unconfined- drop upstream(ed) patches: - changes-since-2.10.1--r3326..3346.diff - changes-since-2.10.1--r3347..3353.diff - libapparmor-fix-import-path.diff (upstream fix is slightly different) - nscd-var-lib.diff- refresh apparmor-abstractions-no-multiline.diff
* Sun Oct 23 2016 suse-betaAATTcboltz.de- add nscd-var-lib.diff to allow /var/lib/nscd/ in the nscd profile and abstractions/nameservice (path changed in latest nscd in Tumbleweed)
* Thu Oct 13 2016 suse-betaAATTcboltz.de- add changes-since-2.10.1--r3347..3353.diff with upstream changes and fixes in the 2.10 branch, including - allow writing
*.qf files (for disk-based buffering) in syslog-ng profile - add several permissions to the dovecot profiles (deb#835826) - add a missing path in the traceroute profile
* Fri Aug 26 2016 suse-betaAATTcboltz.de- add changes-since-2.10.1--r3326..3346.diff with upstream changes and fixes since the 2.10.1 release, including - allow dac_override in winbindd profile (boo#990006#c5) - allow mr for /usr/lib
*/ldb/
*.so in samba abstractions (needed since Samba 4.4.x, boo#990006) - abstractions/nameservice: also support ConnMan-managed resolv.conf - let aa-genprof ask about profiles in extra dir (again) - fix aa-logprof \"add hat\" endless loop (lp#1538306) - honor \'chown\' file events in logparser.py - ignore log file events with a request mask of \'send\' or \'receive\' because they are actually network events (lp#1577051, lp#1582374) - accept hostname with dots when parsing logs (lp#1453300 comments #1 and #2)- fix python LibAppArmor import failures with swig > 3.0.8 (boo#987607) (libapparmor-fix-import-path.diff)- refresh apparmor-abstractions-no-multiline.diff- drop upstreamed profiles-ping-inet6-r3449.diff- add %check section - runs libapparmor (including swig bindings), parser and profiles tests- add BuildRequires: perl(Locale::gettext) - needed for parser tests
* Tue May 24 2016 suse-betaAATTcboltz.de- add profiles-ping-inet6-r3449.diff - latest ping also does IPv6 (boo#980596)
* Fri Apr 22 2016 suse-betaAATTcboltz.de- update to AppArmor 2.10.1 (2.10 branch r3326): - fix incorrect output of child profile names (apparmor_parser -N) which caused \'rcapparmor reload\' to remove child profiles and hats (lp#1551950) - fix a crash in aa-logprof / logparser.py for change_hat log events (lp#1523297) and log events that look like file events, but aren\'t (lp#1540562, lp#1525119, lp#1466812) - write unix rules when saving a profile (lp#1522938, boo#954104#c3) - several fixes for variable handling in aa-logprof - map c (create) log events to w instead of a - add python to the \"no Px rule\" list in logprof.conf - let aa-logprof check for duplicate profiles - let aa-status work without the apparmor.fail python module (boo#971917, lp#1480492) - add permissions in several profiles (including boo#948584, boo#948753, boo#954959, boo#954958, boo#971790, boo#964971, boo#921098, boo#923201 and boo#921098#c15). - and many more fixes, see the full changelog at http://wiki.apparmor.net/index.php/ReleaseNotes_2_10_1- drop upstream(ed) patches: - fix-initscript-aa_log_end_msg.diff - syslog-ng-profile-boo948584.diff - upstream-profile-updates-r3205-3241.diff- refresh patches: - apparmor-abstractions-no-multiline.diff - apparmor-samba-include-permissions-for-shares.diff- drop libapparmor autogen.sh call (broke the build) and remove libtool BR
* Wed Oct 07 2015 opensuseAATTcboltz.de- add syslog-ng-profile-boo948584.diff - add several permissions needed by latest syslog-ng (boo#948584, boo#948753)- add upstream-profile-updates-r3205-3241.diff with several profile updates: - add /usr/share/locale-bundle/
*
* to abstractions/base - allow dnsmask to use /bin/sh (boo#940749) and /bin/dash - allow dovecot imap to read /run/dovecot/mounts - allow avahi-daemon to write to /run/systemd/notify - allow ntpd to read $PATH directory listings (boo#945592, boo#948752) - update dhclient profile - allow skype to read AATT{PROC}/AATT{pid}/net/dev (boo#939568) - and some other small updates- drop upstreamed apparmor-winbindd-r3213.diff (included in the upstream-profile-updates patch)
* Sun Sep 13 2015 opensuseAATTcboltz.de- netstat moved to net-tools-deprecated in Tumbleweed (boo#944904)
* Thu Jul 30 2015 opensuseAATTcboltz.de- add apparmor-winbindd-r3213.diff - add missing k permissions for /etc/samba/smbd.tmp/msg/
* in winbindd profile (boo#921098 #c15..19)
* Thu Jul 23 2015 opensuseAATTcboltz.de- add fix-initscript-aa_log_end_msg.diff - fixes ugly initscript output (boo#862170)
* Thu Jul 16 2015 opensuseAATTcboltz.de- update to AppArmor 2.10 (trunk r3205) - profile names can now contain variables - improved profile compile time in apparmor_parser - lots of improvements, refactoring and bugfixes in the aa-
* tools - new apis for managing and loading profile caches into the kernel in libapparmor - lots of profile updates - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_10 for the complete changelog with more details- add new apparmor_private.h and the aa_query_label(2), aa_features(3), aa_kernel_interface(3), aa_policy_cache(3), aa_splitcon(3) manpages to libapparmor-devel- drop apparmor-2.5.1-edirectory-profile patch - it\'s most probably no longer needed (see boo#621394 for details)- drop upstreamed samba-4.2-profiles.diff- refresh apparmor-samba-include-permissions-for-shares.diff
* Mon Jun 15 2015 opensuseAATTcboltz.de- systemd-rpm-macros and %systemd_requires were at the wrong place, move them to the parser package (boo#931792)
* Fri Apr 24 2015 opensuseAATTcboltz.de- update to AppArmor 2.9.2 (2.9 branch r2911) - lots of bugfixes in the parser and the aa-
* tools (including boo#918787) - update dovecot and dnsmasq profiles and several abstractions (including boo#911001) - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_9_2 for the full changelog- remove upstream(ed) patches apparmor-changes-since-2.9.1.diff and apparmor-fix-stl-ostream.diff- replace GPG key with new AppArmor GPG signing key, see https://launchpad.net/apparmor/+announcement/13404
* Fri Apr 17 2015 opensuseAATTcboltz.de- make sure %service_del_postun doesn\'t call systemctl try-restart (boo#853019, bare systemd edition)- add samba-4.2-profiles.diff: update samba (winbindd and nmb) profiles for samba 4.2 (boo#921098, boo#923201)
* Sun Apr 12 2015 opensuseAATTcboltz.de- only install apparmor.service for openSUSE > 13.2
* Wed Apr 01 2015 crrodriguezAATTopensuse.org- Add a native systemd unit which
*at the moment
* only wraps/masks the early boot script.
* Tue Feb 24 2015 rguentherAATTsuse.com- add apparmor-fix-stl-ostream.diff which fixes odd uses of std::ostream which are not valid. Fixes build with GCC 5
* Fri Feb 20 2015 opensuseAATTcboltz.de- allow lessopen.sh to run /usr/bin/unzip-plain (boo#906858)
* Thu Feb 12 2015 opensuseAATTcboltz.de- add Requires: python3 to python3-apparmor package - readline isn\'t part of python3-base (boo#917577)
* Tue Jan 20 2015 opensuseAATTcboltz.de- add apparmor-changes-since-2.9.1.diff with upstream fixes since the 2.9.1 release - update logparser.py to support changed syslog format (lp#1399027) - update usr.sbin.dovecot and usr.lib.dovecot.imap{, -login} profiles (lp#1296667) - update the mysqld profile - fix network rule description in apparmor.d(5) manpage- drop upstreamed dnsmasq-profile-fixes.patch- update expired GPG key
* Thu Jan 01 2015 opensuseAATTcboltz.de- update to AppArmor 2.9.1 (2.9 branch r2831) - fix log parsing for 3.16 kernels and syslog-style logs (boo#905368) - several fixes and performance improvements in the aa-
* utils - profile updates for dnsmasq (boo#907870), nscd (boo#904620#c14 and bnc#908856), useradd, sendmail, man and passwd - see http://wiki.apparmor.net/index.php/ReleaseNotes_2_9_1 for full release notes- refresh dnsmasq-profile-fixes.patch
* Mon Dec 22 2014 cbosdonnatAATTsuse.com- Fix dnsmasq profile to allow executing bash to run the --dhcp-script argument. Also fixed /usr/lib -> /usr/{lib,lib64} to get libvirt leasehealper script to run even on x86_64. dnsmasq-profile-fixes.patch. boo#911001
* Sun Dec 21 2014 opensuseAATTcboltz.de- rename lessopen.sh profile file to usr.bin.lessopen.sh to match the script filename
* Wed Dec 10 2014 meissnerAATTsuse.com- add apparmor-lessopen-profile.patch: /usr/bin/lessopen.sh needs confinement. bnc#906858
* Sun Nov 16 2014 opensuseAATTcboltz.de- delete cache in apparmor-profiles %post (workaround for bnc#904620#c8 / lp#1392042)
* Fri Nov 14 2014 dimstarAATTopensuse.org- No longer perform gpg validation; osc source_validator does it implicit: + Drop gpg-offline BuildRequires. + No longer execute gpg_verify.
* Sun Nov 09 2014 Led - fix bashism in post script
* Sat Oct 18 2014 opensuseAATTcboltz.de- update to AppArmor 2.9.0 (r2759) - change aa-mergeprof to the final commandline syntax - lots of bugfixes in the aa-
* tools (bnc#900163, lp#1328707 and several bugs without a formal bugreport) - small additions to gnome, freedesktop.org, ubuntu-browsers.d/java and user-mail abstractions - fix mod_apparmor to not break basic auth - update perl modules to support signal, unix and ptrace rules (bnc#900013) - don\'t warn about rules not supported by the kernel - fix logging of \"audit capability\" (lp#1378091) - add support for the \"hat\" keyword in apparmor.vim - build html version of apparmor.vim manpage again (lp#1366572) - see also http://wiki.apparmor.net/index.php/ReleaseNotes_2_9_0- update apparmor-abstractions-no-multiline.diff- remove upstreamed apparmor-profiles-ntpd-pid-location.diff
  
ICM