Changelog for
apparmor-docs-4.0.3-554.3.noarch.rpm :
* Tue Oct 01 2024 Christian Boltz
- add mesa-cachedir.diff: new cachedir in Mesa 24.2.2
* Fri Aug 23 2024 Christian Boltz - update to AppArmor 4.0.3 - several small bugfixes - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_4.0.3 for the full release notes
* Thu Aug 22 2024 pgajdosAATTsuse.com- remove dependency on /usr/bin/python3 using %python3_fix_shebang macro, [bsc#1212476]
* Wed Jul 24 2024 Christian Boltz - update to AppArmor 4.0.2 - bugfix release with lots of fixes in all areas - add new userns profiles for balena-etcher, chromium and wike - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_4.0.2 for the detailed upstream changelog- drop upstream(ed) patches: - aa-remove-unknown-fix-unconfined.diff - logprof-mount-empty-source.diff - plasmashell.diff - sampa-rpcd-witness.diff - sddm-xauth.diff - teardown-unconfined.diff - test-aa-notify.diff - tools-fix-redefinition.diff - utils-relax-mount-rules-2.diff - utils-relax-mount-rules.diff- refresh GPG key (was expired)
* Tue Jun 25 2024 Christian Boltz - add sampa-rpcd-witness.diff: allow samba-dcerpcd to execute rpcd_witness (boo#1225811)
* Tue Jun 11 2024 Christian Boltz - add logprof-mount-empty-source.diff: add support for mount rules with quoted paths and empty source (boo#1226031)
* Tue Jun 04 2024 Christian Boltz - add sddm-xauth.diff - sddm uses a new path for xauth (boo#1223900)- add plasmashell.diff - fix QtWebEngineProcess path to prevent a crash in plasmashell (boo#1225961)
* Thu May 30 2024 Guillaume GARDET - Also exclude podman profile - boo#1225608
* Wed May 29 2024 Fabian Vogt - Exclude the crun profile in addition to runc
* Tue May 28 2024 Christian Boltz - add utils-relax-mount-rules.diff and utils-relax-mount-rules-2.diff: Relax handling of mount rules in utils to avoid errors when parsing valid profiles- add teardown-unconfined.diff to fix aa-teardown for \'unconfined\' profiles (boo#1225457)
* Tue May 28 2024 Christian Boltz - exclude runc profile until updated runc packages (including updated profile with \"signal peer=runc\") have arrived
* Sat May 25 2024 Christian Boltz - add aa-remove-unknown-fix-unconfined.diff to fix aa-remove-unknown for \'unconfined\' profiles (boo#1225457)- set permissions for %ghost files (boo#1223578)
* Fri May 24 2024 Christian Boltz - fix bashism in %post profiles
* Sun May 05 2024 Christian Boltz - Update to AppArmor 4.0.1 Too many changes to list them here. See https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_4.0.1 for the detailed upstream release notes- add tools-fix-redefinition.diff: fix redefinition of _ in tools- add test-aa-notify.diff: relax test-aa-notify to avoid a mismatch with argparse on Leap 15.5- drop upstreamed patches: - apparmor-abstractions-openssl-allow-version-specific-en.patch - dovecot-unix_chkpwd.diff - smbd-unix_chkpwd.diff- apparmor-lessopen-profile.patch: update lessopen profile to abi/4.0- mark local/
* as %ghost so that these dummy files don\'t get installed anymore (changed existing local/files will be kept, unchanged files will be deleted)- switch to gitlab tarballs (without pregenerated libapparmor configure script and prebuilt techdoc.pdf) - run libapparmor autogen.sh (needs additional BuildRequires autoconf, autoconf-archive, automake and libtool) - no longer package techdoc.pdf - old documentation, not worth the texlive BuildRequires we would need to build it- drop old (up to 2.12) cache location /var/lib/apparmor/ and the /etc/apparmor.d/cache symlink pointing to it- drop apparmor-samba-include-permissions-for-shares.diff - no longer needed, update-apparmor-samba-profile in Tumbleweed works without a pre-existing local/usr.sbin.smbd-shares file- drop ruby-2_0-mkmf-destdir.patch - this ancient patch doesn\'t change a single bit in the resulting build (anymore?)- drop apparmor-lessopen-nfs-workaround.diff - no longer needed since Kernel 6.0 (see https://bugs.launchpad.net/bugs/1784499)- drop ancient, unused update-trans.sh
* Fri Apr 05 2024 Atri Bhattacharya - Use full URLs for source tarball and signature.
* Fri Mar 01 2024 Christian Boltz - Remove workaround for boo#853019 in %postun parser - apparmor.service contains a more safe workaround. This also fixes boo#1220708 (missing daemon-reload).
* Tue Feb 27 2024 Noel Power - Add smbd-unix_chkpwd.diff to allow smbd to execute unix_chkpwd and fix other pam related denies; (boo#1220032).
* Mon Feb 26 2024 Ludwig Nussel - Fix systemd userdb access in unix-chkpwd
* Tue Feb 20 2024 Dominique Leuenberger - Use %patch -P N instead of deprecated %patchN.
* Tue Feb 20 2024 David Disseldorp - Only run utils and profiles make check if kernel LSM is enabled (bsc#1220084)
* Thu Feb 08 2024 David Disseldorp - Add apparmor-abstractions-openssl-allow-version-specific-en.patch to allow version specific engdef & engines openssl paths (boo#1219571)
* Mon Feb 05 2024 Christian Boltz - Update to AppArmor 3.1.7 - aa-logprof: don\'t skip exec events in hats - fix aa-cleanprof to work with named profiles - add permissions in various abstractions - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.7 for the full list of changes- drop upstreamed apparmor-systemd-sessions.patch
* Mon Jan 29 2024 Christian Boltz - Add dovecot-unix_chkpwd.diff to allow dovecot-auth to execute unix_chkpwd, and add a profile for unix_chkpwd. This is needed for PAM 1.6 (boo#1219139)- Refresh apparmor.keyring - the key was renewed
* Wed Nov 08 2023 Christian Boltz - Actually apply the previously added patch for bsc#1216878
* Wed Nov 08 2023 Julio Gonzalez Gil - Add apparmor-systemd-sessions.patch to allow read access to /run/systemd/sessions/ (bsc#1216878)
* Mon Sep 25 2023 David Disseldorp - Fix pam_apparmor %post and %postun scripts to handle pam-config errors (bsc#1215596)
* Tue Jul 25 2023 David Disseldorp - Add pam_apparmor README, referenced from online cha-apparmor-pam.html documentation (bsc#1213472)
* Thu Jun 22 2023 Christian Boltz - update to AppArmor 3.1.6 (jsc#PED-5600) - fix regression in mount rules (boo#1211989) - some additions to the base and authentification abstractions - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.6 for the full upstream changelog
* Sun Jun 11 2023 Christian Boltz - update to AppArmor 3.1.5 - fix handling of mount rules in apparmor_parser - minor additions to abstractions/base and snap_browsers - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.5 for the full upstream changelog- remove upstreamed aa-status-fix-json-mr1046.patch- split off apparmor-enable-precompiled-cache.diff from apparmor-enable-profile-cache.diff so that the precompiled cache path doesn\'t get added in parser.conf for Tumbleweed builds. This prevents a warning about the non-existing directory when loading profiles.
* Tue Jun 06 2023 Christian Boltz - fix aa-status --json output (aa-status-fix-json-mr1046.patch, boo#1211980#c12)
* Mon May 29 2023 Christian Boltz - update to AppArmor 3.1.4 - parser: fix mount rules encoding (CVE-2016-1585) - aa-logprof: fix error when choosing named exec with plain profile names - aa-status: fix json output - several fixes for profiles and abstractions - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.4 for the full upstream changelog
* Thu May 04 2023 Frederic Crozat - Add _multibuild to define additional spec files as additional flavors. Eliminates the need for source package links in OBS.
* Tue Feb 28 2023 Christian Boltz - update to AppArmor 3.1.3 - add support for more audit.log formats in libapparmor - add abstractions/groff (boo#1065388) - various additions in abstractions and profiles - several bug fixes in parser and utils - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.3 for the detailed upstream changelog- drop upstreamed patches: - abstractions-openssl-1_1.diff - dnsmasq-cpu-possible.diff - nscd-systemd-userdb.diff
* Mon Feb 06 2023 Christian Boltz - add abstractions-openssl-1_1.diff: allow to read /etc/ssl/openssl-1_1.cnf in abstractions/openssl (boo#1207911)
* Mon Jan 30 2023 Christian Boltz - add nscd-systemd-userdb.diff: allow nscd to read systemd-userdb (boo#1207698)
* Tue Dec 27 2022 Ludwig Nussel - Replace transitional %usrmerged macro with regular version check (boo#1206798)
* Fri Dec 23 2022 Samuel Cabrero - Add samba-4-17.patch to update the samba profiles for samba version 4.17 (bsc#1206626); - samba-4-17.patch superseded by upstream merge: https://gitlab.com/apparmor/apparmor/-/merge_requests/926
* Tue Nov 22 2022 Christian Boltz - update to AppArmor 3.1.2 - lots of cleanups, improvements and bugfixes in all areas - rework internal profile storage and handling in the aa-
* tools - support boolean variable definitions in the aa-
* tools - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.1 and https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.2 for the detailed upstream changelog- remove upstream(ed) patches: - apparmor-3.0.7-egrep.patch - dnsmasq.diff - profiles-permit-php-fpm-pid-files-directly-under-run.patch - zgrep-profile-mr870.diff- no longer ship precompiled profile cache for Tumbleweed (boo#1205659)- BuildRequire iproute2 (needed for aa-unconfined tests)
* Sun Sep 04 2022 Andreas Stieger - aa-decode: use grep -E instead of deprecated egrep (boo#1203092) add apparmor-3.0.7-egrep.patch
* Sun Aug 28 2022 Christian Boltz - update to AppArmor 3.0.7 - fix setuptools version detection in buildpath.py - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.7 for the detailed upstream changelog- add dnsmasq-cpu-possible.diff: allow reading /sys/devices/system/cpu/possible in dnsmasc//libvirt-leaseshelper profile (boo#1202849)
* Fri Aug 26 2022 David Disseldorp - add profiles-permit-php-fpm-pid-files-directly-under-run.patch https://gitlab.com/apparmor/apparmor/-/merge_requests/914 (bsc#1202344)
* Fri Aug 19 2022 Ben Greiner - skip code linting for packaging
* removes pyflakes from the build requirements and thus Ring1
* see also https://gitlab.com/apparmor/apparmor/-/issues/121
* Mon Aug 08 2022 Christian Boltz - add dnsmasq.diff: missing r permissions for dnsmasq//libvirt-leaseshelper (boo#1202161)
* Mon Aug 01 2022 Christian Boltz - update to AppArmor 3.0.6 - fix LTO build in the parser - remove dbus deny rule in abstractions/exo-open - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.6 for the detailed upstream changelog- drop upstream patch dirtest-sort-mr900.diff
* Mon Jul 25 2022 Christian Boltz - update to AppArmor 3.0.5 - several additions to profiles and abstractions - bugfixes in parser and utils - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.5 for the detailed upstream changelog- remove upstream(ed) patchs: - apparmor-setuptools61-mr897.patch - dovecot-profiles-boo1199535-mr881.diff - php8-fpm-mr876.patch - python310-help-mr848.patch - samba-new-dcerpcd.patch - samba_deny_net_admin.patch - update-samba-bgqd.diff - update-usr-sbin-smbd.diff- apparmor-samba-include-permissions-for-shares.diff: remove upstreamed part- add dirtest-sort-mr900.diff to fix random test failures- change apache-extra-profile-include-if-exists.diff to the post-mv path (new quilt executes mv)- stop disabling lto (fixed upstream) (boo#1133091)- package profile-load script in -parser
* Fri Jul 15 2022 Ben Greiner - Add apparmor-setuptools61-mr897.patch https://gitlab.com/apparmor/apparmor/-/merge_requests/897- Add buildtime dependencies on python-rpm-macros and setuptools
* Tue Jun 28 2022 Christian Boltz - update zgrep-profile-mr870.diff: allow zgrep to execute egrep and fgrep (poo#113108)
* Sun May 15 2022 Christian Boltz - add dovecot-profiles-boo1199535-mr881.diff: update dovecot profiles for latest dovecot (boo#1199535)
* Wed May 11 2022 Noel Power - Update samba-new-dcerpcd.patch for aarch64 which needs some additional rules; (bnc#1198309).
* Sun May 08 2022 Ben Greiner - Add python310-help-mr848.patch so that Tumbleweed can switch python3 to Python 3.10 (https://gitlab.com/apparmor/apparmor/-/merge_requests/848)
* Fri Apr 29 2022 Christian Boltz - add php8-fpm-mr876.patch so that php8 php-fpm can read its config (boo#1186267#c11)- parser: add conflict with apparmor-utils < 3.0 to avoid aa-status file conflict on upgrade (boo#1198958)- utils: add missing dependency on apparmor-parser (boo#1198958#c4)
* Wed Apr 27 2022 Dominique Leuenberger - Enhance zgrep-profile-mr870.diff to also allow/support zstd (boo#1198922).
* Sat Apr 16 2022 Christian Boltz - update zgrep-profile-mr870.diff to allow executing \'expr\' (boo#1198531)
* Wed Apr 13 2022 Noel Power - Add samba-new-dcerpcd.patch, samba-4.16 has a new dcerpcd daemon which now will spawn new additional services on demand. We need to modify the existing smbd/winbind profiles and additionally add a new set of profiles to cater for the new functionality; (bnc#1198309);
* Mon Apr 11 2022 Noel Power - Add samba_deny_net_admin.patch to add new rule to deny noisy setsockopt calls from systemd; (bnc#1196850).
* Sun Apr 10 2022 Christian Boltz - add profile for zgrep and xzgrep to prevent CVE-2022-1271 (zgrep-profile-mr870.diff)
* Tue Mar 29 2022 Christian Boltz - ensure precompiled cache files are newer than (text) profiles- reload profiles in %posttrans instead of %post to ensure both - profiles and -abstractons package are updated before the cache in /var/cache/apparmor/ gets built (boo#1195463 #c20)
* Thu Mar 24 2022 Noel Power - Add update-samba-bgqd.diff to add new rule to fix \'DENIED\' open on /proc/{pid}/fd for samba-bgqd (bnc#1196850).- Add update-usr-sbin-smbd.diff to add new rule to allow reading of openssl.cnf (bnc#1195463).
* Thu Feb 10 2022 Christian Boltz - update to AppArmor 3.0.4 - various fixes in profiles, abstractions, apparmor_parser and utils (some of them were already included as patches) - add support for mctp address family - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.4 for the full upstream changelog- remove upstream(ed) patches: - aa-notify-more-arch-mr809.diff - ruby-3.1-build-fix.diff - add-samba-bgqd.diff - openssl-engdef-mr818.diff - profiles-python-3.10-mr783.diff - update-samba-abstractions-ldb2.diff- refresh patches: - apparmor-samba-include-permissions-for-shares.diff - ruby-2_0-mkmf-destdir.patch
* Wed Jan 26 2022 Christian Boltz - add ruby-3.1-build-fix.diff: fix build with ruby 3.1 (boo#1194221, MR 827)
* Mon Jan 17 2022 Samuel Cabrero - add update-samba-abstractions-ldb2.diff: Cater for changes to ldb packaging to allow parallel installation with libldb (bsc#1192684).
* Mon Dec 20 2021 Noel Power - Modify add-samba-bgqd.diff: Add new rule to fix new \"DENIED operation=\"file_mmap\" violation in SLE15-SP4; (bsc#1192336).
* Sun Dec 19 2021 Christian Boltz - add openssl-engdef-mr818.diff: Allow reading /etc/ssl/engdef.d/ and /etc/ssl/engines.d/ in abstractions/openssl which were introduced with the latest openssl update
* Tue Nov 09 2021 Christian Boltz - add aa-notify-more-arch-mr809.diff: Add support for reading s390x and aarch64 wtmp files (boo#1181155)
* Fri Oct 15 2021 Christian Boltz - add add-samba-bgqd.diff: add profile for samba-bgqd (boo#1191532)
* Sat Sep 18 2021 Christian Boltz - lessopen.sh profile: allow reading files that live on NFS over UDP (added to apparmor-lessopen-nfs-workaround.diff) (boo#1190552)
* Wed Aug 11 2021 Christian Boltz - add profiles-python-3.10-mr783.diff: update abstractions/python and profiles for python 3.10
* Sat Aug 07 2021 Christian Boltz - update to AppArmor 3.0.3 - fix a failure in the parser tests - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.3 for the detailed upstream changelog
* Fri Aug 06 2021 Christian Boltz - update to AppArmor 3.0.2 - add missing permissions to several profiles and abstractions (including boo#1188296) - bugfixes in utils and parser (including boo#1180766 and boo#1184779) - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.2 for the detailed upstream changelog- remove upstreamed patches: - apparmor-dovecot-stats-metrics.diff - abstractions-php8.diff - crypto-policies-mr720.diff
* Thu Jul 15 2021 Michael Ströder - added apparmor-dovecot-stats-metrics.diff to allow Prometheus metrics end-point
* Mon Jun 07 2021 Christian Boltz - move Requires: python3 back to the python3-apparmor subpackage - readline usage is in the python modules, not in apparmor-utils
* Tue May 25 2021 Matej Cepl - Remove python symbols (python means currently python2), work only with python3 ones (fallout from bsc#1185588).
* Fri May 21 2021 Christian Boltz - add abstractions-php8.diff to support PHP8 in abstractions/php (boo#1186267)
* Tue Apr 27 2021 Christian Boltz - add crypto-policies-mr720.diff to allow reading crypto policies in abstractions/ssl_certs (boo#1183597)
* Sat Mar 27 2021 Christian Boltz - replace %{?systemd_requires} with %{?systemd_ordering} to avoid dragging in systemd into containers just because apparmor-parser ships a
*.service file
* Thu Feb 11 2021 Christian Boltz - merge libapparmor.changes into apparmor.changes
* Mon Feb 08 2021 Ludwig Nussel - avoid file listed twice error
* Tue Feb 02 2021 Christian Boltz - define %_pamdir for <= 15.x to fix the build on those releases
* Fri Jan 22 2021 Christian Boltz - add apache-extra-profile-include-if-exists.diff: make include in apache extra profile optional to avoid problems with empty profile directory (boo#1178527)
* Wed Jan 13 2021 Ludwig Nussel - prepare usrmerge (boo#1029961)
* use %_pamdir