Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

apparmor-profiles-2.10.3-16.1 RPM for noarch

From OpenSuSE leap updates for 42.3-test / noarch

Name: apparmor-profiles Distribution: openSUSE Leap 42.3
Version: 2.10.3 Vendor: openSUSE
Release: 16.1 Build date: Mon Nov 6 18:47:23 2017
Group: Productivity/Security Build host: cloud130
Size: 179947 Source RPM: apparmor-2.10.3-16.1.src.rpm
Summary: AppArmor profiles that are loaded into the apparmor kernel module
Base profiles. AppArmor is a file and network mandatory access control
mechanism. AppArmor confines processes to the resources allowed by the
systems administrator and can constrain the scope of potential security

This package is part of a suite of tools that used to be named




GPL-2.0 and LGPL-2.1+


* Sun Oct 29 2017
  - update to AppArmor 2.10.3
    changes since grabbing the last upstream patch:
    - add permissions to the dovecot, traceroute, samba and postfix profiles
      and several abstractions (including lp#1650827 and boo#1057900)
    - some fixes in the aa-* tools
    - fix downgrading/converting of 'unix' rules to 'network unix' rules
      in apparmor_parser (boo#1061195)
    - see for
      upstream changelog
  - drop upstream patches:
    - aa-unconfined-fix-netstat-call-2.10r3380.diff
    - profile-updates-2.10r3381..3384.diff
    - upstream-changes-2.10-r3385..3390.diff
  - add nameservice-libtirpc.diff to fix NIS/YP logins (boo#1062244)
* Sun Mar 26 2017
  - add upstream-changes-2.10-r3385..3390.diff:
    - preserve unknown profiles when reloading apparmor.service
      (CVE-2017-6507, lp#1668892, boo#1029696)
    - add aa-remove-unknown utility to unload unknown profiles (lp#1668892)
    - remove deprecated re.LOCALE flag in Python UI as it was dropped from Python
      3.6 (lp#1661766)
    - fix a crash in aa-logprof on specific change_hat events
  - migration to apparmor.service turned out to accidently disable AppArmor.
    Add a workaround to fix this (boo#1017260 starting at #c7)
    Note: This will re-enable AppArmor if it was disabled by the last update.
    You'll need to "rcapparmor reload" to actually load the profiles, and then
    check aa-status for programs that need to be restarted to apply the profiles.
  - add var.mount dependeny to apparmor.service (boo#1016259#c34)
* Wed Feb 01 2017
  - Recommend net-tools instead of net-tools-deprecated for 42.x (boo#1022963)
* Mon Jan 30 2017
  - add profile-updates-2.10r3381..3384.diff with updates for
    abstractions/base, abstractions/apache2-common and dovecot profiles
* Tue Jan 24 2017
  - package apparmor.service also in Leap where it was missing thanks to a
    wrong/outdated if statement (boo#1017260)
    Note: If you manually disabled AppArmor, this change will re-enable it.
* Tue Jan 24 2017
  - change /etc/apparmor.d/cache symlink to /var/lib/apparmor/cache/.
    This is part of the root partition (at least with default partitioning)
    and should be available earlier than /var/cache/apparmor/
    (boo#1015249, boo#980081, bsc#1016259)
  - add dependency on var-lib.mount to apparmor.service as safety net
* Tue Jan 10 2017
  - update to AppArmor 2.10.2 maintenance release
    - lots of bugfixes and profile updates (including boo#1000201,
      boo#1009964, boo#1014463)
    - see for details
  - add aa-unconfined-fix-netstat-call-2.10r3380.diff to fix a regression
    in aa-unconfined
  - drop upstream(ed) patches:
    - changes-since-2.10.1--r3326..3346.diff
    - changes-since-2.10.1--r3347..3353.diff
    - libapparmor-fix-import-path.diff (upstream fix is slightly different)
    - nscd-var-lib.diff
  - refresh apparmor-abstractions-no-multiline.diff
* Sun Oct 23 2016
  - add nscd-var-lib.diff to allow /var/lib/nscd/ in the nscd profile and
    abstractions/nameservice (path changed in latest nscd in Tumbleweed)
* Thu Oct 13 2016
  - add changes-since-2.10.1--r3347..3353.diff with upstream changes and
    fixes in the 2.10 branch, including
    - allow writing *.qf files (for disk-based buffering) in syslog-ng profile
    - add several permissions to the dovecot profiles (deb#835826)
    - add a missing path in the traceroute profile
* Fri Aug 26 2016
  - add changes-since-2.10.1--r3326..3346.diff with upstream changes and
    fixes since the 2.10.1 release, including
    - allow dac_override in winbindd profile (boo#990006#c5)
    - allow mr for /usr/lib*/ldb/*.so in samba abstractions (needed since
      Samba 4.4.x, boo#990006)
    - abstractions/nameservice: also support ConnMan-managed resolv.conf
    - let aa-genprof ask about profiles in extra dir (again)
    - fix aa-logprof "add hat" endless loop (lp#1538306)
    - honor 'chown' file events in
    - ignore log file events with a request mask of 'send' or 'receive'
      because they are actually network events (lp#1577051, lp#1582374)
    - accept hostname with dots when parsing logs (lp#1453300 comments #1 and #2)
  - fix python LibAppArmor import failures with swig > 3.0.8 (boo#987607)
  - refresh apparmor-abstractions-no-multiline.diff
  - drop upstreamed profiles-ping-inet6-r3449.diff
  - add %check section - runs libapparmor (including swig bindings),
    parser and profiles tests
  - add BuildRequires: perl(Locale::gettext) - needed for parser tests
* Tue May 24 2016
  - add profiles-ping-inet6-r3449.diff - latest ping also does IPv6 (boo#980596)
* Fri Apr 22 2016
  - update to AppArmor 2.10.1 (2.10 branch r3326):
    - fix incorrect output of child profile names (apparmor_parser -N) which
      caused 'rcapparmor reload' to remove child profiles and hats (lp#1551950)
    - fix a crash in aa-logprof / for change_hat log events
      (lp#1523297) and log events that look like file events, but aren't
      (lp#1540562, lp#1525119, lp#1466812)
    - write unix rules when saving a profile (lp#1522938, boo#954104#c3)
    - several fixes for variable handling in aa-logprof
    - map c (create) log events to w instead of a
    - add python to the "no Px rule" list in logprof.conf
    - let aa-logprof check for duplicate profiles
    - let aa-status work without the python module (boo#971917,
    - add permissions in several profiles (including boo#948584, boo#948753,
      boo#954959, boo#954958, boo#971790, boo#964971, boo#921098, boo#923201 and
    - and many more fixes, see the full changelog at
  - drop upstream(ed) patches:
    - fix-initscript-aa_log_end_msg.diff
    - syslog-ng-profile-boo948584.diff
    - upstream-profile-updates-r3205-3241.diff
  - refresh patches:
    - apparmor-abstractions-no-multiline.diff
    - apparmor-samba-include-permissions-for-shares.diff
  - drop libapparmor call (broke the build) and remove libtool BR
* Wed Oct 07 2015
  - add syslog-ng-profile-boo948584.diff - add several permissions needed
    by latest syslog-ng (boo#948584, boo#948753)
  - add upstream-profile-updates-r3205-3241.diff with several profile updates:
    - add /usr/share/locale-bundle/** to abstractions/base
    - allow dnsmask to use /bin/sh (boo#940749) and /bin/dash
    - allow dovecot imap to read /run/dovecot/mounts
    - allow avahi-daemon to write to /run/systemd/notify
    - allow ntpd to read $PATH directory listings (boo#945592, boo#948752)
    - update dhclient profile
    - allow skype to read @{PROC}/@{pid}/net/dev (boo#939568)
    - and some other small updates
  - drop upstreamed apparmor-winbindd-r3213.diff (included in the
    upstream-profile-updates patch)
* Sun Sep 13 2015
  - netstat moved to net-tools-deprecated in Tumbleweed (boo#944904)
* Thu Jul 30 2015
  - add apparmor-winbindd-r3213.diff - add missing k permissions for
    /etc/samba/smbd.tmp/msg/* in winbindd profile (boo#921098 #c15..19)
* Thu Jul 23 2015
  - add fix-initscript-aa_log_end_msg.diff - fixes ugly initscript
    output (boo#862170)
* Thu Jul 16 2015
  - update to AppArmor 2.10 (trunk r3205)
    - profile names can now contain variables
    - improved profile compile time in apparmor_parser
    - lots of improvements, refactoring and bugfixes in the aa-* tools
    - new apis for managing and loading profile caches into the kernel in
    - lots of profile updates
    - see for the
      complete changelog with more details
  - add new apparmor_private.h and the aa_query_label(2), aa_features(3),
    aa_kernel_interface(3), aa_policy_cache(3), aa_splitcon(3) manpages
    to libapparmor-devel
  - drop apparmor-2.5.1-edirectory-profile patch - it's most probably
    no longer needed (see boo#621394 for details)
  - drop upstreamed samba-4.2-profiles.diff
  - refresh apparmor-samba-include-permissions-for-shares.diff
* Mon Jun 15 2015
  - systemd-rpm-macros and %systemd_requires were at the wrong place,
    move them to the parser package (boo#931792)
* Fri Apr 24 2015
  - update to AppArmor 2.9.2 (2.9 branch r2911)
    - lots of bugfixes in the parser and the aa-* tools (including
    - update dovecot and dnsmasq profiles and several abstractions
      (including boo#911001)
    - see for the
      full changelog
  - remove upstream(ed) patches apparmor-changes-since-2.9.1.diff and
  - replace GPG key with new AppArmor GPG signing key, see
* Fri Apr 17 2015
  - make sure %service_del_postun doesn't call systemctl try-restart
    (boo#853019, bare systemd edition)
  - add samba-4.2-profiles.diff: update samba (winbindd and nmb)
    profiles for samba 4.2 (boo#921098, boo#923201)
* Sun Apr 12 2015
  - only install apparmor.service for openSUSE > 13.2
* Wed Apr 01 2015
  - Add a native systemd unit which *at the moment* only
    wraps/masks the early boot script.
* Tue Feb 24 2015
  - add apparmor-fix-stl-ostream.diff which fixes odd uses of
    std::ostream which are not valid.  Fixes build with GCC 5
* Fri Feb 20 2015
  - allow to run /usr/bin/unzip-plain (boo#906858)
* Thu Feb 12 2015
  - add Requires: python3 to python3-apparmor package - readline isn't
    part of python3-base (boo#917577)
* Tue Jan 20 2015
  - add apparmor-changes-since-2.9.1.diff with upstream fixes since the
    2.9.1 release
    - update to support changed syslog format (lp#1399027)
    - update usr.sbin.dovecot and usr.lib.dovecot.imap{, -login} profiles
    - update the mysqld profile
    - fix network rule description in apparmor.d(5) manpage
  - drop upstreamed dnsmasq-profile-fixes.patch
  - update expired GPG key
* Thu Jan 01 2015
  - update to AppArmor 2.9.1 (2.9 branch r2831)
    - fix log parsing for 3.16 kernels and syslog-style logs (boo#905368)
    - several fixes and performance improvements in the aa-* utils
    - profile updates for dnsmasq (boo#907870), nscd (boo#904620#c14 and
      bnc#908856), useradd, sendmail, man and passwd
    - see
      for full release notes
  - refresh dnsmasq-profile-fixes.patch
* Mon Dec 22 2014
  - Fix dnsmasq profile to allow executing bash to run the --dhcp-script
    argument. Also fixed /usr/lib -> /usr/{lib,lib64} to get libvirt
    leasehealper script to run even on x86_64.
    dnsmasq-profile-fixes.patch. boo#911001
* Sun Dec 21 2014
  - rename profile file to to match the
    script filename
* Wed Dec 10 2014
  - add apparmor-lessopen-profile.patch: /usr/bin/ needs
    confinement. bnc#906858
* Sun Nov 16 2014
  - delete cache in apparmor-profiles %post (workaround for
    bnc#904620#c8 / lp#1392042)
* Fri Nov 14 2014
  - No longer perform gpg validation; osc source_validator does it
    + Drop gpg-offline BuildRequires.
    + No longer execute gpg_verify.
* Sun Nov 09 2014 Led <>
  - fix bashism in post script
* Sat Oct 18 2014
  - update to AppArmor 2.9.0 (r2759)
    - change aa-mergeprof to the final commandline syntax
    - lots of bugfixes in the aa-* tools (bnc#900163, lp#1328707 and several
      bugs without a formal bugreport)
    - small additions to gnome,, ubuntu-browsers.d/java
      and user-mail abstractions
    - fix mod_apparmor to not break basic auth
    - update perl modules to support signal, unix and ptrace rules (bnc#900013)
    - don't warn about rules not supported by the kernel
    - fix logging of "audit capability" (lp#1378091)
    - add support for the "hat" keyword in apparmor.vim
    - build html version of apparmor.vim manpage again (lp#1366572)
    - see also
  - update apparmor-abstractions-no-multiline.diff
  - remove upstreamed apparmor-profiles-ntpd-pid-location.diff
* Fri Oct 10 2014
  - add apparmor-abstractions-no-multiline.diff: change all multiline
    rules into one line. Needed for yast2-apparmor (bnc#900013)
* Mon Oct 06 2014
  - add apparmor-profiles-ntpd-pid-location.diff to cover new ntpd pid
    location (bnc#899746)
* Sun Oct 05 2014
  - update to AppArmor 2.8.97 (aka 2.9 beta3 aka r2721)
    - several bugfixes in python and C tools
    - rename "__unused" to "unused" in apparmor_parser to fix compilation
      on openSUSE <= 13.1 x86_64 (bnc#895495)
    - usr.lib.dovecot.auth profile: allow access to auth-token-secret.dat
    - various small profile improvements
    - update and add several testcases
  - drop upstreamed patch apparmor-profiles-dnsmasq-iface-mtu.patch
  - re-number remaining patches
* Sun Sep 28 2014
  - split apparmor-profiles package into -profiles and -abstractions
* Sat Sep 06 2014
  - update to AppArmor 2.8.96 (aka 2.9 beta2 aka r2652)
    - add unix abstract sockets, ptrace, and signal policy generation
    - several bugfixes in the python tools and elsewhere
    - move program-chunks/postfix-common to abstractions/
    - drop upstreamed patches:
    - apparmor-profiles-clustered-samba.diff
    - perl-apparmor-fix-bare-network-keyword-handling.diff
    - perl-apparmor-handle-bare-capability-keyword.diff
    - perl-apparmor-properly-handle-bare-file-keyword.diff
  - re-enable installation of perl modules
  - move python modules to python3-apparmor package
  - create symlinks without aa- prefix only for tools existing in 2.8.x,
    but not for new tools added in 2.9
  - make utils filelist explicit to ensure we have the right set of files
    without aa- prefix in sbindir
  - switch easyprof python module location to python3
  - drop unused defines APPARMOR_DOC_DIR and JNI_SO
  - refresh patches:
    - apparmor-utils-string-split (file moved)
    - apparmor-profiles-dnsmasq-iface-mtu.patch
    - apparmor-2.5.1-edirectory-profile
* Fri Sep 05 2014
  (prepared Thu Mar 20 23:35:03 UTC 2014 in home project)
  - update to AppArmor 2.8.95 (aka 2.9 beta1)
    - complete rewrite of the aa-* tools in python
    - new tools: aa-cleanprof, aa-mergeprof
    - extra profiles moved to /usr/share/apparmor/extra-profiles/ (bnc#713647)
    - and much more, but there's no upstream changelog yet
  - drop upstreamed patches and files:
    - usr.sbin.winbindd
    - usr.lib.dovecot.*, tunables-dovecot, apparmor-profiles-dovecot-bnc851984.diff
    - apparmor-2.8.2-nm-dnsmasq-config.patch
  - add %bcond_with perl and disable the perl subpackage temporarily (the perl
    modules will be back in beta2)
  - drop the apparmorapplet-gnome, apparmor-dbus and profile-editor subpackages
    (they were disabled since a long time, and upstream no longer ships their code)
    and the apparmor-profile-editor.desktop and apparmor-profile-editor.png files
  - drop apparmor-utils-subdomain-compat patch (was only included for <= 12.1)
  - remove libimmunix Provides/Obsoletes (libimmunix was a compat wrapper
    and got finally dropped)
  - refresh apparmor-samba-include-permissions-for-shares.diff and
* Thu Sep 04 2014
  - add apparmor-profiles-dnsmasq-iface-mtu.patch to allow dnsmasq
    read access to interface mtu in
* Mon Aug 11 2014
  - usr.lib.dovecot.auth: add '/etc/dovecot/* r' to allow reading
    plaintext password files (bnc#874094)
* Thu Jul 31 2014
  - Rename rpmlintrc to %{name}-rpmlintrc.
    Follow the packaging guidelines.
* Wed Jul 30 2014
  - add perl-apparmor-fix-bare-network-keyword-handling.diff:
    perl-apparmor: Fix handling of network (or network all) (bnc#889650)
  - add perl-apparmor-handle-bare-capability-keyword.diff:
    perl-apparmor: Fix handling of capability keyword (bnc#889651)
  - add perl-apparmor-properly-handle-bare-file-keyword.diff:
    perl-apparmor: Properly handle bare file keyword (bnc#889652)
* Thu Jul 03 2014
  - add apparmor-profiles-clustered-samba.diff to permit clustered Samba
    access to CTDB socket and databases (bnc#885317)
* Wed Jul 02 2014
  - fix problems with dovecot and managesieve
    * usr.lib.dovecot.managesieve-login: network inet6 stream
    * usr.lib.dovecot.managesieve:
      +#include <tunables/dovecot>
      /usr/lib/dovecot/managesieve {
      [#]include <abstractions/base>
      +  capability setgid,
      +  capability setuid,
      +  network inet stream,
      +  network inet6 stream,
      +  @{DOVECOT_MAILSTORE}/ rw,
      +  @{DOVECOT_MAILSTORE}/** rwkl,
* Fri Jun 27 2014
  - add #include <abstractions/wutmp> to usr.lib.dovecot.auth
* Tue Apr 01 2014
  - update usr.sbin.winbindd profile (bnc#870607)
    - restrict rw access to /var/cache/krb5rcache/ instead /var/tmp/
* Fri Mar 28 2014
  - update usr.sbin.winbindd profile (bnc#870607)
    - treat passdb.tdb.tmp as passdb.tdb
    - allow rw access to /var/tmp/
* Thu Mar 20 2014
  - add Recommends: libnotify-tools to apparmor-utils (aa-notify -p
    needs notify-send)
* Mon Feb 17 2014
  - update to AppArmor 2.8.3 (r2122) bugfix release
    - fix some cache clearing bugs in apparmor_parser
    - various fixes in mod_apparmor
    - several profile updates, most of them were already included as patches
      (except abstractions/winbind (bnc#863226), abstractions/fonts and
    - see for all details
  - update partially upstreamed apparmor-2.8.2-nm-dnsmasq-config.patch
  - remove upstream(ed) patches
    - apparmor-2.8.2-fix-ntpd-profile.diff
    - apparmor-abstractions-r2089-r2090.diff
    - apparmor-abstractions-ssl_certs.diff
    - apparmor-fix-url-in-manpages-r2093.diff
    - apparmor-no-perl-smartmatch-r2088.diff
    - apparmor-profiles-dnsmasq.diff
    - apparmor-profiles-ntpd-r2103.diff
    - apparmor-profiles-samba-create-dirs.diff
    - apparmor-profiles-samba4.diff
    - apparmor-unconfined-lang-r2094.diff
    - apparmor-utils-po-de-r2091.diff
* Sat Feb 01 2014
  - use current ruby macros, the rb_sitearch is obsolete since at least
* Sun Jan 26 2014
  - update apparmor-2.8.2-nm-dnsmasq-config.patch - allow access to pid file
    and supplemental config directory (by develop7)
  - update apparmor-profiles-dovecot-bnc851984.diff:
    - do not add access to @{DOVECOT_MAILSTORE} - not required by the main binary
    - add abstractions/mysql
    - allow execution of some more /usr/lib/dovecot/* binaries
    - better restrict access to /var/spool/postfix/private/
  - update usr.lib.dovecot.auth to allow to read mysql config files
  - update usr.lib.dovecot.dict and usr.lib.dovecot.lmtp:
    add abstractions/nameservice instead of allowing more and more files
* Sun Jan 19 2014
  - add Recommends: net-tools to apparmor-utils (needed by aa-unconfined)
  - update usr.lib.dovecot.lmtp (add /proc/*/mounts, /tmp/dovecot.lmtp.*,
    /{var/,}run/dovecot/mounts, deny capability block_suspend)
* Fri Jan 17 2014
  - add apparmor-2.8.2-nm-dnsmasq-config.patch - allow dnsmasq read config
    created by recent NetworkManager (see
    for update details)
* Sat Jan 04 2014
  - add apparmor-profiles-samba-create-dirs.diff to allow samba to
    mkdir /var/run/samba and /var/cache/samba (bnc#856651)
  - add abstractions/samba to usr.sbin.winbindd profile
  - add capabilities ipc_lock and setuid to usr.sbin.winbindd profile (bnc#851131)
  - update dovecot profiles to support dovecot 2.x, and add profiles for
    the parts of dovecot that were not covered yet (bnc#851984)
    NOTE: Please adjust /etc/apparmor.d/tunables/dovecot to your needs.
    (apparmor-profiles-dovecot-bnc851984.diff, usr.lib.dovecot.*)
  - %restart_on_update (in parser %postun) is "translated" to stop/start by
    the systemd wrapper, which removes AppArmor protection from running
    processes. Fixed by using a custom script instead (bnc#853019)
    NOTE: The %postun from the previously installed apparmor-parser package
    will remove AppArmor protection from running processes a last time.
    Run aa-status to get a list of processes you need to restart, or reboot
    your computer.
  - reload profiles in %post of the apparmor-profiles package
* Mon Nov 25 2013
  - add apparmor-abstractions-ssl_certs.diff to allow access to
    certificates in /var/lib/ca-certificates/ (bnc#852018)
* Thu Nov 14 2013
  - add apparmor-profiles-ntpd-r2103.diff with updated driftfile
    location for ntpd (bnc#850374)
* Sat Nov 02 2013
  - apparmor-profiles-samba4.diff, usr.sbin.winbindd: some more profile
    updates for samba 4.x and kerberos (bnc#846586#c12 and #c15)
* Wed Oct 30 2013
  - add apparmor-profiles-dnsmasq.diff - add missing permissions for
    libvirt-generated files to dnsmasq profile (bnc#848215)
* Sun Oct 20 2013
  - apparmor-profiles-samba4.diff, usr.sbin.winbindd: some more profile
    updates for samba 4.x (bnc#846054#c5)
* Tue Oct 15 2013
  - add apparmor-profiles-samba4.diff - various profile additions for
    samba 4.x (bnc#845867, bnc#846054)
  - update usr.sbin.winbindd for samba 4.x (bnc#845867, bnc#846054)
* Sun Sep 29 2013
  - update to the final GSoC apparmor/
* Fri Sep 20 2013
  - add apparmor-fix-url-in-manpages-r2093.diff: fix URL in manpages
  - add apparmor-unconfined-lang-r2094.diff: fix aa-unconfined to work
    in all languages
* Mon Sep 16 2013
  - fix ntp by allowing read access to openssl.cnf
* Fri Sep 13 2013
  - add apparmor-utils-po-de-r2091.diff: fix some (mis)translations
* Thu Sep 12 2013
  - add apparmor-abstractions-r2089-r2090.diff (from upstream 2.8 branch)
    - p11-kit needs access to /usr/share/p11-kit/modules
    - allow reading /etc/machine-id in the dbus-session abstraction
  - add - make apparmor/ ready for
    the new tools developed in GSoC
* Fri Aug 23 2013
  - add apparmor-no-perl-smartmatch-r2088.diff: ~~ was marked as experimental
    in perl 5.18 again - use grep instead (upstream 2.8 branch r2088)
  - fix ruby requires
* Fri Aug 16 2013
  - update to AppArmor 2.8.2
    - several fixes for python3 compability
    - various profile improvements:
    - various additions to abstractions/fonts
    - move poppler's cMaps from gnome to fonts; gnome includes fonts
    - deny @{HOME}/.gnome2/keyrings/** to abstractions/private-files-strict
    - add read access to @{PROC}/sys/vm/overcommit_memory to abstractions/base
    - update pulseaudio directory and cookie file paths
    - add missing permissions to the nscd profile (bnc#807104)
    - deny capability block_suspend to nscd (bnc#807104)
    - MariaDB compatability in abstractions/mysql (bnc#798183)
    - see for all details
  - removed upstream(ed) patches
    - apparmor-abstractions-mysql-path.diff
    - apparmor-profiles-nscd.diff
    - apparmor-python3-r2052.diff
* Thu Aug 15 2013
  - swig for python3 is broken on openSUSE 12.2 - build python-apparmor
    (for python2) instead on 12.2
* Thu Aug 15 2013
  - add python3-apparmor subpackage (currently py2 OR py3 package can be
    build, but not both at the same time)
  - add upstream apparmor-python3-r2052.diff to fix various python3 issues
* Tue Jun 04 2013
  - Ruby 2.0 mkmf gets the path to ruby.h wrong (bnc#822277)
* Mon May 13 2013
  - do not package directories as %config - especially not as noreplace
* Tue Apr 23 2013
  - enable python and ruby subpackages (using %bcond_without)
  - update/fix paths in %files for python and ruby subpackages
* Tue Apr 02 2013
  - add Requires: insserv to parser package (needed by initscript)
* Tue Mar 05 2013
  - nscd profile: add missing permissions and deny capability block_suspend
    (bnc#807104, apparmor-profiles-nscd.diff)
* Sun Feb 17 2013
  - Add missing files to SRPM (bnc#777471)
* Sun Jan 13 2013
  - update abstractions/mysql with correct paths and add MariaDB paths
* Thu Jan 10 2013
  - update to AppArmor 2.8.1 (=2.8 branch r2069)
    Bugfix release,
    Most important changes are:
    - add various missing parts to profiles and abstractions
    - fix a possible x conflict with hats or child profiles in
    - fix and speedup stdin handling in aa-decode
    - various other bugfixes
    - add pkgconfig support to libapparmor
  - remove upstream(ed) patches
* Mon Dec 03 2012
  - verify tarball with gpg-offline
* Tue Sep 25 2012
  - fix directory flags for /etc/apparmor.d to be in sync between
    - parser and -profiles subpackage
* Fri Sep 21 2012
  - remove %stop_on_removal for no longer existing aaeventd (bnc#781564)
  - don't hide TeX output when building the parser and techdoc
* Thu Aug 09 2012
  - clear and update inconsistent profile cache (bnc#774529)
* Sun Aug 05 2012
  - abstractions/bash: update /bin/ls to also match /usr/bin/ls (usrMerge)
* Mon Jul 30 2012
  - Add required fonts for new TeXLive 2012
* Fri Jul 06 2012
  - update /bin/ping profile to also match /usr/bin/ping (usrMerge)
* Sat Jun 02 2012
  - update to AppArmor 2.8.0 (= r2047)
    - new utility aa-easyprof - templated profile generation tool (the resulting
      profile may be less strict than profiles generated with genprof/logprof)
    - various small bugfixes
  - removed upstreamed patches
* Tue May 08 2012
  - add apparmor-techdoc.patch to remove traces of the build time in PDF files
* Sat May 05 2012
  - update to AppArmor 2.8 beta5 (= 2.7.103 / r2031)
    - new utility aa-exec to confine a program with the specified AppArmor profile
    - add support for mount rules
    - see for full upstream
  - removed upstreamed and backported patches
  - remove outdated autobuild and "disable repo" patches that were disabled since
    the AppArmor 2.7 package
  - create the Immunix::SubDomain compat perl module only for openSUSE <= 12.1
    (bnc#720617 #c7)
* Mon Apr 16 2012
  - replace patch for dnsmasq profile with upstream patch (bnc#738905)
* Fri Apr 13 2012
  - add apparmor-r2022-log-parser-network-bnc755923.patch - logprof didn't
    create network rules because of changed log format (bnc#755923, lp#800826)
  - add profile for samba winbindd (bnc#748499)
* Fri Apr 06 2012
  - fix dnsmasq profile (bnc#738905)
* Thu Feb 09 2012
  - add 0001-fix-for-lp929531.patch to allow reading
    /sys/devices/system/cpu/online in abstractions/base (lp#929531)
* Tue Jan 31 2012
  - Update to AppArmor 2.7.2 (= 2.7 branch / r1894)
    - move various permissions from httpd2-prefork profile to
      abstractions/apache2-common. Backward-incompatible change: *.htaccess
      files are no longer allowed for ^HANDLING_UNTRUSTED_INPUT
    - allow access for more /usr/lib*/samba/ files for smbd (bnc#725967#c5)
    - allow various .conf files for dovecot (lp#458922)
    - disallow wl for *.so in @{HOME}/.pki/nssdb/ in abstractions/private-files
      and abstractions/private-files-strict (lp#911847)
    - update abstractions/kde, private-files* and ubuntu-browsers.d/user-files
      to use ~/.kde4, not only ~/.kde (bnc#741592)
    - block write access to ~/.kde{,4}/env in abstractions/private-files
    - allow write access for personal dictionary etc. in abstractions/aspell
    - when using genprof for a script, include read access to the script itsself
    - automatically include abstractions/python or abstractions/ruby for
      python/ruby scripts
    - add profile for smbldap-useradd and allow smbd to call it (bnc#738041)
    - allow creation of the .config directory in abstractions/enchant (lp#914184)
    - allow TFTP read-only access in dnsmasq profile (lp#905412)
    - allow capability dac_read_search for syslog-ng (bnc#731876)
    - add p11-kit abstraction and include it in abstractions/authentification
      (lp#912754, lp#912752)
    - add audacity to abstractions/ubuntu-media-players (lp#899963)
    - allow software-center, fireclam plugin, [tT]unar, exo-open, kate and
      /dev/nvidia* in abstractons/ubuntu-browsers.d/* (lp#662906, lp#562831,
      lp#890894, lp#890894, lp#884748)
    - fix typo for multiarch gconf-modules in abstractions/base (lp#904548)
    - allow avahi to do dbus introspection (lp#769148)
    - allow access to ~/.fonts.conf.d in abstractions/fonts (lp#870992)
    - allow transmission in abstractions/ubuntu-bittorrent-clients (lp#852062)
    - allow reading ~/.cups/client.conf and ~/.cups/lpoptions in
      abstractions/cups-client (lp#887992)
    - allow read access of /etc/python{2,3}.[0-7]*/ in
      abstractions/python (lp#860856)
    - various updates to the sshd profile (lp#817956)
    - (and some more changes I already included in the apparmor-2.7-branch.diff)
* Tue Jan 03 2012
  - Update to AppArmor 2.7.0 (= r1858)
    - make traceroute6 work (bnc#733312)
    - allow access to pyconfig.h in abstractions/python (lp#840734)
    - fix logprof/genprof for hex-encoded program filenames (= filenames
      containing space etc.)
  - add apparmor-2.7-branch.diff with some upstreamed fixes:
    - usr.sbin.smbd needs read access for /etc/netgroup (bnc#738041)
    - create /etc/apparmor.d/tunables/multiarch.d as directory, not as file
    - fix syntax error in abstractons/python
* Tue Nov 29 2011
  - changed a $ -> % (typo)
* Sat Nov 26 2011
  - package subdomain.conf only in -parser, not in -utils package
  - package and only in libapparmor-devel,
    not in libapparmor1
  - make Provides for perl-libapparmor versioned to avoid self-Obsoletes
  - move libapparmor.a and libimmunix.a from libapparmor1 to
    libapparmor-devel package
* Thu Nov 10 2011
  - update to AppArmor 2.7.0 rc2
    Most of the changes since rc1 were already included as patches.
    Additional changes:
    - fix logprof/genprof to recognize "mknod" in audit.log
    - fix libapparmor python bindings to compile with python 3
    - fix wrong status message in initscript if apparmor-utils are not installed
    - parser/Makefile: fix some warnings, always respect CXX and LDFLAGS
    - fix some warnings in utils/Makefile
  - remove 4 upstreamed patches
  - remove mkdir /etc/apparmor.d/disable - that's done by upstream Makefile now
  - update line numbers in 2 patches
* Tue Nov 01 2011
  - make abstractions/winbind working on 64bit systems
  - allow loading the libraries for samba "vfs objects" also on 32bit
    systems (bnc#725967)
* Wed Oct 26 2011
  - allow loading the libraries for samba "vfs objects" (bnc#725967)
* Wed Oct 19 2011
  - include autogenerated profile sniplet for samba shares (bnc#688040)
  - more helpful error message for "aa-notify -p" if the user is not in
    the configured group
* Thu Oct 13 2011
  - update to AppArmor 2.7.0 rc1
    - aa-notify: add --display option and warn if $DISPLAY is not set
      (important for usage with sudo on openSUSE)
    - fix syntax error on "rcapparmor stop"
    - allow read access to /proc/*/mounts in the dovecot profile
* Sun Oct 09 2011
  - add patch with upstream changes since 2.7.0 beta2 release
    - add example parser.conf
    - print warning if profile cache directory doesn't exist
    - remove initscript for no longer existing aa-eventd (bnc#720617)
    - set correct $HOME in aa-notify
  - enable caching of profiles (= massive speedup) (bnc#689458)
  - add comments for patches in .spec and comments in some patches
  - run spec-cleaner
* Fri Sep 30 2011
  - add libtool as buildrequire to make the spec file more reliable
* Fri Sep 16 2011
  - update to AppArmor 2.7.0 beta2
    - includes fixes for bnc#717707, bnc#678749, bnc#685674, bnc#679182,
      bnc#691072, bnc#705319, bnc#713728
  - add some missing perl module Requires to perl-apparmor
* Tue Sep 13 2011
  - update to AppArmor 2.7.0 beta1, for details see
  - removed lots of patches I pushed upstream
  - disabled apparmor-2.5.1-unified-build (patch to use automake,
    does not apply to 2.7 and probably won't be accepted upstream)
  - disabled build of tomcat_apparmor (doesn't build, deprecated upstream)
  - run spec-cleaner
  - remove *.la files
  - move usr.sbin.nscd profile back to apparmor-profiles package
* Wed Sep 07 2011
  - Update patch apparmor-profiles-usr.sbin.dnsmasq to include
    /var/lib/libvirt/dnsmasq/*.leases (bnc#694197).
* Mon Aug 22 2011
  - install compat module (bnc#713408)
* Wed Aug 03 2011
  - Update to 2.6.1.
    - One patch eliminated
    - Lots of minor fixes
    - Split out more common abstractions
  - Add check_for_apparmor() helper.
* Tue Aug 02 2011
  - dhcpd: Fix apparmor profile (bnc#692428)
* Tue Aug 02 2011
  - Add apparmor-securityfs-systemd.patch: do not mount securityfs
    when running under systemd, just access the directory, systemd
    will automount it (bnc#704460).
* Sun Jul 17 2011
  - Fixed typos in descriptions and summaries of apparmor.spec
* Fri Jun 24 2011
  - Fixed building of pam_apparmor to properly link libpam (bnc#696553).
  - Fixed building of apache2-mod_apparmor to properly link (bnc#701821).
* Tue Jun 21 2011
  - move the requires and prerequires to the right package
* Wed Apr 27 2011
  - make the -doc and -profiles subpackages noarch (again)
* Thu Mar 24 2011
  - Added alias from Immunix::SubDomain to Immunix:AppArmor to allow
    older users of perl-apparmor to work properly.
* Tue Mar 22 2011
  - Properly re-created links to old utility names.
* Mon Mar 14 2011
  - Added /etc/ethers and /var/run/dnsmasq-forwarders to
    usr.sbin.dnsmasq (bnc#678749)
* Mon Mar 14 2011
  - Update to 2.6.0
    - 19 patches eliminated
    - Lots of minor fixes.
    - Split out more common abstractions
    - Added more local includes
* Tue Mar 01 2011
  - Additional libvirt related fixes in usr.sbin.dnsmasq (bnc#675867)
* Thu Feb 24 2011
  - Added 'network packet raw' to dhclient profile.
* Tue Feb 22 2011
  - Add Requires for used perl packages (bnc#670650).
* Tue Jan 25 2011
  - Updated dhclient profile and added dhclient-script profile (bnc#561152).
* Tue Jan 25 2011
  - Added ability to completely disable repositories.
* Mon Jan 24 2011
  - Properly indent sub-profiles after genprof completion (bnc#480795).
* Mon Jan 24 2011
  - Inherit flags in sub-profiles when generating profiles (bnc#496204).
* Mon Jan 24 2011
  - Stop treating profiles shipped with the package as config files.
    - /etc/apparmor.d will still be treated specially.
  - Add support for parsing network operation events (bnc#665483)
* Sun Jan 23 2011
  - Fix for sbin.klogd profile using kernel versions >= 2.6.38-rc1.
* Sun Jan 23 2011
  - Update to apparmor-2.5 r1445.
    - Includes 3 of the fixes below.
    - Several testsuite fixes.
    - Update for Thunderbird profile.
* Fri Jan 21 2011
  - Add support for libvirt in usr.sbin.dnsmasq (bnc#666090)
* Tue Jan 18 2011
  - fix rm call for nscd profile to avoid file conflict
* Tue Jan 11 2011
  - profiles: Add openssl abstraction (bnc#623886).
* Tue Jan 11 2011
  - Added support for sys_nice to ntpd profile (bnc#657054).
* Mon Jan 10 2011
  - apparmor-utils: Support newer auditd formatted messages.
  - Fix two x transition conflict bugs. (bnc#662928)
* Thu Jan 06 2011
  - Splitted ldap related things from nameservice into separate
    profile and added some missing paths (bnc#662761)
* Wed Dec 22 2010
  - Fixed pod2man macros with older versions of GNU make
* Mon Dec 20 2010
  - Fixed building of perl and ruby SWIG modules. The former
    is required for apparmor-utils to work properly.
* Tue Dec 07 2010
  - Fixed use-after-free issue in apparmor_parser.
* Tue Dec 07 2010
  - Added fixes for logprof issuing uninitialized variable errors
    while encountering audit messages for unconfined processes.
* Wed Dec 01 2010
  - Updated cupsd profile (bnc#539401)
* Wed Dec 01 2010
  - Fix {proc} vs {PROC} macro usage in firefox profile (bnc#436262)
* Wed Dec 01 2010
  - Added support for eDirectory nameservice (bnc#621394)
* Wed Dec 01 2010
  - Fixed incorrect /proc/*/sys usage in usr.sbin.ntpd profile (bnc#634801)
* Wed Dec 01 2010
  - Added fix for another case of whitespace affecting profile
    removal (bnc#510740)
* Tue Nov 30 2010
  - Added support for unified build, which massively simplified
    the packaging.
* Mon Nov 15 2010
  - Fix for syslog-ng profile to allow upgrade to v3.2
  - add mysql support to syslog-ng profile
* Thu Oct 21 2010
  - Added support for enabling/disabling the module automatically
    during installation/removal (bnc#623246)
* Tue Oct 05 2010
  - Converted archive to tar.bz2.
* Tue Oct 05 2010
  - Updated to 2.5.1-final.
    - Lots of testcase updates.
* Fri Aug 27 2010
  - Initial packaging of AppArmor 2.5
    - Now contained in a single archive so built from a single spec file



Generated by rpm2html 1.8.1

Fabrice Bellet, Mon Nov 13 23:06:47 2017