Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
Name: pam_apparmor | Distribution: openSUSE Tumbleweed |
Version: 4.0.3 | Vendor: openSUSE |
Release: 1.3 | Build date: Tue Oct 1 22:11:06 2024 |
Group: Productivity/Security | Build host: reproducible |
Size: 70701 | Source RPM: apparmor-4.0.3-1.3.src.rpm |
Packager: http://bugs.opensuse.org | |
Url: https://gitlab.com/apparmor/apparmor/ | |
Summary: PAM module for AppArmor change_hat |
The pam_apparmor module provides the means for any PAM applications that call pam_open_session() to automatically perform an AppArmor change_hat operation in order to switch to a user-specific security policy.
GPL-2.0-only AND LGPL-2.1-or-later
* Tue Oct 01 2024 Christian Boltz <[email protected]> - add mesa-cachedir.diff: new cachedir in Mesa 24.2.2 * Fri Aug 23 2024 Christian Boltz <[email protected]> - update to AppArmor 4.0.3 - several small bugfixes - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_4.0.3 for the full release notes * Thu Aug 22 2024 [email protected] - remove dependency on /usr/bin/python3 using %python3_fix_shebang macro, [bsc#1212476] * Wed Jul 24 2024 Christian Boltz <[email protected]> - update to AppArmor 4.0.2 - bugfix release with lots of fixes in all areas - add new userns profiles for balena-etcher, chromium and wike - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_4.0.2 for the detailed upstream changelog - drop upstream(ed) patches: - aa-remove-unknown-fix-unconfined.diff - logprof-mount-empty-source.diff - plasmashell.diff - sampa-rpcd-witness.diff - sddm-xauth.diff - teardown-unconfined.diff - test-aa-notify.diff - tools-fix-redefinition.diff - utils-relax-mount-rules-2.diff - utils-relax-mount-rules.diff - refresh GPG key (was expired) * Tue Jun 25 2024 Christian Boltz <[email protected]> - add sampa-rpcd-witness.diff: allow samba-dcerpcd to execute rpcd_witness (boo#1225811) * Tue Jun 11 2024 Christian Boltz <[email protected]> - add logprof-mount-empty-source.diff: add support for mount rules with quoted paths and empty source (boo#1226031) * Tue Jun 04 2024 Christian Boltz <[email protected]> - add sddm-xauth.diff - sddm uses a new path for xauth (boo#1223900) - add plasmashell.diff - fix QtWebEngineProcess path to prevent a crash in plasmashell (boo#1225961) * Thu May 30 2024 Guillaume GARDET <[email protected]> - Also exclude podman profile - boo#1225608 * Wed May 29 2024 Fabian Vogt <[email protected]> - Exclude the crun profile in addition to runc * Tue May 28 2024 Christian Boltz <[email protected]> - add utils-relax-mount-rules.diff and utils-relax-mount-rules-2.diff: Relax handling of mount rules in utils to avoid errors when parsing valid profiles - add teardown-unconfined.diff to fix aa-teardown for 'unconfined' profiles (boo#1225457) * Tue May 28 2024 Christian Boltz <[email protected]> - exclude runc profile until updated runc packages (including updated profile with "signal peer=runc") have arrived * Sat May 25 2024 Christian Boltz <[email protected]> - add aa-remove-unknown-fix-unconfined.diff to fix aa-remove-unknown for 'unconfined' profiles (boo#1225457) - set permissions for %ghost files (boo#1223578) * Fri May 24 2024 Christian Boltz <[email protected]> - fix bashism in %post profiles * Sun May 05 2024 Christian Boltz <[email protected]> - Update to AppArmor 4.0.1 Too many changes to list them here. See https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_4.0.1 for the detailed upstream release notes - add tools-fix-redefinition.diff: fix redefinition of _ in tools - add test-aa-notify.diff: relax test-aa-notify to avoid a mismatch with argparse on Leap 15.5 - drop upstreamed patches: - apparmor-abstractions-openssl-allow-version-specific-en.patch - dovecot-unix_chkpwd.diff - smbd-unix_chkpwd.diff - apparmor-lessopen-profile.patch: update lessopen profile to abi/4.0 - mark local/* as %ghost so that these dummy files don't get installed anymore (changed existing local/files will be kept, unchanged files will be deleted) - switch to gitlab tarballs (without pregenerated libapparmor configure script and prebuilt techdoc.pdf) - run libapparmor autogen.sh (needs additional BuildRequires autoconf, autoconf-archive, automake and libtool) - no longer package techdoc.pdf - old documentation, not worth the texlive BuildRequires we would need to build it - drop old (up to 2.12) cache location /var/lib/apparmor/ and the /etc/apparmor.d/cache symlink pointing to it - drop apparmor-samba-include-permissions-for-shares.diff - no longer needed, update-apparmor-samba-profile in Tumbleweed works without a pre-existing local/usr.sbin.smbd-shares file - drop ruby-2_0-mkmf-destdir.patch - this ancient patch doesn't change a single bit in the resulting build (anymore?) - drop apparmor-lessopen-nfs-workaround.diff - no longer needed since Kernel 6.0 (see https://bugs.launchpad.net/bugs/1784499) - drop ancient, unused update-trans.sh * Fri Apr 05 2024 Atri Bhattacharya <[email protected]> - Use full URLs for source tarball and signature. * Fri Mar 01 2024 Christian Boltz <[email protected]> - Remove workaround for boo#853019 in %postun parser - apparmor.service contains a more safe workaround. This also fixes boo#1220708 (missing daemon-reload). * Tue Feb 27 2024 Noel Power <[email protected]> - Add smbd-unix_chkpwd.diff to allow smbd to execute unix_chkpwd and fix other pam related denies; (boo#1220032). * Mon Feb 26 2024 Ludwig Nussel <[email protected]> - Fix systemd userdb access in unix-chkpwd * Tue Feb 20 2024 Dominique Leuenberger <[email protected]> - Use %patch -P N instead of deprecated %patchN. * Tue Feb 20 2024 David Disseldorp <[email protected]> - Only run utils and profiles make check if kernel LSM is enabled (bsc#1220084) * Thu Feb 08 2024 David Disseldorp <[email protected]> - Add apparmor-abstractions-openssl-allow-version-specific-en.patch to allow version specific engdef & engines openssl paths (boo#1219571) * Mon Feb 05 2024 Christian Boltz <[email protected]> - Update to AppArmor 3.1.7 - aa-logprof: don't skip exec events in hats - fix aa-cleanprof to work with named profiles - add permissions in various abstractions - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.7 for the full list of changes - drop upstreamed apparmor-systemd-sessions.patch * Mon Jan 29 2024 Christian Boltz <[email protected]> - Add dovecot-unix_chkpwd.diff to allow dovecot-auth to execute unix_chkpwd, and add a profile for unix_chkpwd. This is needed for PAM 1.6 (boo#1219139) - Refresh apparmor.keyring - the key was renewed * Wed Nov 08 2023 Christian Boltz <[email protected]> - Actually apply the previously added patch for bsc#1216878 * Wed Nov 08 2023 Julio Gonzalez Gil <[email protected]> - Add apparmor-systemd-sessions.patch to allow read access to /run/systemd/sessions/ (bsc#1216878) * Mon Sep 25 2023 David Disseldorp <[email protected]> - Fix pam_apparmor %post and %postun scripts to handle pam-config errors (bsc#1215596) * Tue Jul 25 2023 David Disseldorp <[email protected]> - Add pam_apparmor README, referenced from online cha-apparmor-pam.html documentation (bsc#1213472) * Thu Jun 22 2023 Christian Boltz <[email protected]> - update to AppArmor 3.1.6 (jsc#PED-5600) - fix regression in mount rules (boo#1211989) - some additions to the base and authentification abstractions - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.6 for the full upstream changelog * Sun Jun 11 2023 Christian Boltz <[email protected]> - update to AppArmor 3.1.5 - fix handling of mount rules in apparmor_parser - minor additions to abstractions/base and snap_browsers - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.5 for the full upstream changelog - remove upstreamed aa-status-fix-json-mr1046.patch - split off apparmor-enable-precompiled-cache.diff from apparmor-enable-profile-cache.diff so that the precompiled cache path doesn't get added in parser.conf for Tumbleweed builds. This prevents a warning about the non-existing directory when loading profiles. * Tue Jun 06 2023 Christian Boltz <[email protected]> - fix aa-status --json output (aa-status-fix-json-mr1046.patch, boo#1211980#c12) * Mon May 29 2023 Christian Boltz <[email protected]> - update to AppArmor 3.1.4 - parser: fix mount rules encoding (CVE-2016-1585) - aa-logprof: fix error when choosing named exec with plain profile names - aa-status: fix json output - several fixes for profiles and abstractions - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.4 for the full upstream changelog * Thu May 04 2023 Frederic Crozat <[email protected]> - Add _multibuild to define additional spec files as additional flavors. Eliminates the need for source package links in OBS. * Tue Feb 28 2023 Christian Boltz <[email protected]> - update to AppArmor 3.1.3 - add support for more audit.log formats in libapparmor - add abstractions/groff (boo#1065388) - various additions in abstractions and profiles - several bug fixes in parser and utils - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.3 for the detailed upstream changelog - drop upstreamed patches: - abstractions-openssl-1_1.diff - dnsmasq-cpu-possible.diff - nscd-systemd-userdb.diff * Mon Feb 06 2023 Christian Boltz <[email protected]> - add abstractions-openssl-1_1.diff: allow to read /etc/ssl/openssl-1_1.cnf in abstractions/openssl (boo#1207911) * Mon Jan 30 2023 Christian Boltz <[email protected]> - add nscd-systemd-userdb.diff: allow nscd to read systemd-userdb (boo#1207698) * Tue Dec 27 2022 Ludwig Nussel <[email protected]> - Replace transitional %usrmerged macro with regular version check (boo#1206798) * Fri Dec 23 2022 Samuel Cabrero <[email protected]> - Add samba-4-17.patch to update the samba profiles for samba version 4.17 (bsc#1206626); - samba-4-17.patch superseded by upstream merge: https://gitlab.com/apparmor/apparmor/-/merge_requests/926 * Tue Nov 22 2022 Christian Boltz <[email protected]> - update to AppArmor 3.1.2 - lots of cleanups, improvements and bugfixes in all areas - rework internal profile storage and handling in the aa-* tools - support boolean variable definitions in the aa-* tools - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.1 and https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.2 for the detailed upstream changelog - remove upstream(ed) patches: - apparmor-3.0.7-egrep.patch - dnsmasq.diff - profiles-permit-php-fpm-pid-files-directly-under-run.patch - zgrep-profile-mr870.diff - no longer ship precompiled profile cache for Tumbleweed (boo#1205659) - BuildRequire iproute2 (needed for aa-unconfined tests) * Sun Sep 04 2022 Andreas Stieger <[email protected]> - aa-decode: use grep -E instead of deprecated egrep (boo#1203092) add apparmor-3.0.7-egrep.patch * Sun Aug 28 2022 Christian Boltz <[email protected]> - update to AppArmor 3.0.7 - fix setuptools version detection in buildpath.py - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.7 for the detailed upstream changelog - add dnsmasq-cpu-possible.diff: allow reading /sys/devices/system/cpu/possible in dnsmasc//libvirt-leaseshelper profile (boo#1202849) * Fri Aug 26 2022 David Disseldorp <[email protected]> - add profiles-permit-php-fpm-pid-files-directly-under-run.patch https://gitlab.com/apparmor/apparmor/-/merge_requests/914 (bsc#1202344) * Fri Aug 19 2022 Ben Greiner <[email protected]> - skip code linting for packaging * removes pyflakes from the build requirements and thus Ring1 * see also https://gitlab.com/apparmor/apparmor/-/issues/121 * Mon Aug 08 2022 Christian Boltz <[email protected]> - add dnsmasq.diff: missing r permissions for dnsmasq//libvirt-leaseshelper (boo#1202161) * Mon Aug 01 2022 Christian Boltz <[email protected]> - update to AppArmor 3.0.6 - fix LTO build in the parser - remove dbus deny rule in abstractions/exo-open - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.6 for the detailed upstream changelog - drop upstream patch dirtest-sort-mr900.diff * Mon Jul 25 2022 Christian Boltz <[email protected]> - update to AppArmor 3.0.5 - several additions to profiles and abstractions - bugfixes in parser and utils - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.5 for the detailed upstream changelog - remove upstream(ed) patchs: - apparmor-setuptools61-mr897.patch - dovecot-profiles-boo1199535-mr881.diff - php8-fpm-mr876.patch - python310-help-mr848.patch - samba-new-dcerpcd.patch - samba_deny_net_admin.patch - update-samba-bgqd.diff - update-usr-sbin-smbd.diff - apparmor-samba-include-permissions-for-shares.diff: remove upstreamed part - add dirtest-sort-mr900.diff to fix random test failures - change apache-extra-profile-include-if-exists.diff to the post-mv path (new quilt executes mv) - stop disabling lto (fixed upstream) (boo#1133091) - package profile-load script in -parser * Fri Jul 15 2022 Ben Greiner <[email protected]> - Add apparmor-setuptools61-mr897.patch https://gitlab.com/apparmor/apparmor/-/merge_requests/897 - Add buildtime dependencies on python-rpm-macros and setuptools * Tue Jun 28 2022 Christian Boltz <[email protected]> - update zgrep-profile-mr870.diff: allow zgrep to execute egrep and fgrep (poo#113108) * Sun May 15 2022 Christian Boltz <[email protected]> - add dovecot-profiles-boo1199535-mr881.diff: update dovecot profiles for latest dovecot (boo#1199535) * Wed May 11 2022 Noel Power <[email protected]> - Update samba-new-dcerpcd.patch for aarch64 which needs some additional rules; (bnc#1198309). * Sun May 08 2022 Ben Greiner <[email protected]> - Add python310-help-mr848.patch so that Tumbleweed can switch python3 to Python 3.10 (https://gitlab.com/apparmor/apparmor/-/merge_requests/848) * Fri Apr 29 2022 Christian Boltz <[email protected]> - add php8-fpm-mr876.patch so that php8 php-fpm can read its config (boo#1186267#c11) - parser: add conflict with apparmor-utils < 3.0 to avoid aa-status file conflict on upgrade (boo#1198958) - utils: add missing dependency on apparmor-parser (boo#1198958#c4) * Wed Apr 27 2022 Dominique Leuenberger <[email protected]> - Enhance zgrep-profile-mr870.diff to also allow/support zstd (boo#1198922). * Sat Apr 16 2022 Christian Boltz <[email protected]> - update zgrep-profile-mr870.diff to allow executing 'expr' (boo#1198531) * Wed Apr 13 2022 Noel Power <[email protected]> - Add samba-new-dcerpcd.patch, samba-4.16 has a new dcerpcd daemon which now will spawn new additional services on demand. We need to modify the existing smbd/winbind profiles and additionally add a new set of profiles to cater for the new functionality; (bnc#1198309); * Mon Apr 11 2022 Noel Power <[email protected]> - Add samba_deny_net_admin.patch to add new rule to deny noisy setsockopt calls from systemd; (bnc#1196850). * Sun Apr 10 2022 Christian Boltz <[email protected]> - add profile for zgrep and xzgrep to prevent CVE-2022-1271 (zgrep-profile-mr870.diff) * Tue Mar 29 2022 Christian Boltz <[email protected]> - ensure precompiled cache files are newer than (text) profiles - reload profiles in %posttrans instead of %post to ensure both - profiles and -abstractons package are updated before the cache in /var/cache/apparmor/ gets built (boo#1195463 #c20) * Thu Mar 24 2022 Noel Power <[email protected]> - Add update-samba-bgqd.diff to add new rule to fix 'DENIED' open on /proc/{pid}/fd for samba-bgqd (bnc#1196850). - Add update-usr-sbin-smbd.diff to add new rule to allow reading of openssl.cnf (bnc#1195463). * Thu Feb 10 2022 Christian Boltz <[email protected]> - update to AppArmor 3.0.4 - various fixes in profiles, abstractions, apparmor_parser and utils (some of them were already included as patches) - add support for mctp address family - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.4 for the full upstream changelog - remove upstream(ed) patches: - aa-notify-more-arch-mr809.diff - ruby-3.1-build-fix.diff - add-samba-bgqd.diff - openssl-engdef-mr818.diff - profiles-python-3.10-mr783.diff - update-samba-abstractions-ldb2.diff - refresh patches: - apparmor-samba-include-permissions-for-shares.diff - ruby-2_0-mkmf-destdir.patch * Wed Jan 26 2022 Christian Boltz <[email protected]> - add ruby-3.1-build-fix.diff: fix build with ruby 3.1 (boo#1194221, MR 827) * Mon Jan 17 2022 Samuel Cabrero <[email protected]> - add update-samba-abstractions-ldb2.diff: Cater for changes to ldb packaging to allow parallel installation with libldb (bsc#1192684). * Mon Dec 20 2021 Noel Power <[email protected]> - Modify add-samba-bgqd.diff: Add new rule to fix new "DENIED operation="file_mmap" violation in SLE15-SP4; (bsc#1192336). * Sun Dec 19 2021 Christian Boltz <[email protected]> - add openssl-engdef-mr818.diff: Allow reading /etc/ssl/engdef.d/ and /etc/ssl/engines.d/ in abstractions/openssl which were introduced with the latest openssl update * Tue Nov 09 2021 Christian Boltz <[email protected]> - add aa-notify-more-arch-mr809.diff: Add support for reading s390x and aarch64 wtmp files (boo#1181155) * Fri Oct 15 2021 Christian Boltz <[email protected]> - add add-samba-bgqd.diff: add profile for samba-bgqd (boo#1191532) * Sat Sep 18 2021 Christian Boltz <[email protected]> - lessopen.sh profile: allow reading files that live on NFS over UDP (added to apparmor-lessopen-nfs-workaround.diff) (boo#1190552) * Wed Aug 11 2021 Christian Boltz <[email protected]> - add profiles-python-3.10-mr783.diff: update abstractions/python and profiles for python 3.10 * Sat Aug 07 2021 Christian Boltz <[email protected]> - update to AppArmor 3.0.3 - fix a failure in the parser tests - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.3 for the detailed upstream changelog * Fri Aug 06 2021 Christian Boltz <[email protected]> - update to AppArmor 3.0.2 - add missing permissions to several profiles and abstractions (including boo#1188296) - bugfixes in utils and parser (including boo#1180766 and boo#1184779) - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.2 for the detailed upstream changelog - remove upstreamed patches: - apparmor-dovecot-stats-metrics.diff - abstractions-php8.diff - crypto-policies-mr720.diff * Thu Jul 15 2021 Michael Ströder <[email protected]> - added apparmor-dovecot-stats-metrics.diff to allow Prometheus metrics end-point * Mon Jun 07 2021 Christian Boltz <[email protected]> - move Requires: python3 back to the python3-apparmor subpackage - readline usage is in the python modules, not in apparmor-utils * Tue May 25 2021 Matej Cepl <[email protected]> - Remove python symbols (python means currently python2), work only with python3 ones (fallout from bsc#1185588). * Fri May 21 2021 Christian Boltz <[email protected]> - add abstractions-php8.diff to support PHP8 in abstractions/php (boo#1186267) * Tue Apr 27 2021 Christian Boltz <[email protected]> - add crypto-policies-mr720.diff to allow reading crypto policies in abstractions/ssl_certs (boo#1183597) * Sat Mar 27 2021 Christian Boltz <[email protected]> - replace %{?systemd_requires} with %{?systemd_ordering} to avoid dragging in systemd into containers just because apparmor-parser ships a *.service file * Thu Feb 11 2021 Christian Boltz <[email protected]> - merge libapparmor.changes into apparmor.changes * Mon Feb 08 2021 Ludwig Nussel <[email protected]> - avoid file listed twice error * Tue Feb 02 2021 Christian Boltz <[email protected]> - define %_pamdir for <= 15.x to fix the build on those releases * Fri Jan 22 2021 Christian Boltz <[email protected]> - add apache-extra-profile-include-if-exists.diff: make <apache2.d> include in apache extra profile optional to avoid problems with empty profile directory (boo#1178527) * Wed Jan 13 2021 Ludwig Nussel <[email protected]> - prepare usrmerge (boo#1029961) * use %_pamdir
/usr/lib64/security/pam_apparmor.so /usr/share/doc/packages/pam_apparmor /usr/share/doc/packages/pam_apparmor/README
Generated by rpm2html 1.8.1
Fabrice Bellet, Tue Dec 3 00:04:39 2024