Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

pam_apparmor-32bit-4.1.2-2.1 RPM for x86_64

From OpenSuSE Tumbleweed for x86_64

Name: pam_apparmor-32bit Distribution: openSUSE Tumbleweed
Version: 4.1.2 Vendor: openSUSE
Release: 2.1 Build date: Sun Oct 19 12:41:36 2025
Group: Productivity/Security Build host: reproducible
Size: 13652 Source RPM: apparmor-4.1.2-2.1.src.rpm
Packager: https://bugs.opensuse.org
Url: https://gitlab.com/apparmor/apparmor/
Summary: PAM module for AppArmor change_hat
The pam_apparmor module provides the means for any PAM applications
that call pam_open_session() to automatically perform an AppArmor
change_hat operation in order to switch to a user-specific security
policy.

Provides

Requires

License

GPL-2.0-only AND LGPL-2.1-or-later

Changelog

* Sun Oct 19 2025 Christian Boltz <suse-beta@cboltz.de>
  - add dovecot24-part3-mr1822.diff: allow writing /tmp/doveconf.* in
    more dovecot profiles
* Sun Oct 05 2025 Christian Boltz <suse-beta@cboltz.de>
  - update to AppArmor 4.1.2
    - several fixes (including boo#1246743)
    - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_4.1.2
      for the detailed upstream changelog
  - remove upstream(ed) patches:
    - dovecot24.diff
    - xkeyboard.diff
* Fri Aug 01 2025 Christian Boltz <suse-beta@cboltz.de>
  - add dovecot24-part2.diff: more dovecot 2.4 permissions (boo#1247470)
* Fri Jul 18 2025 Christian Boltz <suse-beta@cboltz.de>
  - add xkeyboard.diff to allow reading /usr/share/xkeyboard-config-2/
    via abstractions/X (boo#1246743)
* Fri Jul 18 2025 Christian Boltz <suse-beta@cboltz.de>
  - add kerberosclient-usrmerge.diff to allow reading
    /usr/etc/krb5.conf (boo#1246689)
* Tue Jul 15 2025 Christian Boltz <suse-beta@cboltz.de>
  - replace dovecot24.diff with upstream fix from MR 1733 (boo#1243008)
* Sun Jun 22 2025 Christian Boltz <suse-beta@cboltz.de>
  - update to ApppArmor 4.1.1
    - unix-chkpwd: allow dac_read_search (boo#1241678)
    - extend mesa, wutmp and nameservice abstractions
    - utils: add support for priority rule prefix
    - various bugfixes
    - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_4.1.1
      for the detailed upstream changelog
* Mon Jun 09 2025 Christian Boltz <suse-beta@cboltz.de>
  - update dovecot24.diff - more permissions for dovecot 2.4 (boo#1243008)
* Tue Jun 03 2025 Christian Boltz <suse-beta@cboltz.de>
  - replace workaround for boo#853019 with using %restart_on_update -
    apparmor.service now contains a workaround to survive restart
    (boo#1237462)
  - get posttrans of profiles and abstractions in sync
  - add dovecot24.diff to fix the profile for dovecot 2.4 (boo#1243008)
* Tue May 13 2025 David Disseldorp <ddiss@suse.com>
  - Purge potentially stale profile cache during rpm posttrans via
    "apparmor_parser --purge-cache" (boo#1242553)
* Wed Apr 09 2025 Christian Boltz <suse-beta@cboltz.de>
  - update to ApppArmor 4.1.0
    - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_4.1.0
      for the detailed upstream changelog
  - remove upstream py313-aa-notify.patch
* Wed Mar 19 2025 Andreas Stieger <andreas.stieger@gmx.de>
  - remove unused pcre build dependency
* Fri Feb 21 2025 Markéta Machová <mmachova@suse.com>
  - add py313-aa-notify.patch to adapt the last bits to python 3.13
* Wed Feb 19 2025 Matej Cepl <mcepl@cepl.eu>
  - Fix commented out macros
* Tue Feb 18 2025 Christian Boltz <suse-beta@cboltz.de>
  - update to AppArmor 4.1 beta5
  - remove upstream(ed) patches
    - aa-notify-polkit--mr-1540.diff
    - aa-notify-ttkthemes-fallback--mr1324-partial.diff
    - libapparmor-fixes--mr-1536.diff
* Thu Feb 13 2025 Christian Boltz <suse-beta@cboltz.de>
  - add libapparmor-fixes--mr-1536.diff to fix Leap 15.x and i586 build
  - add aa-notify-polkit--mr-1540.diff to remove DESTDIR from polkit file
  - own /usr/share/polkit-1 and /usr/share/polkit-1/actions
* Wed Feb 12 2025 Christian Boltz <suse-beta@cboltz.de>
  - update to AppArmor 4.1 beta4
  - drop upstream(ed) patches:
    - mesa-cachedir.diff
    - python313.patch
  - (Build)Require python3-tk - used by latest aa-notify
  - add aa-notify-ttkthemes-fallback--mr1324-partial.diff
* Wed Feb 05 2025 Dirk Müller <dmueller@suse.com>
  - add python313.patch to fix build with python 3.13
* Tue Oct 01 2024 Christian Boltz <suse-beta@cboltz.de>
  - add mesa-cachedir.diff: new cachedir in Mesa 24.2.2
* Fri Aug 23 2024 Christian Boltz <suse-beta@cboltz.de>
  - update to AppArmor 4.0.3
    - several small bugfixes
    - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_4.0.3
      for the full release notes
* Thu Aug 22 2024 pgajdos@suse.com
  - remove dependency on /usr/bin/python3 using
    %python3_fix_shebang macro, [bsc#1212476]
* Wed Jul 24 2024 Christian Boltz <suse-beta@cboltz.de>
  - update to AppArmor 4.0.2
    - bugfix release with lots of fixes in all areas
    - add new userns profiles for balena-etcher, chromium and wike
    - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_4.0.2
      for the detailed upstream changelog
  - drop upstream(ed) patches:
    - aa-remove-unknown-fix-unconfined.diff
    - logprof-mount-empty-source.diff
    - plasmashell.diff
    - sampa-rpcd-witness.diff
    - sddm-xauth.diff
    - teardown-unconfined.diff
    - test-aa-notify.diff
    - tools-fix-redefinition.diff
    - utils-relax-mount-rules-2.diff
    - utils-relax-mount-rules.diff
  - refresh GPG key (was expired)
* Tue Jun 25 2024 Christian Boltz <suse-beta@cboltz.de>
  - add sampa-rpcd-witness.diff: allow samba-dcerpcd to execute
    rpcd_witness (boo#1225811)
* Tue Jun 11 2024 Christian Boltz <suse-beta@cboltz.de>
  - add logprof-mount-empty-source.diff: add support for mount rules
    with quoted paths and empty source (boo#1226031)
* Tue Jun 04 2024 Christian Boltz <suse-beta@cboltz.de>
  - add sddm-xauth.diff - sddm uses a new path for xauth (boo#1223900)
  - add plasmashell.diff - fix QtWebEngineProcess path to prevent a
    crash in plasmashell (boo#1225961)
* Thu May 30 2024 Guillaume GARDET <guillaume.gardet@opensuse.org>
  - Also exclude podman profile - boo#1225608
* Wed May 29 2024 Fabian Vogt <fvogt@suse.com>
  - Exclude the crun profile in addition to runc
* Tue May 28 2024 Christian Boltz <suse-beta@cboltz.de>
  - add utils-relax-mount-rules.diff and utils-relax-mount-rules-2.diff:
    Relax handling of mount rules in utils to avoid errors when
    parsing valid profiles
  - add teardown-unconfined.diff to fix aa-teardown for 'unconfined'
    profiles (boo#1225457)
* Tue May 28 2024 Christian Boltz <suse-beta@cboltz.de>
  - exclude runc profile until updated runc packages (including
    updated profile with "signal peer=runc") have arrived
* Sat May 25 2024 Christian Boltz <suse-beta@cboltz.de>
  - add aa-remove-unknown-fix-unconfined.diff to fix
    aa-remove-unknown for 'unconfined' profiles (boo#1225457)
  - set permissions for %ghost files (boo#1223578)
* Fri May 24 2024 Christian Boltz <suse-beta@cboltz.de>
  - fix bashism in %post profiles
* Sun May 05 2024 Christian Boltz <suse-beta@cboltz.de>
  - Update to AppArmor 4.0.1
    Too many changes to list them here. See
    https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_4.0.1
    for the detailed upstream release notes
  - add tools-fix-redefinition.diff: fix redefinition of _ in tools
  - add test-aa-notify.diff: relax test-aa-notify to avoid a mismatch
    with argparse on Leap 15.5
  - drop upstreamed patches:
    - apparmor-abstractions-openssl-allow-version-specific-en.patch
    - dovecot-unix_chkpwd.diff
    - smbd-unix_chkpwd.diff
  - apparmor-lessopen-profile.patch: update lessopen profile to
    abi/4.0
  - mark local/* as %ghost so that these dummy files don't get
    installed anymore (changed existing local/files will be kept,
    unchanged files will be deleted)
  - switch to gitlab tarballs (without pregenerated libapparmor
    configure script and prebuilt techdoc.pdf)
    - run libapparmor autogen.sh (needs additional BuildRequires
      autoconf, autoconf-archive, automake and libtool)
    - no longer package techdoc.pdf - old documentation, not worth
      the texlive BuildRequires we would need to build it
  - drop old (up to 2.12) cache location /var/lib/apparmor/ and the
    /etc/apparmor.d/cache symlink pointing to it
  - drop apparmor-samba-include-permissions-for-shares.diff - no
    longer needed, update-apparmor-samba-profile in Tumbleweed works
    without a pre-existing local/usr.sbin.smbd-shares file
  - drop ruby-2_0-mkmf-destdir.patch - this ancient patch doesn't
    change a single bit in the resulting build (anymore?)
  - drop apparmor-lessopen-nfs-workaround.diff - no longer needed
    since Kernel 6.0 (see https://bugs.launchpad.net/bugs/1784499)
  - drop ancient, unused update-trans.sh
* Fri Apr 05 2024 Atri Bhattacharya <badshah400@gmail.com>
  - Use full URLs for source tarball and signature.
* Fri Mar 01 2024 Christian Boltz <suse-beta@cboltz.de>
  - Remove workaround for boo#853019 in %postun parser -
    apparmor.service contains a more safe workaround.
    This also fixes boo#1220708 (missing daemon-reload).
* Tue Feb 27 2024 Noel Power <nopower@suse.com>
  - Add smbd-unix_chkpwd.diff to allow smbd to execute
    unix_chkpwd and fix other pam related denies; (boo#1220032).
* Mon Feb 26 2024 Ludwig Nussel <lnussel@suse.com>
  - Fix systemd userdb access in unix-chkpwd
* Tue Feb 20 2024 Dominique Leuenberger <dimstar@opensuse.org>
  - Use %patch -P N instead of deprecated %patchN.
* Tue Feb 20 2024 David Disseldorp <ddiss@suse.com>
  - Only run utils and profiles make check if kernel LSM is enabled
    (bsc#1220084)
* Thu Feb 08 2024 David Disseldorp <ddiss@suse.com>
  - Add apparmor-abstractions-openssl-allow-version-specific-en.patch to
    allow version specific engdef & engines openssl paths (boo#1219571)
* Mon Feb 05 2024 Christian Boltz <suse-beta@cboltz.de>
  - Update to AppArmor 3.1.7
    - aa-logprof: don't skip exec events in hats
    - fix aa-cleanprof to work with named profiles
    - add permissions in various abstractions
    - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.7
      for the full list of changes
  - drop upstreamed apparmor-systemd-sessions.patch
* Mon Jan 29 2024 Christian Boltz <suse-beta@cboltz.de>
  - Add dovecot-unix_chkpwd.diff to allow dovecot-auth to execute
    unix_chkpwd, and add a profile for unix_chkpwd. This is needed
    for PAM 1.6 (boo#1219139)
  - Refresh apparmor.keyring - the key was renewed
* Wed Nov 08 2023 Christian Boltz <suse-beta@cboltz.de>
  - Actually apply the previously added patch for bsc#1216878
* Wed Nov 08 2023 Julio Gonzalez Gil <julio@juliogonzalez.es>
  - Add apparmor-systemd-sessions.patch to allow read access to
    /run/systemd/sessions/ (bsc#1216878)
* Mon Sep 25 2023 David Disseldorp <ddiss@suse.com>
  - Fix pam_apparmor %post and %postun scripts to handle pam-config errors
    (bsc#1215596)
* Tue Jul 25 2023 David Disseldorp <ddiss@suse.com>
  - Add pam_apparmor README, referenced from online cha-apparmor-pam.html
    documentation (bsc#1213472)
* Thu Jun 22 2023 Christian Boltz <suse-beta@cboltz.de>
  - update to AppArmor 3.1.6 (jsc#PED-5600)
    - fix regression in mount rules (boo#1211989)
    - some additions to the base and authentification abstractions
    - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.6
      for the full upstream changelog
* Sun Jun 11 2023 Christian Boltz <suse-beta@cboltz.de>
  - update to AppArmor 3.1.5
    - fix handling of mount rules in apparmor_parser
    - minor additions to abstractions/base and snap_browsers
    - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.5
      for the full upstream changelog
  - remove upstreamed aa-status-fix-json-mr1046.patch
  - split off apparmor-enable-precompiled-cache.diff from
    apparmor-enable-profile-cache.diff so that the precompiled cache
    path doesn't get added in parser.conf for Tumbleweed builds.
    This prevents a warning about the non-existing directory when
    loading profiles.
* Tue Jun 06 2023 Christian Boltz <suse-beta@cboltz.de>
  - fix aa-status --json output (aa-status-fix-json-mr1046.patch,
    boo#1211980#c12)
* Mon May 29 2023 Christian Boltz <suse-beta@cboltz.de>
  - update to AppArmor 3.1.4
    - parser: fix mount rules encoding (CVE-2016-1585)
    - aa-logprof: fix error when choosing named exec with plain profile names
    - aa-status: fix json output
    - several fixes for profiles and abstractions
    - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.4
      for the full upstream changelog
* Thu May 04 2023 Frederic Crozat <fcrozat@suse.com>
  - Add _multibuild to define additional spec files as additional
    flavors.
    Eliminates the need for source package links in OBS.
* Tue Feb 28 2023 Christian Boltz <suse-beta@cboltz.de>
  - update to AppArmor 3.1.3
    - add support for more audit.log formats in libapparmor
    - add abstractions/groff (boo#1065388)
    - various additions in abstractions and profiles
    - several bug fixes in parser and utils
    - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.3
      for the detailed upstream changelog
  - drop upstreamed patches:
    - abstractions-openssl-1_1.diff
    - dnsmasq-cpu-possible.diff
    - nscd-systemd-userdb.diff
* Mon Feb 06 2023 Christian Boltz <suse-beta@cboltz.de>
  - add abstractions-openssl-1_1.diff: allow to read
    /etc/ssl/openssl-1_1.cnf in abstractions/openssl (boo#1207911)
* Mon Jan 30 2023 Christian Boltz <suse-beta@cboltz.de>
  - add nscd-systemd-userdb.diff: allow nscd to read systemd-userdb
    (boo#1207698)
* Tue Dec 27 2022 Ludwig Nussel <lnussel@suse.com>
  - Replace transitional %usrmerged macro with regular version check (boo#1206798)
* Fri Dec 23 2022 Samuel Cabrero <scabrero@suse.de>
  - Add samba-4-17.patch to update the samba profiles for samba
    version 4.17 (bsc#1206626);
    - samba-4-17.patch superseded by upstream merge:
      https://gitlab.com/apparmor/apparmor/-/merge_requests/926
* Tue Nov 22 2022 Christian Boltz <suse-beta@cboltz.de>
  - update to AppArmor 3.1.2
    - lots of cleanups, improvements and bugfixes in all areas
    - rework internal profile storage and handling in the aa-* tools
    - support boolean variable definitions in the aa-* tools
    - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.1
      and https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.2
      for the detailed upstream changelog
  - remove upstream(ed) patches:
    - apparmor-3.0.7-egrep.patch
    - dnsmasq.diff
    - profiles-permit-php-fpm-pid-files-directly-under-run.patch
    - zgrep-profile-mr870.diff
  - no longer ship precompiled profile cache for Tumbleweed (boo#1205659)
  - BuildRequire iproute2 (needed for aa-unconfined tests)
* Sun Sep 04 2022 Andreas Stieger <andreas.stieger@gmx.de>
  - aa-decode: use grep -E instead of deprecated egrep (boo#1203092)
    add apparmor-3.0.7-egrep.patch
* Sun Aug 28 2022 Christian Boltz <suse-beta@cboltz.de>
  - update to AppArmor 3.0.7
    - fix setuptools version detection in buildpath.py
    - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.7
      for the detailed upstream changelog
  - add dnsmasq-cpu-possible.diff: allow reading /sys/devices/system/cpu/possible
    in dnsmasc//libvirt-leaseshelper profile (boo#1202849)
* Fri Aug 26 2022 David Disseldorp <ddiss@suse.com>
  - add profiles-permit-php-fpm-pid-files-directly-under-run.patch
    https://gitlab.com/apparmor/apparmor/-/merge_requests/914 (bsc#1202344)
* Fri Aug 19 2022 Ben Greiner <code@bnavigator.de>
  - skip code linting for packaging
    * removes pyflakes from the build requirements and thus Ring1
    * see also https://gitlab.com/apparmor/apparmor/-/issues/121
* Mon Aug 08 2022 Christian Boltz <suse-beta@cboltz.de>
  - add dnsmasq.diff: missing r permissions for dnsmasq//libvirt-leaseshelper
    (boo#1202161)
* Mon Aug 01 2022 Christian Boltz <suse-beta@cboltz.de>
  - update to AppArmor 3.0.6
    - fix LTO build in the parser
    - remove dbus deny rule in abstractions/exo-open
    - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.6
      for the detailed upstream changelog
  - drop upstream patch dirtest-sort-mr900.diff
* Mon Jul 25 2022 Christian Boltz <suse-beta@cboltz.de>
  - update to AppArmor 3.0.5
    - several additions to profiles and abstractions
    - bugfixes in parser and utils
    - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.5
      for the detailed upstream changelog
  - remove upstream(ed) patchs:
    - apparmor-setuptools61-mr897.patch
    - dovecot-profiles-boo1199535-mr881.diff
    - php8-fpm-mr876.patch
    - python310-help-mr848.patch
    - samba-new-dcerpcd.patch
    - samba_deny_net_admin.patch
    - update-samba-bgqd.diff
    - update-usr-sbin-smbd.diff
  - apparmor-samba-include-permissions-for-shares.diff: remove
    upstreamed part
  - add dirtest-sort-mr900.diff to fix random test failures
  - change apache-extra-profile-include-if-exists.diff to the post-mv
    path (new quilt executes mv)
  - stop disabling lto (fixed upstream) (boo#1133091)
  - package profile-load script in -parser
* Fri Jul 15 2022 Ben Greiner <code@bnavigator.de>
  - Add apparmor-setuptools61-mr897.patch
    https://gitlab.com/apparmor/apparmor/-/merge_requests/897
  - Add buildtime dependencies on python-rpm-macros and setuptools
* Tue Jun 28 2022 Christian Boltz <suse-beta@cboltz.de>
  - update zgrep-profile-mr870.diff: allow zgrep to execute egrep and fgrep
    (poo#113108)
* Sun May 15 2022 Christian Boltz <suse-beta@cboltz.de>
  - add dovecot-profiles-boo1199535-mr881.diff: update dovecot profiles
    for latest dovecot (boo#1199535)
* Wed May 11 2022 Noel Power <nopower@suse.com>
  - Update samba-new-dcerpcd.patch for aarch64 which needs some
    additional rules; (bnc#1198309).
* Sun May 08 2022 Ben Greiner <code@bnavigator.de>
  - Add python310-help-mr848.patch so that Tumbleweed can switch
    python3 to Python 3.10
    (https://gitlab.com/apparmor/apparmor/-/merge_requests/848)
* Fri Apr 29 2022 Christian Boltz <suse-beta@cboltz.de>
  - add php8-fpm-mr876.patch so that php8 php-fpm can read its config
    (boo#1186267#c11)
  - parser: add conflict with apparmor-utils < 3.0 to avoid aa-status
    file conflict on upgrade (boo#1198958)
  - utils: add missing dependency on apparmor-parser (boo#1198958#c4)
* Wed Apr 27 2022 Dominique Leuenberger <dimstar@opensuse.org>
  - Enhance zgrep-profile-mr870.diff to also allow/support zstd
    (boo#1198922).
* Sat Apr 16 2022 Christian Boltz <suse-beta@cboltz.de>
  - update zgrep-profile-mr870.diff to allow executing 'expr' (boo#1198531)
* Wed Apr 13 2022 Noel Power <nopower@suse.com>
  - Add samba-new-dcerpcd.patch, samba-4.16 has a new dcerpcd daemon
    which now will spawn new additional services on demand. We need to
    modify the existing smbd/winbind profiles and additionally add a
    new set of profiles to cater for the new functionality;
    (bnc#1198309);
* Mon Apr 11 2022 Noel Power <nopower@suse.com>
  - Add samba_deny_net_admin.patch to add new rule to deny
    noisy setsockopt calls from systemd; (bnc#1196850).
* Sun Apr 10 2022 Christian Boltz <suse-beta@cboltz.de>
  - add profile for zgrep and xzgrep to prevent CVE-2022-1271
    (zgrep-profile-mr870.diff)
* Tue Mar 29 2022 Christian Boltz <suse-beta@cboltz.de>
  - ensure precompiled cache files are newer than (text) profiles
  - reload profiles in %posttrans instead of %post to ensure both
    - profiles and -abstractons package are updated before the cache
    in /var/cache/apparmor/ gets built (boo#1195463 #c20)
* Thu Mar 24 2022 Noel Power <nopower@suse.com>
  - Add update-samba-bgqd.diff to add new rule to fix 'DENIED' open on
    /proc/{pid}/fd for samba-bgqd (bnc#1196850).
  - Add update-usr-sbin-smbd.diff to add new rule to allow reading of
    openssl.cnf (bnc#1195463).
* Thu Feb 10 2022 Christian Boltz <suse-beta@cboltz.de>
  - update to AppArmor 3.0.4
    - various fixes in profiles, abstractions, apparmor_parser and utils
      (some of them were already included as patches)
    - add support for mctp address family
    - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.4
      for the full upstream changelog
  - remove upstream(ed) patches:
    - aa-notify-more-arch-mr809.diff
    - ruby-3.1-build-fix.diff
    - add-samba-bgqd.diff
    - openssl-engdef-mr818.diff
    - profiles-python-3.10-mr783.diff
    - update-samba-abstractions-ldb2.diff
  - refresh patches:
    - apparmor-samba-include-permissions-for-shares.diff
    - ruby-2_0-mkmf-destdir.patch
* Wed Jan 26 2022 Christian Boltz <suse-beta@cboltz.de>
  - add ruby-3.1-build-fix.diff: fix build with ruby 3.1 (boo#1194221,
    MR 827)
* Mon Jan 17 2022 Samuel Cabrero <scabrero@suse.de>
  - add update-samba-abstractions-ldb2.diff: Cater for changes to ldb
    packaging to allow parallel installation with libldb (bsc#1192684).

Files

/usr/lib/security
/usr/lib/security/pam_apparmor.so


Generated by rpm2html 1.8.1

Fabrice Bellet, Fri Oct 24 22:39:43 2025