packages: apparmor-parser/apparmor-parser.init, apparmor-parser/apparmor-pa...
arekm
arekm at pld-linux.org
Tue Jun 1 08:08:50 CEST 2010
Author: arekm Date: Tue Jun 1 06:08:50 2010 GMT
Module: packages Tag: HEAD
---- Log message:
- rel 4; bzr fixes
---- Files affected:
packages/apparmor-parser:
apparmor-parser.init (1.5 -> 1.6) , apparmor-parser.spec (1.29 -> 1.30) , apparmor-parser-bzr.patch (NONE -> 1.1) (NEW)
---- Diffs:
================================================================
Index: packages/apparmor-parser/apparmor-parser.init
diff -u packages/apparmor-parser/apparmor-parser.init:1.5 packages/apparmor-parser/apparmor-parser.init:1.6
--- packages/apparmor-parser/apparmor-parser.init:1.5 Wed Mar 17 20:59:01 2010
+++ packages/apparmor-parser/apparmor-parser.init Tue Jun 1 08:08:44 2010
@@ -43,6 +43,10 @@
:
}
+aa_log_action_start() {
+ :
+}
+
aa_log_action_end() {
:
}
================================================================
Index: packages/apparmor-parser/apparmor-parser.spec
diff -u packages/apparmor-parser/apparmor-parser.spec:1.29 packages/apparmor-parser/apparmor-parser.spec:1.30
--- packages/apparmor-parser/apparmor-parser.spec:1.29 Thu May 13 19:38:28 2010
+++ packages/apparmor-parser/apparmor-parser.spec Tue Jun 1 08:08:44 2010
@@ -6,14 +6,14 @@
Summary(pl.UTF-8): Narzędzie przestrzeni użytkownika do przetwarzania AppArmor
Name: apparmor-parser
Version: 2.5
-Release: 3
+Release: 4
Epoch: 1
License: GPL
Group: Applications/System
Source0: http://kernel.org/pub/linux/security/apparmor/AppArmor-%{version}/AppArmor-%{version}.tgz
# Source0-md5: 4a747d1a1f85cb272d55b52c7e8a4a02
Source1: %{name}.init
-Patch0: %{name}-make.patch
+Patch0: %{name}-bzr.patch
Patch1: %{name}-rc.patch
URL: http://apparmor.wiki.kernel.org/
BuildRequires: bison
@@ -39,8 +39,8 @@
%prep
%setup -q -n AppArmor-%{version}
+%patch0 -p0
cd parser
-%patch0 -p1
%patch1 -p0
%build
@@ -102,6 +102,9 @@
All persons listed below can be reached at <cvs_login>@pld-linux.org
$Log$
+Revision 1.30 2010/06/01 06:08:44 arekm
+- rel 4; bzr fixes
+
Revision 1.29 2010/05/13 17:38:28 sparky
- BR: libstdc++-devel
================================================================
Index: packages/apparmor-parser/apparmor-parser-bzr.patch
diff -u /dev/null packages/apparmor-parser/apparmor-parser-bzr.patch:1.1
--- /dev/null Tue Jun 1 08:08:50 2010
+++ packages/apparmor-parser/apparmor-parser-bzr.patch Tue Jun 1 08:08:44 2010
@@ -0,0 +1,1056 @@
+=== modified file 'libraries/libapparmor/swig/perl/Makefile.am'
+--- libraries/libapparmor/swig/perl/Makefile.am 2009-05-12 21:56:56 +0000
++++ libraries/libapparmor/swig/perl/Makefile.am 2010-03-16 22:00:26 +0000
+@@ -1,7 +1,8 @@
+ EXTRA_DIST =Makefile.PL libapparmor_wrap.c LibAppArmor.pm examples/*.pl
++
++if HAVE_PERL
+ noinst_DATA =LibAppArmor.so
+
+-if HAVE_PERL
+ libapparmor_wrap.c: $(srcdir)/../SWIG/libapparmor.i
+ $(SWIG) -perl -I$(srcdir)/../../src -module LibAppArmor -o $@ $(srcdir)/../SWIG/libapparmor.i
+
+@@ -27,4 +28,4 @@
+ #rm -f Makefile.perl Makefile.perl.old
+ rm -f *.so # *.o
+
+-endif
+\ No newline at end of file
++endif
+
+=== modified file 'parser/Makefile'
+--- parser/Makefile 2009-11-11 18:58:57 +0000
++++ parser/Makefile 2010-03-16 22:18:55 +0000
+@@ -125,9 +125,20 @@
+ techdoc.txt: techdoc/index.html
+ w3m -dump $< > $@
+
+-all: $(TOOLS) $(MANPAGES) ${HTMLMANPAGES} techdoc.pdf
++# targets arranged this way so that people who don't want full docs can
++# pick specific targets they want.
++main: $(TOOLS)
+ $(Q)make -C po all
+- $(Q)make -s tests
++
++manpages: $(MANPAGES)
++
++htmlmanpages: $(HTMLMANPAGES)
++
++pdf: techdoc.pdf
++
++docs: manpages htmlmanpages pdf
++
++all: main docs tests
+
+ apparmor_parser: $(OBJECTS) $(PCREOBJECTS) $(AAREOBJECTS)
+ rm -f ./libstdc++.a
+@@ -191,7 +202,7 @@
+ af_names.h: /usr/include/bits/socket.h
+ LC_ALL=C sed -n -e '/$(__FILTER)/d' -e "s/^\#define[ \\t]\\+PF_\\([A-Z0-9_]\\+\\)[ \\t]\\+\\([0-9]\\+\\)\\(.*\\)\$$/#ifndef AF_\\1\\n# define AF_\\1 \\2\\n#endif\\nAA_GEN_NET_ENT(\"\\L\\1\", \\UAF_\\1)\\n/p" $< > $@
+ LC_ALL=C sed -n -e "s/^\#define[ \\t]\\+PF_MAX[ \\t]\\+\\([0-9]\\+\\)[ \\t]\\+.*/#define AA_AF_MAX \\1\n/p" $< >> $@
+- cat $@
++ # cat $@
+
+ cap_names.h: /usr/include/linux/capability.h
+ LC_ALL=C sed -n -e "/CAP_EMPTY_SET/d" -e "s/^\#define[ \\t]\\+CAP_\\([A-Z0-9_]\\+\\)[ \\t]\\+\\([0-9xa-f]\\+\\)\\(.*\\)\$$/\{\"\\L\\1\", \\UCAP_\\1\},/p" $< > $@
+@@ -214,7 +225,7 @@
+
+ .SILENT: tests
+ tests: ${TESTS}
+- for test in ${TESTS} ; do echo "*** running $${test}" && ./$${test} $(BUILD_OUTPUT) ; done
++ sh -e -c 'for test in ${TESTS} ; do echo "*** running $${test}" && ./$${test} $(BUILD_OUTPUT) ; done'
+ $(Q)make -s -C tst tests
+
+ .SILENT: check
+
+=== modified file 'parser/apparmor_parser.pod'
+--- parser/apparmor_parser.pod 2010-01-07 18:03:49 +0000
++++ parser/apparmor_parser.pod 2010-04-03 23:24:06 +0000
+@@ -154,6 +154,33 @@
+ Given once, only checks the profiles to ensure syntactic correctness.
+ Given twice, dumps its interpretation of the profile for checking.
+
++=item -D n, --dump=n
++
++Debug flag for dumping various structures and passes of policy compilation.
++A single dump flag can be specified per --dump option, but the dump flag
++can be passed multiple times. Note progress flags tend to also imply
++the matching stats flag.
++
++ apparmor_parser --dump=dfa-stats --dump=trans-stats <file>
++
++Use --help=dump to see a full list of which dump flags are supported
++
++=item -O n, --optimize=n
++
++Set the optimization flags used by policy compilation. A sinlge optimization
++flag can be toggled per -O option, but the optimize flag can be passed
++multiple times. Turning off some phases of the optimization can make
++it so that policy can't complete compilation due to size constraints
++(it is entirely possible to create a dfa with millions of states that will
++take days or longer to compile).
++
++Note: The parser is set to use a balanced default set of flags, that
++will result in resonable compression but not take excessive amounts
++of time to complete.
++
++Use --help=optimize to see a full list of which optimization flags are
++supported.
++
+ =item -h, --help
+
+ Give a quick reference guide.
+
+=== modified file 'parser/libapparmor_re/regexp.y'
+--- parser/libapparmor_re/regexp.y 2010-02-01 07:21:00 +0000
++++ parser/libapparmor_re/regexp.y 2010-03-13 10:23:23 +0000
+@@ -1715,7 +1715,9 @@
+ Trans::iterator j = trans.find(*i);
+ if (j != trans.end())
+ trans.erase(j);
++ State *s = *i;
+ states.erase(*i);
++ delete(s);
+ }
+ }
+
+
+=== modified file 'parser/parser.h'
+--- parser/parser.h 2010-02-17 20:21:52 +0000
++++ parser/parser.h 2010-03-12 23:26:32 +0000
+@@ -4,6 +4,9 @@
+ * Copyright (c) 1999, 2000, 2001, 2002, 2004, 2005, 2006, 2007
+ * NOVELL (All rights reserved)
+ *
++ * Copyright (c) 2010
++ * Canonical, Ltd. (All rights reserved)
++ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of version 2 of the GNU General Public
+ * License published by the Free Software Foundation.
+@@ -14,7 +17,8 @@
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+- * along with this program; if not, contact Novell, Inc.
++ * along with this program; if not, contact Novell, Inc. or Canonical
++ * Ltd.
+ */
+
+ #include <netinet/in.h>
+@@ -280,12 +284,16 @@
+ extern void free_cod_entries(struct cod_entry *list);
+
+ /* parser_symtab.c */
++struct set_value {;
++ char *val;
++ struct set_value *next;
++};
+ extern int add_boolean_var(const char *var, int boolean);
+ extern int get_boolean_var(const char *var);
+ extern int new_set_var(const char *var, const char *value);
+ extern int add_set_value(const char *var, const char *value);
+-extern void *get_set_var(const char *var);
+-extern char *get_next_set_value(void **context);
++extern struct set_value *get_set_var(const char *var);
++extern char *get_next_set_value(struct set_value **context);
+ extern void dump_symtab(void);
+ extern void dump_expanded_symtab(void);
+ void free_symtabs(void);
+@@ -312,7 +320,7 @@
+ extern void add_hat_to_policy(struct codomain *policy, struct codomain *hat);
+ extern void add_entry_to_policy(struct codomain *policy, struct cod_entry *entry);
+ extern void post_process_nt_entries(struct codomain *cod);
+-extern int post_process_policy(void);
++extern int post_process_policy(int debug_only);
+ extern int process_hat_regex(struct codomain *cod);
+ extern int process_hat_variables(struct codomain *cod);
+ extern int post_merge_rules(void);
+
+=== modified file 'parser/parser_lex.l'
+--- parser/parser_lex.l 2010-03-09 05:49:16 +0000
++++ parser/parser_lex.l 2010-03-12 09:50:26 +0000
+@@ -227,6 +227,7 @@
+ }
+
+ <<EOF>> {
++ fclose(yyin);
+ yypop_buffer_state();
+ if ( !YY_CURRENT_BUFFER ) yyterminate();
+ }
+
+=== modified file 'parser/parser_main.c'
+--- parser/parser_main.c 2010-01-28 01:20:13 +0000
++++ parser/parser_main.c 2010-04-03 22:41:40 +0000
+@@ -4,6 +4,9 @@
+ * Copyright (c) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007
+ * NOVELL (All rights reserved)
+ *
++ * Copyright (c) 2010
++ * Canonical, Ltd. (All rights reserved)
++ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of version 2 of the GNU General Public
+ * License published by the Free Software Foundation.
+@@ -14,7 +17,8 @@
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+- * along with this program; if not, contact Novell, Inc.
++ * along with this program; if not, contact Novell, Inc. or Canonical,
++ * Ltd.
+ */
+
+ #include <stdio.h>
+@@ -258,7 +262,7 @@
+ break;
+ case 'd':
+ debug++;
+- skip_cache = 1;
++ skip_read_cache = 1;
+ break;
+ case 'h':
+ if (!optarg) {
+@@ -316,7 +320,7 @@
+ subdomainbase = strndup(optarg, PATH_MAX);
+ break;
+ case 'D':
+- skip_cache = 1;
++ skip_read_cache = 1;
+ if (!optarg) {
+ dump_vars = 1;
+ } else if (strcmp(optarg, "variables") == 0) {
+@@ -359,7 +363,7 @@
+ }
+ break;
+ case 'O':
+- skip_cache = 1;
++ skip_read_cache = 1;
+ if (strcmp(optarg, "0") == 0) {
+ dfaflags |= DFA_CONTROL_NO_TREE_NORMAL |
+ DFA_CONTROL_NO_TREE_SIMPLE |
+@@ -812,7 +816,7 @@
+ goto out;
+ }
+
+- retval = post_process_policy();
++ retval = post_process_policy(debug);
+ if (retval != 0) {
+ PERROR(_("%s: Errors found in file. Aborting.\n"), progname);
+ goto out;
+
+=== modified file 'parser/parser_policy.c'
+--- parser/parser_policy.c 2009-08-20 15:27:12 +0000
++++ parser/parser_policy.c 2010-03-12 23:26:32 +0000
+@@ -4,6 +4,9 @@
+ * Copyright (c) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007
+ * NOVELL (All rights reserved)
+ *
++ * Copyright (c) 2010
++ * Canonical, Ltd. (All rights reserved)
++ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of version 2 of the GNU General Public
+ * License published by the Free Software Foundation.
+@@ -14,7 +17,8 @@
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+- * along with this program; if not, contact Novell, Inc.
++ * along with this program; if not, contact Novell, Inc. or Canonical,
++ * Ltd.
+ */
+
+ #include <stdio.h>
+@@ -664,7 +668,7 @@
+ return ret;
+ }
+
+-int post_process_policy(void)
++int post_process_policy(int debug_only)
+ {
+ int retval = 0;
+
+@@ -696,11 +700,13 @@
+ return retval;
+ }
+
+- retval = post_process_regex();
+- if (retval != 0) {
+- PERROR(_("%s: Errors found during regex postprocess. Aborting.\n"),
+- progname);
+- return retval;
++ if (!debug_only) {
++ retval = post_process_regex();
++ if (retval != 0) {
++ PERROR(_("%s: Errors found during regex postprocess. Aborting.\n"),
++ progname);
++ return retval;
++ }
+ }
+
+ return retval;
+
+=== modified file 'parser/parser_symtab.c'
+--- parser/parser_symtab.c 2009-07-24 13:24:53 +0000
++++ parser/parser_symtab.c 2010-03-12 22:41:58 +0000
+@@ -33,11 +33,6 @@
+ sd_set,
+ };
+
+-struct set_value {
+- char *val;
+- struct set_value *next;
+-};
+-
+ struct symtab {
+ char *var_name;
+ enum var_type type;
+@@ -288,7 +283,7 @@
+
+ /* returns a pointer to the value list, which should be used as the
+ * argument to the get_next_set_value() function. */
+-void *get_set_var(const char *var)
++struct set_value *get_set_var(const char *var)
+ {
+ struct symtab *result;
+ struct set_value *valuelist = NULL;
+@@ -321,16 +316,17 @@
+ }
+
+ /* iterator to walk the list of set values */
+-char *get_next_set_value(void **list)
++char *get_next_set_value(struct set_value **list)
+ {
+- struct set_value **valuelist = (struct set_value **) list;
++ struct set_value *next;
+ char *ret;
+
+- if (!valuelist || !(*valuelist))
++ if (!list || !(*list))
+ return NULL;
+
+- ret = (*valuelist)->val;
+- (*valuelist) = (*valuelist)->next;
++ ret = (*list)->val;
++ next = (*list)->next;
++ (*list) = next;
+
+ return ret;
+ }
+@@ -569,7 +565,7 @@
+ {
+ int rc = 0;
+ int retval;
+- void *retptr;
++ struct set_value *retptr;
+ struct symtab *a, *b;
+
+ a = new_symtab_entry("blah");
+
+=== modified file 'parser/parser_variable.c'
+--- parser/parser_variable.c 2009-07-24 23:47:46 +0000
++++ parser/parser_variable.c 2010-03-12 23:20:22 +0000
+@@ -124,7 +124,7 @@
+
+ static int expand_entry_variables(struct cod_entry *entry)
+ {
+- void *valuelist;
++ struct set_value *valuelist;
+ int ret = TRUE;
+ char *value;
+ struct var_string *split_var;
+
+=== added file 'profiles/apparmor.d/abstractions/dbus-session'
+--- profiles/apparmor.d/abstractions/dbus-session 1970-01-01 00:00:00 +0000
++++ profiles/apparmor.d/abstractions/dbus-session 2010-04-19 17:38:17 +0000
+@@ -0,0 +1,14 @@
++# vim:syntax=apparmor
++# $Id$
++# ------------------------------------------------------------------
++#
++# Copyright (C) 2010 Canonical Ltd.
++#
++# This program is free software; you can redistribute it and/or
++# modify it under the terms of version 2 of the GNU General Public
++# License published by the Free Software Foundation.
++#
++# ------------------------------------------------------------------
++
++ #include <abstractions/dbus>
++ /usr/bin/dbus-launch Uxr,
+
+=== modified file 'profiles/apparmor.d/abstractions/php5'
+--- profiles/apparmor.d/abstractions/php5 2010-01-03 21:16:38 +0000
++++ profiles/apparmor.d/abstractions/php5 2010-03-30 17:34:32 +0000
+@@ -2,7 +2,7 @@
+ # ------------------------------------------------------------------
+ #
+ # Copyright (C) 2002-2006 Novell/SUSE
+-# Copyright (C) 2009 Canonical, Ltd.
++# Copyright (C) 2009-2010 Canonical Ltd.
+ #
+ # This program is free software; you can redistribute it and/or
+ # modify it under the terms of version 2 of the GNU General Public
+@@ -11,13 +11,13 @@
+ # ------------------------------------------------------------------
+
+ # shared snippets for config files
+- /etc/php5/{conf.d,apache2,cli,fastcgi}/ r,
+- /etc/php5/{conf.d,apache2,cli,fastcgi}/*.ini r,
++ /etc/php5/{conf.d,apache2,cli,fastcgi,cgi}/ r,
++ /etc/php5/{conf.d,apache2,cli,fastcgi,cgi}/*.ini r,
+
+ # Xlibs
+ /usr/X11R6/lib{,32,64}/lib*.so* mr,
+ # php extensions
+- /usr/lib{64,}/php5/{libexec,extensions}/*.so mr,
++ /usr/lib{64,}/php5/*/*.so mr,
+
+ # php5 session mmap socket
+ /var/lib/php5/session_mm_* rwlk,
+
+=== modified file 'profiles/apparmor.d/abstractions/samba'
+--- profiles/apparmor.d/abstractions/samba 2009-11-04 20:25:42 +0000
++++ profiles/apparmor.d/abstractions/samba 2010-03-25 23:13:00 +0000
+@@ -2,7 +2,7 @@
+ # $Id$
+ # ------------------------------------------------------------------
+ #
+-# Copyright (C) 2009 Canonical Ltd.
++# Copyright (C) 2009-2010 Canonical Ltd.
+ #
+ # This program is free software; you can redistribute it and/or
+ # modify it under the terms of version 2 of the GNU General Public
+@@ -12,7 +12,7 @@
+
+ /etc/samba/smb.conf r,
+ /usr/share/samba/*.dat r,
+- /var/lib/samba/**.tdb rw,
++ /var/lib/samba/**.tdb rwk,
+ /var/log/samba/cores/* w,
+ /var/log/samba/log.* w,
+ /var/run/samba/*.tdb rw,
+
+=== modified file 'profiles/apparmor.d/abstractions/user-tmp'
+--- profiles/apparmor.d/abstractions/user-tmp 2009-11-04 20:25:42 +0000
++++ profiles/apparmor.d/abstractions/user-tmp 2010-05-12 08:52:23 +0000
+@@ -2,7 +2,7 @@
+ # ------------------------------------------------------------------
+ #
+ # Copyright (C) 2002-2009 Novell/SUSE
+-# Copyright (C) 2009 Canonical Ltd.
++# Copyright (C) 2009-2010 Canonical Ltd.
+ #
+ # This program is free software; you can redistribute it and/or
+ # modify it under the terms of version 2 of the GNU General Public
+@@ -11,11 +11,11 @@
+ # ------------------------------------------------------------------
+
+ # per-user tmp directories
+- @{HOME}/tmp/** rwkl,
+- @{HOME}/tmp/ rw,
++ owner @{HOME}/tmp/** rwkl,
++ owner @{HOME}/tmp/ rw,
+
+ # global tmp directories
+- /var/tmp/** rwkl,
+- /var/tmp/ rw,
+- /tmp/** rwkl,
+- /tmp/ rw,
++ owner /var/tmp/** rwkl,
++ owner /var/tmp/ rw,
++ owner /tmp/** rwkl,
++ owner /tmp/ rw,
+
+=== modified file 'tests/regression/subdomain/prologue.inc'
+--- tests/regression/subdomain/prologue.inc 2010-02-07 07:04:57 +0000
++++ tests/regression/subdomain/prologue.inc 2010-04-27 09:37:30 +0000
+@@ -93,8 +93,10 @@
+
+ while [ -h ${link} ]
+ do
+- if [ -x /usr/bin/readlink ] ; then
+- target=$(/usr/bin/readlink ${link})
++ if [ -x /usr/bin/readlink ] ; then
++ target=$(/usr/bin/readlink -f ${link})
++ elif [ -x /bin/readlink ] ; then
++ target=$(/bin/readlink -f ${link})
+ else
+ # I'm sure there's a more perlish way to do this
+ target=$( perl -e "printf (\"%s\n\", readlink(\"${link}\"));")
+
+=== modified file 'tests/stress/parser/stress.rb'
+--- tests/stress/parser/stress.rb 2008-11-26 22:16:48 +0000
++++ tests/stress/parser/stress.rb 2010-03-15 18:31:38 +0000
+@@ -14,10 +14,27 @@
+ return sprintf("%0#{len}x", rand(2 ** (4 * len)))
+ end
+
++def get_random_regex()
++ case rand(10)
++ when 0..3
++ return "{#{get_random_name(rand(8) + 2)},#{get_random_name(rand(8) + 2)},#{get_random_name(rand(8) + 2)}}"
++ when 4..5
++ return "[#{get_random_name(rand(5) + 1)}]"
++ when 6..7
++ return "*"
++ when 8..9
++ return "**"
++ end
++end
++
+ def get_random_path()
+ out = ""
+- 0.upto(rand(20)) do
+- out = "#{out}/#{get_random_name(4)}"
++ 0.upto(rand(20) + 2) do
++ if rand(4) == 0
++ out = "#{out}/#{get_random_regex}"
++ else
++ out = "#{out}/#{get_random_name(rand(10) + 4)}"
++ end
+ end
+ return out
+ end
+@@ -83,7 +100,10 @@
+ "mknod",
+ "lease",
+ "audit_write",
+- "audit_control"
++ "audit_control",
++ "setfcap",
++ "mac_override",
++ "mac_admin"
+ ]
+
+ def initialize()
+@@ -95,6 +115,93 @@
+ end
+ end
+
++class NetRule < Rule
<<Diff was trimmed, longer than 597 lines>>
---- CVS-web:
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/apparmor-parser/apparmor-parser.init?r1=1.5&r2=1.6&f=u
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/apparmor-parser/apparmor-parser.spec?r1=1.29&r2=1.30&f=u
More information about the pld-cvs-commit
mailing list