Adjust versions for impending 2.9.0 release (woohoo!).

Bug: https://bugs.launchpad.net/bugs/1366572

In the move of the apparmor.vim manpage source from the parser
directory to utils/vim/, the creation of the html version of the
manpage was lost.  This patch fixes that, as well as fixes the vim
Makefile to use the common/Make.rules _clean target (which clears the
pod2htm*.tmp files created by pod2html as well).

It also fixes a bug in common/Make.rules where the _clean target
would report an error when used in a directory where the Makefile
doesn't set the NAME variable, such as utils/vim/.

Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Christian Boltz <apparmor@cboltz.de>

common/Make.rules

@@ -172,7 +172,7 @@ $(BUILDRPMSUBDIRS):
 .PHONY: _clean
 .SILENT: _clean
 _clean:
-	-rm -f ${NAME}-${VERSION}-*.tar.gz
+	-[ -z "${NAME}" ] || rm -f ${NAME}-${VERSION}-*.tar.gz
 	-rm -f ${MANPAGES} *.[0-9].gz ${HTMLMANPAGES} pod2htm*.tmp
 
 # =====================

common/Version

@@ -1 +1 @@
-2.8.98
+2.9.0

libraries/libapparmor/src/Makefile.am

@@ -26,9 +26,9 @@ INCLUDES = $(all_includes)
 # For more information, see:
 # http://www.gnu.org/software/libtool/manual/html_node/Libtool-versioning.html
 #
-AA_LIB_CURRENT = 2
+AA_LIB_CURRENT = 3
 AA_LIB_REVISION = 0
-AA_LIB_AGE = 1
+AA_LIB_AGE = 2
 
 SUFFIXES = .pc.in .pc
 

parser/po/en_GB.po

@@ -8,13 +8,13 @@ msgstr ""
 "Project-Id-Version: apparmor-parser\n"
 "Report-Msgid-Bugs-To: <apparmor@lists.ubuntu.com>\n"
 "POT-Creation-Date: 2014-09-13 00:11-0700\n"
-"PO-Revision-Date: 2013-11-15 22:02+0000\n"
-"Last-Translator: Andi Chandler <Unknown>\n"
+"PO-Revision-Date: 2014-10-16 21:22+0000\n"
+"Last-Translator: Anthony Harrington <untaintableangel@ubuntu.com>\n"
 "Language-Team: English (United Kingdom) <en_GB@li.org>\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"X-Launchpad-Export-Date: 2014-09-14 05:58+0000\n"
+"X-Launchpad-Export-Date: 2014-10-17 05:36+0000\n"
 "X-Generator: Launchpad (build 17196)\n"
 "Language: en_GB\n"
 
@@ -62,30 +62,30 @@ msgstr "Profile does not match signature\n"
 
 #: ../parser_interface.c:87 ../parser_interface.c:90 ../parser_interface.c:67
 msgid "Profile version not supported by Apparmor module\n"
-msgstr ""
+msgstr "Profile version not supported by Apparmor module\n"
 
 #: ../parser_interface.c:90 ../parser_interface.c:93 ../parser_interface.c:70
 msgid "Profile already exists\n"
-msgstr ""
+msgstr "Profile already exists\n"
 
 #: ../parser_interface.c:93 ../parser_interface.c:96 ../parser_interface.c:73
 msgid "Profile doesn't exist\n"
-msgstr ""
+msgstr "Profile doesn't exist\n"
 
 #: ../parser_interface.c:96 ../parser_interface.c:99 ../parser_interface.c:76
 msgid "Permission denied; attempted to load a profile while confined?\n"
-msgstr ""
+msgstr "Permission denied; attempted to load a profile while confined?\n"
 
 #: ../parser_interface.c:99 ../parser_interface.c:102 ../parser_interface.c:79
 #, c-format
 msgid "Unknown error (%d): %s\n"
-msgstr ""
+msgstr "Unknown error (%d): %s\n"
 
 #: ../parser_interface.c:116 ../parser_interface.c:119
 #: ../parser_interface.c:96
 #, c-format
 msgid "%s: Unable to add \"%s\".  "
-msgstr ""
+msgstr "%s: Unable to add \"%s\".  "
 
 #: ../parser_interface.c:121 ../parser_interface.c:124
 #: ../parser_interface.c:101
@@ -97,19 +97,19 @@ msgstr ""
 #: ../parser_interface.c:106
 #, c-format
 msgid "%s: Unable to remove \"%s\".  "
-msgstr ""
+msgstr "%s: Unable to remove \"%s\".  "
 
 #: ../parser_interface.c:131 ../parser_interface.c:134
 #: ../parser_interface.c:111
 #, c-format
 msgid "%s: Unable to write to stdout\n"
-msgstr ""
+msgstr "%s: Unable to write to stdout\n"
 
 #: ../parser_interface.c:135 ../parser_interface.c:138
 #: ../parser_interface.c:115
 #, c-format
 msgid "%s: Unable to write to output file\n"
-msgstr ""
+msgstr "%s: Unable to write to output file\n"
 
 #: ../parser_interface.c:138 ../parser_interface.c:162
 #: ../parser_interface.c:141 ../parser_interface.c:165

utils/aa-mergeprof.pod

@@ -6,13 +6,17 @@ aa-mergeprof - merge AppArmor security profiles.
 
 =head1 SYNOPSIS
 
-B<aa-mergeprof I<E<lt>mineE<gt>> I<E<lt>userE<gt>> I<E<lt>otherE<gt>> [I<-d /path/to/profiles>]>
+B<aa-mergeprof I<file> [I<file> ...] [I<-d /path/to/profiles>]>
 
 =head1 OPTIONS
 
+B<file>
+
+   One or more files containing profiles to merge into the profile directory (see -d).
+
 B<-d --dir  /path/to/profiles>
 
-   Specifies where to look for the AppArmor security profile set.
+   Specifies the target directory for the merged AppArmor security profile set.
    Defaults to /etc/apparmor.d.
 
 =head1 DESCRIPTION

utils/apparmor/aa.py

@@ -1938,7 +1938,7 @@ def ask_the_questions():
                 #
                 for family in sorted(log_dict[aamode][profile][hat]['netdomain'].keys()):
                     # severity handling for net toggles goes here
-                    for sock_type in sorted(log_dict[profile][profile][hat]['netdomain'][family].keys()):
+                    for sock_type in sorted(log_dict[aamode][profile][hat]['netdomain'][family].keys()):
                         if profile_known_network(aa[profile][hat], family, sock_type):
                             continue
                         default_option = 1
@@ -1993,7 +1993,10 @@ def ask_the_questions():
                                 q.headers += [_('Socket Type'), sock_type]
 
                             elif ans == 'CMD_ALLOW':
-                                selection = options[selected]
+                                if options:
+                                    selection = options[selected]
+                                else:
+                                    selection = 'network %s %s' % (family, sock_type)
                                 done = True
                                 if re_match_include(selection):  # re.search('#include\s+<.+>$', selection):
                                     inc = re_match_include(selection)  # re.search('#include\s+<(.+)>$', selection).groups()[0]
@@ -2631,7 +2634,7 @@ RE_PROFILE_NETWORK      = re.compile(RE_AUDIT_DENY + 'network(.*)' + RE_EOL)
 RE_NETWORK_FAMILY_TYPE = re.compile('\s+(\S+)\s+(\S+)\s*,$')
 RE_NETWORK_FAMILY = re.compile('\s+(\S+)\s*,$')
 RE_PROFILE_CHANGE_HAT   = re.compile('^\s*\^(\"??.+?\"??)' + RE_COMMA_EOL)
-RE_PROFILE_HAT_DEF      = re.compile('^\s*\^(\"??.+?\"??)\s+((flags=)?\((.+)\)\s+)*\{' + RE_EOL)
+RE_PROFILE_HAT_DEF      = re.compile('^\s*(\^|hat\s+)(?P<hat>\"??.+?\"??)\s+((flags=)?\((?P<flags>.+)\)\s+)*\{' + RE_EOL)
 RE_PROFILE_DBUS         = re.compile(RE_AUDIT_DENY + '(dbus\s*,|dbus\s+[^#]*\s*,)' + RE_EOL)
 RE_PROFILE_MOUNT        = re.compile(RE_AUDIT_DENY + '((mount|remount|umount|unmount)(\s+[^#]*)?\s*,)' + RE_EOL)
 RE_PROFILE_SIGNAL       = re.compile(RE_AUDIT_DENY + '(signal\s*,|signal\s+[^#]*\s*,)' + RE_EOL)
@@ -2903,7 +2906,7 @@ def parse_profile_data(data, file, do_include):
             if matches[3]:
                 file_prefix = True
 
-            path = matches[4].strip()
+            path = strip_quotes(matches[4].strip())
             mode = matches[5]
             nt_name = matches[6]
             if nt_name:
@@ -3141,14 +3144,14 @@ def parse_profile_data(data, file, do_include):
 
         elif RE_PROFILE_HAT_DEF.search(line):
             # An embedded hat syntax definition starts
-            matches = RE_PROFILE_HAT_DEF.search(line).groups()
+            matches = RE_PROFILE_HAT_DEF.search(line)
             if not profile:
                 raise AppArmorException(_('Syntax Error: Unexpected hat definition found in file: %(file)s line: %(line)s') % { 'file': file, 'line': lineno + 1 })
 
             in_contained_hat = True
-            hat = matches[0]
+            hat = matches.group('hat')
             hat = strip_quotes(hat)
-            flags = matches[3]
+            flags = matches.group('flags')
 
             profile_data[profile][hat]['flags'] = flags
             profile_data[profile][hat]['declared'] = False
@@ -4200,7 +4203,7 @@ def serialize_profile_from_old_profile(profile_data, name, options):
                 if matches[2]:
                     user = True
 
-                path = matches[4].strip()
+                path = strip_quotes(matches[4].strip())
                 mode = matches[5]
                 nt_name = matches[6]
                 if nt_name:
@@ -4318,11 +4321,12 @@ def serialize_profile_from_old_profile(profile_data, name, options):
                     #To-Do
                     pass
             elif RE_PROFILE_HAT_DEF.search(line):
-                matches = RE_PROFILE_HAT_DEF.search(line).groups()
+                matches = RE_PROFILE_HAT_DEF.search(line)
                 in_contained_hat = True
-                hat = matches[0]
+                hat = matches.group('hat')
                 hat = strip_quotes(hat)
-                flags = matches[3]
+                flags = matches.group('flags')
+
                 if not write_prof_data[hat]['flags'] == flags:
                     correct = False
                 if not write_prof_data[hat]['declared'] is False:

utils/apparmor/common.py

@@ -168,19 +168,21 @@ def get_directory_contents(path):
 
 def open_file_read(path, encoding='UTF-8'):
     '''Open specified file read-only'''
-    try:
-        orig = codecs.open(path, 'r', encoding)
-    except Exception:
-        raise
-
-    return orig
+    return open_file_anymode('r', path, encoding)
 
 def open_file_write(path):
     '''Open specified file in write/overwrite mode'''
-    try:
-        orig = codecs.open(path, 'w', 'UTF-8')
-    except Exception:
-        raise
+    return open_file_anymode('w', path, 'UTF-8')
+
+def open_file_anymode(mode, path, encoding='UTF-8'):
+    '''Open specified file in specified mode'''
+
+    errorhandling = 'surrogateescape'
+    if sys.version_info[0] < 3:
+        errorhandling = 'replace'
+
+    orig = codecs.open(path, mode, encoding, errors=errorhandling)
+
     return orig
 
 def readkey():
@@ -198,6 +200,8 @@ def readkey():
 def hasher():
     '''A neat alternative to perl's hash reference'''
     # Creates a dictionary for any depth and returns empty dictionary otherwise
+    # WARNING: when reading non-existing sub-dicts, empty dicts will be added.
+    #          This might cause strange effects when using .keys()
     return collections.defaultdict(hasher)
 
 def convert_regexp(regexp):

utils/apparmor/severity.py

@@ -143,9 +143,9 @@ class Severity(object):
         """Returns the max possible rank for file resources containing variables"""
         regex_variable = re.compile('@{([^{.]*)}')
         rank = None
-        if '@' in resource:
-            variable = regex_variable.search(resource).groups()[0]
-            variable = '@{%s}' % variable
+        matches = regex_variable.search(resource)
+        if matches:
+            variable = '@{%s}' % matches.groups()[0]
             #variables = regex_variable.findall(resource)
             for replacement in self.severity['VARIABLES'][variable]:
                 resource_replaced = self.variable_replace(variable, replacement, resource)

utils/po/de.po

@@ -7,47 +7,47 @@ msgstr ""
 "Project-Id-Version: apparmor-utils\n"
 "Report-Msgid-Bugs-To: <apparmor@lists.ubuntu.com>\n"
 "POT-Creation-Date: 2014-09-14 19:29+0530\n"
-"PO-Revision-Date: 2014-09-12 08:19+0000\n"
+"PO-Revision-Date: 2014-09-23 21:09+0000\n"
 "Last-Translator: Christian Boltz <Unknown>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"X-Launchpad-Export-Date: 2014-09-15 06:02+0000\n"
+"X-Launchpad-Export-Date: 2014-09-24 05:57+0000\n"
 "X-Generator: Launchpad (build 17196)\n"
 "Language: de\n"
 
-#: ../aa-genprof:56
+#: ../aa-genprof:52
 msgid "Generate profile for the given program"
 msgstr "Profil für das angegebene Programm erstellen"
 
-#: ../aa-genprof:57 ../aa-logprof:25 ../aa-cleanprof:24 ../aa-mergeprof:34
+#: ../aa-genprof:53 ../aa-logprof:25 ../aa-cleanprof:24 ../aa-mergeprof:31
 #: ../aa-autodep:25 ../aa-audit:25 ../aa-complain:24 ../aa-enforce:24
 #: ../aa-disable:24
 msgid "path to profiles"
 msgstr "Pfad zu den Profilen"
 
-#: ../aa-genprof:58 ../aa-logprof:26
+#: ../aa-genprof:54 ../aa-logprof:26
 msgid "path to logfile"
 msgstr "Pfad zur Logdatei"
 
-#: ../aa-genprof:59
+#: ../aa-genprof:55
 msgid "name of program to profile"
 msgstr "Name des Programms, für das ein Profil erstellt werden soll"
 
-#: ../aa-genprof:69 ../aa-logprof:37
+#: ../aa-genprof:65 ../aa-logprof:37
 #, python-format
 msgid "The logfile %s does not exist. Please check the path"
 msgstr "Die Logdatei %s existiert nicht. Bitte überprüfen Sie den Pfad"
 
-#: ../aa-genprof:75 ../aa-logprof:43 ../aa-unconfined:36
+#: ../aa-genprof:71 ../aa-logprof:43 ../aa-unconfined:34
 msgid ""
 "It seems AppArmor was not started. Please enable AppArmor and try again."
 msgstr ""
 "AppArmor wurde offenbar nicht gestartet. Aktivieren Sie AppArmor und "
 "versuchen Sie es erneut."
 
-#: ../aa-genprof:80 ../aa-mergeprof:47
+#: ../aa-genprof:76
 #, python-format
 msgid "%s is not a directory."
 msgstr "%s ist kein Verzeichnis."
@@ -62,12 +62,12 @@ msgid ""
 "use the full path as parameter."
 msgstr ""
 
-#: ../aa-genprof:96
+#: ../aa-genprof:92
 #, python-format
 msgid "%s does not exists, please double-check the path."
 msgstr "%s existiert nicht. Bitte überprüfen Sie den Pfad"
 
-#: ../aa-genprof:124
+#: ../aa-genprof:120
 msgid ""
 "\n"
 "Before you begin, you may wish to check if a\n"
@@ -76,7 +76,7 @@ msgid ""
 "more information:"
 msgstr ""
 
-#: ../aa-genprof:126
+#: ../aa-genprof:122
 msgid ""
 "Please start the application to be profiled in\n"
 "another window and exercise its functionality now.\n"
@@ -97,11 +97,11 @@ msgstr ""
 "Für jedes AppArmor-Ereignis haben Sie die Gelegenheit anzugeben,\n"
 "ob der Zugriff zugelassen oder verweigert werden soll."
 
-#: ../aa-genprof:147
+#: ../aa-genprof:143
 msgid "Profiling"
 msgstr "Profilerstellung"
 
-#: ../aa-genprof:165
+#: ../aa-genprof:161
 msgid ""
 "\n"
 "Reloaded AppArmor profiles in enforce mode."
@@ -109,14 +109,14 @@ msgstr ""
 "\n"
 "AppArmor-Profile wurden im Erzwingen-Modus neu geladen."
 
-#: ../aa-genprof:166
+#: ../aa-genprof:162
 msgid ""
 "\n"
 "Please consider contributing your new profile!\n"
 "See the following wiki page for more information:"
 msgstr ""
 
-#: ../aa-genprof:167
+#: ../aa-genprof:163
 #, python-format
 msgid "Finished generating profile for %s."
 msgstr "Profilerstellung für %s abgeschlossen."
@@ -133,8 +133,8 @@ msgstr ""
 msgid "Cleanup the profiles for the given programs"
 msgstr ""
 
-#: ../aa-cleanprof:25 ../aa-autodep:26 ../aa-audit:27 ../aa-complain:25
-#: ../aa-enforce:25 ../aa-disable:25
+#: ../aa-cleanprof:25 ../aa-autodep:26 ../aa-audit:27 ../aa-complain:26
+#: ../aa-enforce:26 ../aa-disable:26
 msgid "name of program"
 msgstr "Name des Programms"
 
@@ -146,141 +146,133 @@ msgstr ""
 msgid "Perform a 2-way or 3-way merge on the given profiles"
 msgstr ""
 
-#: ../aa-mergeprof:31
+#: ../aa-mergeprof:28
 msgid "your profile"
 msgstr "Ihr Profil"
 
-#: ../aa-mergeprof:32
+#: ../aa-mergeprof:29
 msgid "base profile"
 msgstr ""
 
-#: ../aa-mergeprof:33
+#: ../aa-mergeprof:30
 msgid "other profile"
 msgstr ""
 
-#: ../aa-mergeprof:67 ../apparmor/aa.py:2345
+#: ../aa-mergeprof:53
 msgid ""
 "The following local profiles were changed. Would you like to save them?"
 msgstr ""
 "Die folgenden lokalen Profile wurden geändert. Möchten Sie sie speichern?"
 
-#: ../aa-mergeprof:148 ../aa-mergeprof:430 ../apparmor/aa.py:1767
+#: ../aa-mergeprof:131 ../aa-mergeprof:413
 msgid "Path"
 msgstr "Pfad"
 
-#: ../aa-mergeprof:149
+#: ../aa-mergeprof:132
 msgid "Select the appropriate mode"
 msgstr "Wählen Sie den passenden Modus"
 
-#: ../aa-mergeprof:166
+#: ../aa-mergeprof:149
 msgid "Unknown selection"
 msgstr "Unbekannte Auswahl"
 
-#: ../aa-mergeprof:183 ../aa-mergeprof:209
+#: ../aa-mergeprof:166 ../aa-mergeprof:192
 msgid "File includes"
 msgstr ""
 
-#: ../aa-mergeprof:183 ../aa-mergeprof:209
+#: ../aa-mergeprof:166 ../aa-mergeprof:192
 msgid "Select the ones you wish to add"
 msgstr ""
 
-#: ../aa-mergeprof:195 ../aa-mergeprof:222
+#: ../aa-mergeprof:178 ../aa-mergeprof:205
 #, python-format
 msgid "Adding %s to the file."
 msgstr "%s wird zum Profil hinzugefügt."
 
-#: ../aa-mergeprof:199 ../apparmor/aa.py:2258
+#: ../aa-mergeprof:182
 msgid "unknown"
 msgstr "unbekannt"
 
-#: ../aa-mergeprof:224 ../aa-mergeprof:275 ../aa-mergeprof:516
-#: ../aa-mergeprof:558 ../aa-mergeprof:675 ../apparmor/aa.py:1620
-#: ../apparmor/aa.py:1859 ../apparmor/aa.py:1899 ../apparmor/aa.py:2012
+#: ../aa-mergeprof:207 ../aa-mergeprof:258 ../aa-mergeprof:499
+#: ../aa-mergeprof:541 ../aa-mergeprof:658
 #, python-format
 msgid "Deleted %s previous matching profile entries."
 msgstr "%s vorherige übereinstimmende Profileinträge wurden gelöscht."
 
-#: ../aa-mergeprof:244 ../aa-mergeprof:429 ../aa-mergeprof:629
-#: ../aa-mergeprof:656 ../apparmor/aa.py:992 ../apparmor/aa.py:1252
-#: ../apparmor/aa.py:1562 ../apparmor/aa.py:1603 ../apparmor/aa.py:1766
-#: ../apparmor/aa.py:1958 ../apparmor/aa.py:1994
+#: ../aa-mergeprof:227 ../aa-mergeprof:412 ../aa-mergeprof:612
+#: ../aa-mergeprof:639
 msgid "Profile"
 msgstr "Profil"
 
-#: ../aa-mergeprof:245 ../apparmor/aa.py:1563 ../apparmor/aa.py:1604
+#: ../aa-mergeprof:228
 msgid "Capability"
 msgstr "Capability"
 
-#: ../aa-mergeprof:246 ../aa-mergeprof:480 ../apparmor/aa.py:1258
-#: ../apparmor/aa.py:1564 ../apparmor/aa.py:1605 ../apparmor/aa.py:1817
+#: ../aa-mergeprof:229 ../aa-mergeprof:463
 msgid "Severity"
 msgstr "Schweregrad"
 
-#: ../aa-mergeprof:273 ../aa-mergeprof:514 ../apparmor/aa.py:1618
-#: ../apparmor/aa.py:1857
+#: ../aa-mergeprof:256 ../aa-mergeprof:497
 #, python-format
 msgid "Adding %s to profile."
 msgstr "%s wird zum Profil hinzugefügt."
 
-#: ../aa-mergeprof:282 ../apparmor/aa.py:1627
+#: ../aa-mergeprof:265
 #, python-format
 msgid "Adding capability %s to profile."
 msgstr "Capability %s zum Profil hinzugefügt."
 
-#: ../aa-mergeprof:289 ../apparmor/aa.py:1634
+#: ../aa-mergeprof:272
 #, python-format
 msgid "Denying capability %s to profile."
 msgstr "Capability %s wird dem Profil verweigert."
 
-#: ../aa-mergeprof:439 ../aa-mergeprof:470 ../apparmor/aa.py:1776
-#: ../apparmor/aa.py:1807
+#: ../aa-mergeprof:422 ../aa-mergeprof:453
 msgid "(owner permissions off)"
 msgstr "(Eigentümerberechtigungen deaktiviert)"
 
-#: ../aa-mergeprof:444 ../apparmor/aa.py:1781
+#: ../aa-mergeprof:427
 msgid "(force new perms to owner)"
 msgstr "(neue Berechtigungen für Eigentümer erzwingen)"
 
-#: ../aa-mergeprof:447 ../apparmor/aa.py:1784
+#: ../aa-mergeprof:430
 msgid "(force all rule perms to owner)"
 msgstr "(alle Regelberechtigungen für Eigentümer erzwingen)"
 
-#: ../aa-mergeprof:459 ../apparmor/aa.py:1796
+#: ../aa-mergeprof:442
 msgid "Old Mode"
 msgstr "Alter Modus"
 
-#: ../aa-mergeprof:460 ../apparmor/aa.py:1797
+#: ../aa-mergeprof:443
 msgid "New Mode"
 msgstr "Neuer Modus"
 
-#: ../aa-mergeprof:475 ../apparmor/aa.py:1812
+#: ../aa-mergeprof:458
 msgid "(force perms to owner)"
 msgstr "(Berechtigungen für Eigentümer erzwingen)"
 
-#: ../aa-mergeprof:478 ../apparmor/aa.py:1815
+#: ../aa-mergeprof:461
 msgid "Mode"
 msgstr "Modus"
 
 #: ../aa-mergeprof:556
 #, python-format
 msgid "Adding %(path)s %(mod)s to profile"
-msgstr ""
+msgstr "%(path)s %(mod)s wird zum Profil hinzugefügt"
 
-#: ../aa-mergeprof:574 ../apparmor/aa.py:1915
+#: ../aa-mergeprof:557
 msgid "Enter new path: "
 msgstr "Neuen Pfad eingeben: "
 
-#: ../aa-mergeprof:630 ../aa-mergeprof:657 ../apparmor/aa.py:1959
-#: ../apparmor/aa.py:1995
+#: ../aa-mergeprof:613 ../aa-mergeprof:640
 msgid "Network Family"
 msgstr "Netzwerkfamilie"
 
-#: ../aa-mergeprof:631 ../aa-mergeprof:658 ../apparmor/aa.py:1960
-#: ../apparmor/aa.py:1996
+#: ../aa-mergeprof:614 ../aa-mergeprof:641
 msgid "Socket Type"
 msgstr "Socket-Typ"
 
-#: ../aa-mergeprof:673 ../apparmor/aa.py:2010
+#: ../aa-mergeprof:656
 #, python-format
 msgid "Adding %s to profile"
 msgstr "%s wird zum Profil hinzugefügt."
@@ -288,12 +280,12 @@ msgstr "%s wird zum Profil hinzugefügt."
 #: ../aa-mergeprof:683 ../apparmor/aa.py:2020
 #, python-format
 msgid "Adding network access %(family)s %(type)s to profile."
-msgstr ""
+msgstr "Netzwerkzugriff %(family)s %(type)s wird zum Profil hinzugefügt."
 
 #: ../aa-mergeprof:689 ../apparmor/aa.py:2026
 #, python-format
 msgid "Denying network access %(family)s %(type)s to profile"
-msgstr ""
+msgstr "Netzwerkzugriff %(family)s %(type)s wird dem Profil verweigert."
 
 #: ../aa-autodep:23
 msgid "Generate a basic AppArmor profile by guessing requirements"
@@ -327,11 +319,11 @@ msgstr "Das angegebene Programm in den Erzwingen-Modus versetzen"
 msgid "Disable the profile for the given programs"
 msgstr ""
 
-#: ../aa-unconfined:28
+#: ../aa-unconfined:26
 msgid "Lists unconfined processes having tcp or udp ports"
 msgstr ""
 
-#: ../aa-unconfined:29
+#: ../aa-unconfined:27
 msgid "scan all processes from /proc"
 msgstr ""
 

utils/test/severity_test.py

@@ -52,6 +52,8 @@ class Test(unittest.TestCase):
         self.assertEqual(rank, 9, 'Wrong rank')
         self.assertEqual(sev_db.rank('/etc/apparmor/**', 'r') , 6,  'Invalid Rank')
         self.assertEqual(sev_db.rank('/etc/**', 'r') , 10,  'Invalid Rank')
+        self.assertEqual(sev_db.rank('/usr/foo@bar', 'r') , 10,  'Invalid Rank')  ## filename containing @
+        self.assertEqual(sev_db.rank('/home/foo@bar', 'rw') , 6,  'Invalid Rank')  ## filename containing @
 
         # Load all variables for /sbin/klogd and test them
         sev_db.load_variables('profiles/sbin.klogd')

utils/vim/Makefile

@@ -12,13 +12,15 @@ endif
 MANPAGES=apparmor.vim.5
 VIM_INSTALL_PATH=${DESTDIR}/usr/share/apparmor
 
-all: apparmor.vim manpages
+all: apparmor.vim manpages htmlmanpages
 
 apparmor.vim: apparmor.vim.in Makefile create-apparmor.vim.py
 	${PYTHON} create-apparmor.vim.py > apparmor.vim
 
 manpages: $(MANPAGES)
 
+htmlmanpages: $(HTMLMANPAGES)
+
 install: apparmor.vim manpages
 	install -d $(VIM_INSTALL_PATH)
 	install -m 644 $< $(VIM_INSTALL_PATH)
@@ -29,5 +31,5 @@ check: check_pod_files
 	#Testing with all pythons
 	$(call pyalldo, create-apparmor.vim.py > /dev/null)
 
-clean:
-	rm -f apparmor.vim common $(MANPAGES)
+clean: _clean
+	rm -f apparmor.vim common

utils/vim/apparmor.vim.in

@@ -113,7 +113,7 @@ syn match sdError /^.*$/ contains=sdComment "highlight all non-valid lines as er
 " TODO: make a separate pattern for variable definitions, then mark sdGlob as contained
 syn match sdGlob /\v\?|\*|\{.*,.*\}|[[^\]]\+\]|\@\{[a-zA-Z][a-zA-Z0-9_]*\}/
 
-syn match sdAlias /\v^alias\s+@@FILENAME@@\s+-\>\s+@@FILENAME@@@@EOL@@/ contains=sdGlob
+syn match sdAlias /\v^alias\s+@@FILENAME@@\s+-\>\s+@@FILENAME@@@@EOL@@/ contains=sdGlob,sdComment
 
 " syn match sdComment /#.*/
 
@@ -164,10 +164,10 @@ syn match sdRLimit /\v^\s*set\s+rlimit\s+rttime\s+\<\=\s+[0-9]+(ms|seconds|minut
 syn match sdRLimit /\v^\s*set\s+rlimit\s+(cpu|rttime|nofile|nproc|rtprio|locks|sigpending|fsize|data|stack|core|rss|as|memlock|msgqueue|nice)\s+\<\=\s+infinity@@EOL@@/ contains=sdComment
 
 " link rules
-syn match sdEntryW /\v^\s+@@auditdenyowner@@link\s+(subset\s+)?@@FILENAME@@\s+-\>\s+@@FILENAME@@@@EOL@@/ contains=sdGlob
+syn match sdEntryW /\v^\s+@@auditdenyowner@@link\s+(subset\s+)?@@FILENAME@@\s+-\>\s+@@FILENAME@@@@EOL@@/ contains=sdGlob,sdComment
 
 
-syn match sdExtHat  /\v^\s+(\^|profile\s+)\S+@@EOL@@/ contains=sdComment " hat without {...}
+syn match sdExtHat  /\v^\s+(\^|hat\s+|profile\s+)\S+@@EOL@@/ contains=sdComment " hat without {...}
 
 
 
@@ -176,7 +176,7 @@ syn match sdProfileName /\v^((profile\s+)?\/\S+|profile\s+([a-zA-Z0-9]\S*\s)?\S+
 syn match sdProfileStart /{/ contained 
 syn match sdProfileEnd /^}\s*(#.*)?$/ contained " TODO: syn region does not (yet?) allow usage of comment in end=
                                                 " TODO: Removing the $ mark from end= will allow non-comments also :-(
-syn match sdHatName /\v^\s+(\^|profile\s+)\S+\s+@@flags@@=\{/ contains=sdProfileStart,sdFlags,sdComment
+syn match sdHatName /\v^\s+(\^|hat\s+|profile\s+)\S+\s+@@flags@@=\{/ contains=sdProfileStart,sdFlags,sdComment
 syn match sdHatStart /{/ contained 
 syn match sdHatEnd /}/ contained " TODO: allow comments + [same as for syn match sdProfileEnd]
 syn match sdFlags /\v@@flags@@/ contained contains=sdFlagKey
@@ -190,7 +190,7 @@ syn match sdInclude /\s*include\s<\S*>/  " TODO: doesn't check until $
 " basic profile block...
 " \s+ does not work in end=, therefore using \s\s*
 syn region Normal start=/\v^(profile\s+)?\S+\s+@@flags@@=\{/ matchgroup=sdProfileEnd end=/^}\s*$/ contains=sdProfileName,Hat,@sdEntry,sdComment,sdError,sdInclude
-syn region Hat start=/\v^\s+(\^|profile\s+)\S+\s+@@flags@@=\{/ matchgroup=sdHatEnd end=/^\s\s*}\s*$/ contains=sdHatName,@sdEntry,sdComment,sdError,sdInclude
+syn region Hat start=/\v^\s+(\^|hat\s+|profile\s+)\S+\s+@@flags@@=\{/ matchgroup=sdHatEnd end=/^\s\s*}\s*$/ contains=sdHatName,@sdEntry,sdComment,sdError,sdInclude
 
 " file permissions