diff --git a/Release_Notes_2.13.3.md b/Release_Notes_2.13.3.md index 016b1e0..5deaeea 100644 --- a/Release_Notes_2.13.3.md +++ b/Release_Notes_2.13.3.md @@ -21,40 +21,118 @@ Tarball - sha256sum: ??? - signature: +# Translations +- sync to most up to date language translations available +# Build & Infrastructure +- add files to .gitignore + - swig auto generated files for ruby +- fix libapparmor swig 4 failure 'aa_log_record' object has no attribute '__getattr__' + + +# libapparmor +- fix segfault in overlaydirat_for_each causing overlayed cache directory failures +- fix segfault when loading policy cache files +- fix failure to merge overlay directories in some situations Policy Compiler (a.k.a apparmor\_parser) ---------------------------------------- -- ??? +- fix parsing of target profile NAME in directed transitions “px -> NAME" +- fix parser failing to handle errors when setting up work causing early abort resulting in failed loads or policy compiles +- improve runtime attachment by determine xmatch priority based on smallest DFA match +- don't skip cache loads just because optimizations flags are specified + Init ---- -- ??? +- apparmor.systemd: fix minor issues detected by shellcheck +- fix return value when removing profiles + Utils ----- - genprof/logprof - - ??? + - Ensure there is always a fallback falue for the logfile location + - fix handling of log stream when the suggestion of creating a new hat is rejected Policy ------ -- ??? - - Profiles - - ??? + - dovecot + - allow FD passing between dovecot and dovecot's anvil + - allow chroot'ing the auth processes + - let dovecot/anvil rw the auth-penalty socket + - auth processes need to read from postfix auth socket + - add abstractions/ssl_certs to lmtp + - allow master to use SIGTERM on children that are slow to die + - align {pop3,managesieve}-login to imap-login + - identd + - allow network netlink dgram + - syslog-ng + - add abstractions/python for python-parser + - lsb_release profile: new abstraction + - dnsmasq: + - allow peer=libvirtd to support named profile + - Work around breakage caused by {bin,sbin} alternation + - Revert /usr/{bin,sbin}/ alternation in dnsmasq profile name + - msqld: + - add mmap permission for mysqld (4.8 semantic change) + - allow mysql to determine which cpus are online + - allow locking of mysql files + + +- Tunables + - share: + - make it play well with aliases + - fix buggy syntax that broke the ~/.local/share part of the @{user_share_dirs} tunable - Abstractions - - ??? + - move dirc.d access from mesa to dir-common + - base: allow mr permission on all *.so* common library paths + - dri-common: allow reading /dev/dri/ + - ssl_certs,keys - add support for libdehydrated in /var/lib/ + - qt5: allow reading user configuration + - qt5-settings-write: fix anonymous shared memory access + - qt5-compose-cache-write: fix anonymous shared memory access + - nameservice: allow access to /run/netconfig/resolv.conf + - mesa: allow reading drirc.d + - vulcan: allow reading /etc/vulkan/icd.d/ + - nvidia: allow reading nvidia application profiles + - postfix-common: make compatible with updated postfix profiles naming + - python: allow reading /usr/local/lib/python3 + - ldapclient: allow rw access to the nslcd socket + - ubuntu-browsers.d/multimedia: allow creating/writing config dirs + - audio: + - fix alsa settings access + - grant read access to the system-wide asound.conf + - grant read access to the libao configuration files + - fonts: + - Allow to read conf-avail dir itself. + - Add various openSUSE-specific font config directories + - allow creating/writing config dirs + - kde: + - allow access to common KDE-specific settings + - allow access to global KDE settings + - gnome: + - allow reading gtk-3.0 cache files + - allow creating config dirs Tests ----- -- ??? +- fix mount test to use next available loop device +- update tests to support distros with user-merge where /bin and /sbin are symlinks +- fix regression test failures around new binary cache layout +- update tests for new network domain keywords +- update tests for base abstraction changes + Documentation ------------- -- ??? +- apparmor.d (7): + - update list of network domain keywords + - drop unsupported 'to' option for link rules from manpage Note ====