Update Release_Notes_2.13.2

2025-08-29 13:28:19 +00:00 · 2018-12-19 11:43:21 +00:00 · 2018-12-19 11:43:21 +00:00 · 2a70ed458a
commit 2a70ed458a
parent 9f84fb7701
1 changed files with 29 additions and 81 deletions
--- a/Release_Notes_2.13.2.md
+++ b/Release_Notes_2.13.2.md
@ -22,114 +22,62 @@ Tarball
 -   signature: <https://launchpad.net/apparmor/2.13/2.13.2/+download/apparmor-2.13.2.tar.gz.asc>
 Build Infrastructure
 --------------------
 ???
 -   fix FTBFS w/older glibc
 Policy Compiler (a.k.a apparmor\_parser)
 ----------------------------------------
 - Fix failures due to -M only setting compile-features
 - Don't hard code the location of netinet/in.h.
 ???
 -   allow specifying the parser config file
 Init
 ----
-   fix permissions of apparmor.systemd helper script
+- Ignore *.orig and *.rej files when loading profiles
-   skip XBPS conffile artifacts
+- Fix syntax error in rc.apparmor.functions which could cause policy load failures
 Library
 -------
 ???
 -   do not honor $LIBAPPARMOR_DEBUG when `secure_getenv` is undefined
 Utils
 -----
 ???
 -  genprof/logprof
-   - error out on nested child profiles which are not currently supported
+   - Fix viewing a local inactive profile in aa-genprof
-
+   - Ensure last line in a profile is valid   
-   aa-notify
+   - Fix handling of options when serializing profiles
-    - make message about notify-send package cross-distro compatible
+   - Fix minitools for named profiles
-    - Read user's configuration file from XDG_CONFIG_HOME
+   - Fix preview when viewing profile changes
 -   sandbox.py
    - remove unused exception binding
 Policy
 ------
-???
+- Use @{sys} tunable in profiles and abstractions
 - Profiles
-  - support distributions which merge sbin into bin
+  - Add profile names to all profiles with {bin,sbin} attachment except for the dnsmasq profile
-  - ping: support void linux binary location
+
-  - traceroute: support void linux binary location
+  - dovecot: allow reading /proc/sys/fs/suid_dumpable
-  - dnsmasq
+  - postalias: allow locking /etc/aliases.db
-    - add paths for NetworkManager connection sharing
+  - dnsmasq:
-    - add permission to open log files
+    - Add pid file used by NetworkManager
-  - allow running Thunderbird wrapper script
+    - Adjust pattern for log files to comply with SELinux
  - ntpd
    - allow access to ntp clockstat
    - add openntpd drift and socket files
    - support void linux binary location
  - samba
    - allow smbd to load new shared libraries
    - allow winbindd to read and write new kerberos cache location
    - nmbd
      - add missing files
      - support writing to /run/systemd/notify
    - smbd add missing pid lock file
  - update usr.sbin.useradd to support usr-merge
 - Tunables
  - Make variables value more readable by avoiding the use of too many alternations.
  - Add uid and uids kernel var placeholders
 - Abstractions
-  - add qt5 abstraction
+  - private-files: deny ~/.mutt**
-  - add qt5-compose-cache-write abstraction
+  - private-files-strict: audit deny ~/.aws
-  - ubuntu-email: add new Thunderbird executable path
+  - ssl_key: Add /etc/letsencrypt/archive
-  - ubuntu-browsers.d/user-files: disallow access to the dirs of private files
+  - Add vulkan abstraction
  - private-files: disallow writes to thumbnailer dir (LP: #1788929)
  - private-files-strict: disallow access to the dirs of private files
  - user-files: disallow access to the dirs of private files
  - remove antiquated abstractions/launchpad-integration
  - kde: use qt5 abstration
  - samba: add missing log files
  - add recent documents write abstraction and update abstractions to use it
  - add OpenCL abstraction
  - kde: drop redundant rules for icons access
  - ssl
    - add dehydrated certificate support
    - support new location for ssl-params file
  - php: allow ICU (unicode support) data tables
  - Python:
    - add support for python 3.7
    - allow /usr/local/lib/python3/dist-packages
  - freedesktop.org:
    - factor out duplicated path components with variables
    - treat Flatpak exports the same way as bits shipped by the distro.
    - simplify by not attempting to guess the exhaustive list of files that can exist in {~/.local/share,/usr/share}/applications/.
    - refactor for consistency.
  - nvidia
    - opencl: don't allow PUx on nvidia-modprobe
    - use nvidia_modprobe profile inside opencl-nvidia
 Tests
 -----
- mount regression test: convert mount test to use MS_NODE
+- error out on superfluous TODOs
- use --config-file in tests so they are unaffected by the system parser.conf file
+- disable abi/ok_10 and abi/ok_12 tests
 - Remove TODO notes from no-longer-failing tests
 - add utils/test/common_test.pyc to gitignore
 Documentation
 -------------
- update documentation to references gitlab and updated bug reporting procedures.
+- apparmor(7): document various debugging options.
 - aa-notify(8): update user's configuration file path
 Note
@ -139,4 +87,4 @@ There is a semantic change in the 4.8 kernel (commit
 9f834ec18defc369d73ccf9e87a2790bfa05bf46) that affects apparmor policy
 enforcement. Specifically it affects when the m permission bit is
 checked for elf binary executables. Policy and tests within apparmor
-2.12 and later have been updated to support running on pre 4.8 and 4.8+ kernels.
+2.12 and later have been updated to support running on pre 4.8 and 4.8+ kernels.