From 80c9cf391ed01a56a46ec7fd185c56bd3c7d7f0a Mon Sep 17 00:00:00 2001
From: John Johansen <john@jjmx.net>
Date: Thu, 10 Nov 2022 14:36:14 +0000
Subject: [PATCH] Update Release_Notes_3.1.1

---
 Release_Notes_3.1.1.md | 238 +++++++++++++++++++++++++++++++++++++++--
 1 file changed, 227 insertions(+), 11 deletions(-)

diff --git a/Release_Notes_3.1.1.md b/Release_Notes_3.1.1.md
index 6566b39..98e7bba 100644
--- a/Release_Notes_3.1.1.md
+++ b/Release_Notes_3.1.1.md
@@ -31,19 +31,235 @@ There are two ways to obtain this release either through gitlab or a tarball in
 These release notes cover all changes between 3.1 (7c7224004c31389229877634a217fcc0c8e8567d) ) and 3.1.1 (ea127f13cd2c58ae883fb7c87a3ad91317a55c2d) on the [apparmor-3.1 branch](https://gitlab.com/apparmor/apparmor/tree/apparmor-3.1.
 
 
-## Init
-
-## Library
-
-## Policy Compiler (a.k.a apparmor_parser)
-
-## Utils
+#Init
+- rc.apparmor.functions: only use systemd-detect-virt if it's present ([MR:896](https://gitlab.com/apparmor/apparmor/-/merge_requests/896))
+- profile-load: use safer and less ambiguous shell constructs ([MR:849](https://gitlab.com/apparmor/apparmor/-/merge_requests/849), [LP:1058356](https://bugs.launchpad.net/bugs/1058356))
+- Make the systemd unit a no-op in containers with no internal policy ([MR:840](https://gitlab.com/apparmor/apparmor/-/merge_requests/840), ([LP:978297](https://bugs.launchpad.net/bugs/978297)))
+- Import profile-load script from Debian ([MR:841](https://gitlab.com/apparmor/apparmor/-/merge_requests/841))
+- Lint and fix shell code and add shellcheck CI job ([MR:842](https://gitlab.com/apparmor/apparmor/-/merge_requests/842))
+- Remove unused init scripts, minor improvement to Slackware init script output ([MR:845](https://gitlab.com/apparmor/apparmor/-/merge_requests/845))
+- Drop unused failstop_system() from rc.apparmor.functions ([MR:835](https://gitlab.com/apparmor/apparmor/-/merge_requests/835))
+- Simplify profiles_names_list() ([MR:834](https://gitlab.com/apparmor/apparmor/-/merge_requests/834))
+- Drop now-obsolete comment about skip_profile() ([MR:833](https://gitlab.com/apparmor/apparmor/-/merge_requests/833))
+- Enable AppArmor to run properly under WSL/systemd ([MR:812](https://gitlab.com/apparmor/apparmor/-/merge_requests/812))
+- make xargs invocation busybox-compatible ([MR:828](https://gitlab.com/apparmor/apparmor/-/merge_requests/828))
 
 
-## Policy
 
-#### abstractions
 
-#### profiles
 
-## Tests
+#Library
+- Cleanup Python Style Guide Infractions ([MR:906](https://gitlab.com/apparmor/apparmor/-/merge_requests/906))
+- Fix setuptools version detection in buildpath.py ([MR:904](https://gitlab.com/apparmor/apparmor/-/merge_requests/904), [AABUG:39](https://gitlab.com/apparmor/apparmor/-/issues/39))
+- Support setuptools >= 61.2 in Python tests ([MR:897](https://gitlab.com/apparmor/apparmor/-/merge_requests/897))
+- Remove Python 2 support ([MR:894](https://gitlab.com/apparmor/apparmor/-/merge_requests/894))
+- fix debug build of log parsing ((https://gitlab.com/apparmor/apparmor/-/merge_requests/799), [AABUG:196](https://gitlab.com/apparmor/apparmor/-/issues/196))
+- fix log parsing for socklogd ((https://gitlab.com/apparmor/apparmor/-/merge_requests/799), [AABUG:196](https://gitlab.com/apparmor/apparmor/-/issues/196))
+- fix memory leaks in logparsing ((https://gitlab.com/apparmor/apparmor/-/merge_requests/799), [AABUG:196](https://gitlab.com/apparmor/apparmor/-/issues/196))
+- fix debug build of log parsing ((https://gitlab.com/apparmor/apparmor/-/merge_requests/799), [AABUG:196](https://gitlab.com/apparmor/apparmor/-/issues/196))
+- fix error value returned from features_lookup functions. ([MR:780](https://gitlab.com/apparmor/apparmor/-/merge_requests/780))
+- fix stacking and avaiable interface checks ([MR:713](https://gitlab.com/apparmor/apparmor/-/merge_requests/713), [AABUG:150](https://gitlab.com/apparmor/apparmor/-/issues/150))
+
+
+#Policy Compiler (a.k.a apparmor_parser)
+- fix build failure by adding missing <cstdint> include ([MR:882](https://gitlab.com/apparmor/apparmor/-/merge_requests/882))
+- fix building with link time optimization (lto) ([MR:851](https://gitlab.com/apparmor/apparmor/-/merge_requests/851), [AABUG:214](https://gitlab.com/apparmor/apparmor/-/issues/214))
+- Add support for 'mctp' network domain keyword ([MR:832](https://gitlab.com/apparmor/apparmor/-/merge_requests/832))
+- Move to pregenerated af_names.h similar to cap_names.h ([MR:808](https://gitlab.com/apparmor/apparmor/-/merge_requests/808), [AABUG:195](https://gitlab.com/apparmor/apparmor/-/issues/195))
+- Fix unknown state condition RLIMIT_MODEINCLDE ([MR:803](https://gitlab.com/apparmor/apparmor/-/merge_requests/803))
+- add implicit rules for apparmor api checks ([MR:713](https://gitlab.com/apparmor/apparmor/-/merge_requests/713), [AABUG:150](https://gitlab.com/apparmor/apparmor/-/issues/150))
+- fix handling of jobs ([MR:775](https://gitlab.com/apparmor/apparmor/-/merge_requests/775))
+
+
+
+# Bin Utils
+- aa-feature-abi
+  - fix failure to close fd due to shadowed var decl ([MR:804](https://gitlab.com/apparmor/apparmor/-/merge_requests/804))
+  - make -f short arg actually be accepted ([MR:804](https://gitlab.com/apparmor/apparmor/-/merge_requests/804))
+
+#Utils
+- Cleanup Python Style Guide Infractions ([MR:906](https://gitlab.com/apparmor/apparmor/-/merge_requests/906))
+- Ensure opened files are closed. ([MR:885](https://gitlab.com/apparmor/apparmor/-/merge_requests/885), [MR:898](https://gitlab.com/apparmor/apparmor/-/merge_requests/898), [AABUG:239](https://gitlab.com/apparmor/apparmor/-/issues/239), [AABUG:239](https://gitlab.com/apparmor/apparmor/-/issues/239))
+- Remove Python 2 support ([MR:894](https://gitlab.com/apparmor/apparmor/-/merge_requests/894))
+- Speed up list creations, and change lists to tuples where appropriate. ([MR:889](https://gitlab.com/apparmor/apparmor/-/merge_requests/889))
+- Avoid unnecessary memory copies when enlarging lists. ([MR:886](https://gitlab.com/apparmor/apparmor/-/merge_requests/886))
+- Fix spelling and grammar errors. ([MR:887](https://gitlab.com/apparmor/apparmor/-/merge_requests/887))
+- inline check_profile_dir() into __init__() ([MR:874](https://gitlab.com/apparmor/apparmor/-/merge_requests/874))
+- add a common reload_profile() function to aa.py ([MR:855](https://gitlab.com/apparmor/apparmor/-/merge_requests/855))
+- reduce and improve subprocess calls ([MR:856](https://gitlab.com/apparmor/apparmor/-/merge_requests/856))
+- Lint and fix shell code and add shellcheck CI job ([MR:842](https://gitlab.com/apparmor/apparmor/-/merge_requests/842))
+- Merge Drop superfluous shebang from python module ([MR:846](https://gitlab.com/apparmor/apparmor/-/merge_requests/846))
+- Add support for 'mctp' network domain keyword ([MR:832](https://gitlab.com/apparmor/apparmor/-/merge_requests/832))
+- convert utils to use dicts ([MR:817](https://gitlab.com/apparmor/apparmor/-/merge_requests/817), [MR:764](https://gitlab.com/apparmor/apparmor/-/merge_requests/764))
+- Add support for reading s390x and aarch64 wtmp file ([MR:809](https://gitlab.com/apparmor/apparmor/-/merge_requests/809), [BOO:1181155](https://bugzilla.opensuse.org/show_bug.cgi?id=1181155))
+- cleanup and use more broadly imports from apparmor.common ([MR:794](https://gitlab.com/apparmor/apparmor/-/merge_requests/794))
+- use internal which implementation ([MR:784](https://gitlab.com/apparmor/apparmor/-/merge_requests/784))
+- Store empty xattrs as empty string ([MR:786](https://gitlab.com/apparmor/apparmor/-/merge_requests/786))
+- Fix crash when prompting user about an exec ([MR:763](https://gitlab.com/apparmor/apparmor/-/merge_requests/763))
+- remove unnecessary flag parameters, and use correct amout of whitespace around kept flags ([MR:759](https://gitlab.com/apparmor/apparmor/-/merge_requests/759), [MR:757](https://gitlab.com/apparmor/apparmor/-/merge_requests/757))
+- preserve comments, profile and hat keywords in parse ([MR:758](https://gitlab.com/apparmor/apparmor/-/merge_requests/758), [MR:756](https://gitlab.com/apparmor/apparmor/-/merge_requests/756))
+
+- aa-decode
+  use grep -E instead of egrep ([MR:792](https://gitlab.com/apparmor/apparmor/-/merge_requests/792))
+
+- aa-logprof
+  - Add new python versions to logprof.conf ([MR:795](https://gitlab.com/apparmor/apparmor/-/merge_requests/795), [AABUG:193](https://gitlab.com/apparmor/apparmor/-/issues/193))
+
+- aa-notify
+  - Add .desktop file ([MR:839](https://gitlab.com/apparmor/apparmor/-/merge_requests/839))
+  - avoid crash on log events without operation= ([MR:797](https://gitlab.com/apparmor/apparmor/-/merge_requests/797), [AABUG:194](https://gitlab.com/apparmor/apparmor/-/issues/194))
+
+- aa-remove-unknown
+  - abort on parser failure ([MR:836](https://gitlab.com/apparmor/apparmor/-/merge_requests/836))
+  - Drop superfluous $0 parameter from usage() ([MR:785](https://gitlab.com/apparmor/apparmor/-/merge_requests/785))
+
+- aa-unconfined
+  - Improve fallback handling to attr/current ([MR:801](https://gitlab.com/apparmor/apparmor/-/merge_requests/801), [AABUG:199](https://gitlab.com/apparmor/apparmor/-/issues/199))
+
+
+
+
+#Policy
+
+##tunables
+
+- Define @{HOMEDIRS} before using it in @{HOME} ([MR:820](https://gitlab.com/apparmor/apparmor/-/merge_requests/820), [debug1003158](https://bugs.debian.org/1003158))
+
+
+##abstractions
+- apache2-common
+  - update so that other processes can trace the hats that include the abstraction ([MR:852](https://gitlab.com/apparmor/apparmor/-/merge_requests/852), [debug1003153](https://bugs.debian.org/1003153))
+
+- authentication
+  - Allow reading /etc/login.defs.d/ ([MR:774](https://gitlab.com/apparmor/apparmor/-/merge_requests/774), [BOO:1188296](https://bugzilla.opensuse.org/show_bug.cgi?id=1188296))
+
+- crypto
+  - create new abstraction refactor other abstractions to use it ([MR:772](https://gitlab.com/apparmor/apparmor/-/merge_requests/772))
+
+- exo-open
+  - Remove dbus deny rule ([MR:884](https://gitlab.com/apparmor/apparmor/-/merge_requests/884))
+
+- gtk
+  - new GTK abstraction ([MR:825](https://gitlab.com/apparmor/apparmor/-/merge_requests/825), [AABUG:168](https://gitlab.com/apparmor/apparmor/-/issues/168))
+  - add support for gtk4. ([MR:857](https://gitlab.com/apparmor/apparmor/-/merge_requests/857))
+
+- ibus
+ - Allow access to socket directory used by recent ibus-daemon ([MR:837](https://gitlab.com/apparmor/apparmor/-/merge_requests/837))
+
+- is_enabled
+  - new apparmor api abstraction is_enabled ([MR:713](https://gitlab.com/apparmor/apparmor/-/merge_requests/713), [AABUG:150](https://gitlab.com/apparmor/apparmor/-/issues/150))
+
+- mesa
+  - Update to support current versions ([MR:879](https://gitlab.com/apparmor/apparmor/-/merge_requests/879))
+
+- nss-systemd
+  - Allow access for systemd-machined names ([MR:861](https://gitlab.com/apparmor/apparmor/-/merge_requests/861), [LP:1964325](https://bugs.launchpad.net/bugs/1964325))
+
+- openssl
+  - allow /etc/ssl/{engdef,engines}.d/ ([MR:818](https://gitlab.com/apparmor/apparmor/-/merge_requests/818))
+
+
+- php
+  - Allow reading all of /etc/php[578]/** ([MR:876](https://gitlab.com/apparmor/apparmor/-/merge_requests/876), [AABUG:229](https://gitlab.com/apparmor/apparmor/-/issues/229), [BOO:1186267](https://bugzilla.opensuse.org/show_bug.cgi?id=1186267)#c11)
+  - support PHP 8 ([MR:755](https://gitlab.com/apparmor/apparmor/-/merge_requests/755), [BOO:1186267](https://bugzilla.opensuse.org/show_bug.cgi?id=1186267))
+
+- python
+  -  update perms and merge /usr/ and /usr/local/ rules ([MR:814](https://gitlab.com/apparmor/apparmor/-/merge_requests/814))
+  - update for python 3.10 ([MR:783](https://gitlab.com/apparmor/apparmor/-/merge_requests/783), [AABUG:187](https://gitlab.com/apparmor/apparmor/-/issues/187))
+
+- samba
+  - Squash noisey setsockopt calls. ([MR:867](https://gitlab.com/apparmor/apparmor/-/merge_requests/867))
+  - allow libldb2 paths ([MR:821](https://gitlab.com/apparmor/apparmor/-/merge_requests/821), [BOO:1192684](https://bugzilla.opensuse.org/show_bug.cgi?id=1192684))
+  - allow use of /run/lock/samba ([MR:805](https://gitlab.com/apparmor/apparmor!805))
+
+- snap_browsers
+  - add new snap-browsers abstraction ([MR:806](https://gitlab.com/apparmor/apparmor/-/merge_requests/806)
+  - update to support newer browsers ([MR:877](https://gitlab.com/apparmor/apparmor/-/merge_requests/877))
+
+- ssl_certs
+  -  extend pki/trust directories ([MR:864](https://gitlab.com/apparmor/apparmor/-/merge_requests/864))
+  - allow reading crypto policies ([MR:720](https://gitlab.com/apparmor/apparmor/-/merge_requests/720))
+
+- ubuntu-helpers
+  - Fix: Opening links with Chrome ([MR:830](https://gitlab.com/apparmor/apparmor/-/merge_requests/830))
+  - Include local customization ([MR:796](https://gitlab.com/apparmor/apparmor/-/merge_requests/796), [debug990499](https://bugs.debian.org/990499))
+
+- video
+  - sys rule ([MR:791](https://gitlab.com/apparmor/apparmor/-/merge_requests/791))
+
+
+
+##profiles
+- update for python 3.10 ([MR:783](https://gitlab.com/apparmor/apparmor/-/merge_requests/783), [AABUG:187](https://gitlab.com/apparmor/apparmor/-/issues/187))
+
+- avahi-daemon
+  - Add missing /proc permissions ([MR:811](https://gitlab.com/apparmor/apparmor/-/merge_requests/811), [AABUG:203](https://gitlab.com/apparmor/apparmor/-/issues/203))
+
+- dnsmasq
+  - Add missing r permissions for libvirt_leaseshelper ([MR:905](https://gitlab.com/apparmor/apparmor/-/merge_requests/905), [BOO:1202161](https://bugzilla.opensuse.org/show_bug.cgi?id=1202161))
+  - allow paths for podman dnsname plugin in rootless mode ([MR:909](https://gitlab.com/apparmor/apparmor/-/merge_requests/909))
+  - allow paths for podman dnsname plugin ([MR:800](https://gitlab.com/apparmor/apparmor/-/merge_requests/800), [BOO:1190271](https://bugzilla.opensuse.org/show_bug.cgi?id=1190271))
+
+- dovecot
+  - Add missing permissions for dovecot-{imap,lmtp,pop3} ([MR:881](https://gitlab.com/apparmor/apparmor/-/merge_requests/881), [BOO:1199535](https://bugzilla.opensuse.org/show_bug.cgi?id=1199535))
+  - Allow dovecot to use all signals ([MR:865](https://gitlab.com/apparmor/apparmor/-/merge_requests/865))
+  - allow Prometheus metrics end-point in dovecot/stats ([MR:776](https://gitlab.com/apparmor/apparmor/-/merge_requests/776))
+
+- samba
+  - Add profile for samba-bgqd ([MR:871](https://gitlab.com/apparmor/apparmor/-/merge_requests/871), [BOO:1191532](https://bugzilla.opensuse.org/show_bug.cgi?id=1191532))
+  - support paths used by Arch Linux ([MR:883](https://gitlab.com/apparmor/apparmor/-/merge_requests/883))
+  - update samba-dceprpc & samba-rpcd-* ([MR:880](https://gitlab.com/apparmor/apparmor/-/merge_requests/880), [BOO:1198309](https://bugzilla.opensuse.org/show_bug.cgi?id=1198309))
+  - support samba-4.16 ([MR:871](https://gitlab.com/apparmor/apparmor/-/merge_requests/871), [BOO:1198309](https://bugzilla.opensuse.org/show_bug.cgi?id=1198309))
+  - Fix read access denied on /proc/*/fd ([MR:860](https://gitlab.com/apparmor/apparmor/-/merge_requests/860))
+  - allow reading openssl.cnf ([MR:862](https://gitlab.com/apparmor/apparmor/-/merge_requests/862), [BOO:1195463](https://bugzilla.opensuse.org/show_bug.cgi?id=1195463))
+  - allow reading under /usr/share/samba ([MR:853](https://gitlab.com/apparmor/apparmor/-/merge_requests/853))
+  - include snippet generated at runtime on Debian and openSUSE ([MR:838](https://gitlab.com/apparmor/apparmor/-/merge_requests/838))
+  - Fix file_mmap violation for [MR:819](https://gitlab.com/apparmor/apparmor/-/merge_requests/819), [BOO#1192336](https://bugzilla.opensuse.org/show_bug.cgi?id=1192336))
+
+- rpc.statd
+  - add hosts_access abstraction and /etc/nfs.conf{,.d/} ([MR:866](https://gitlab.com/apparmor/apparmor/-/merge_requests/866))
+
+- syslogd
+  - Update support for inetutils-syslogd ([MR:888](https://gitlab.com/apparmor/apparmor/-/merge_requests/888))
+
+- zgrep
+  - new profile ([MR:870](https://gitlab.com/apparmor/apparmor/-/merge_requests/870))
+  - allow executing egrep and fgrep ([MR:892](https://gitlab.com/apparmor/apparmor/-/merge_requests/892))
+  - allow zstd ([MR:878](https://gitlab.com/apparmor/apparmor/-/merge_requests/878))
+  - allow executing /usr/bin/expr ([MR:873](https://gitlab.com/apparmor/apparmor/-/merge_requests/873), [BOO:1198531](https://bugzilla.opensuse.org/show_bug.cgi?id=1198531))
+
+
+
+#Tests
+- Cleanup Python Style Guide Infractions ([MR:906](https://gitlab.com/apparmor/apparmor/-/merge_requests/906))
+- Fix utils testing of parser. Set (instead of compare) exresult ([MR:907](https://gitlab.com/apparmor/apparmor/-/merge_requests/907))
+- dirtest.sh: don't rely on apparmor_parser -N's output sort order to be deterministic ([MR:900](https://gitlab.com/apparmor/apparmor/-/merge_requests/900))
+- Remove Python 2 support ([MR:894](https://gitlab.com/apparmor/apparmor/-/merge_requests/894))
+- Fix inconsistent return length when testing the parser ([MR:890](https://gitlab.com/apparmor/apparmor/-/merge_requests/890))
+- Speed up list creations, and change lists to tuples where appropriate. ([MR:889](https://gitlab.com/apparmor/apparmor/-/merge_requests/889))
+- Add empty and cut-off bad abi rule tests ([MR:875](https://gitlab.com/apparmor/apparmor/-/merge_requests/875))
+- parser test dirtest.sh: error out on unexpected success ([MR:868](https://gitlab.com/apparmor/apparmor/-/merge_requests/868))
+- make test-aa-notify test_help_contents () less strict ([MR:848](https://gitlab.com/apparmor/apparmor/-/merge_requests/848), [AABUG:220](https://gitlab.com/apparmor/apparmor/-/issues/220))
+- shellcheck: skip files generated during libapparmor build ([MR:847](https://gitlab.com/apparmor/apparmor/-/merge_requests/847))
+- Lint and fix shell code and add shellcheck CI job ([MR:842](https://gitlab.com/apparmor/apparmor/-/merge_requests/842))
+- add attach_disconnected tests ([MR:810](https://gitlab.com/apparmor/apparmor/-/merge_requests/810))
+- disable file query test for kernels that don't provide the query feature ([MR:769](https://gitlab.com/apparmor/apparmor/-/merge_requests/769))
+- Make order of variable replacements constant ([MR:790](https://gitlab.com/apparmor/apparmor/-/merge_requests/790))
+- fix aa_policy_cache when using system parser ([MR:782](https://gitlab.com/apparmor/apparmor/-/merge_requests/782))
+- add options to skip specific profiles ([MR:677](https://gitlab.com/apparmor/apparmor/-/merge_requests/677))
+- Fix location of config dir ([MR:762](https://gitlab.com/apparmor/apparmor/-/merge_requests/762), [AABUG:177](https://gitlab.com/apparmor/apparmor/-/issues/177))
+
+
+#infastructure
+- gitlab-ci: enable Secret-Detection and a few SAST analyzers ([MR:844](https://gitlab.com/apparmor/apparmor/-/merge_requests/844))
+- gitlab-ci: parallelize across multiple jobs, only install necessary dependencies ([MR:843](https://gitlab.com/apparmor/apparmor/-/merge_requests/843))
+- gitlab-ci: Lint shell code and add shellcheck CI job ([MR:842](https://gitlab.com/apparmor/apparmor/-/merge_requests/842))
+- add built test files to gitignore ([MR:826](https://gitlab.com/apparmor/apparmor/-/merge_requests/826))
+- CI: always collect test artifacts ([MR:787](https://gitlab.com/apparmor/apparmor/-/merge_requests/787))
+- Generate and keep html in utils coverage-regression ([MR:771](https://gitlab.com/apparmor/apparmor/-/merge_requests/771))
+
+
+#Documentation
+- apparmor.d man page
+  - fix typos ([MR:789](https://gitlab.com/apparmor/apparmor/-/merge_requests/789), [AABUG:192](https://gitlab.com/apparmor/apparmor/-/issues/192))
+