The m4 shipped to handle Python was incorrectly clearing
$CPPFLAGS. Additionally, do not repeat compiler flags for automake
targets that already include them, and pass more flags to the Perl build.
Merge from trunk rev 2034: fix aa-logprof rewrite of PUx modes
When writing out a profile, aa-logprof incorrectly converts PUx execute
permission modes to the syntactically invalid UPx mode, because the
function that converts the internal representation of permissions to
a string emits the U(nconfined) mode bit before the P bit.
This patch corrects this by reordering the way the exec permissions
are emitted, so that P and C modes come before U and i. Based on http://wiki.apparmor.net/index.php/AppArmor_Core_Policy_Reference#Execute_rules
this should emit the modes correctly in all combined exec modes.
Other approaches to fixing this would require adjusting the data
structure that contains the permission modes, resulting in a more
invasive patch.
Nominated-By: Steve Beattie <email address hidden>
Signed-Off-By: John Johansen <email address hidden>
This patch modifies the libapparmor log parsing code to add support
for the additional ip address and port keywords that can occur in
network rejection rules. The laddr and faddr keywords stand for local
address and foreign address respectively.
The regex used to match an ip address is not very strict, to hopefully
catch the formats that the kernel emits for ipv6 addresses; however,
because this is in a context triggered by the addr keywords, it should
not over-eagerly consume non-ip addresses. Said addresses are returned
as strings in the struct to be processed by the calling application.
Nominated-By: Christian Boltz <email address hidden>
Signed-Off-By: John Johansen <email address hidden>
Fix bug in toplevel Makefile REPO_URL reference that caused release
tarballs to be pulled from trunk rather than the 2.7 branch. Adjust
version for a 2.7.2 release.