Accepting request 1063513 from home:cboltz

- add abstractions-openssl-1_1.diff: allow to read
  /etc/ssl/openssl-1_1.cnf in abstractions/openssl (boo#1207911)

OBS-URL: https://build.opensuse.org/request/show/1063513
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=362

abstractions-openssl-1_1.diff

@@ -0,0 +1,12 @@
+diff --git a/profiles/apparmor.d/abstractions/openssl b/profiles/apparmor.d/abstractions/openssl
+index c0c09fb45..65939ae44 100644
+--- a/profiles/apparmor.d/abstractions/openssl
++++ b/profiles/apparmor.d/abstractions/openssl
+@@ -11,6 +11,7 @@
+   abi <abi/3.0>,
+ 
+   /etc/ssl/openssl.cnf r,
++  /etc/ssl/openssl-*.cnf r,
+   /etc/ssl/{engdef,engines}.d/ r,
+   /etc/ssl/{engdef,engines}.d/*.cnf r,
+   /usr/share/ssl/openssl.cnf r,

apparmor.changes

@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Mon Feb  6 19:27:40 UTC 2023 - Christian Boltz <suse-beta@cboltz.de>
+
+- add abstractions-openssl-1_1.diff: allow to read
+  /etc/ssl/openssl-1_1.cnf in abstractions/openssl (boo#1207911)
+
 -------------------------------------------------------------------
 Mon Jan 30 11:33:05 UTC 2023 - Christian Boltz <suse-beta@cboltz.de>
 

apparmor.spec

@@ -94,6 +94,9 @@ Patch12:        dnsmasq-cpu-possible.diff
 # allow nscd to read systemd userdb (boo#1207698, submitted upstream 2023-01-30 https://gitlab.com/apparmor/apparmor/-/merge_requests/977)
 Patch13:        nscd-systemd-userdb.diff
 
+# abstractions/openssl: allow to read /etc/ssl/openssl-1_1.cnf (boo#1207911, upstreaming TODO)
+Patch14:        abstractions-openssl-1_1.diff
+
 PreReq:         sed
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  bison
@@ -360,6 +363,7 @@ mv -v profiles/apparmor.d/usr.lib.apache2.mpm-prefork.apache2 profiles/apparmor/
 %patch6
 %patch12 -p1
 %patch13 -p1
+%patch14 -p1
 
 %build
 export SUSE_ASNEEDED=0