Accepting request 910590 from home:cboltz

- update to AppArmor 3.0.3 - fix a failure in the parser tests - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.3 for the detailed upstream changelog - update to AppArmor 3.0.2 - add missing permissions to several profiles and abstractions (including boo#1188296) - bugfixes in utils and parser (including boo#1180766 and boo#1184779) - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.2 for the detailed upstream changelog - remove upstreamed patches: - apparmor-dovecot-stats-metrics.diff - abstractions-php8.diff - crypto-policies-mr720.diff OBS-URL: https://build.opensuse.org/request/show/910590 OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=305
2021-08-07 11:29:35 +00:00 · 2021-08-07 11:29:35 +00:00 · 07f7b7b8e2
commit 07f7b7b8e2
parent 5607b21278
10 changed files with 44 additions and 131 deletions
--- a/abstractions-php8.diff
+++ b/abstractions-php8.diff
@ -1,47 +0,0 @@
-commit 5853f52233d9d86754096e4b64415226b943b502
-Author: Christian Boltz <apparmor@cboltz.de>
-Date:   Fri May 21 22:50:54 2021 +0200
-
-    abstractions/php: support PHP 8
-    
-    References: https://bugzilla.opensuse.org/show_bug.cgi?id=1186267
-
-diff --git a/profiles/apparmor.d/abstractions/php b/profiles/apparmor.d/abstractions/php
-index cd3172d4..ddafb077 100644
--- a/profiles/apparmor.d/abstractions/php
-+++ b/profiles/apparmor.d/abstractions/php
-@@ -13,26 +13,26 @@
-   abi <abi/3.0>,
- 
-   # shared snippets for config files
-  /etc/php{,5,7}/**/ r,
-  /etc/php{,5,7}/**.ini r,
-+  /etc/php{,5,7,8}/**/ r,
-+  /etc/php{,5,7,8}/**.ini r,
- 
-   # Xlibs
-   /usr/X11R6/lib{,32,64}/lib*.so* mr,
-   # php extensions
-  /usr/lib{64,}/php{,5,7}/*/*.so mr,
-+  /usr/lib{64,}/php{,5,7,8}/*/*.so mr,
- 
-   # ICU (unicode support) data tables
-   /usr/share/icu/*/*.dat r,
- 
-   # php session mmap socket
-  /var/lib/php{,5,7}/session_mm_* rwlk,
-+  /var/lib/php{,5,7,8}/session_mm_* rwlk,
-   # file based session handler
-  /var/lib/php{,5,7}/sess_* rwlk,
-  /var/lib/php{,5,7}/sessions/* rwlk,
-+  /var/lib/php{,5,7,8}/sess_* rwlk,
-+  /var/lib/php{,5,7,8}/sessions/* rwlk,
- 
-   # php libraries
-  /usr/share/php{,5,7}/ r,
-  /usr/share/php{,5,7}/** mr,
-+  /usr/share/php{,5,7,8}/ r,
-+  /usr/share/php{,5,7,8}/** mr,
- 
-   # MySQL extension
-   /usr/share/mysql/** r,
--- a/apparmor-3.0.1.tar.gz
+++ b/apparmor-3.0.1.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:8fada772d9a60989525594346d9aa22af938daafc1781adce9a1acb3c75bdf24
-size 7785713
--- a/apparmor-3.0.1.tar.gz.asc
+++ b/apparmor-3.0.1.tar.gz.asc
@ -1,17 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQJOBAABCgA4FiEEPs3Lpfs00lSWHMU/ZonmTj02ZLsFAl/H050aHGFwcGFybW9y
-QGxpc3RzLnVidW50dS5jb20ACgkQZonmTj02ZLs3rg//X88R7I+7HkokugnZnWPk
-3nx6M4DtvrPdz5xFsxj/Ucg+kwxNvL0CwivadPdZldW+HqUNG9GxF31S9TkNa4Q9
-480N1o7I2W+WhO2P2JPqvE97f4dfxi+c0nzbwuMJdpVQi5yOJ3eHHzg9DfiLHSSq
-u5X/YzoAf4lFIa+OWbhsWA+YB51FthGrvp8pcLdKfr4pcR3XmTdYFtRtBn+r0peG
-ryma63WE2P4rmyDx99ZU0DaHwZY4qlN56JYX3vZ8XN2tW1FYxmz1FYfp2JqG3SmD
-N0WrVPLEFSHlQEO8/x8Ua74gQS6XcntWE3MjLLOxNnbJUM4lO92UqKpkn4pffNP7
-t3IwOqS1kJkxSU7IWWUuy6eY434igsmtuJuVwOma9Svm8Mu4LpOcDyThWFc0QsTL
-E22mRdjmiVDh43CNhBXq68G2RmX0XMr1HeV3F1r4QwDmLnCHpUEeLfjOKt60rXZF
-nOCwoRuu0i9LGE0gjwNRxs9YQREg75SDTnp3jBE4YLkokihLYENNsfsLX7/PUs/E
-A0OU9jIak3yZm0zl5Zm9RdU+ISn8C54FNHUJmes3DW0Vj/aO30qZQgGIuOLBzJHw
-bVpAS6c6mZhhaBzLacxcOjvLQ1M6ufaYac2MlIqg7JM2+mPO72ebe+VVKd53pkFH
-c0QhJHU3mB4kc9uTXImKP4o=
-=kioe
-----END PGP SIGNATURE-----
--- a/apparmor-3.0.3.tar.gz
+++ b/apparmor-3.0.3.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:153db05d8f491e0596022663c19fb1166806cb473b3c6f0a7279feda2ec25a59
+size 7790012
--- a/apparmor-3.0.3.tar.gz.asc
+++ b/apparmor-3.0.3.tar.gz.asc
@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQJOBAABCgA4FiEEPs3Lpfs00lSWHMU/ZonmTj02ZLsFAmEOR6AaHGFwcGFybW9y
+QGxpc3RzLnVidW50dS5jb20ACgkQZonmTj02ZLsckQ//V7k3Kao73EXlJKtTjMnt
+AVc1qUqht/bxfT014BYZs0eT8HYRyBq0BhbDBfjPJA05kyXO0eHDOip5QmltXHR6
+qeRD974rgv4jmIHInHiY2QlFuAtxhO+CPsSw2WZtdQMb1zFYg9BMh+lSz2aNECrc
+GRYi4UflsNFxnUGnKCIt3FKvaGX9S9dA3vEgQrXMcIEFvHzrcRPYtUGiutFe66xF
+S6Z2PoymQAK5fW4D1lkBZXAx1jqzNzVzaaA6D0H8GcFb7zL2c2q/0L4+EfFabxXv
+uP4Vtw6ZS6upLr7AsbE55t8QlJ0IwiA7EJhn7cFfvJNkGWsJh9dr0LGtIf+B+zTd
+1dVtwuNtWotz202WeyYuokddX/zCSldb6/Sc2BhyFhqmUWjeQdDqjfLyTVsmBpc9
+0+NwY53/Em1qoFvMAtiqGWG3JjTF3ZVEdQEzRQyG9zMBDm2Vm3+uplL70MjgdSm0
+Cb1wpSsef5/Q28qY7+1/WV3/OGdq/9kqWS0n3+i2JtuxAaiHK6FRhSZi+0QGU0QH
+igJ+TKYmtyDGiqYrCasmED9sBkGNKvSDRmc+0hfCEzk5sj3tYR65OBmO0JBMKVR4
+9Lyt2hXScP7avuMdTPU0kj/2i7o5N6OfDdCV9LQinN8rzMmwGIYinmTxcVoRN9i/
+wYTg3RfP5TxHfmrOnuzWCCM=
+=2ySc
+-----END PGP SIGNATURE-----
--- a/apparmor-dovecot-stats-metrics.diff
+++ b/apparmor-dovecot-stats-metrics.diff
@ -1,14 +0,0 @@
-diff -ur apparmor-3.0.1.orig/profiles/apparmor.d/usr.lib.dovecot.stats apparmor-3.0.1/profiles/apparmor.d/usr.lib.dovecot.stats
--- apparmor-3.0.1.orig/profiles/apparmor.d/usr.lib.dovecot.stats	2020-12-02 12:01:37.000000000 +0100
-+++ apparmor-3.0.1/profiles/apparmor.d/usr.lib.dovecot.stats	2021-07-16 01:00:53.266471947 +0200
-@@ -20,6 +20,10 @@
-   capability setuid,
-   capability sys_chroot,
- 
-+  # for metrics end-point (Prometheus)
-+  network inet stream,
-+  network inet6 stream,
-+
-   /usr/lib/dovecot/stats mr,
- 
-   # Site-specific additions and overrides. See local/README for details.
--- a/apparmor.changes
+++ b/apparmor.changes
@ -1,3 +1,25 @@
+-------------------------------------------------------------------
+Sat Aug  7 10:46:52 UTC 2021 - Christian Boltz <suse-beta@cboltz.de>
+
+- update to AppArmor 3.0.3
+  - fix a failure in the parser tests
+  - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.3
+    for the detailed upstream changelog
+
+-------------------------------------------------------------------
+Fri Aug  6 10:20:01 UTC 2021 - Christian Boltz <suse-beta@cboltz.de>
+
+- update to AppArmor 3.0.2
+  - add missing permissions to several profiles and abstractions
+    (including boo#1188296)
+  - bugfixes in utils and parser (including boo#1180766 and boo#1184779)
+  - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.2
+    for the detailed upstream changelog
+- remove upstreamed patches:
+  - apparmor-dovecot-stats-metrics.diff
+  - abstractions-php8.diff
+  - crypto-policies-mr720.diff
+
 -------------------------------------------------------------------
 Thu Jul 15 23:02:25 UTC 2021 - Michael Ströder <michael@stroeder.com>

--- a/apparmor.spec
+++ b/apparmor.spec
@ -45,7 +45,7 @@
 %define JAR_FILE changeHatValve.jar

 Name:           apparmor
-Version:        3.0.1
+Version:        3.0.3
 Release:        0
 Summary:        AppArmor userlevel parser utility
 License:        GPL-2.0-or-later
@ -78,15 +78,6 @@ Patch5:         apparmor-lessopen-nfs-workaround.diff
 # make <apache2.d> include in apache extra profile optional to make openQA happy (boo#1178527)
 Patch6:         apache-extra-profile-include-if-exists.diff

-# allow reading crypto policies (submitted upstream 2021-03-08 - https://gitlab.com/apparmor/apparmor/-/merge_requests/720)
-Patch7:         crypto-policies-mr720.diff
-
-# extend abstractions/php for PHP 8 (accepted upstream 2021-05-24 - https://gitlab.com/apparmor/apparmor/-/merge_requests/755)
-Patch8:         abstractions-php8.diff
-
-# allow Prometheus metrics end-point (submitted upstream 2021-07-19 - https://gitlab.com/apparmor/apparmor/-/merge_requests/776)
-Patch9:         apparmor-dovecot-stats-metrics.diff
-
 PreReq:         sed
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %define apparmor_bin_prefix %{?usrmerged:/usr}/lib/apparmor
@ -349,9 +340,6 @@ mv -v profiles/apparmor.d/usr.lib.apache2.mpm-prefork.apache2 profiles/apparmor/
 %patch3 -p1
 %patch4
 %patch5
-%patch7 -p1
-%patch8 -p1
-%patch9 -p1

 %build
 %define _lto_cflags %{nil}
--- a/crypto-policies-mr720.diff
+++ b/crypto-policies-mr720.diff
@ -1,36 +0,0 @@
-[current version of https://gitlab.com/apparmor/apparmor/-/merge_requests/720 - might still be changed or extended, but this patch solves the most urgent denials]
-
-
-From 0aea44f43a1d6cd6b7ebd32bbff803455b3aad44 Mon Sep 17 00:00:00 2001
-From: Christian Boltz <apparmor@cboltz.de>
-Date: Mon, 8 Mar 2021 01:20:24 +0100
-Subject: [PATCH] abstractions/ssl_certs: allow reading crypto policies
-
-See https://gitlab.com/redhat-crypto/fedora-crypto-policies for details.
-
-Reported by darix and also my own audit.log - the actual denial was for
-/usr/share/crypto-policies/DEFAULT/openssl.txt.
-
-(I'm aware that the crypto policies are not really certificates, but
-since they are used by several crypto libraries, ssl_certs is probably
-the best place for them even if the filename doesn't match.)
---
- profiles/apparmor.d/abstractions/ssl_certs | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/profiles/apparmor.d/abstractions/ssl_certs b/profiles/apparmor.d/abstractions/ssl_certs
-index 57d0f41a2..0392c0ccc 100644
--- a/profiles/apparmor.d/abstractions/ssl_certs
-+++ b/profiles/apparmor.d/abstractions/ssl_certs
-@@ -41,5 +41,8 @@
-   /etc/certbot/archive/*/chain*.pem r,
-   /etc/certbot/archive/*/fullchain*.pem r,
- 
-+  # crypto policies used by various libraries
-+  /usr/share/crypto-policies/*/*.txt r,
-+
-   # Include additions to the abstraction
-   include if exists <abstractions/ssl_certs.d>
-- 
-GitLab
-
--- a/libapparmor.spec
+++ b/libapparmor.spec
@ -18,7 +18,7 @@


 Name:           libapparmor
-Version:        3.0.1
+Version:        3.0.3
 Release:        0
 Summary:        Utility library for AppArmor
 License:        LGPL-2.1-or-later