Accepting request 999637 from home:cboltz

- update to AppArmor 3.0.7
  - fix setuptools version detection in buildpath.py
  - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.7
    for the detailed upstream changelog
- add dnsmasq-cpu-possible.diff: allow reading /sys/devices/system/cpu/possible
  in dnsmasc//libvirt-leaseshelper profile (boo#1202849)

OBS-URL: https://build.opensuse.org/request/show/999637
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=350

apparmor-3.0.6.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:0f4c599ee4864e4e412e18133a3b5990f9f81ab6ba75f0f351f024bb722fa368
-size 7946359

apparmor-3.0.6.tar.gz.asc

@@ -1,17 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQJOBAABCgA4FiEEPs3Lpfs00lSWHMU/ZonmTj02ZLsFAmLnjlsaHGFwcGFybW9y
-QGxpc3RzLnVidW50dS5jb20ACgkQZonmTj02ZLvA5Q//YmZXrMz4xOshEfORUeB2
-sKUG9PHgx/kYxVroIU0HSLvaVv5tl/muCVzHwnNpPjOsHWtPROZHSsXZlbqf0XN4
-9ZPyXENGFwmjWy59ORE00uPawcz7xN839aB/eZMUPvCAg1MHyLW6dJVj+WRwTdzf
-o1XrAF/1ferKcIJR4Q29YSsnsWrTGV5jSeKhiN5QfD3hUOtjCjeqz1wMpvRT1fJF
-F9+a9JY/VPYP0P9G/VjOzrl4TZZlBk4VXDqji95xx87EC+6qnfgYDVWLGIr8Wuzm
-3F23bZChZZ9qNhYSKY5Fv51MsEZT6SBnLmzBQzmAd2jJB4vJ78sgj1UdYvFDm7rN
-pBJ0QlrUZMfZHBao102jK5iUm3EeR1SgFL6S8oOV6OJ/gBstpNqcznWDSh01MoLy
-ECZg2paiwh/I+dnzZ53PU8QUg5FTXINAkGU+mJ0UOvX+RMhXBtZ1UdmdfMGF7/6l
-4Y7lwRlnpHQ0K/YcAezs9VmGxz6Toav9vXF7UwA1oLkp6tC4JiE3r7Cr3I5F+2Bg
-24kg7S40gHU9r7rSntzYHNEiWFepLyPzPhCygWLNnwlbZcDWylvdtAPCJ1ANbPh8
-FrfYHa+EiaWX6ONY0mQfRlhyN/Am//bAfbp+tXGvH9YfInODXUKfBRU5OTpSHerE
-zrp2wnY/0HULdk2En/5ttsk=
-=FqZU
------END PGP SIGNATURE-----

apparmor-3.0.7.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:f7063637d7523a28a59696f89e878d9942985bf828194d4c4bae594bec57e2d1
+size 7946315

apparmor-3.0.7.tar.gz.asc

@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQJOBAABCgA4FiEEPs3Lpfs00lSWHMU/ZonmTj02ZLsFAmLyIkgaHGFwcGFybW9y
+QGxpc3RzLnVidW50dS5jb20ACgkQZonmTj02ZLvV5xAAoo3TMB8E9MYkb58SyQnV
+OrnJk09DbI5QKkIIugUmLGIqVpsNdKoOK/uNj/OeU5p48zfHqVdzdD5ij648qums
+KU9s+oG8xS/4IuYqnMIkNXXpsvzh2055f0BaVcLxnZV0Dg+VYGHN8LQwpmaj+FpS
+otOwOaePy+6uGUu53Cq1/AW2lrJYevTlET1cXSVJrkwtXJDqwbo0CRvehGphhv9l
+7UvLqKP2qGwMzj9mu2slteFWaOBYXViKPc2zwBw69fPmWaGftO9/dEh+XsR6bPbu
+XEJYdAw9EQMJzYDLAr8xGGFyEW3+r+SM9Qotue212RFpLVD6dFvWkjm4HE2a7Kkq
+qcBcpMMcgJG8a8a8Z6FJ5wMgEw4sy40qXzFN6EFtjWFYjLX2wHXNOcGsYOh0s5Ss
+xMuSnJEaB4s23+7/OHpt9x8O/s3yvha5UqgAyGcoa8wPR67zQ1y64vk7RvWTmRHb
+gVGvTB17XdpBGXoLu0zYvOnv30nVIFFILq1iQm5uK8qXDeZ4jjiXXn4f1BMNx99X
+ZstRgRQMh7LdRpow2b+GfOx90yMFOeVlv2sdX+0XfSXCESMZtYNTSJiG3LGwqy/Q
+Ex54xnOSvEG9f6xM1qHVaxqCS9OCM+u5r1cygHbo6/TSigeLBDCZnLT/VmRhlx2A
+LnnWqjGckC7oAoPnEcZoktQ=
+=/81p
+-----END PGP SIGNATURE-----

apparmor.changes

@@ -1,3 +1,13 @@
+-------------------------------------------------------------------
+Sun Aug 28 10:41:29 UTC 2022 - Christian Boltz <suse-beta@cboltz.de>
+
+- update to AppArmor 3.0.7
+  - fix setuptools version detection in buildpath.py
+  - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.7
+    for the detailed upstream changelog
+- add dnsmasq-cpu-possible.diff: allow reading /sys/devices/system/cpu/possible
+  in dnsmasc//libvirt-leaseshelper profile (boo#1202849)
+
 -------------------------------------------------------------------
 Fri Aug 26 11:37:21 UTC 2022 - David Disseldorp <ddiss@suse.com>
 

apparmor.spec

@@ -45,7 +45,7 @@
 %define JAR_FILE changeHatValve.jar
 
 Name:           apparmor
-Version:        3.0.6
+Version:        3.0.7
 Release:        0
 Summary:        AppArmor userlevel parser utility
 License:        GPL-2.0-or-later
@@ -83,12 +83,15 @@ Patch6:         apache-extra-profile-include-if-exists.diff
 #                               + merged upstream 2022-06-29 https://gitlab.com/apparmor/apparmor/-/merge_requests/892 - master only)
 Patch9:         zgrep-profile-mr870.diff
 
-# add missing r permissions for dnsmasc//libvirt-leaseshelper (submitted upstream 2022-08-08 https://gitlab.com/apparmor/apparmor/-/merge_requests/905)
+# add missing r permissions for dnsmasc//libvirt-leaseshelper (merged upstream 2022-08-22 https://gitlab.com/apparmor/apparmor/-/merge_requests/905)
 Patch10:        dnsmasq.diff
 
 # permit php-fpm pid files under run (merged upstream 2022-08-26 https://gitlab.com/apparmor/apparmor/-/merge_requests/914)
 Patch11:        profiles-permit-php-fpm-pid-files-directly-under-run.patch
 
+# allow reading /sys/devices/system/cpu/possible in dnsmasc//libvirt-leaseshelper (boo#1202849, submitted upstream 2022-08-28 https://gitlab.com/apparmor/apparmor/-/merge_requests/917)
+Patch12:        dnsmasq-cpu-possible.diff
+
 PreReq:         sed
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %define apparmor_bin_prefix %{?usrmerged:/usr}/lib/apparmor
@@ -357,6 +360,7 @@ mv -v profiles/apparmor.d/usr.lib.apache2.mpm-prefork.apache2 profiles/apparmor/
 %patch9 -p1
 %patch10 -p1
 %patch11 -p1
+%patch12 -p1
 
 %build
 export SUSE_ASNEEDED=0

dnsmasq-cpu-possible.diff

@@ -0,0 +1,22 @@
+commit ace8e04477662aff656b341ca173d1205e02b46e
+Author: Christian Boltz <apparmor@cboltz.de>
+Date:   Sun Aug 28 12:32:17 2022 +0200
+
+    Allow reading /sys/devices/system/cpu/possible
+    
+    ... in the dnsmasq//libvirt_leaseshelper profile
+    
+    Fixes: https://bugzilla.opensuse.org/show_bug.cgi?id=1202849
+
+diff --git a/profiles/apparmor.d/usr.sbin.dnsmasq b/profiles/apparmor.d/usr.sbin.dnsmasq
+index 379d72fb0..9a5ca0b78 100644
+--- a/profiles/apparmor.d/usr.sbin.dnsmasq
++++ b/profiles/apparmor.d/usr.sbin.dnsmasq
+@@ -127,6 +127,7 @@ profile dnsmasq /usr/{bin,sbin}/dnsmasq flags=(attach_disconnected) {
+     owner @{PROC}/@{pid}/status r,
+ 
+     @{sys}/devices/system/cpu/ r,
++    @{sys}/devices/system/cpu/possible r,
+     @{sys}/devices/system/node/ r,
+     @{sys}/devices/system/node/*/meminfo r,
+ 

libapparmor.spec

@@ -18,7 +18,7 @@
 
 
 Name:           libapparmor
-Version:        3.0.6
+Version:        3.0.7
 Release:        0
 Summary:        Utility library for AppArmor
 License:        LGPL-2.1-or-later