From 102dd5dab3871502f5eac3c5ccc55d3ea99d739ad2b1fe6a7a7889ebeb0a7ba5 Mon Sep 17 00:00:00 2001
From: Christian Boltz <suse-beta@cboltz.de>
Date: Thu, 12 Aug 2021 11:55:02 +0000
Subject: [PATCH] Accepting request 911594 from home:cboltz

- add profiles-python-3.10-mr783.diff: update abstractions/python and
  profiles for python 3.10

OBS-URL: https://build.opensuse.org/request/show/911594
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=306
---
 apparmor.changes                |  6 +++
 apparmor.spec                   |  4 ++
 profiles-python-3.10-mr783.diff | 86 +++++++++++++++++++++++++++++++++
 3 files changed, 96 insertions(+)
 create mode 100644 profiles-python-3.10-mr783.diff

diff --git a/apparmor.changes b/apparmor.changes
index bbe2aeb..dc3b2f8 100644
--- a/apparmor.changes
+++ b/apparmor.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Wed Aug 11 19:44:15 UTC 2021 - Christian Boltz <suse-beta@cboltz.de>
+
+- add profiles-python-3.10-mr783.diff: update abstractions/python and
+  profiles for python 3.10
+
 -------------------------------------------------------------------
 Sat Aug  7 10:46:52 UTC 2021 - Christian Boltz <suse-beta@cboltz.de>
 
diff --git a/apparmor.spec b/apparmor.spec
index 64b5cc9..2533df4 100644
--- a/apparmor.spec
+++ b/apparmor.spec
@@ -78,6 +78,9 @@ Patch5:         apparmor-lessopen-nfs-workaround.diff
 # make <apache2.d> include in apache extra profile optional to make openQA happy (boo#1178527)
 Patch6:         apache-extra-profile-include-if-exists.diff
 
+# update abstractions/python and profiles for python 3.10 (submitted upstream 2021-08-11 https://gitlab.com/apparmor/apparmor/-/merge_requests/783)
+Patch7:         profiles-python-3.10-mr783.diff
+
 PreReq:         sed
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %define apparmor_bin_prefix %{?usrmerged:/usr}/lib/apparmor
@@ -340,6 +343,7 @@ mv -v profiles/apparmor.d/usr.lib.apache2.mpm-prefork.apache2 profiles/apparmor/
 %patch3 -p1
 %patch4
 %patch5
+%patch7 -p1
 
 %build
 %define _lto_cflags %{nil}
diff --git a/profiles-python-3.10-mr783.diff b/profiles-python-3.10-mr783.diff
new file mode 100644
index 0000000..1e044a6
--- /dev/null
+++ b/profiles-python-3.10-mr783.diff
@@ -0,0 +1,86 @@
+https://gitlab.com/apparmor/apparmor/-/merge_requests/783
+
+From ea7b201ba48b87469297d58751c57b03ceb82320 Mon Sep 17 00:00:00 2001
+From: Christian Boltz <apparmor@cboltz.de>
+Date: Wed, 11 Aug 2021 21:37:40 +0200
+Subject: [PATCH] Update abstractions/python and profiles for python 3.10
+
+Fixes: https://gitlab.com/apparmor/apparmor/-/issues/187
+---
+ profiles/apparmor.d/abstractions/python        | 18 +++++++++---------
+ profiles/apparmor.d/lsb_release                |  2 +-
+ .../profiles/extras/usr.bin.chromium-browser   |  4 ++--
+ 3 files changed, 12 insertions(+), 12 deletions(-)
+
+diff --git a/profiles/apparmor.d/abstractions/python b/profiles/apparmor.d/abstractions/python
+index 1b5cc9d0d..727030bdf 100644
+--- a/profiles/apparmor.d/abstractions/python
++++ b/profiles/apparmor.d/abstractions/python
+@@ -12,18 +12,18 @@
+ 
+   abi <abi/3.0>,
+ 
+-  /usr/lib{,32,64}/python{2.[4-7],3.[0-9]}/**.{pyc,so}           mr,
+-  /usr/lib{,32,64}/python{2.[4-7],3.[0-9]}/**.{egg,py,pth}       r,
+-  /usr/lib{,32,64}/python{2.[4-7],3.[0-9]}/{site,dist}-packages/ r,
++  /usr/lib{,32,64}/python{2.[4-7],3.[0-9],3.1[0-9]}/**.{pyc,so}           mr,
++  /usr/lib{,32,64}/python{2.[4-7],3.[0-9],3.1[0-9]}/**.{egg,py,pth}       r,
++  /usr/lib{,32,64}/python{2.[4-7],3.[0-9],3.1[0-9]}/{site,dist}-packages/ r,
+   /usr/lib{,32,64}/python3.[0-9]/lib-dynload/*.so            mr,
+ 
+-  /usr/local/lib{,32,64}/python{2.[4-7],3,3.[0-9]}/**.{pyc,so}           mr,
+-  /usr/local/lib{,32,64}/python{2.[4-7],3,3.[0-9]}/**.{egg,py,pth}       r,
+-  /usr/local/lib{,32,64}/python{2.[4-7],3,3.[0-9]}/{site,dist}-packages/ r,
+-  /usr/local/lib{,32,64}/python3.[0-9]/lib-dynload/*.so            mr,
++  /usr/local/lib{,32,64}/python{2.[4-7],3,3.[0-9],3.1[0-9]}/**.{pyc,so}           mr,
++  /usr/local/lib{,32,64}/python{2.[4-7],3,3.[0-9],3.1[0-9]}/**.{egg,py,pth}       r,
++  /usr/local/lib{,32,64}/python{2.[4-7],3,3.[0-9],3.1[0-9]}/{site,dist}-packages/ r,
++  /usr/local/lib{,32,64}/python3.{1,}[0-9]/lib-dynload/*.so            mr,
+ 
+   # Site-wide configuration
+-  /etc/python{2.[4-7],3.[0-9]}/** r,
++  /etc/python{2.[4-7],3.[0-9],3.1[0-9]}/** r,
+ 
+   # shared python paths
+   /usr/share/{pyshared,pycentral,python-support}/**      r,
+@@ -36,7 +36,7 @@
+   /usr/lib/wx/python/*.pth r,
+ 
+   # python build configuration and headers
+-  /usr/include/python{2.[4-7],3.[0-9]}*/pyconfig.h r,
++  /usr/include/python{2.[4-7],3.[0-9],3.1[0-9]}*/pyconfig.h r,
+ 
+   # Include additions to the abstraction
+   include if exists <abstractions/python.d>
+diff --git a/profiles/apparmor.d/lsb_release b/profiles/apparmor.d/lsb_release
+index 33a1c71db..ad8b998fc 100644
+--- a/profiles/apparmor.d/lsb_release
++++ b/profiles/apparmor.d/lsb_release
+@@ -18,7 +18,7 @@ profile lsb_release {
+   /dev/tty rw,
+ 
+   /usr/bin/lsb_release r,
+-  /usr/bin/python3.[0-9] mr,
++  /usr/bin/python3.{1,}[0-9] mr,
+ 
+   /etc/debian_version r,
+   /etc/default/apport r,
+diff --git a/profiles/apparmor/profiles/extras/usr.bin.chromium-browser b/profiles/apparmor/profiles/extras/usr.bin.chromium-browser
+index 2df5338db..b47b6f721 100644
+--- a/profiles/apparmor/profiles/extras/usr.bin.chromium-browser
++++ b/profiles/apparmor/profiles/extras/usr.bin.chromium-browser
+@@ -267,9 +267,9 @@ profile chromium_browser /usr/lib/@{chromium}/@{chromium} flags=(attach_disconne
+     /usr/share/distro-info/** r,
+     /var/lib/dpkg/** r,
+ 
+-    /usr/local/lib/python3.[0-9]/dist-packages/ r,
++    /usr/local/lib/python3.{1,}[0-9]/dist-packages/ r,
+     /usr/bin/ r,
+-    /usr/bin/python3.[0-9] mr,
++    /usr/bin/python3.{1,}[0-9] mr,
+   }
+ 
+   profile sandbox {
+-- 
+GitLab
+