Accepting request 977392 from security:apparmor

- add dovecot-profiles-boo1199535-mr881.diff: update dovecot profiles for latest dovecot (boo#1199535) (forwarded request 977391 from cboltz) OBS-URL: https://build.opensuse.org/request/show/977392 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=174
2022-05-17 15:23:35 +00:00 · 2022-05-17 15:23:35 +00:00 · 156707fe83
commit 156707fe83
parent 614767381d e26436faab
3 changed files with 64 additions and 0 deletions
--- a/apparmor.changes
+++ b/apparmor.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Sun May 15 18:59:47 UTC 2022 - Christian Boltz <suse-beta@cboltz.de>
+
+- add dovecot-profiles-boo1199535-mr881.diff: update dovecot profiles
+  for latest dovecot (boo#1199535)
+
 -------------------------------------------------------------------
 Wed May 11 14:41:17 UTC 2022 - Noel Power <nopower@suse.com>

--- a/apparmor.spec
+++ b/apparmor.spec
@ -107,6 +107,9 @@ Patch12:        php8-fpm-mr876.patch
 # allow python 3.10 --help output (from the branch-3.0 backport of https://gitlab.com/apparmor/apparmor/-/merge_requests/848)
 Patch13:        python310-help-mr848.patch

+# extend dovecot profiles for latest dovecot (boo 1199535, submitted upstream https://gitlab.com/apparmor/apparmor/-/merge_requests/881)
+Patch14:        dovecot-profiles-boo1199535-mr881.diff
+
 PreReq:         sed
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %define apparmor_bin_prefix %{?usrmerged:/usr}/lib/apparmor
@ -378,6 +381,7 @@ mv -v profiles/apparmor.d/usr.lib.apache2.mpm-prefork.apache2 profiles/apparmor/
 %patch11 -p1
 %patch12 -p1
 %patch13 -p1
+%patch14 -p1

 %build
 %define _lto_cflags %{nil}
--- a/dovecot-profiles-boo1199535-mr881.diff
+++ b/dovecot-profiles-boo1199535-mr881.diff
@ -0,0 +1,54 @@
+From https://gitlab.com/apparmor/apparmor/-/merge_requests/881
+
+From ad8df7f88fdac5cf230da07bb0f45761a22202b3 Mon Sep 17 00:00:00 2001
+From: Christian Boltz <apparmor@cboltz.de>
+Date: Sun, 15 May 2022 20:53:35 +0200
+Subject: [PATCH] Add missing permissions for dovecot-{imap,lmtp,pop3}
+
+References: https://bugzilla.opensuse.org/show_bug.cgi?id=1199535
+---
+ profiles/apparmor.d/usr.lib.dovecot.imap | 1 +
+ profiles/apparmor.d/usr.lib.dovecot.lmtp | 2 ++
+ profiles/apparmor.d/usr.lib.dovecot.pop3 | 1 +
+ 3 files changed, 4 insertions(+)
+
+diff --git a/profiles/apparmor.d/usr.lib.dovecot.imap b/profiles/apparmor.d/usr.lib.dovecot.imap
+index ade0e4157..8ee2d5a4e 100644
+--- a/profiles/apparmor.d/usr.lib.dovecot.imap
+++ b/profiles/apparmor.d/usr.lib.dovecot.imap
+@@ -35,6 +35,7 @@ profile dovecot-imap /usr/lib/dovecot/imap {
+ 
+   owner /tmp/dovecot.imap.* rw,
+   @{PROC}/@{pid}/attr/{apparmor/,}current rw,
+  @{PROC}/@{pid}/stat r,
+   /usr/bin/doveconf rix,
+   /usr/lib/dovecot/imap mrix,
+   /usr/share/dovecot/** r,
+diff --git a/profiles/apparmor.d/usr.lib.dovecot.lmtp b/profiles/apparmor.d/usr.lib.dovecot.lmtp
+index 7b2e5599b..ad26eff3e 100644
+--- a/profiles/apparmor.d/usr.lib.dovecot.lmtp
+++ b/profiles/apparmor.d/usr.lib.dovecot.lmtp
+@@ -31,6 +31,8 @@ profile dovecot-lmtp /usr/lib/dovecot/lmtp {
+ 
+   @{HOME}/.dovecot.svbin r,
+   @{PROC}/@{pid}/attr/{apparmor/,}current rw,
+  owner @{PROC}/@{pid}/io r,
+  owner @{PROC}/@{pid}/stat r,
+   @{PROC}/*/mounts r,
+   /tmp/dovecot.lmtp.* rw,
+   /usr/lib/dovecot/lmtp mr,
+diff --git a/profiles/apparmor.d/usr.lib.dovecot.pop3 b/profiles/apparmor.d/usr.lib.dovecot.pop3
+index a593d6b1a..ed010ddaf 100644
+--- a/profiles/apparmor.d/usr.lib.dovecot.pop3
+++ b/profiles/apparmor.d/usr.lib.dovecot.pop3
+@@ -26,6 +26,7 @@ profile dovecot-pop3 /usr/lib/dovecot/pop3 {
+   @{DOVECOT_MAILSTORE}/** rwkl,
+ 
+   @{HOME} r, # ???
+  @{PROC}/@{pid}/stat r,
+   /usr/lib/dovecot/pop3 mr,
+ 
+   # Site-specific additions and overrides. See local/README for details.
+-- 
+GitLab
+