From e26436faab2b863408e1cf8fefb1d7e70ccf05336e2915cec71c779120c81843 Mon Sep 17 00:00:00 2001
From: Christian Boltz <suse-beta@cboltz.de>
Date: Sun, 15 May 2022 19:27:23 +0000
Subject: [PATCH] Accepting request 977391 from home:cboltz

- add dovecot-profiles-boo1199535-mr881.diff: update dovecot profiles
  for latest dovecot (boo#1199535)

OBS-URL: https://build.opensuse.org/request/show/977391
OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=336
---
 apparmor.changes                       |  6 +++
 apparmor.spec                          |  4 ++
 dovecot-profiles-boo1199535-mr881.diff | 54 ++++++++++++++++++++++++++
 3 files changed, 64 insertions(+)
 create mode 100644 dovecot-profiles-boo1199535-mr881.diff

diff --git a/apparmor.changes b/apparmor.changes
index bfbd0e5..1d2cf51 100644
--- a/apparmor.changes
+++ b/apparmor.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Sun May 15 18:59:47 UTC 2022 - Christian Boltz <suse-beta@cboltz.de>
+
+- add dovecot-profiles-boo1199535-mr881.diff: update dovecot profiles
+  for latest dovecot (boo#1199535)
+
 -------------------------------------------------------------------
 Wed May 11 14:41:17 UTC 2022 - Noel Power <nopower@suse.com>
 
diff --git a/apparmor.spec b/apparmor.spec
index 81b8841..ec291cb 100644
--- a/apparmor.spec
+++ b/apparmor.spec
@@ -107,6 +107,9 @@ Patch12:        php8-fpm-mr876.patch
 # allow python 3.10 --help output (from the branch-3.0 backport of https://gitlab.com/apparmor/apparmor/-/merge_requests/848)
 Patch13:        python310-help-mr848.patch
 
+# extend dovecot profiles for latest dovecot (boo 1199535, submitted upstream https://gitlab.com/apparmor/apparmor/-/merge_requests/881)
+Patch14:        dovecot-profiles-boo1199535-mr881.diff
+
 PreReq:         sed
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %define apparmor_bin_prefix %{?usrmerged:/usr}/lib/apparmor
@@ -378,6 +381,7 @@ mv -v profiles/apparmor.d/usr.lib.apache2.mpm-prefork.apache2 profiles/apparmor/
 %patch11 -p1
 %patch12 -p1
 %patch13 -p1
+%patch14 -p1
 
 %build
 %define _lto_cflags %{nil}
diff --git a/dovecot-profiles-boo1199535-mr881.diff b/dovecot-profiles-boo1199535-mr881.diff
new file mode 100644
index 0000000..6693e49
--- /dev/null
+++ b/dovecot-profiles-boo1199535-mr881.diff
@@ -0,0 +1,54 @@
+From https://gitlab.com/apparmor/apparmor/-/merge_requests/881
+
+From ad8df7f88fdac5cf230da07bb0f45761a22202b3 Mon Sep 17 00:00:00 2001
+From: Christian Boltz <apparmor@cboltz.de>
+Date: Sun, 15 May 2022 20:53:35 +0200
+Subject: [PATCH] Add missing permissions for dovecot-{imap,lmtp,pop3}
+
+References: https://bugzilla.opensuse.org/show_bug.cgi?id=1199535
+---
+ profiles/apparmor.d/usr.lib.dovecot.imap | 1 +
+ profiles/apparmor.d/usr.lib.dovecot.lmtp | 2 ++
+ profiles/apparmor.d/usr.lib.dovecot.pop3 | 1 +
+ 3 files changed, 4 insertions(+)
+
+diff --git a/profiles/apparmor.d/usr.lib.dovecot.imap b/profiles/apparmor.d/usr.lib.dovecot.imap
+index ade0e4157..8ee2d5a4e 100644
+--- a/profiles/apparmor.d/usr.lib.dovecot.imap
++++ b/profiles/apparmor.d/usr.lib.dovecot.imap
+@@ -35,6 +35,7 @@ profile dovecot-imap /usr/lib/dovecot/imap {
+ 
+   owner /tmp/dovecot.imap.* rw,
+   @{PROC}/@{pid}/attr/{apparmor/,}current rw,
++  @{PROC}/@{pid}/stat r,
+   /usr/bin/doveconf rix,
+   /usr/lib/dovecot/imap mrix,
+   /usr/share/dovecot/** r,
+diff --git a/profiles/apparmor.d/usr.lib.dovecot.lmtp b/profiles/apparmor.d/usr.lib.dovecot.lmtp
+index 7b2e5599b..ad26eff3e 100644
+--- a/profiles/apparmor.d/usr.lib.dovecot.lmtp
++++ b/profiles/apparmor.d/usr.lib.dovecot.lmtp
+@@ -31,6 +31,8 @@ profile dovecot-lmtp /usr/lib/dovecot/lmtp {
+ 
+   @{HOME}/.dovecot.svbin r,
+   @{PROC}/@{pid}/attr/{apparmor/,}current rw,
++  owner @{PROC}/@{pid}/io r,
++  owner @{PROC}/@{pid}/stat r,
+   @{PROC}/*/mounts r,
+   /tmp/dovecot.lmtp.* rw,
+   /usr/lib/dovecot/lmtp mr,
+diff --git a/profiles/apparmor.d/usr.lib.dovecot.pop3 b/profiles/apparmor.d/usr.lib.dovecot.pop3
+index a593d6b1a..ed010ddaf 100644
+--- a/profiles/apparmor.d/usr.lib.dovecot.pop3
++++ b/profiles/apparmor.d/usr.lib.dovecot.pop3
+@@ -26,6 +26,7 @@ profile dovecot-pop3 /usr/lib/dovecot/pop3 {
+   @{DOVECOT_MAILSTORE}/** rwkl,
+ 
+   @{HOME} r, # ???
++  @{PROC}/@{pid}/stat r,
+   /usr/lib/dovecot/pop3 mr,
+ 
+   # Site-specific additions and overrides. See local/README for details.
+-- 
+GitLab
+