Accepting request 821972 from security:apparmor

- add abstractions-X-xauth-mr582.diff to allow reading the xauth file from its new sddm location (boo#1174290, boo#1174293) (forwarded request 821970 from cboltz) OBS-URL: https://build.opensuse.org/request/show/821972 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=139
2020-07-26 14:16:27 +00:00 · 2020-07-26 14:16:27 +00:00 · 958b7d78e5
commit 958b7d78e5
parent decc2cfaba d925988ada
3 changed files with 42 additions and 0 deletions
--- a/abstractions-X-xauth-mr582.diff
+++ b/abstractions-X-xauth-mr582.diff
@ -0,0 +1,31 @@
+commit 02b9090edab82021f5e2ecc7f2f4a5fc877949db
+Author: Christian Boltz <apparmor@cboltz.de>
+Date:   Mon Jul 20 20:35:41 2020 +0200
+
+    abstractions/X: add another xauth path
+    
+    Future sddm version will use $XDG_RUNTIME_DIR/xauth_XXXXXX
+    
+    References:
+    - https://bugzilla.opensuse.org/show_bug.cgi?id=1174290
+    - https://bugzilla.suse.com/show_bug.cgi?id=1174293
+    - https://github.com/sddm/sddm/pull/1230
+    - https://github.com/jonls/redshift/issues/763
+    
+    This is the 2.13 version of 35f033ca7c0dbd03111a54ea50b3f2713b9d5584 /
+    https://gitlab.com/apparmor/apparmor/-/merge_requests/581
+    
+    The difference is that this commit avoids using the @{run} variable.
+
+diff --git a/profiles/apparmor.d/abstractions/X b/profiles/apparmor.d/abstractions/X
+index 1eca218d..e903861a 100644
+--- a/profiles/apparmor.d/abstractions/X
+++ b/profiles/apparmor.d/abstractions/X
+@@ -24,6 +24,7 @@
+   owner /{,var/}run/lightdm/*/xauthority r,
+   owner /{,var/}run/user/*/gdm/Xauthority r,
+   owner /{,var/}run/user/*/X11/Xauthority r,
+  owner /{,var/}run/user/*/xauth_* r,
+ 
+   # the unix socket to use to connect to the display
+   /tmp/.X11-unix/* rw,
--- a/apparmor.changes
+++ b/apparmor.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Mon Jul 20 18:42:02 UTC 2020 - Christian Boltz <suse-beta@cboltz.de>
+
+- add abstractions-X-xauth-mr582.diff to allow reading the xauth file
+  from its new sddm location (boo#1174290, boo#1174293)
+
 -------------------------------------------------------------------
 Thu May 21 12:17:15 UTC 2020 - Christian Boltz <suse-beta@cboltz.de>

--- a/apparmor.spec
+++ b/apparmor.spec
@ -71,6 +71,9 @@ Patch9:         changes-since-2.13.4.diff
 # update abstractions/base and nameservice for /usr/etc (submitted upstream 2020-01-25 https://gitlab.com/apparmor/apparmor/merge_requests/447, only merged to master, not 2.13.x)
 Patch10:        ./usr-etc-abstractions-base-nameservice.diff

+# allow /{,var/}run/user/*/xauth_* r, in abstractions/X (submitted upstream 2020-07-20 https://gitlab.com/apparmor/apparmor/-/merge_requests/581 (master), https://gitlab.com/apparmor/apparmor/-/merge_requests/582 (2.11..2.13))
+Patch11:        abstractions-X-xauth-mr582.diff
+
 PreReq:         sed
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %define apparmor_bin_prefix /lib/apparmor
@ -366,6 +369,8 @@ SubDomain.
 %patch10 -p1
 %endif

+%patch11 -p1
+
 %build
 %define _lto_cflags %{nil}
 export SUSE_ASNEEDED=0