Accepting request 198936 from security:apparmor

- add apparmor-abstractions-r2089-r2090.diff (from upstream 2.8 branch) - p11-kit needs access to /usr/share/p11-kit/modules - allow reading /etc/machine-id in the dbus-session abstraction - add apparmor-init.py-gsoc.diff - make apparmor/__init__.py ready for the new tools developed in GSoC (forwarded request 198933 from cboltz) OBS-URL: https://build.opensuse.org/request/show/198936 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=50
2013-09-13 12:50:59 +00:00
parent 05d7ae7978 b950fbc28a
commit a20d3d84a3
4 changed files with 115 additions and 0 deletions
--- a/apparmor-abstractions-r2089-r2090.diff
+++ b/apparmor-abstractions-r2089-r2090.diff
@@ -0,0 +1,59 @@
+from 2.8 branch:
+
+------------------------------------------------------------
+revno: 2090
+committer: Jamie Strandboge <jamie@canonical.com>
+branch nick: 2.8
+timestamp: Thu 2013-09-12 09:25:56 -0500
+message:
+  p11-kit needs access to /usr/share/p11-kit/modules
+  
+  Acked-By: Jamie Strandboge <jamie@canonical.com>
+  Acked-by: Steve Beattie <steve@nxnw.org> (for trunk and 2.8)
+modified:
+  profiles/apparmor.d/abstractions/p11-kit
+------------------------------------------------------------
+revno: 2089
+committer: Steve Beattie <sbeattie@ubuntu.com>
+branch nick: 2.8
+timestamp: Wed 2013-09-11 16:05:13 -0700
+message:
+  profiles - Allow reading /etc/machine-id in the dbus-session abstraction.
+  Merge from trunk commit rev 2181
+  From: intrigeri <intrigeri@boum.org>
+  
+  D-Bus now uses /etc/machine-id in some cases:
+  https://bugs.freedesktop.org/show_bug.cgi?id=35228
+  
+  Acked-by: Steve Beattie <steve@nxnw.org>
+modified:
+  profiles/apparmor.d/abstractions/dbus-session
+------------------------------------------------------------
+
+
+=== modified file 'profiles/apparmor.d/abstractions/dbus-session'
+--- profiles/apparmor.d/abstractions/dbus-session	2011-05-09 16:09:24 +0000
+++ profiles/apparmor.d/abstractions/dbus-session	2013-09-11 23:05:13 +0000
+@@ -10,4 +10,7 @@
+ # ------------------------------------------------------------------
+ 
+   /usr/bin/dbus-launch ix,
+
+  # unique per-machine identifier
+  /etc/machine-id r,
+   /var/lib/dbus/machine-id r,
+
+=== modified file 'profiles/apparmor.d/abstractions/p11-kit'
+--- profiles/apparmor.d/abstractions/p11-kit	2012-01-18 22:22:08 +0000
+++ profiles/apparmor.d/abstractions/p11-kit	2013-09-12 14:25:56 +0000
+@@ -16,6 +16,9 @@
+   /usr/lib{,32,64}/pkcs11/*.so mr,
+   /usr/lib/@{multiarch}/pkcs11/*.so mr,
+ 
+  /usr/share/p11-kit/modules/  r,
+  /usr/share/p11-kit/modules/* r,
+
+   # p11-kit also supports reading user configuration from ~/.pkcs11 depending
+   # on how /etc/pkcs11/pkcs11.conf is configured. This should generally not be
+   # included in this abstraction.
+
--- a/apparmor-init.py-gsoc.diff
+++ b/apparmor-init.py-gsoc.diff
@@ -0,0 +1,39 @@
+to make testing Kshitij's new tools easier, merge his code in
+utils/apparmor/__init__.py - that's the only filename conflict (at 
+least in the 2.8 branch). If we do this, we can ship his new tools 
+in a testing package that can be installed on top of the 2.8.x packages 
+without problems
+
+This patch slightly differs from Kshitij's code to avoid problems with
+explicit LANG=C
+
+=== modified file 'utils/apparmor/__init__.py'
+--- utils/apparmor/__init__.py	2012-05-08 05:37:48 +0000
+++ utils/apparmor/__init__.py	2013-09-12 15:10:50 +0000
+@@ -1,9 +1,25 @@
+ # ------------------------------------------------------------------
+ #
+ #    Copyright (C) 2011-2012 Canonical Ltd.
+#    Copyright (C) 2013 Kshitij Gupta
+ #
+ #    This program is free software; you can redistribute it and/or
+ #    modify it under the terms of version 2 of the GNU General Public
+ #    License published by the Free Software Foundation.
+ #
+ # ------------------------------------------------------------------
+
+import gettext
+import locale
+
+def init_localisation():
+    locale.setlocale(locale.LC_ALL, '')
+    #cur_locale = locale.getlocale()
+    try:
+        filename = '/usr/share/locale/%s/LC_MESSAGES/apparmor-utils.mo' % locale.getlocale()[0][0:2]
+        trans = gettext.GNUTranslations(open( filename, 'rb'))
+    except: # IOError:
+        trans = gettext.NullTranslations()
+    trans.install()
+    
+init_localisation()
+
--- a/apparmor.changes
+++ b/apparmor.changes
@@ -1,3 +1,12 @@
+-------------------------------------------------------------------
+Thu Sep 12 20:40:38 UTC 2013 - opensuse@cboltz.de
+
+- add apparmor-abstractions-r2089-r2090.diff (from upstream 2.8 branch)
+  - p11-kit needs access to /usr/share/p11-kit/modules
+  - allow reading /etc/machine-id in the dbus-session abstraction
+- add apparmor-init.py-gsoc.diff - make apparmor/__init__.py ready for
+  the new tools developed in GSoC
+
 -------------------------------------------------------------------
 Fri Aug 23 20:09:59 UTC 2013 - opensuse@cboltz.de

--- a/apparmor.spec
+++ b/apparmor.spec
@@ -88,9 +88,15 @@ Patch2:         apparmor-samba-include-permissions-for-shares.diff
 # use grep instead of ~~ (smartmatch) because ~~ was marked as experimental again in perl 5.18 (upstream trunk r2158, 2.8 r2088)
 Patch3:         apparmor-no-perl-smartmatch-r2088.diff

+# abstractions/p11-kit and abstractions/dbus-session update (upstream trunk r2181 and r2182 , 2.8 r2089 and r2090)
+Patch4:         apparmor-abstractions-r2089-r2090.diff
+
 # split a long string in AppArmor.pm. Not accepted upstream because they want a solution without hardcoded width.
 Patch5:         apparmor-utils-string-split

+# make apparmor/__init__.py ready for the new tools developed in GSoC. Submitted upstream 2013-09-12
+Patch6:         apparmor-init.py-gsoc.diff
+
 # Add support for eDirectory calls in abstractions/nameservice. Not accepted upstream (yet) because of open questions
 Patch12:        apparmor-2.5.1-edirectory-profile

@@ -458,7 +464,9 @@ SubDomain.
 %patch1 -p1
 %patch2 -p0
 %patch3
+%patch4
 %patch5 -p1
+%patch6
 %patch12 -p1

 # only create Immunix::SubDomain perl module for openSUSE <= 12.1