Accepting request 1144684 from home:cboltz

- Update to AppArmor 3.1.7 - aa-logprof: don't skip exec events in hats - fix aa-cleanprof to work with named profiles - add permissions in various abstractions - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.7 for the full list of changes - drop upstreamed apparmor-systemd-sessions.patch OBS-URL: https://build.opensuse.org/request/show/1144684 OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=390
2024-02-06 16:57:35 +00:00 · 2024-02-06 16:57:35 +00:00 · a6186b65ec
commit a6186b65ec
parent 4d639e7be3
8 changed files with 33 additions and 39 deletions
--- a/apparmor-3.1.6.tar.gz
+++ b/apparmor-3.1.6.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:d5d699fd43faffd924dd51bfb5781a5a7cbabb55c1c9cb4abfb8c2840a9e8fcd
-size 7967249
--- a/apparmor-3.1.6.tar.gz.asc
+++ b/apparmor-3.1.6.tar.gz.asc
@ -1,17 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQJOBAABCgA4FiEEPs3Lpfs00lSWHMU/ZonmTj02ZLsFAmSTaHEaHGFwcGFybW9y
-QGxpc3RzLnVidW50dS5jb20ACgkQZonmTj02ZLsv1Q/+PWfdxVqMWH13V6OdFrJC
-wiqlMA6wVrgvmW55K06atzSaw+JwBXbjKaRUxSEDUNShz+/bCTrORDtj+rB2Xray
-Tix8UFWHTqKNsaM9CshuefEvgSd1f4i8kEWPI83BycAqMdReI44KWYVGo/ynehvC
-fCb4UHk9oIYdXXXmIG1Uz/wvPsJPDrWGnY92a4d5HUQDOled1ByRDL6XEx41wa11
-IIncQKTDRZnFPSl5Q9mSd69uiGHAhM2uF+ESOFf71enNT+72GIbd/l+kuTN0r0b1
-yUimx2JS7MRI0DjCNhmThSsimo26R+mvQkV6a/viqbthmZrXWonMDhHDqtliOWob
-EJPTpFfSiQ6T2G4ls0fNOp9zWgypTmWUPqjz/lJAHZj+gRUXL4V47WSqAC/5gP4E
-ARqxr3wkE22WFOT9A1PwX99sziBc6w5SSbcVPMDU5z1M+n051gIxZRfCeUn8g55f
-pAmn5jCdPY1Irdv/TJBqKg11MVQ8PZ1/TYAGryBcVXOFspUaeUexXQa24Ee7uHSS
-N6xmBgj5spxFJhdaZ/TCtT5vDr13E1MsewT51p49yYl23uD0Bjy1c3CtvejWxI6q
-uEfBUsmZhvtZwIICSD0De1MKAR6PlHS6M8Oc11VO94dFF9Ybg8wM/5cPmgbh34Qd
-h9FBq+1wJNumk6PiCdrIiEY=
-=92uO
-----END PGP SIGNATURE-----
--- a/apparmor-3.1.7.tar.gz
+++ b/apparmor-3.1.7.tar.gz
--- a/apparmor-3.1.7.tar.gz.asc
+++ b/apparmor-3.1.7.tar.gz.asc
@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQJOBAABCgA4FiEEPs3Lpfs00lSWHMU/ZonmTj02ZLsFAmXBWL0aHGFwcGFybW9y
+QGxpc3RzLnVidW50dS5jb20ACgkQZonmTj02ZLuerQ//QCW7GNO++nu3fv4lH7qy
+Fz8FRIdbzsZx0jnWcj07xoRBiGhPijdGXzv7SH0PQL2rBhIZqXUZO/nEAzkJzwXd
+DUIFyospmNTcd+CXd+Xj6u/oq7lSWu+XxcepWWyw5I9mU+IdpGhIhW5RtgMl/khx
+sSfhPgO5mymnQ6CZBazTnxmKlIvyuqO+TAZTupK7ce1ld+dETDM8XzAnbwAYHocl
+tELqIoQyGCyicdFHDEJM5aDJGyY8pWVaOblLmlB0xBPuyL1reaUyVv1Ru097E/5n
+TRPAEtlFBlMFAQs19sY7lXbM4vTmuZP6nAn2A3sQMqTwBqaJ/DRi2ujrE++hYFmF
+ltQQ8UwUKf2PsUfCUp9kvVjyL3orGal3vhbSn+6ohpRVzzmF4I23gLiV8bS1dod9
+FUKcMpN+8qffowgCaTo6GwbNW4vD6nqQkfIwJaY+TjVN2TMwskfj/XUulwSiYicT
+wycP8rWdKCbZ/HXZlYEOVs/tS3pEDlU3fLIYzEJ9m857rYb1etldN8zR8ws5cuQy
+ZBbAqmpB8QRh4tvGbysqLLxQZYfUWDotKI/IStHLZ2MfWFiQNR6lCawpptC/ah4C
+T4OruJAByicSiDI1ini41UwD53sgEZ2SOXdaB5DjGfLDzzw36JfFpYNKLRSiJuW2
+6fXO9jCqPrweMYfr6ImGBF4=
+=C8pg
+-----END PGP SIGNATURE-----
--- a/apparmor-systemd-sessions.patch
+++ b/apparmor-systemd-sessions.patch
@ -1,11 +0,0 @@
--- apparmor-3.1.6/profiles/apparmor.d/abstractions/wutmp.orig	2023-06-21 23:13:41.000000000 +0200
-+++ apparmor-3.1.6/profiles/apparmor.d/abstractions/wutmp	2023-11-08 14:45:19.882328152 +0100
-@@ -18,5 +18,8 @@
-   /var/log/btmp     rwk,
-   @{run}/utmp       rwk,
- 
-+  # Some read the list of sessions from systemd
-+  /run/systemd/sessions/ r,
-+
-   # Include additions to the abstraction
-   include if exists <abstractions/wutmp.d>
--- a/apparmor.changes
+++ b/apparmor.changes
@ -1,3 +1,14 @@
+-------------------------------------------------------------------
+Mon Feb  5 22:19:27 UTC 2024 - Christian Boltz <suse-beta@cboltz.de>
+
+- Update to AppArmor 3.1.7
+  - aa-logprof: don't skip exec events in hats
+  - fix aa-cleanprof to work with named profiles
+  - add permissions in various abstractions
+  - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.7
+    for the full list of changes
+- drop upstreamed apparmor-systemd-sessions.patch
+
 -------------------------------------------------------------------
 Mon Jan 29 20:56:13 UTC 2024 - Christian Boltz <suse-beta@cboltz.de>

--- a/apparmor.spec
+++ b/apparmor.spec
@ -54,7 +54,7 @@
 %define JAR_FILE changeHatValve.jar

 Name:           apparmor
-Version:        3.1.6
+Version:        3.1.7
 Release:        0
 Summary:        AppArmor userlevel parser utility
 License:        GPL-2.0-or-later
@ -92,11 +92,6 @@ Patch6:         apache-extra-profile-include-if-exists.diff
 # add path for precompiled cache (only done/applied if precompiled_cache is enabled)
 Patch7:         apparmor-enable-precompiled-cache.diff

-# To allow access to /run/systemd/sessions/ until the next release including the fix
-# for https://gitlab.com/apparmor/apparmor/-/issues/360 is out
-# Upstream MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1121 (merged 2023-11-08 into master, 3.1 and 3.0)
-Patch8:         apparmor-systemd-sessions.patch
-
 # allow dovecot-auth to execute unix_chkpwd, and add a profile for unix_chkpwd. This is needed for PAM 1.6 (boo#1219139)
 Patch9:         dovecot-unix_chkpwd.diff

@ -367,7 +362,6 @@ mv -v profiles/apparmor.d/usr.lib.apache2.mpm-prefork.apache2 profiles/apparmor/
 %if %{with precompiled_cache}
 %patch7
 %endif
-%patch8 -p1
 %patch9 -p1

 %build
--- a/libapparmor.spec
+++ b/libapparmor.spec
@ -18,7 +18,7 @@


 Name:           libapparmor
-Version:        3.1.6
+Version:        3.1.7
 Release:        0
 Summary:        Utility library for AppArmor
 License:        LGPL-2.1-or-later