commit apparmor for openSUSE:Factory

Thu, 05 May 2022 14:04:53 -0700 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package apparmor for openSUSE:Factory 
checked in at 2022-05-05 23:04:38
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/apparmor (Old)
 and      /work/SRC/openSUSE:Factory/.apparmor.new.1538 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "apparmor"

Thu May  5 23:04:38 2022 rev:171 rq:974768 version:3.0.4

Changes:
--------
--- /work/SRC/openSUSE:Factory/apparmor/apparmor.changes        2022-04-30 
00:45:41.278959213 +0200
+++ /work/SRC/openSUSE:Factory/.apparmor.new.1538/apparmor.changes      
2022-05-05 23:04:43.677432572 +0200
@@ -1,0 +2,9 @@
+Fri Apr 29 11:48:14 UTC 2022 - Christian Boltz <suse-b...@cboltz.de>
+
+- add php8-fpm-mr876.patch so that php8 php-fpm can read its config
+  (boo#1186267#c11)
+- parser: add conflict with apparmor-utils < 3.0 to avoid aa-status
+  file conflict on upgrade (boo#1198958)
+- utils: add missing dependency on apparmor-parser (boo#1198958#c4)
+
+-------------------------------------------------------------------

New:
----
  php8-fpm-mr876.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ apparmor.spec ++++++
--- /var/tmp/diff_new_pack.GkkHEF/_old  2022-05-05 23:04:44.345433406 +0200
+++ /var/tmp/diff_new_pack.GkkHEF/_new  2022-05-05 23:04:44.353433416 +0200
@@ -77,24 +77,32 @@
 
 # make <apache2.d> include in apache extra profile optional to make openQA 
happy (boo#1178527)
 Patch6:         apache-extra-profile-include-if-exists.diff
+
 # bsc#1196850 add rule to deal with 'DENIED' open of /proc/{pid}/fd
-# see (https://gitlab.com/apparmor/apparmor/-/merge_requests/860)
+# merged upstream 3.0+master 2022-03-14 
https://gitlab.com/apparmor/apparmor/-/merge_requests/860
 # bsc#1195463 add rule to allow reading of openssl.cnf
-# see (https://gitlab.com/apparmor/apparmor/-/merge_requests/862)
+# merged upstream (2.12..master) 2022-03-13 
https://gitlab.com/apparmor/apparmor/-/merge_requests/862
 Patch7:         update-samba-bgqd.diff
+
 # bsc#1195463 add rule to allow reading of openssl.cnf
-# see (https://gitlab.com/apparmor/apparmor/-/merge_requests/862)
+# merged upstream (2.12..master) 2022-03-13 
https://gitlab.com/apparmor/apparmor/-/merge_requests/862
 Patch8:         update-usr-sbin-smbd.diff
 
-# add zgrep and xzgrep profile (submitted upstream 2022-04-10 
https://gitlab.com/apparmor/apparmor/-/merge_requests/870 + 2022-04-16 
https://gitlab.com/apparmor/apparmor/-/merge_requests/873)
+# add zgrep and xzgrep profile (merged upstream 2022-04-12 
https://gitlab.com/apparmor/apparmor/-/merge_requests/870 + 2022-04-18 
https://gitlab.com/apparmor/apparmor/-/merge_requests/873 - master only)
 Patch9:         zgrep-profile-mr870.diff
-# squash noisy setsockopt calls 
https://gitlab.com/apparmor/apparmor/-/merge_requests/867
+
+# squash noisy setsockopt calls - merged upstream master+3.0 2022-04-12 
https://gitlab.com/apparmor/apparmor/-/merge_requests/867
 # bsc#1196850
 Patch10:        samba_deny_net_admin.patch
+
 # support for new dcerpcd subsytem in >= samba-4.16
-# https://gitlab.com/apparmor/apparmor/-/merge_requests/871
+# merged upstream 2022-04-15 3.0+master 
https://gitlab.com/apparmor/apparmor/-/merge_requests/871
 # bsc#1198309
 Patch11:        samba-new-dcerpcd.patch
+
+# allow php8 php-fpm to read its config (from upstream master+3.0 
https://gitlab.com/apparmor/apparmor/-/merge_requests/876)
+Patch12:        php8-fpm-mr876.patch
+
 PreReq:         sed
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %define apparmor_bin_prefix %{?usrmerged:/usr}/lib/apparmor
@@ -135,6 +143,7 @@
 Summary:        AppArmor userlevel parser utility
 License:        GPL-2.0-or-later
 Group:          Productivity/Networking/Security
+Conflicts:      apparmor-utils < 3.0
 Obsoletes:      libimnxcert < 2.9
 Obsoletes:      subdomain-leaf-cert < 2.9
 Obsoletes:      subdomain-parser < 2.9
@@ -281,6 +290,7 @@
 Summary:        AppArmor User-Level Utilities Useful for Creating AppArmor 
Profiles
 License:        GPL-2.0-only AND LGPL-2.1-or-later
 Group:          Productivity/Security
+Requires:       apparmor-parser
 Requires:       libapparmor1 = %{version}
 Requires:       python3-apparmor = %{version}
 Requires:       python3-base
@@ -362,6 +372,7 @@
 %patch9 -p1
 %patch10 -p1
 %patch11 -p1
+%patch12 -p1
 
 %build
 %define _lto_cflags %{nil}



++++++ php8-fpm-mr876.patch ++++++
>From c946f0bf75f9529014c79ff591d6f953ce56b416 Mon Sep 17 00:00:00 2001
From: Christian Boltz <appar...@cboltz.de>
Date: Mon, 18 Apr 2022 20:49:22 +0200
Subject: [PATCH] Allow reading all of /etc/php[578]/** in abstractions/php

... and with that, make a rule in the php-fpm profile (which missed
php8) superfluous.

Fixes: https://gitlab.com/apparmor/apparmor/-/issues/229

Fixes: https://bugzilla.opensuse.org/show_bug.cgi?id=1186267#c11
---
 profiles/apparmor.d/abstractions/php | 3 +--
 profiles/apparmor.d/php-fpm          | 2 --
 2 files changed, 1 insertion(+), 4 deletions(-)

diff --git a/profiles/apparmor.d/abstractions/php 
b/profiles/apparmor.d/abstractions/php
index ddafb0770..6bf0dc798 100644
--- a/profiles/apparmor.d/abstractions/php
+++ b/profiles/apparmor.d/abstractions/php
@@ -13,8 +13,7 @@
   abi <abi/3.0>,
 
   # shared snippets for config files
-  /etc/php{,5,7,8}/**/ r,
-  /etc/php{,5,7,8}/**.ini r,
+  /etc/php{,5,7,8}/** r,
 
   # Xlibs
   /usr/X11R6/lib{,32,64}/lib*.so* mr,
diff --git a/profiles/apparmor.d/php-fpm b/profiles/apparmor.d/php-fpm
index b25762c50..14b3c7195 100644
--- a/profiles/apparmor.d/php-fpm
+++ b/profiles/apparmor.d/php-fpm
@@ -16,8 +16,6 @@ profile php-fpm /usr/sbin/php-fpm* 
flags=(attach_disconnected) {
   # read the system certificates
   include <abstractions/ssl_certs>
 
-  /etc/php{,5,7}/** r,
-
   capability net_admin,
   # change user/group of a pool
   capability setuid,
-- 
GitLab

Reply via email to