apparmor: update to 3.0.3.

* adopt * fix licenses * add a patch to support Python 3.10
2021-08-10 23:13:46 +02:00 · 2021-08-10 23:13:46 +02:00 · 042d0e26a8
commit 042d0e26a8
parent d970edbc4a
6 changed files with 167 additions and 135 deletions
--- a/srcpkgs/apparmor/patches/correct_paths_logprofconf.patch
+++ b/srcpkgs/apparmor/patches/correct_paths_logprofconf.patch
@ -1,64 +0,0 @@
-From 6f2649203d6bfc26b79f624b5b4625603923bccd Mon Sep 17 00:00:00 2001
-From: Paper <paper@tilde.institute>
-Date: Wed, 21 Oct 2020 10:20:47 +0200
-Subject: [PATCH] correct paths in logprof.conf
-
---
- utils/logprof.conf | 17 ++++++++---------
- 1 file changed, 8 insertions(+), 9 deletions(-)
-
-diff --git a/utils/logprof.conf b/utils/logprof.conf
-index a778792..a9f7b79 100644
--- a/utils/logprof.conf
-+++ b/utils/logprof.conf
-@@ -12,9 +12,9 @@
- [settings]
-   profiledir = /etc/apparmor.d /etc/subdomain.d
-   inactive_profiledir = /usr/share/apparmor/extra-profiles 
-  logfiles = /var/log/audit/audit.log /var/log/syslog /var/log/messages
-+  logfiles = /var/log/audit/audit.log /var/log/socklog/kernel/current /var/log/syslog /var/log/messages
- 
-  parser = /sbin/apparmor_parser /sbin/subdomain_parser
-+  parser = /usr/bin/apparmor_parser /usr/bin/subdomain_parser
-   ldd = /usr/bin/ldd
-   logger = /bin/logger /usr/bin/logger
-
-@@ -51,12 +51,10 @@
-   /bin/mount    = u
-   /usr/bin/mount = u
-   /etc/init.d/subdomain = u
-  /sbin/cardmgr = u
-  /usr/sbin/cardmgr = u
-  /sbin/subdomain_parser = u
-  /usr/sbin/subdomain_parser = u
-  /usr/sbin/genprof = u
-  /usr/sbin/logprof = u
-+  /usr/bin/cardmgr = u
-+  /usr/bin/subdomain_parser = u
-+  /usr/bin/genprof = u
-+  /usr/bin/logprof = u
-   /usr/lib/YaST2/servers_non_y2/ag_genprof = u
-   /usr/lib/YaST2/servers_non_y2/ag_logprof = u
- 
-@@ -97,8 +95,7 @@
-   /usr/bin/sed  = icn
-   /bin/touch    = icn
-   /usr/bin/touch = icn
-  /sbin/killall5 = icn
-  /usr/sbin/killall5 = icn
-+  /usr/bin/killall5 = icn
-   /usr/bin/find = icn
-   /usr/bin/killall = icn
-   /usr/bin/nice = icn
-@@ -112,6 +109,8 @@
-   /usr/bin/python3.5    = icn
-   /usr/bin/python3.6    = icn
-   /usr/bin/python3.7    = icn
-+  /usr/bin/python3.8    = icn
-+  /usr/bin/python3.9    = icn
-   /usr/bin/tr   = icn
- 
- [required_hats]
-- 
-2.29.0
-
--- a/srcpkgs/apparmor/patches/fix-dnsmasq-libvirt.patch
+++ b/srcpkgs/apparmor/patches/fix-dnsmasq-libvirt.patch
@ -1,13 +0,0 @@
-diff --git a/profiles/apparmor.d/usr.sbin.dnsmasq b/profiles/apparmor.d/usr.sbin.dnsmasq
-index 7ae9a148..a32d24ca 100644
--- a/profiles/apparmor.d/usr.sbin.dnsmasq
-+++ b/profiles/apparmor.d/usr.sbin.dnsmasq
-@@ -113,7 +113,7 @@ profile dnsmasq /usr/{bin,sbin}/dnsmasq flags=(attach_disconnected) {
-     /etc/libnl-3/classid r,
- 
-     /usr/lib{,64}/libvirt/libvirt_leaseshelper m,
-    /usr/libexec/libvirt_leaseshelper m,
-+    /usr/libexec/libvirt_leaseshelper mr,
- 
-     owner @{PROC}/@{pid}/net/psched r,
-     owner @{PROC}/@{pid}/status r,
--- a/srcpkgs/apparmor/patches/fix-setting-proc_attr_base.patch
+++ b/srcpkgs/apparmor/patches/fix-setting-proc_attr_base.patch
@ -1,52 +0,0 @@
-upstream: yes
-From cc113f4820721808c9efec8b075a5482e6f9a3ad Mon Sep 17 00:00:00 2001
-From: Aaron U'Ren <aauren@users.noreply.gitlab.com>
-Date: Wed, 20 Jan 2021 17:26:37 -0600
-Subject: [PATCH] fix setting proc_attr_base
-
-There is currently a case in which proc_attr_base won't get set when
-asprintf is able to generate the path, but the file doesn't exist, it
-will exit proc_attr_base_init_once() without proc_attr_base having been
-set as the fall-through if/else logic will get bypassed when asprintf is
-successful.
---
- libraries/libapparmor/src/kernel.c | 19 +++++++++++--------
- 1 file changed, 11 insertions(+), 8 deletions(-)
-
-diff --git a/libraries/libapparmor/src/kernel.c b/libraries/libapparmor/src/kernel.c
-index 0fa77b014..6ba028614 100644
--- a/libraries/libapparmor/src/kernel.c
-+++ b/libraries/libapparmor/src/kernel.c
-@@ -239,18 +239,21 @@ static void proc_attr_base_init_once(void)
- 	/* if we fail we just fall back to the default value */
- 	if (asprintf(&tmp, "/proc/%d/attr/apparmor/current", aa_gettid())) {
- 		autoclose int fd = open(tmp, O_RDONLY);
-		if (fd != -1)
-+		if (fd != -1) {
- 			proc_attr_base = proc_attr_base_stacking;
-	} else if (!is_enabled() && is_private_enabled()) {
-+			return;
-+		}
-+	}
-+	if (!is_enabled() && is_private_enabled()) {
- 		/* new stacking interfaces aren't available and apparmor
-		 * is disabled, but available. do not use the
-		 * /proc/<pid>/attr/ * interfaces as they could be
-		 * in use by another LSM
-		 */
-+		* is disabled, but available. do not use the
-+		* /proc/<pid>/attr/ * interfaces as they could be
-+		* in use by another LSM
-+		*/
- 		proc_attr_base = proc_attr_base_unavailable;
-	} else {
-		proc_attr_base = proc_attr_base_old;
-+		return;
- 	}
-+	proc_attr_base = proc_attr_base_old;
- }
- 
- static char *procattr_path(pid_t pid, const char *attr)
-- 
-GitLab
-
--- a/srcpkgs/apparmor/patches/fix_logprofconf.patch
+++ b/srcpkgs/apparmor/patches/fix_logprofconf.patch
@ -0,0 +1,75 @@
+modify logprof.conf for Void Linux
+
+--- a/utils/logprof.conf
+++ b/utils/logprof.conf
+@@ -12,11 +12,11 @@
+ [settings]
+   profiledir = /etc/apparmor.d /etc/subdomain.d
+   inactive_profiledir = /usr/share/apparmor/extra-profiles 
+-  logfiles = /var/log/audit/audit.log /var/log/syslog /var/log/messages
+  logfiles = /var/log/audit/audit.log /var/log/socklog/kernel/current /var/log/syslog /var/log/messages
+ 
+-  parser = /sbin/apparmor_parser /sbin/subdomain_parser
+  parser = /usr/bin/apparmor_parser /usr/bin/subdomain_parser
+   ldd = /usr/bin/ldd
+-  logger = /bin/logger /usr/bin/logger
+  logger = /usr/bin/logger
+ 
+   # customize how file ownership permissions are presented
+   # 0 - off
+@@ -38,27 +38,29 @@
+ 
+ [qualifiers]
+   # things will be painfully broken if bash has a profile
+-  /bin/bash     = icnu
+-  /usr/bin/bash = icnu
+-  /bin/ksh	    = icnu
+-  /usr/bin/ksh	= icnu
+-  /bin/dash	    = icnu
+-  /usr/bin/dash	= icnu
+-  /bin/zsh      = icnu
+-  /usr/bin/zsh  = icnu
+  /bin/bash      = icnu
+  /usr/bin/bash  = icnu
+  /bin/ksh	     = icnu
+  /usr/bin/ksh	 = icnu
+  /bin/dash	     = icnu
+  /usr/bin/dash	 = icnu
+  /bin/zsh       = icnu
+  /usr/bin/zsh   = icnu
+  /bin/fish      = icnu
+  /usr/bin/fish  = icnu
+  /bin/ash       = icnu
+  /usr/bin/ash   = icnu
+  /bin/rc        = icnu
+  /usr/bin/rc    = icnu
+ 
+   # these programs can't function if they're confined
+   /bin/mount    = u
+   /usr/bin/mount = u
+   /etc/init.d/subdomain = u
+-  /sbin/cardmgr = u
+-  /usr/sbin/cardmgr = u
+-  /sbin/subdomain_parser = u
+-  /usr/sbin/subdomain_parser = u
+-  /usr/sbin/genprof = u
+-  /usr/sbin/logprof = u
+-  /usr/lib/YaST2/servers_non_y2/ag_genprof = u
+-  /usr/lib/YaST2/servers_non_y2/ag_logprof = u
+  /usr/bin/cardmgr = u
+  /usr/bin/subdomain_parser = u
+  /usr/bin/genprof = u
+  /usr/bin/logprof = u
+ 
+   # these ones shouln't have their own profiles
+   /bin/awk      = icn
+@@ -112,6 +113,9 @@
+   /usr/bin/python3.5    = icn
+   /usr/bin/python3.6    = icn
+   /usr/bin/python3.7    = icn
+  /usr/bin/python3.8    = icn
+  /usr/bin/python3.9    = icn
+  /usr/bin/python3.10    = icn
+   /usr/bin/tr   = icn
+ 
+ [required_hats]
--- a/srcpkgs/apparmor/patches/python-3.10.patch
+++ b/srcpkgs/apparmor/patches/python-3.10.patch
@ -0,0 +1,84 @@
+From ea7b201ba48b87469297d58751c57b03ceb82320 Mon Sep 17 00:00:00 2001
+From: Christian Boltz <apparmor@cboltz.de>
+Date: Wed, 11 Aug 2021 21:37:40 +0200
+Subject: [PATCH] Update abstractions/python and profiles for python 3.10
+
+Fixes: https://gitlab.com/apparmor/apparmor/-/issues/187
+---
+ profiles/apparmor.d/abstractions/python        | 18 +++++++++---------
+ profiles/apparmor.d/lsb_release                |  2 +-
+ .../profiles/extras/usr.bin.chromium-browser   |  4 ++--
+ 3 files changed, 12 insertions(+), 12 deletions(-)
+
+diff --git a/profiles/apparmor.d/abstractions/python b/profiles/apparmor.d/abstractions/python
+index 1b5cc9d0d..727030bdf 100644
+--- a/profiles/apparmor.d/abstractions/python
+++ b/profiles/apparmor.d/abstractions/python
+@@ -12,18 +12,18 @@
+ 
+   abi <abi/3.0>,
+ 
+-  /usr/lib{,32,64}/python{2.[4-7],3.[0-9]}/**.{pyc,so}           mr,
+-  /usr/lib{,32,64}/python{2.[4-7],3.[0-9]}/**.{egg,py,pth}       r,
+-  /usr/lib{,32,64}/python{2.[4-7],3.[0-9]}/{site,dist}-packages/ r,
+  /usr/lib{,32,64}/python{2.[4-7],3.[0-9],3.1[0-9]}/**.{pyc,so}           mr,
+  /usr/lib{,32,64}/python{2.[4-7],3.[0-9],3.1[0-9]}/**.{egg,py,pth}       r,
+  /usr/lib{,32,64}/python{2.[4-7],3.[0-9],3.1[0-9]}/{site,dist}-packages/ r,
+   /usr/lib{,32,64}/python3.[0-9]/lib-dynload/*.so            mr,
+ 
+-  /usr/local/lib{,32,64}/python{2.[4-7],3,3.[0-9]}/**.{pyc,so}           mr,
+-  /usr/local/lib{,32,64}/python{2.[4-7],3,3.[0-9]}/**.{egg,py,pth}       r,
+-  /usr/local/lib{,32,64}/python{2.[4-7],3,3.[0-9]}/{site,dist}-packages/ r,
+-  /usr/local/lib{,32,64}/python3.[0-9]/lib-dynload/*.so            mr,
+  /usr/local/lib{,32,64}/python{2.[4-7],3,3.[0-9],3.1[0-9]}/**.{pyc,so}           mr,
+  /usr/local/lib{,32,64}/python{2.[4-7],3,3.[0-9],3.1[0-9]}/**.{egg,py,pth}       r,
+  /usr/local/lib{,32,64}/python{2.[4-7],3,3.[0-9],3.1[0-9]}/{site,dist}-packages/ r,
+  /usr/local/lib{,32,64}/python3.{1,}[0-9]/lib-dynload/*.so            mr,
+ 
+   # Site-wide configuration
+-  /etc/python{2.[4-7],3.[0-9]}/** r,
+  /etc/python{2.[4-7],3.[0-9],3.1[0-9]}/** r,
+ 
+   # shared python paths
+   /usr/share/{pyshared,pycentral,python-support}/**      r,
+@@ -36,7 +36,7 @@
+   /usr/lib/wx/python/*.pth r,
+ 
+   # python build configuration and headers
+-  /usr/include/python{2.[4-7],3.[0-9]}*/pyconfig.h r,
+  /usr/include/python{2.[4-7],3.[0-9],3.1[0-9]}*/pyconfig.h r,
+ 
+   # Include additions to the abstraction
+   include if exists <abstractions/python.d>
+diff --git a/profiles/apparmor.d/lsb_release b/profiles/apparmor.d/lsb_release
+index 33a1c71db..ad8b998fc 100644
+--- a/profiles/apparmor.d/lsb_release
+++ b/profiles/apparmor.d/lsb_release
+@@ -18,7 +18,7 @@ profile lsb_release {
+   /dev/tty rw,
+ 
+   /usr/bin/lsb_release r,
+-  /usr/bin/python3.[0-9] mr,
+  /usr/bin/python3.{1,}[0-9] mr,
+ 
+   /etc/debian_version r,
+   /etc/default/apport r,
+diff --git a/profiles/apparmor/profiles/extras/usr.bin.chromium-browser b/profiles/apparmor/profiles/extras/usr.bin.chromium-browser
+index 2df5338db..b47b6f721 100644
+--- a/profiles/apparmor/profiles/extras/usr.bin.chromium-browser
+++ b/profiles/apparmor/profiles/extras/usr.bin.chromium-browser
+@@ -267,9 +267,9 @@ profile chromium_browser /usr/lib/@{chromium}/@{chromium} flags=(attach_disconne
+     /usr/share/distro-info/** r,
+     /var/lib/dpkg/** r,
+ 
+-    /usr/local/lib/python3.[0-9]/dist-packages/ r,
+    /usr/local/lib/python3.{1,}[0-9]/dist-packages/ r,
+     /usr/bin/ r,
+-    /usr/bin/python3.[0-9] mr,
+    /usr/bin/python3.{1,}[0-9] mr,
+   }
+ 
+   profile sandbox {
+-- 
+GitLab
+
--- a/srcpkgs/apparmor/template
+++ b/srcpkgs/apparmor/template
@ -1,7 +1,7 @@
 # Template file for 'apparmor'
 pkgname=apparmor
-version=3.0.1
-revision=7
+version=3.0.3
+revision=1
 wrksrc="${pkgname}-v${version}"
 build_wrksrc=libraries/libapparmor
 build_style=gnu-configure
@ -10,15 +10,15 @@ make_dirs="/etc/apparmor.d/disable 0755 root root"
 hostmakedepends="bison flex autoconf automake libtool gettext swig python3 which"
 makedepends="perl python3-devel"
 depends="runit-void-apparmor libapparmor-${version}_${revision} python3-notify2
- python3-psutil python3-dbus iproute2"
+ python3-psutil python3-dbus iproute2 which"
 checkdepends="dejagnu"
 short_desc="Mandatory access control to restrict programs"
-maintainer="Olivier Mauras <olivier@mauras.ch>"
-license="GPL-2.0-only, LGPL-2.1-only"
+maintainer="Michal Vasilek <michal@vasilek.cz>"
+license="GPL-2.0-only"
 homepage="https://gitlab.com/apparmor/apparmor"
 changelog="https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_${version}"
 distfiles="https://gitlab.com/apparmor/apparmor/-/archive/v${version}/apparmor-v${version}.tar.gz"
-checksum=5f9afc157c5e2610737186a31fc9bd6a1d339a2ee85ac4f2667dce59cf60f1c7
+checksum=51b1db60e962dd01856a1ec6a9d43b11ed4350dcc5738ef901097c999bcbf50e
 replaces="apparmor-vim>=0"

 if [ -z "$CROSS_BUILD" ]; then
@ -68,6 +68,7 @@ post_install() {

 libapparmor_package() {
 	short_desc+=" - Library"
+	license="LGPL-2.1-only"
 	pkg_install() {
 		vmove "usr/lib/libapparmor.so*"
 		if [ -z "$CROSS_BUILD" ]; then
@ -81,6 +82,7 @@ libapparmor_package() {

 libapparmor-devel_package() {
 	short_desc+=" - Library development files"
+	license="LGPL-2.1-only"
 	depends="lib${sourcepkg}-${version}_${revision}"
 	pkg_install() {
 		vmove usr/include