* update apparmor to 4.0.3-3

2025-01-01 02:41:14 +01:00 · 2025-01-01 02:41:14 +01:00 · de32e9de72
commit de32e9de72
parent e5c5716832
3 changed files with 92 additions and 4 deletions
--- a/apparmor/.SRCINFO
+++ b/apparmor/.SRCINFO
@ -1,9 +1,13 @@
 pkgbase = apparmor
 	pkgdesc = Mandatory Access Control (MAC) using Linux Security Module (LSM)
 	pkgver = 4.0.3
-	pkgrel = 2
+	pkgrel = 3
 	url = https://gitlab.com/apparmor/apparmor
 	arch = x86_64
+	arch = powerpc64le
+	arch = powerpc64
+	arch = powerpc
+	arch = riscv64
 	license = GPL-2.0-only
 	license = LGPL-2.0-only
 	license = LGPL-2.1-only
@ -37,12 +41,15 @@ pkgbase = apparmor
 	source = https://launchpad.net/apparmor/4.0/4.0.3/+download/apparmor-4.0.3.tar.gz
 	source = https://launchpad.net/apparmor/4.0/4.0.3/+download/apparmor-4.0.3.tar.gz.asc
 	source = fix-tests-python-3-13.patch
+	source = fix_php-fpm_profiles.patch
 	validpgpkeys = 3ECDCBA5FB34D254961CC53F6689E64E3D3664BB
 	sha512sums = 8b1240ec56fe4f987edcda9380de685e36f4ac931772e980a8f3655dfbfd7e337a4b15227c7ceecb87d9a2bb592e466ec39912ef8f2fa59f8802464d72df8da2
 	sha512sums = SKIP
 	sha512sums = 92edba450ed33c1b726581c983d17e4437fe70c7ea07b5baa90168f469a52cb4c560c7ff3d74005456f676a393700a346ffd2058576e63788fe7659b705f7b10
+	sha512sums = a70bd317a14eae6dacf1a264fac8c1a990895597f087693834ef7427db358ee616ac9ef34d4477ab945b857175db91986b4e61d2f1b615b563bb244a3e047499
 	b2sums = 715391a1fc0fb57b820a8bcebdc76ae96e436a29546b9c47019f10f4d22942431ba5c878d92bb61b47ff17012e026195b8d7d78a329cc1cc182a31bc3b512e63
 	b2sums = SKIP
 	b2sums = c8bb529d96ed3f00c7599fbb1d9314d2f2c8c5b15055457cd1450881aa8a5d9468d388da8965f13e6402c391918876358b93f544aeadd5caa75f58a30a1167f0
+	b2sums = ec17a429fa6f3207bb84b132b884e75653f4100404c6b03673aad7fd268c628e3ede4d1a9dec3b00c7d35d7c4ea09e0553b65cc763fcbc9827b449f4d7122e84

 pkgname = apparmor
--- a/apparmor/PKGBUILD
+++ b/apparmor/PKGBUILD
@ -3,7 +3,7 @@

 pkgname=apparmor
 pkgver=4.0.3
-pkgrel=2
+pkgrel=3
 pkgdesc="Mandatory Access Control (MAC) using Linux Security Module (LSM)"
 arch=(x86_64 powerpc64le powerpc64 powerpc riscv64)
 url="https://gitlab.com/apparmor/apparmor"
@ -52,19 +52,31 @@ backup=(
 source=(
  https://launchpad.net/$pkgname/${pkgver%.[0-9]}/$pkgver/+download/$pkgname-$pkgver.tar.gz{,.asc}
  fix-tests-python-3-13.patch
+  fix_php-fpm_profiles.patch
 )
 sha512sums=('8b1240ec56fe4f987edcda9380de685e36f4ac931772e980a8f3655dfbfd7e337a4b15227c7ceecb87d9a2bb592e466ec39912ef8f2fa59f8802464d72df8da2'
            'SKIP'
-            '92edba450ed33c1b726581c983d17e4437fe70c7ea07b5baa90168f469a52cb4c560c7ff3d74005456f676a393700a346ffd2058576e63788fe7659b705f7b10')
+            '92edba450ed33c1b726581c983d17e4437fe70c7ea07b5baa90168f469a52cb4c560c7ff3d74005456f676a393700a346ffd2058576e63788fe7659b705f7b10'
+            'a70bd317a14eae6dacf1a264fac8c1a990895597f087693834ef7427db358ee616ac9ef34d4477ab945b857175db91986b4e61d2f1b615b563bb244a3e047499')
 b2sums=('715391a1fc0fb57b820a8bcebdc76ae96e436a29546b9c47019f10f4d22942431ba5c878d92bb61b47ff17012e026195b8d7d78a329cc1cc182a31bc3b512e63'
        'SKIP'
-        'c8bb529d96ed3f00c7599fbb1d9314d2f2c8c5b15055457cd1450881aa8a5d9468d388da8965f13e6402c391918876358b93f544aeadd5caa75f58a30a1167f0')
+        'c8bb529d96ed3f00c7599fbb1d9314d2f2c8c5b15055457cd1450881aa8a5d9468d388da8965f13e6402c391918876358b93f544aeadd5caa75f58a30a1167f0'
+        'ec17a429fa6f3207bb84b132b884e75653f4100404c6b03673aad7fd268c628e3ede4d1a9dec3b00c7d35d7c4ea09e0553b65cc763fcbc9827b449f4d7122e84')
 validpgpkeys=('3ECDCBA5FB34D254961CC53F6689E64E3D3664BB') # AppArmor Development Team (AppArmor signing key) <apparmor@lists.ubuntu.com>
 _core_perl="/usr/bin/core_perl"

 prepare() {
  cd $pkgname-$pkgver
+
+  # Fix tests with python 3.13
  patch -Np1 -i ../fix-tests-python-3-13.patch
+
+  # Temporary patch to fix paths of the php-fpm and php-fpm-legacy
+  # binaries in the related profiles
+  # See https://gitlab.com/apparmor/apparmor/-/commit/20839945138b7e200ec86ca96fe4f5e4b5c77dc6
+  # and https://gitlab.com/apparmor/apparmor/-/commit/6a5432b2b09bf3c08f276ab6bd78b471b1aa35da
+  patch -Np1 -i ../fix_php-fpm_profiles.patch
+
  cd libraries/libapparmor/
  autoreconf -fiv
 }
--- a/apparmor/fix_php-fpm_profiles.patch
+++ b/apparmor/fix_php-fpm_profiles.patch
@ -0,0 +1,69 @@
+diff --git a/profiles/apparmor.d/abstractions/php b/profiles/apparmor.d/abstractions/php
+index ac760bc..ca7ca37 100644
+--- a/profiles/apparmor.d/abstractions/php
+++ b/profiles/apparmor.d/abstractions/php
+@@ -13,25 +13,25 @@
+   abi <abi/4.0>,
+ 
+   # shared snippets for config files
+-  /etc/php{,5,7,8}/** r,
+  /etc/php{,5,7,8,-legacy}/** r,
+ 
+   # Xlibs
+   /usr/X11R6/lib{,32,64}/lib*.so* mr,
+   # php extensions
+-  /usr/lib{64,}/php{,5,7,8}/*/*.so mr,
+  /usr/lib{64,}/php{,5,7,8,-legacy}/*/*.so mr,
+ 
+   # ICU (unicode support) data tables
+   /usr/share/icu/*/*.dat r,
+ 
+   # php session mmap socket
+-  /var/lib/php{,5,7,8}/session_mm_* rwlk,
+  /var/lib/php{,5,7,8,-legacy}/session_mm_* rwlk,
+   # file based session handler
+-  /var/lib/php{,5,7,8}/sess_* rwlk,
+-  /var/lib/php{,5,7,8}/sessions/* rwlk,
+  /var/lib/php{,5,7,8,-legacy}/sess_* rwlk,
+  /var/lib/php{,5,7,8,-legacy}/sessions/* rwlk,
+ 
+   # php libraries
+-  /usr/share/php{,5,7,8}/ r,
+-  /usr/share/php{,5,7,8}/** mr,
+  /usr/share/php{,5,7,8,-legacy}/ r,
+  /usr/share/php{,5,7,8,-legacy}/** mr,
+ 
+   # MySQL extension
+   /usr/share/mysql/** r,
+diff --git a/profiles/apparmor.d/php-fpm b/profiles/apparmor.d/php-fpm
+index 0ddacce..29dd205 100644
+--- a/profiles/apparmor.d/php-fpm
+++ b/profiles/apparmor.d/php-fpm
+@@ -4,7 +4,7 @@ abi <abi/4.0>,
+ 
+ include <tunables/global>
+ 
+-profile php-fpm /usr/sbin/php-fpm* flags=(attach_disconnected) {
+profile php-fpm /usr/{bin,sbin}/php-fpm* flags=(attach_disconnected) {
+   # load common libraries and their support files
+   include <abstractions/base>
+   # resolve hostnames/usernames
+@@ -32,15 +32,15 @@ profile php-fpm /usr/sbin/php-fpm* flags=(attach_disconnected) {
+   /var/log/php*-fpm.log rw,
+ 
+   # we need to be able to create all sockets
+-  @{run}/php{,-fpm}/php*-fpm.pid rw,
+  @{run}/php{,-fpm,-fpm-legacy}/php*-fpm.pid rw,
+   @{run}/php*-fpm.pid rw,
+-  @{run}/php{,-fpm}/php*-fpm.sock rwlk,
+  @{run}/php{,-fpm,-fpm-legacy}/*.sock{,et} rwlk,
+ 
+   # LP: #2061113
+   owner @{run}/systemd/notify w,
+ 
+   # to reload
+-  /usr/sbin/php-fpm* rix,
+  /usr/{bin,sbin}/php-fpm* rix,
+ 
+   # no idea why php tries to open / read/write
+   deny / rw,