diff mbox series

[meta-security,04/18] apparmor: update from 3.1.3 to 4.0.3

Message ID 20241220140441.271395-5-mikko.rapeli@linaro.org
State New
Headers show
Series various updates | expand

Commit Message

Mikko Rapeli Dec. 20, 2024, 2:04 p.m. UTC 
Fixes python 3.13 support though needed one more patch
which is also submitted upstream. oeqa runtime test
passes on qemuarm and qemuarm64. Did not fix ptest compilation.

Changes:

https://apparmor.net/news/release-4.0.2/
https://gitlab.com/apparmor/apparmor/-/releases/v4.0.3

Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
---
 .../{apparmor_3.1.3.bb => apparmor_4.0.3.bb}  |  8 +-
 .../0001-fail.py-handle-missing-cgitb.patch   | 74 +++++++++++++++++++
 2 files changed, 78 insertions(+), 4 deletions(-)
 rename recipes-mac/AppArmor/{apparmor_3.1.3.bb => apparmor_4.0.3.bb} (96%)
 create mode 100644 recipes-mac/AppArmor/files/0001-fail.py-handle-missing-cgitb.patch
diff mbox series

Patch

diff --git a/recipes-mac/AppArmor/apparmor_3.1.3.bb b/recipes-mac/AppArmor/apparmor_4.0.3.bb
similarity index 96%
rename from recipes-mac/AppArmor/apparmor_3.1.3.bb
rename to recipes-mac/AppArmor/apparmor_4.0.3.bb
index 49ab7a7..06a5010 100644
--- a/recipes-mac/AppArmor/apparmor_3.1.3.bb
+++ b/recipes-mac/AppArmor/apparmor_4.0.3.bb
@@ -11,17 +11,18 @@  SECTION = "admin"
 LICENSE = "GPL-2.0-only & GPL-2.0-or-later & BSD-3-Clause & LGPL-2.1-or-later"
 LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=fd57a4b0bc782d7b80fd431f10bbf9d0"
 
-DEPENDS = "bison-native apr gettext-native coreutils-native swig-native"
+DEPENDS = "bison-native apr autoconf-archive-native gettext-native coreutils-native swig-native"
 
 SRC_URI = " \
-    git://gitlab.com/apparmor/apparmor.git;protocol=https;branch=apparmor-3.1 \
+    git://gitlab.com/apparmor/apparmor.git;protocol=https;branch=apparmor-4.0 \
     file://run-ptest \
     file://crosscompile_perl_bindings.patch \
     file://0001-Makefile.am-suppress-perllocal.pod.patch \
     file://0001-Makefile-fix-hardcoded-installation-directories.patch \
+    file://0001-fail.py-handle-missing-cgitb.patch \
     "
 
-SRCREV = "e69cb5047946818e6a9df326851483bb075a5cfe"
+SRCREV = "b4dfdf50f50ed1d64161424d036a2453645f0cfe"
 S = "${UNPACKDIR}/git"
 
 PARALLEL_MAKE = ""
@@ -106,7 +107,6 @@  do_install () {
     chown root:root -R ${D}/${datadir}/apparmor
 
     find ${D}${libdir}/perl5/ -type f -name ".packlist" -delete
-    find ${D}${PYTHON_SITEPACKAGES_DIR}/LibAppArmor/ -type f -name "_LibAppArmor*.so" -delete
 }
 
 #Building ptest on arm fails.
diff --git a/recipes-mac/AppArmor/files/0001-fail.py-handle-missing-cgitb.patch b/recipes-mac/AppArmor/files/0001-fail.py-handle-missing-cgitb.patch
new file mode 100644
index 0000000..28c1d9e
--- /dev/null
+++ b/recipes-mac/AppArmor/files/0001-fail.py-handle-missing-cgitb.patch
@@ -0,0 +1,74 @@ 
+From 434e34bb510b4cab04e64cd5b21d635c6be8c8ea Mon Sep 17 00:00:00 2001
+From: Mikko Rapeli <mikko.rapeli@linaro.org>
+Date: Fri, 29 Nov 2024 13:46:32 +0000
+Subject: [PATCH] fail.py: handle missing cgitb
+
+It's no longer in python standard library starting
+at version 3.13. Fixes:
+
+root@qemuarm64:~# aa-complain /etc/apparmor.d/*
+Traceback (most recent call last):
+  File "/usr/sbin/aa-complain", line 18, in <module>
+    from apparmor.fail import enable_aa_exception_handler
+  File "/usr/lib/python3.13/site-packages/apparmor/fail.py", line 12, in <module>
+    import cgitb
+ModuleNotFoundError: No module named 'cgitb'
+
+Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
+---
+ utils/apparmor/fail.py | 25 +++++++++++++++----------
+ 1 file changed, 15 insertions(+), 10 deletions(-)
+
+Upstream-Status: Backport
+
+diff --git a/utils/apparmor/fail.py b/utils/apparmor/fail.py
+index ece6efc4..a71ceb66 100644
+--- a/utils/apparmor/fail.py
++++ b/utils/apparmor/fail.py
+@@ -8,7 +8,11 @@
+ #
+ # ------------------------------------------------------------------
+ 
+-import cgitb
++try:
++    import cgitb
++except ImportError:
++    cgitb = None
++    pass
+ import sys
+ import traceback
+ from tempfile import NamedTemporaryFile
+@@ -32,20 +36,21 @@ def handle_exception(*exc_info):
+         print('', file=sys.stderr)
+         error(ex.value)
+     else:
+-        with NamedTemporaryFile('w', prefix='apparmor-bugreport-', suffix='.txt', delete=False) as file:
+-            cgitb_hook = cgitb.Hook(display=1, file=file, format='text', context=10)
+-            cgitb_hook.handle(exc_info)
+-
+-            file.write('Please consider reporting a bug at https://gitlab.com/apparmor/apparmor/-/issues\n')
+-            file.write('and attach this file.\n')
++        if cgitb:
++            with NamedTemporaryFile('w', prefix='apparmor-bugreport-', suffix='.txt', delete=False) as file:
++                cgitb_hook = cgitb.Hook(display=1, file=file, format='text', context=10)
++                cgitb_hook.handle(exc_info)
++                file.write('Please consider reporting a bug at https://gitlab.com/apparmor/apparmor/-/issues\n')
++                file.write('and attach this file.\n')
+ 
+         print(''.join(traceback.format_exception(*exc_info)), file=sys.stderr)
+-        print('', file=sys.stderr)
+         print('An unexpected error occurred!', file=sys.stderr)
+         print('', file=sys.stderr)
+-        print('For details, see %s' % file.name, file=sys.stderr)
++        if cgitb:
++            print('For details, see %s' % file.name, file=sys.stderr)
+         print('Please consider reporting a bug at https://gitlab.com/apparmor/apparmor/-/issues', file=sys.stderr)
+-        print('and attach this file.', file=sys.stderr)
++        if cgitb:
++            print('and attach this file.', file=sys.stderr)
+ 
+ 
+ def enable_aa_exception_handler():
+-- 
+2.43.0
+