Add ".dpkg-remove" to apparmor parser ignored list

References: https://bugs.debian.org/893974

libraries/libapparmor/src/private.c

@@ -56,6 +56,7 @@ static struct ignored_suffix_t ignored_suffixes[] = {
 	{ ".dpkg-old", 9, 1 },
 	{ ".dpkg-dist", 10, 1 },
 	{ ".dpkg-bak", 9, 1 },
+	{ ".dpkg-remove", 12, 1 },
 	/* Archlinux packaging files */
 	{ ".pacsave", 8, 1 },
 	{ ".pacnew", 7 1 },

parser/apparmor_parser.pod

@@ -46,9 +46,10 @@ program. The B<profiles> may be specified by file name or a directory
 name containing a set of profiles. If a directory is specified then the
 B<apparmor_parser> will try to do a profile load for each file in the
 directory that is not a dot file, or explicitly black listed (*.dpkg-new,
-*.dpkg-old, *.dpkg-dist, *-dpkg-bak, *.pacsave, *.pacnew, *.rpmnew, *.rpmsave,
+*.dpkg-old, *.dpkg-dist, *.dpkg-bak, *.dpkg-remove, *.pacsave, *.pacnew,
-*orig, *.rej, *~). The B<apparmor_parser> will fall back to taking input from
+*.rpmnew, *.rpmsave, *.orig, *.rej, *~).
-standard input if a profile or directory is not supplied.
+The B<apparmor_parser> will fall back to taking input from standard input if
+a profile or directory is not supplied.
 
 The input supplied to B<apparmor_parser> should be in the format described in
 apparmor.d(5).

parser/rc.apparmor.functions

@@ -122,6 +122,7 @@ skip_profile() {
 	     "${profile%.dpkg-old}" != "${profile}" -o \
 	     "${profile%.dpkg-dist}" != "${profile}" -o \
 	     "${profile%.dpkg-bak}" != "${profile}" -o \
+	     "${profile%.dpkg-remove}" != "${profile}" -o \
 	     "${profile%.pacsave}" != "${profile}" -o \
 	     "${profile%.pacnew}" != "${profile}" ] ; then
 		return 2

utils/apparmor/aa.py

@@ -2031,7 +2031,7 @@ def is_skippable_file(path):
     if not basename or basename[0] == '.' or basename == 'README':
         return True
 
-    skippable_suffix = ('.dpkg-new', '.dpkg-old', '.dpkg-dist', '.dpkg-bak', '.pacsave', '.pacnew', '.rpmnew', '.rpmsave', '.orig', '.rej', '~')
+    skippable_suffix = ('.dpkg-new', '.dpkg-old', '.dpkg-dist', '.dpkg-bak', '.dpkg-remove', '.pacsave', '.pacnew', '.rpmnew', '.rpmsave', '.orig', '.rej', '~')
     if basename.endswith(skippable_suffix):
         return True
 

utils/test/test-aa.py

@@ -452,26 +452,28 @@ class AaTest_is_skippable_file(AATest):
     def test_skippable_04(self):
         self.assertTrue(is_skippable_file('bin.ping..dpkg-bak'))
     def test_skippable_05(self):
-        self.assertTrue(is_skippable_file('bin.ping.pacsave'))
+        self.assertTrue(is_skippable_file('bin.ping.dpkg-remove'))
     def test_skippable_06(self):
-        self.assertTrue(is_skippable_file('bin.ping.pacnew'))
+        self.assertTrue(is_skippable_file('bin.ping.pacsave'))
     def test_skippable_07(self):
-        self.assertTrue(is_skippable_file('bin.ping.rpmnew'))
+        self.assertTrue(is_skippable_file('bin.ping.pacnew'))
     def test_skippable_08(self):
-        self.assertTrue(is_skippable_file('bin.ping.rpmsave'))
+        self.assertTrue(is_skippable_file('bin.ping.rpmnew'))
     def test_skippable_09(self):
+        self.assertTrue(is_skippable_file('bin.ping.rpmsave'))
+    def test_skippable_10(self):
         self.assertTrue(is_skippable_file('bin.ping.orig'))
-    def test_skippable_10(self):
+    def test_skippable_11(self):
         self.assertTrue(is_skippable_file('bin.ping.rej'))
-    def test_skippable_10(self):
-        self.assertTrue(is_skippable_file('bin.ping~'))
     def test_skippable_12(self):
-        self.assertTrue(is_skippable_file('.bin.ping'))
+        self.assertTrue(is_skippable_file('bin.ping~'))
     def test_skippable_13(self):
-        self.assertTrue(is_skippable_file(''))  # empty filename
+        self.assertTrue(is_skippable_file('.bin.ping'))
     def test_skippable_14(self):
-        self.assertTrue(is_skippable_file('/etc/apparmor.d/'))  # directory without filename
+        self.assertTrue(is_skippable_file(''))  # empty filename
     def test_skippable_15(self):
+        self.assertTrue(is_skippable_file('/etc/apparmor.d/'))  # directory without filename
+    def test_skippable_16(self):
         self.assertTrue(is_skippable_file('README'))