openSUSE Commits
Threads by month
- ----- 2024 -----
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
February 2024
- 1 participants
- 1879 discussions
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package runc for openSUSE:Factory checked in at 2024-02-01 18:04:09
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/runc (Old)
and /work/SRC/openSUSE:Factory/.runc.new.1815 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "runc"
Thu Feb 1 18:04:09 2024 rev:60 rq:1143139 version:1.1.12
Changes:
--------
--- /work/SRC/openSUSE:Factory/runc/runc.changes 2024-01-04 15:57:48.769429235 +0100
+++ /work/SRC/openSUSE:Factory/.runc.new.1815/runc.changes 2024-02-01 18:04:13.720620622 +0100
@@ -1,0 +2,22 @@
+Wed Jan 31 00:00:33 UTC 2024 - Aleksa Sarai <asarai(a)suse.com>
+
+- Update to runc v1.1.12. Upstream changelog is available from
+ <https://github.com/opencontainers/runc/releases/tag/v1.1.12>. bsc#1218894
+
+ * This release fixes a container breakout vulnerability (CVE-2024-21626). For
+ more details, see the upstream security advisory:
+ <https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-v…>
+ * Remove upstreamed patches:
+ - CVE-2024-21626.patch
+ * Update runc.keyring to match upstream changes.
+
+-------------------------------------------------------------------
+Thu Jan 18 00:37:01 UTC 2024 - Aleksa Sarai <asarai(a)suse.com>
+
+[ This was only ever released for SLES. ]
+
+- Add upstream patch to fix embargoed issue CVE-2024-21626. bsc#1218894
+ <https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-v…>
+ + CVE-2024-21626.patch
+
+-------------------------------------------------------------------
Old:
----
runc-1.1.11.tar.xz
runc-1.1.11.tar.xz.asc
New:
----
runc-1.1.12.tar.xz
runc-1.1.12.tar.xz.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ runc.spec ++++++
--- /var/tmp/diff_new_pack.rLt7tn/_old 2024-02-01 18:04:14.228639039 +0100
+++ /var/tmp/diff_new_pack.rLt7tn/_new 2024-02-01 18:04:14.228639039 +0100
@@ -18,13 +18,13 @@
# MANUAL: Make sure you update this each time you update runc.
-%define git_version 4bccb38cc9cf198d52bebf2b3a90cd14e7af8c06
-%define git_short 4bccb38cc9cf
+%define git_version 51d5e94601ceffbbd85688df1c928ecccbfa4685
+%define git_short 51d5e94601ce
%define project github.com/opencontainers/runc
Name: runc
-Version: 1.1.11
+Version: 1.1.12
Release: 0
Summary: Tool for spawning and running OCI containers
License: Apache-2.0
++++++ runc-1.1.11.tar.xz -> runc-1.1.12.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/runc-1.1.11/CHANGELOG.md new/runc-1.1.12/CHANGELOG.md
--- old/runc-1.1.11/CHANGELOG.md 2024-01-02 03:34:16.000000000 +0100
+++ new/runc-1.1.12/CHANGELOG.md 2024-01-23 14:12:48.000000000 +0100
@@ -6,6 +6,24 @@
## [Unreleased 1.1.z]
+## [1.1.12] - 2024-01-31
+
+> Now you're thinking with Portals™!
+
+### Security
+
+* Fix [CVE-2024-21626][cve-2024-21626], a container breakout attack that took
+ advantage of a file descriptor that was leaked internally within runc (but
+ never leaked to the container process). In addition to fixing the leak,
+ several strict hardening measures were added to ensure that future internal
+ leaks could not be used to break out in this manner again. Based on our
+ research, while no other container runtime had a similar leak, none had any
+ of the hardening steps we've introduced (and some runtimes would not check
+ for any file descriptors that a calling process may have leaked to them,
+ allowing for container breakouts due to basic user error).
+
+[cve-2024-21626]: https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-v…
+
## [1.1.11] - 2024-01-01
> Happy New Year!
@@ -493,7 +511,8 @@
[1.0.1]: https://github.com/opencontainers/runc/compare/v1.0.0...v1.0.1
<!-- 1.1.z patch releases -->
-[Unreleased 1.1.z]: https://github.com/opencontainers/runc/compare/v1.1.11...release-1.1
+[Unreleased 1.1.z]: https://github.com/opencontainers/runc/compare/v1.1.12...release-1.1
+[1.1.12]: https://github.com/opencontainers/runc/compare/v1.1.11...v1.1.12
[1.1.11]: https://github.com/opencontainers/runc/compare/v1.1.10...v1.1.11
[1.1.10]: https://github.com/opencontainers/runc/compare/v1.1.9...v1.1.10
[1.1.9]: https://github.com/opencontainers/runc/compare/v1.1.8...v1.1.9
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/runc-1.1.11/VERSION new/runc-1.1.12/VERSION
--- old/runc-1.1.11/VERSION 2024-01-02 03:34:16.000000000 +0100
+++ new/runc-1.1.12/VERSION 2024-01-23 14:12:48.000000000 +0100
@@ -1 +1 @@
-1.1.11
+1.1.12
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/runc-1.1.11/libcontainer/cgroups/file.go new/runc-1.1.12/libcontainer/cgroups/file.go
--- old/runc-1.1.11/libcontainer/cgroups/file.go 2024-01-02 03:34:16.000000000 +0100
+++ new/runc-1.1.12/libcontainer/cgroups/file.go 2024-01-23 14:12:48.000000000 +0100
@@ -77,16 +77,16 @@
// TestMode is set to true by unit tests that need "fake" cgroupfs.
TestMode bool
- cgroupFd int = -1
- prepOnce sync.Once
- prepErr error
- resolveFlags uint64
+ cgroupRootHandle *os.File
+ prepOnce sync.Once
+ prepErr error
+ resolveFlags uint64
)
func prepareOpenat2() error {
prepOnce.Do(func() {
fd, err := unix.Openat2(-1, cgroupfsDir, &unix.OpenHow{
- Flags: unix.O_DIRECTORY | unix.O_PATH,
+ Flags: unix.O_DIRECTORY | unix.O_PATH | unix.O_CLOEXEC,
})
if err != nil {
prepErr = &os.PathError{Op: "openat2", Path: cgroupfsDir, Err: err}
@@ -97,15 +97,16 @@
}
return
}
+ file := os.NewFile(uintptr(fd), cgroupfsDir)
+
var st unix.Statfs_t
- if err = unix.Fstatfs(fd, &st); err != nil {
+ if err := unix.Fstatfs(int(file.Fd()), &st); err != nil {
prepErr = &os.PathError{Op: "statfs", Path: cgroupfsDir, Err: err}
logrus.Warnf("falling back to securejoin: %s", prepErr)
return
}
- cgroupFd = fd
-
+ cgroupRootHandle = file
resolveFlags = unix.RESOLVE_BENEATH | unix.RESOLVE_NO_MAGICLINKS
if st.Type == unix.CGROUP2_SUPER_MAGIC {
// cgroupv2 has a single mountpoint and no "cpu,cpuacct" symlinks
@@ -132,7 +133,7 @@
return openFallback(path, flags, mode)
}
- fd, err := unix.Openat2(cgroupFd, relPath,
+ fd, err := unix.Openat2(int(cgroupRootHandle.Fd()), relPath,
&unix.OpenHow{
Resolve: resolveFlags,
Flags: uint64(flags) | unix.O_CLOEXEC,
@@ -140,20 +141,20 @@
})
if err != nil {
err = &os.PathError{Op: "openat2", Path: path, Err: err}
- // Check if cgroupFd is still opened to cgroupfsDir
+ // Check if cgroupRootHandle is still opened to cgroupfsDir
// (happens when this package is incorrectly used
// across the chroot/pivot_root/mntns boundary, or
// when /sys/fs/cgroup is remounted).
//
// TODO: if such usage will ever be common, amend this
- // to reopen cgroupFd and retry openat2.
- fdStr := strconv.Itoa(cgroupFd)
+ // to reopen cgroupRootHandle and retry openat2.
+ fdStr := strconv.Itoa(int(cgroupRootHandle.Fd()))
fdDest, _ := os.Readlink("/proc/self/fd/" + fdStr)
if fdDest != cgroupfsDir {
- // Wrap the error so it is clear that cgroupFd
+ // Wrap the error so it is clear that cgroupRootHandle
// is opened to an unexpected/wrong directory.
- err = fmt.Errorf("cgroupFd %s unexpectedly opened to %s != %s: %w",
- fdStr, fdDest, cgroupfsDir, err)
+ err = fmt.Errorf("cgroupRootHandle %d unexpectedly opened to %s != %s: %w",
+ cgroupRootHandle.Fd(), fdDest, cgroupfsDir, err)
}
return nil, err
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/runc-1.1.11/libcontainer/cgroups/fs/paths.go new/runc-1.1.12/libcontainer/cgroups/fs/paths.go
--- old/runc-1.1.11/libcontainer/cgroups/fs/paths.go 2024-01-02 03:34:16.000000000 +0100
+++ new/runc-1.1.12/libcontainer/cgroups/fs/paths.go 2024-01-23 14:12:48.000000000 +0100
@@ -83,6 +83,7 @@
if err != nil {
return ""
}
+ defer dir.Close()
names, err := dir.Readdirnames(1)
if err != nil {
return ""
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/runc-1.1.11/libcontainer/container_linux.go new/runc-1.1.12/libcontainer/container_linux.go
--- old/runc-1.1.11/libcontainer/container_linux.go 2024-01-02 03:34:16.000000000 +0100
+++ new/runc-1.1.12/libcontainer/container_linux.go 2024-01-23 14:12:48.000000000 +0100
@@ -353,6 +353,15 @@
}()
}
+ // Before starting "runc init", mark all non-stdio open files as O_CLOEXEC
+ // to make sure we don't leak any files into "runc init". Any files to be
+ // passed to "runc init" through ExtraFiles will get dup2'd by the Go
+ // runtime and thus their O_CLOEXEC flag will be cleared. This is some
+ // additional protection against attacks like CVE-2024-21626, by making
+ // sure we never leak files to "runc init" we didn't intend to.
+ if err := utils.CloseExecFrom(3); err != nil {
+ return fmt.Errorf("unable to mark non-stdio fds as cloexec: %w", err)
+ }
if err := parent.start(); err != nil {
return fmt.Errorf("unable to start container process: %w", err)
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/runc-1.1.11/libcontainer/init_linux.go new/runc-1.1.12/libcontainer/init_linux.go
--- old/runc-1.1.11/libcontainer/init_linux.go 2024-01-02 03:34:16.000000000 +0100
+++ new/runc-1.1.12/libcontainer/init_linux.go 2024-01-23 14:12:48.000000000 +0100
@@ -8,6 +8,7 @@
"io"
"net"
"os"
+ "path/filepath"
"strings"
"unsafe"
@@ -135,6 +136,32 @@
return nil
}
+// verifyCwd ensures that the current directory is actually inside the mount
+// namespace root of the current process.
+func verifyCwd() error {
+ // getcwd(2) on Linux detects if cwd is outside of the rootfs of the
+ // current mount namespace root, and in that case prefixes "(unreachable)"
+ // to the returned string. glibc's getcwd(3) and Go's Getwd() both detect
+ // when this happens and return ENOENT rather than returning a non-absolute
+ // path. In both cases we can therefore easily detect if we have an invalid
+ // cwd by checking the return value of getcwd(3). See getcwd(3) for more
+ // details, and CVE-2024-21626 for the security issue that motivated this
+ // check.
+ //
+ // We have to use unix.Getwd() here because os.Getwd() has a workaround for
+ // $PWD which involves doing stat(.), which can fail if the current
+ // directory is inaccessible to the container process.
+ if wd, err := unix.Getwd(); errors.Is(err, unix.ENOENT) {
+ return errors.New("current working directory is outside of container mount namespace root -- possible container breakout detected")
+ } else if err != nil {
+ return fmt.Errorf("failed to verify if current working directory is safe: %w", err)
+ } else if !filepath.IsAbs(wd) {
+ // We shouldn't ever hit this, but check just in case.
+ return fmt.Errorf("current working directory is not absolute -- possible container breakout detected: cwd is %q", wd)
+ }
+ return nil
+}
+
// finalizeNamespace drops the caps, sets the correct user
// and working dir, and closes any leaked file descriptors
// before executing the command inside the namespace
@@ -193,6 +220,10 @@
return fmt.Errorf("chdir to cwd (%q) set in config.json failed: %w", config.Cwd, err)
}
}
+ // Make sure our final working directory is inside the container.
+ if err := verifyCwd(); err != nil {
+ return err
+ }
if err := system.ClearKeepCaps(); err != nil {
return fmt.Errorf("unable to clear keep caps: %w", err)
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/runc-1.1.11/libcontainer/integration/seccomp_test.go new/runc-1.1.12/libcontainer/integration/seccomp_test.go
--- old/runc-1.1.11/libcontainer/integration/seccomp_test.go 2024-01-02 03:34:16.000000000 +0100
+++ new/runc-1.1.12/libcontainer/integration/seccomp_test.go 2024-01-23 14:12:48.000000000 +0100
@@ -13,7 +13,7 @@
libseccomp "github.com/seccomp/libseccomp-golang"
)
-func TestSeccompDenyGetcwdWithErrno(t *testing.T) {
+func TestSeccompDenySyslogWithErrno(t *testing.T) {
if testing.Short() {
return
}
@@ -25,7 +25,7 @@
DefaultAction: configs.Allow,
Syscalls: []*configs.Syscall{
{
- Name: "getcwd",
+ Name: "syslog",
Action: configs.Errno,
ErrnoRet: &errnoRet,
},
@@ -39,7 +39,7 @@
buffers := newStdBuffers()
pwd := &libcontainer.Process{
Cwd: "/",
- Args: []string{"pwd"},
+ Args: []string{"dmesg"},
Env: standardEnvironment,
Stdin: buffers.Stdin,
Stdout: buffers.Stdout,
@@ -65,17 +65,17 @@
}
if exitCode == 0 {
- t.Fatalf("Getcwd should fail with negative exit code, instead got %d!", exitCode)
+ t.Fatalf("dmesg should fail with negative exit code, instead got %d!", exitCode)
}
- expected := "pwd: getcwd: No such process"
+ expected := "dmesg: klogctl: No such process"
actual := strings.Trim(buffers.Stderr.String(), "\n")
if actual != expected {
t.Fatalf("Expected output %s but got %s\n", expected, actual)
}
}
-func TestSeccompDenyGetcwd(t *testing.T) {
+func TestSeccompDenySyslog(t *testing.T) {
if testing.Short() {
return
}
@@ -85,7 +85,7 @@
DefaultAction: configs.Allow,
Syscalls: []*configs.Syscall{
{
- Name: "getcwd",
+ Name: "syslog",
Action: configs.Errno,
},
},
@@ -98,7 +98,7 @@
buffers := newStdBuffers()
pwd := &libcontainer.Process{
Cwd: "/",
- Args: []string{"pwd"},
+ Args: []string{"dmesg"},
Env: standardEnvironment,
Stdin: buffers.Stdin,
Stdout: buffers.Stdout,
@@ -124,10 +124,10 @@
}
if exitCode == 0 {
- t.Fatalf("Getcwd should fail with negative exit code, instead got %d!", exitCode)
+ t.Fatalf("dmesg should fail with negative exit code, instead got %d!", exitCode)
}
- expected := "pwd: getcwd: Operation not permitted"
+ expected := "dmesg: klogctl: Operation not permitted"
actual := strings.Trim(buffers.Stderr.String(), "\n")
if actual != expected {
t.Fatalf("Expected output %s but got %s\n", expected, actual)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/runc-1.1.11/libcontainer/setns_init_linux.go new/runc-1.1.12/libcontainer/setns_init_linux.go
--- old/runc-1.1.11/libcontainer/setns_init_linux.go 2024-01-02 03:34:16.000000000 +0100
+++ new/runc-1.1.12/libcontainer/setns_init_linux.go 2024-01-23 14:12:48.000000000 +0100
@@ -4,6 +4,7 @@
"errors"
"fmt"
"os"
+ "os/exec"
"strconv"
"github.com/opencontainers/selinux/go-selinux"
@@ -14,6 +15,7 @@
"github.com/opencontainers/runc/libcontainer/keys"
"github.com/opencontainers/runc/libcontainer/seccomp"
"github.com/opencontainers/runc/libcontainer/system"
+ "github.com/opencontainers/runc/libcontainer/utils"
)
// linuxSetnsInit performs the container's initialization for running a new process
@@ -82,6 +84,21 @@
if err := apparmor.ApplyProfile(l.config.AppArmorProfile); err != nil {
return err
}
+
+ // Check for the arg before waiting to make sure it exists and it is
+ // returned as a create time error.
+ name, err := exec.LookPath(l.config.Args[0])
+ if err != nil {
+ return err
+ }
+ // exec.LookPath in Go < 1.20 might return no error for an executable
+ // residing on a file system mounted with noexec flag, so perform this
+ // extra check now while we can still return a proper error.
+ // TODO: remove this once go < 1.20 is not supported.
+ if err := eaccess(name); err != nil {
+ return &os.PathError{Op: "eaccess", Path: name, Err: err}
+ }
+
// Set seccomp as close to execve as possible, so as few syscalls take
// place afterward (reducing the amount of syscalls that users need to
// enable in their seccomp profiles).
@@ -101,5 +118,23 @@
return &os.PathError{Op: "close log pipe", Path: "fd " + strconv.Itoa(l.logFd), Err: err}
}
- return system.Execv(l.config.Args[0], l.config.Args[0:], os.Environ())
+ // Close all file descriptors we are not passing to the container. This is
+ // necessary because the execve target could use internal runc fds as the
+ // execve path, potentially giving access to binary files from the host
+ // (which can then be opened by container processes, leading to container
+ // escapes). Note that because this operation will close any open file
+ // descriptors that are referenced by (*os.File) handles from underneath
+ // the Go runtime, we must not do any file operations after this point
+ // (otherwise the (*os.File) finaliser could close the wrong file). See
+ // CVE-2024-21626 for more information as to why this protection is
+ // necessary.
+ //
+ // This is not needed for runc-dmz, because the extra execve(2) step means
+ // that all O_CLOEXEC file descriptors have already been closed and thus
+ // the second execve(2) from runc-dmz cannot access internal file
+ // descriptors from runc.
+ if err := utils.UnsafeCloseFrom(l.config.PassedFilesCount + 3); err != nil {
+ return err
+ }
+ return system.Exec(name, l.config.Args[0:], os.Environ())
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/runc-1.1.11/libcontainer/standard_init_linux.go new/runc-1.1.12/libcontainer/standard_init_linux.go
--- old/runc-1.1.11/libcontainer/standard_init_linux.go 2024-01-02 03:34:16.000000000 +0100
+++ new/runc-1.1.12/libcontainer/standard_init_linux.go 2024-01-23 14:12:48.000000000 +0100
@@ -17,6 +17,7 @@
"github.com/opencontainers/runc/libcontainer/keys"
"github.com/opencontainers/runc/libcontainer/seccomp"
"github.com/opencontainers/runc/libcontainer/system"
+ "github.com/opencontainers/runc/libcontainer/utils"
)
type linuxStandardInit struct {
@@ -258,5 +259,23 @@
return err
}
+ // Close all file descriptors we are not passing to the container. This is
+ // necessary because the execve target could use internal runc fds as the
+ // execve path, potentially giving access to binary files from the host
+ // (which can then be opened by container processes, leading to container
+ // escapes). Note that because this operation will close any open file
+ // descriptors that are referenced by (*os.File) handles from underneath
+ // the Go runtime, we must not do any file operations after this point
+ // (otherwise the (*os.File) finaliser could close the wrong file). See
+ // CVE-2024-21626 for more information as to why this protection is
+ // necessary.
+ //
+ // This is not needed for runc-dmz, because the extra execve(2) step means
+ // that all O_CLOEXEC file descriptors have already been closed and thus
+ // the second execve(2) from runc-dmz cannot access internal file
+ // descriptors from runc.
+ if err := utils.UnsafeCloseFrom(l.config.PassedFilesCount + 3); err != nil {
+ return err
+ }
return system.Exec(name, l.config.Args[0:], os.Environ())
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/runc-1.1.11/libcontainer/utils/utils_unix.go new/runc-1.1.12/libcontainer/utils/utils_unix.go
--- old/runc-1.1.11/libcontainer/utils/utils_unix.go 2024-01-02 03:34:16.000000000 +0100
+++ new/runc-1.1.12/libcontainer/utils/utils_unix.go 2024-01-23 14:12:48.000000000 +0100
@@ -7,6 +7,7 @@
"fmt"
"os"
"strconv"
+ _ "unsafe" // for go:linkname
"golang.org/x/sys/unix"
)
@@ -23,9 +24,11 @@
return nil
}
-// CloseExecFrom applies O_CLOEXEC to all file descriptors currently open for
-// the process (except for those below the given fd value).
-func CloseExecFrom(minFd int) error {
+type fdFunc func(fd int)
+
+// fdRangeFrom calls the passed fdFunc for each file descriptor that is open in
+// the current process.
+func fdRangeFrom(minFd int, fn fdFunc) error {
fdDir, err := os.Open("/proc/self/fd")
if err != nil {
return err
@@ -50,15 +53,60 @@
if fd < minFd {
continue
}
- // Intentionally ignore errors from unix.CloseOnExec -- the cases where
- // this might fail are basically file descriptors that have already
- // been closed (including and especially the one that was created when
- // os.ReadDir did the "opendir" syscall).
- unix.CloseOnExec(fd)
+ // Ignore the file descriptor we used for readdir, as it will be closed
+ // when we return.
+ if uintptr(fd) == fdDir.Fd() {
+ continue
+ }
+ // Run the closure.
+ fn(fd)
}
return nil
}
+// CloseExecFrom sets the O_CLOEXEC flag on all file descriptors greater or
+// equal to minFd in the current process.
+func CloseExecFrom(minFd int) error {
+ return fdRangeFrom(minFd, unix.CloseOnExec)
+}
+
+//go:linkname runtime_IsPollDescriptor internal/poll.IsPollDescriptor
+
+// In order to make sure we do not close the internal epoll descriptors the Go
+// runtime uses, we need to ensure that we skip descriptors that match
+// "internal/poll".IsPollDescriptor. Yes, this is a Go runtime internal thing,
+// unfortunately there's no other way to be sure we're only keeping the file
+// descriptors the Go runtime needs. Hopefully nothing blows up doing this...
+func runtime_IsPollDescriptor(fd uintptr) bool //nolint:revive
+
+// UnsafeCloseFrom closes all file descriptors greater or equal to minFd in the
+// current process, except for those critical to Go's runtime (such as the
+// netpoll management descriptors).
+//
+// NOTE: That this function is incredibly dangerous to use in most Go code, as
+// closing file descriptors from underneath *os.File handles can lead to very
+// bad behaviour (the closed file descriptor can be re-used and then any
+// *os.File operations would apply to the wrong file). This function is only
+// intended to be called from the last stage of runc init.
+func UnsafeCloseFrom(minFd int) error {
+ // We must not close some file descriptors.
+ return fdRangeFrom(minFd, func(fd int) {
+ if runtime_IsPollDescriptor(uintptr(fd)) {
+ // These are the Go runtimes internal netpoll file descriptors.
+ // These file descriptors are operated on deep in the Go scheduler,
+ // and closing those files from underneath Go can result in panics.
+ // There is no issue with keeping them because they are not
+ // executable and are not useful to an attacker anyway. Also we
+ // don't have any choice.
+ return
+ }
+ // There's nothing we can do about errors from close(2), and the
+ // only likely error to be seen is EBADF which indicates the fd was
+ // already closed (in which case, we got what we wanted).
+ _ = unix.Close(fd)
+ })
+}
+
// NewSockPair returns a new unix socket pair
func NewSockPair(name string) (parent *os.File, child *os.File, err error) {
fds, err := unix.Socketpair(unix.AF_LOCAL, unix.SOCK_STREAM|unix.SOCK_CLOEXEC, 0)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/runc-1.1.11/runc.keyring new/runc-1.1.12/runc.keyring
--- old/runc-1.1.11/runc.keyring 2024-01-02 03:34:16.000000000 +0100
+++ new/runc-1.1.12/runc.keyring 2024-01-23 14:12:48.000000000 +0100
@@ -72,18 +72,18 @@
pub ed25519 2019-06-21 [C]
C9C370B246B09F6DBCFC744C34401015D1D2D386
uid [ultimate] Aleksa Sarai <cyphar(a)cyphar.com>
-sub ed25519 2022-09-30 [S] [expires: 2024-09-29]
-sub cv25519 2022-09-30 [E] [expires: 2024-09-29]
-sub ed25519 2022-09-30 [A] [expires: 2024-09-29]
+sub ed25519 2022-09-30 [S] [expires: 2030-03-25]
+sub cv25519 2022-09-30 [E] [expires: 2030-03-25]
+sub ed25519 2022-09-30 [A] [expires: 2030-03-25]
-----BEGIN PGP PUBLIC KEY BLOCK-----
Comment: github=cyphar
mDMEXQxvLxYJKwYBBAHaRw8BAQdArRQoZs9YzYtQIiPA1qdvUT8Q0wbPZyRV65Tz
QNTIZla0IEFsZWtzYSBTYXJhaSA8Y3lwaGFyQGN5cGhhci5jb20+iJAEExYIADgF
-CwkIBwIGFQoJCAsCBBYCAwECHgECF4AWIQTJw3CyRrCfbbz8dEw0QBAV0dLThgUC
-XQzCHwIbAQAKCRA0QBAV0dLThvUpAP9SwyOijLqEBz1A9pTqRAB0l/r+ABq+iUmH
-UjMHO34LZAD/biRuAadaxIYJtmn7nKA55doyN2fQXhjArqypJ1SQywi4MwRdDMJS
+CwkIBwIGFQoJCAsCBBYCAwECHgECF4ACGwEWIQTJw3CyRrCfbbz8dEw0QBAV0dLT
+hgUCZa3xwQAKCRA0QBAV0dLThpQyAQDGzjZyyWWmd6Ykg5/lymp2MLIg1f2jG6ew
+AiPT4ATkBAD/RgdLDf1IQStEH7pHmQa1qvqyRq1jeEgF23KruXbbdQ64MwRdDMJS
FgkrBgEEAdpHDwEBB0B2IGusH7LuDH3hNT6JYM30S7G92FGogA6a9WQzKRlqvIh4
BCgWCgAgFiEEycNwskawn228/HRMNEAQFdHS04YFAmM2ukUCHQEACgkQNEAQFdHS
04ZTQAEAjAT0fXVJHdRL6UMCxDYsgjG+QyH1mr7gKgbPvB8A5LgBAN4QDqCxIY3b
@@ -106,20 +106,20 @@
FdHS04YFAl0Mwo0CGyAACgkQNEAQFdHS04ajxQEAsZf1yDORUVYicREc/7z0U+51
DJzeAexeJTYM+N+x13EA/0Ex+o7qQ7dZLGDn7x4LSbd39C+++suHsEaE4XwlX6cH
uDMEYza6SxYJKwYBBAHaRw8BAQdAE3s7dZQFuImQX2tWshIdGjeUKZc7rlMcrZ6+
-q25gaH2I9QQYFgoAJhYhBMnDcLJGsJ9tvPx0TDRAEBXR0tOGBQJjNrpLAhsCBQkD
-wmcAAIEJEDRAEBXR0tOGdiAEGRYKAB0WIQS2TklVsp+j1GPyqQYol/rSt+lEbwUC
-Yza6SwAKCRAol/rSt+lEb9obAQC8ij4yJTU7ZcAtTx2ZMjj8EoruGb3ku6VpRyx1
-+pyQQgD/QgQ7X1G7xtwuVpY0kHYga1yoKLA2ycT8F8PrVtF7pAMWkgD9EWe1E77C
-BVd//i3ib+h9ikCeJ+gaxc6aU24ZBcN2tfUBAJmCmYQ0VEbXyvCqkdJEQ4qk5Y9C
-2V4w83dj4a5RYKUGuDgEYza6YBIKKwYBBAGXVQEFAQEHQKECW5Y7nUGCka0/WcCM
-OerRY95Pm2DQVL76QzvhXD8tAwEIB4h+BBgWCgAmFiEEycNwskawn228/HRMNEAQ
-FdHS04YFAmM2umACGwwFCQPCZwAACgkQNEAQFdHS04bkuwEA7AEL+iSPlA8/YILp
-0sFMzmtRqTDMqx2BY8K5wEk9fusA/jAhbeJw57bZYvK4MghfUa9tRocyII84UmOA
-cgDbPPIFuDMEYza6bhYJKwYBBAHaRw8BAQdAgHXd0yf6MPXJZCZ3TFz8xLymyPsD
-TF2SQwwqM4+nYbeIfgQYFgoAJhYhBMnDcLJGsJ9tvPx0TDRAEBXR0tOGBQJjNrpu
-AhsgBQkDwmcAAAoJEDRAEBXR0tOGB8UA/0wf8uECKMmXGQ4DNi+ei2E9Ft6GL8qw
-UGjwM/EKH2RoAP9HNRRKBjDxs/AZ3pBx1Q8hnHELLo0kXPc+3BG6Pht5BA==
-=KN4V
+q25gaH2I9QQYFgoAJgIbAhYhBMnDcLJGsJ9tvPx0TDRAEBXR0tOGBQJlrfJcBQkO
+EpjFAIF2IAQZFgoAHRYhBLZOSVWyn6PUY/KpBiiX+tK36URvBQJjNrpLAAoJECiX
++tK36URv2hsBALyKPjIlNTtlwC1PHZkyOPwSiu4ZveS7pWlHLHX6nJBCAP9CBDtf
+UbvG3C5WljSQdiBrXKgosDbJxPwXw+tW0XukAwkQNEAQFdHS04bMkQEA9elVwA0A
++ywDw+jnifIc98XqLI+KF3Xl0A9+lMuwthMBAO00DeAEjkryFMGp62GPNHqr/r6p
++6DIeUjWgK4Sh8IMuDgEYza6YBIKKwYBBAGXVQEFAQEHQKECW5Y7nUGCka0/WcCM
+OerRY95Pm2DQVL76QzvhXD8tAwEIB4h+BBgWCgAmAhsMFiEEycNwskawn228/HRM
+NEAQFdHS04YFAmWt8lwFCQ4SmLAACgkQNEAQFdHS04apHgD+MIRj2kujpxtQt04D
+ZB+hofBtHIEMo2tplFBYvhZ6KOMA/1q3aRv6jnWAv8woc50KitP4/+iPmfyzaBA/
+8XA5DdIKuDMEYza6bhYJKwYBBAHaRw8BAQdAgHXd0yf6MPXJZCZ3TFz8xLymyPsD
+TF2SQwwqM4+nYbeIfgQYFgoAJgIbIBYhBMnDcLJGsJ9tvPx0TDRAEBXR0tOGBQJl
+rfJcBQkOEpiiAAoJEDRAEBXR0tOGAUwA/jbaz04OXnV3PYC/yQUsUJsihCTqz4Ne
+lxxclgJYU604APsFzpoLD0oUlfMn5Fh75ftkKPrwiHpTj4rRU6oIQu1/Bg==
+=Ab7w
-----END PGP PUBLIC KEY BLOCK-----
pub rsa2048 2020-04-28 [SC] [expires: 2025-04-18]
@@ -159,11 +159,11 @@
=GkpD
-----END PGP PUBLIC KEY BLOCK-----
-pub rsa3072 2019-07-25 [SC] [expires: 2023-11-02]
+pub rsa3072 2019-07-25 [SC] [expires: 2025-07-27]
C020EA876CE4E06C7AB95AEF49524C6F9F638F1A
uid [ultimate] Akihiro Suda <akihiro.suda.cz(a)hco.ntt.co.jp>
uid [ultimate] Akihiro Suda <suda.kyoto(a)gmail.com>
-sub rsa3072 2019-07-25 [E] [expires: 2023-11-02]
+sub rsa3072 2019-07-25 [E] [expires: 2025-07-27]
-----BEGIN PGP PUBLIC KEY BLOCK-----
Comment: github=AkihiroSuda
@@ -178,26 +178,26 @@
9nezuUDg8SsaBg8O4tyv/CZq/FeF3RMMc2EHTiO8HTERqmRMxUFZv3bkgA4GnjnA
3wsZhLXQq+UaIJUAEQEAAbQsQWtpaGlybyBTdWRhIDxha2loaXJvLnN1ZGEuY3pA
aGNvLm50dC5jby5qcD6JAdQEEwEKAD4CGwMFCwkIBwIGFQoJCAsCBBYCAwECHgEC
-F4AWIQTAIOqHbOTgbHq5Wu9JUkxvn2OPGgUCYYDT5gUJCAkhxwAKCRBJUkxvn2OP
-GiHnC/wOqAvEcRmpKjqx4QUNkE34oGwiPgV5vyDlQElvBzyazQEcIdt9xaIE+4IS
-7L7L6Q7WOGxWCvmRZ58E32m4RB1F8L7XQW0l3f6jESYLGPb6XDloux5poJzGxaGK
-9gd6ItNmjOCmt08Icv0ZVTvKv20ej71aepllE5UaM9p5AlEwLkzQxPoGpB7E1Sdy
-citRg6YEqTY+i5IeZ5xMthWXcushyLRRvm43DwbPsuZHVC1yMfo5VrF9JE65BdE9
-dIsCrZDnde/jUm4pAAwyAKSLLRVgj4xVP0XIdO2nVXDBWp9z4gUt/gMjuutO1a2U
-Xw+XhkirUb2C++L0KvVBMbU303Q+xV/iaYjAuFjNy94HZms0iTBTB4qFHT4ClYHi
-mNwTgfwRclpywkHzDi8496hsyzoVCeHSsu+ScDE1qAw6zrxASZXevYhhB2aBLr1s
-d58WsYA37iXTEO4Hxm5V0Wh110hlCGFwcN8vWNhMCdIj7JN8nWZQNLZyppN7bCDu
-FX8cE260I0FraWhpcm8gU3VkYSA8c3VkYS5reW90b0BnbWFpbC5jb20+iQHUBBMB
+F4AWIQTAIOqHbOTgbHq5Wu9JUkxvn2OPGgUCZMPL2QUJC0wZugAKCRBJUkxvn2OP
+GqTiC/93jTl0ci2zWC8vVBPSyjHDrpOhn+3ukCeC7VxHOdo6hBwbsxqaBUWi0Maf
+p9oa4HzmsQjhMM+i3/Q/jHBvijXQ2UO5MaDrLhacoAW8i/YeU2aKn2yIyrQPIdc/
+tlcwjvsRPt534DOisf1N5+w6Y4DRgt2tNl0KOjEBmXsBWN7Fg+QRfLeNWKS9soq7
+QkI68T0e0h752FmI8TK4yy6FrhLVUU2ArLcOV2wjx5zKnWjgX7BbwYjAp8fi9hcC
+XdmSvllQ8U9Y2ll8dDq3HBmo+uI4lfz31S4B5EKo4Wn+3bA4Y+VBNoJfoKyLeOgr
+0cmo6SRJIsVaSvAJcMZ6oq+jvTDuygfRkxxgoTzCgwre7CPzcvC8gC0sYOB34TN4
+UogwN3pFmCPfi5TjXsx7vgfWKlHgwe3L/5aoQjTm+z6WanTHbIqOK9QkIuGykMpL
+7nOJeH9LoRzpzc8aOwIOki2bbo7s9yzL8Gil+zaqe16Q+Y7wVBxSRxbg/3oUTi1K
+/uM8N4S0I0FraWhpcm8gU3VkYSA8c3VkYS5reW90b0BnbWFpbC5jb20+iQHUBBMB
CgA+AhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAFiEEwCDqh2zk4Gx6uVrvSVJM
-b59jjxoFAmGA0+YFCQgJIccACgkQSVJMb59jjxoMJwwAgZxXa8DPoUWeazt5TIVX
-omVcsor2J75CqPKlOjvSVXSnCzkBM1kYN2RwVjNivuIEUWPDOohvUvJxllkm7dxd
-g+XfLL3/luB4B+R06n78339K0pu4+n5eDIF0UiNbfuGocqFtVBXuC0uj7ZWPJnZe
-tdbspisggJ8Q2Im7mQPQRQZ1Q1qBlogxpeeDzyGkrLRusryfd8LwPz7/8I59pkwG
-hkNm0+JbaDJ1NtFElX+XvPaOxfCB3ut94CUjac0DdkQNDX+i2ruZNAsIjEuxQbuT
-UAc1ouv+R126SBqVdkRLtRw+d0DmAR7PiL37C8KjQa6s+H46jzhLDQ0a3frZdo2w
-c1Sony8C60w9q8wpGjJjjelTimsEW8aa7e17xMVgZrawAOAPDuGvbRMGl6fla9T2
-ZYTF6QDzoeqB4VgL441yJm0c2/c6L8gz8ehCNGyqxtfFX+8OO4W3+p4a/mKP8MLz
-9l04g71QkuAi3bF7bbrsWmagMXJJJWTHbizDLaytI/6nuQGNBF06GR8BDACxpQ9c
+b59jjxoFAmTDy9kFCQtMGboACgkQSVJMb59jjxogzgv/a+4+T5Xoklt0rGujSgtD
+ogpQp4guaImEhkPieWMPG7+UfqxwoMLcvLE5kTzqLPe1DdYs8Tm/gtteHttLUfjD
+qwY/+BsqIYYMJMRoXFBk2iokn0m/36da7WKpN+5r5ssujsvGj991k4oLQgFV0kEx
+f4PSRxWQNlAqp4OfQNI91S7oMDH94dR+V5TIYYHxsPsnCvygD72GVER4G5mUvkCH
+Nf8aqeckVxu8uZ/2LiNtYxbh5pwriuj8XbifuawdMdjpTvwAAa2DuKqCtj9cuQIt
+hmOF1ux68TRxk//QGPqX49+WT0mwdHBX/I/nZVTOGt9sjjKU5m1o+rUiVHtQ3Yhw
+fSLWEbfZiTjWDPWpjLU+r3C2qCiJyPjNpsxYAp4y3v511BXesejcXm24+MHFym5F
+ngyAItzwDD9ieTt3uviuC64VZVz7NgnDMUK0LumKh9mrZZ20dTcX9Vw70o41CMQN
+yBKloXOSPzQDZp1ZXzR3P/22WXG/e52YuU3Aw1femld+uQGNBF06GR8BDACxpQ9c
y72+/WZGon+CToNj+a24PiduyExfFv26E0D77ACS6UAC5jz71mSuLbHiauQ3MHj+
786z4m4St8+HjDL9YrAe19MobxWsLHAFvBJ8UHfZdkLzBkIKPHz7TUqlhvFR13b6
ZAZVZk975hgCT3LpzA1miHBY2E5WDpVa3pe94xshVHL3iVf9Jv1a4hmM+eu0gxX4
@@ -206,16 +206,16 @@
bP7SoXx3qRhr993BDSP32r44hy+kYLhZP5K5oXivcITJZuGcJh49P4QuYGrnODIL
gEhedWeePcJXFcEz09teizlWKGzd+EA3uwYd/bQelflwXkGuCLaoNv4qcH3oJDp1
vYI0zT7hGvnz3thRLg3SOWFq5cBhnfNGXPLsoNZBzWGn2cm5MJYSKjIM470AEQEA
-AYkBvAQYAQoAJgIbDBYhBMAg6ods5OBserla70lSTG+fY48aBQJhgNRTBQkICSI0
-AAoJEElSTG+fY48a3YML/3snhGBx/Xd0EcK0pzyvyivZwavlGsQPAF2c1Rj7Lr1i
-eUrp6CZ/yW7/oAvlk6Ngc0SoWba/pgnz7bVQEc21JTY86M1bRLLh3fmYCx8YFbsR
-43zVr2bxDledzKV3bIuWStWbljHECuNTT91907pc3r4jv+jN4ZaXVUQ9pXj0DrV+
-MTJVCo7nrEXiq6q1WqaUAV9dMQE3rWGFa2u45QCZGLckOu3cuSCU8CVxSScmxgII
-bUBu17xDzQnDkdcEQzzkZtDOrwF76dPdlrW69PXtC9oElRJbGCERivqlrpKDagXI
-h4eZYfcFb2gc0qZjblvfVHiot65WM9bUsSAUAEfskYqIGLshzV9MrxFYQYvgt3ym
-Qs7D8ORJiphjaOvDeqVyGdPm/rN5SVMVGYpJX6EkZkHinV/kRChtuLAD7NQ3YH5O
-5l+Ehze9Nm4laEXQC/tme9B1XH0PUBJk1x8NeoVrYCTnypVFfRw37mC9XBu5TF6U
-ix7vx45U/EvZrqmkDrEFOQ==
-=4+1P
+AYkBvAQYAQoAJgIbDBYhBMAg6ods5OBserla70lSTG+fY48aBQJkw8uyBQkLTBmT
+AAoJEElSTG+fY48ayhsL+gLvKlfkYgxodyWKR5hOiUMKWE5tqfQY6kqrgssPYw+u
+Fn69AamQLt4I2AHRg0AHjoZEsMfR19uXZ24XwwcWwgWU6yRJgMSIK67bLvL+d686
+m2KQ2PpmfDrizUgY4J0sY+tzwNZeWxQiFy/Ni6AdEqJvJQDsrKYJ2GGWm6JMZCPw
+y3h5ouueieiEc0pvwEz2kg64uv6p8SUV1me66IXQaGseXb/BcW+Ap2WJO+IZjtNB
+qhk+V+1x5ZT6s9RecjiTDmKfZ71zyRWplkfL22+4XVEc3qLS3r0ZSzeIA4JPRf+N
+yCGjavdTNgu2bTo8iSgBq2NRT9kNwTaS8j883L0eY/JJktrfWnWE4qAuXBqLzkIl
+smspRWy0byLQrrzk9stncF/CDt5XuHPcsXOcRVXVyM+/RXqWKdNAwZO67HD4wJR9
+YR4avhGZZXguH3b0ka2zO8sxTju/09yb07NJ2qfjfWSHCmaj9KuhhE0EO625tckS
+58ceqolNBtrydoYZOc2CKw==
+=ol6W
-----END PGP PUBLIC KEY BLOCK-----
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/runc-1.1.11/update.go new/runc-1.1.12/update.go
--- old/runc-1.1.11/update.go 2024-01-02 03:34:16.000000000 +0100
+++ new/runc-1.1.12/update.go 2024-01-23 14:12:48.000000000 +0100
@@ -174,6 +174,7 @@
if err != nil {
return err
}
+ defer f.Close()
}
err = json.NewDecoder(f).Decode(&r)
if err != nil {
++++++ runc.keyring ++++++
--- /var/tmp/diff_new_pack.rLt7tn/_old 2024-02-01 18:04:14.732657312 +0100
+++ /var/tmp/diff_new_pack.rLt7tn/_new 2024-02-01 18:04:14.736657457 +0100
@@ -72,18 +72,18 @@
pub ed25519 2019-06-21 [C]
C9C370B246B09F6DBCFC744C34401015D1D2D386
uid [ultimate] Aleksa Sarai <cyphar(a)cyphar.com>
-sub ed25519 2022-09-30 [S] [expires: 2024-09-29]
-sub cv25519 2022-09-30 [E] [expires: 2024-09-29]
-sub ed25519 2022-09-30 [A] [expires: 2024-09-29]
+sub ed25519 2022-09-30 [S] [expires: 2030-03-25]
+sub cv25519 2022-09-30 [E] [expires: 2030-03-25]
+sub ed25519 2022-09-30 [A] [expires: 2030-03-25]
-----BEGIN PGP PUBLIC KEY BLOCK-----
Comment: github=cyphar
mDMEXQxvLxYJKwYBBAHaRw8BAQdArRQoZs9YzYtQIiPA1qdvUT8Q0wbPZyRV65Tz
QNTIZla0IEFsZWtzYSBTYXJhaSA8Y3lwaGFyQGN5cGhhci5jb20+iJAEExYIADgF
-CwkIBwIGFQoJCAsCBBYCAwECHgECF4AWIQTJw3CyRrCfbbz8dEw0QBAV0dLThgUC
-XQzCHwIbAQAKCRA0QBAV0dLThvUpAP9SwyOijLqEBz1A9pTqRAB0l/r+ABq+iUmH
-UjMHO34LZAD/biRuAadaxIYJtmn7nKA55doyN2fQXhjArqypJ1SQywi4MwRdDMJS
+CwkIBwIGFQoJCAsCBBYCAwECHgECF4ACGwEWIQTJw3CyRrCfbbz8dEw0QBAV0dLT
+hgUCZa3xwQAKCRA0QBAV0dLThpQyAQDGzjZyyWWmd6Ykg5/lymp2MLIg1f2jG6ew
+AiPT4ATkBAD/RgdLDf1IQStEH7pHmQa1qvqyRq1jeEgF23KruXbbdQ64MwRdDMJS
FgkrBgEEAdpHDwEBB0B2IGusH7LuDH3hNT6JYM30S7G92FGogA6a9WQzKRlqvIh4
BCgWCgAgFiEEycNwskawn228/HRMNEAQFdHS04YFAmM2ukUCHQEACgkQNEAQFdHS
04ZTQAEAjAT0fXVJHdRL6UMCxDYsgjG+QyH1mr7gKgbPvB8A5LgBAN4QDqCxIY3b
@@ -106,20 +106,20 @@
FdHS04YFAl0Mwo0CGyAACgkQNEAQFdHS04ajxQEAsZf1yDORUVYicREc/7z0U+51
DJzeAexeJTYM+N+x13EA/0Ex+o7qQ7dZLGDn7x4LSbd39C+++suHsEaE4XwlX6cH
uDMEYza6SxYJKwYBBAHaRw8BAQdAE3s7dZQFuImQX2tWshIdGjeUKZc7rlMcrZ6+
-q25gaH2I9QQYFgoAJhYhBMnDcLJGsJ9tvPx0TDRAEBXR0tOGBQJjNrpLAhsCBQkD
-wmcAAIEJEDRAEBXR0tOGdiAEGRYKAB0WIQS2TklVsp+j1GPyqQYol/rSt+lEbwUC
-Yza6SwAKCRAol/rSt+lEb9obAQC8ij4yJTU7ZcAtTx2ZMjj8EoruGb3ku6VpRyx1
-+pyQQgD/QgQ7X1G7xtwuVpY0kHYga1yoKLA2ycT8F8PrVtF7pAMWkgD9EWe1E77C
-BVd//i3ib+h9ikCeJ+gaxc6aU24ZBcN2tfUBAJmCmYQ0VEbXyvCqkdJEQ4qk5Y9C
-2V4w83dj4a5RYKUGuDgEYza6YBIKKwYBBAGXVQEFAQEHQKECW5Y7nUGCka0/WcCM
-OerRY95Pm2DQVL76QzvhXD8tAwEIB4h+BBgWCgAmFiEEycNwskawn228/HRMNEAQ
-FdHS04YFAmM2umACGwwFCQPCZwAACgkQNEAQFdHS04bkuwEA7AEL+iSPlA8/YILp
-0sFMzmtRqTDMqx2BY8K5wEk9fusA/jAhbeJw57bZYvK4MghfUa9tRocyII84UmOA
-cgDbPPIFuDMEYza6bhYJKwYBBAHaRw8BAQdAgHXd0yf6MPXJZCZ3TFz8xLymyPsD
-TF2SQwwqM4+nYbeIfgQYFgoAJhYhBMnDcLJGsJ9tvPx0TDRAEBXR0tOGBQJjNrpu
-AhsgBQkDwmcAAAoJEDRAEBXR0tOGB8UA/0wf8uECKMmXGQ4DNi+ei2E9Ft6GL8qw
-UGjwM/EKH2RoAP9HNRRKBjDxs/AZ3pBx1Q8hnHELLo0kXPc+3BG6Pht5BA==
-=KN4V
+q25gaH2I9QQYFgoAJgIbAhYhBMnDcLJGsJ9tvPx0TDRAEBXR0tOGBQJlrfJcBQkO
+EpjFAIF2IAQZFgoAHRYhBLZOSVWyn6PUY/KpBiiX+tK36URvBQJjNrpLAAoJECiX
++tK36URv2hsBALyKPjIlNTtlwC1PHZkyOPwSiu4ZveS7pWlHLHX6nJBCAP9CBDtf
+UbvG3C5WljSQdiBrXKgosDbJxPwXw+tW0XukAwkQNEAQFdHS04bMkQEA9elVwA0A
++ywDw+jnifIc98XqLI+KF3Xl0A9+lMuwthMBAO00DeAEjkryFMGp62GPNHqr/r6p
++6DIeUjWgK4Sh8IMuDgEYza6YBIKKwYBBAGXVQEFAQEHQKECW5Y7nUGCka0/WcCM
+OerRY95Pm2DQVL76QzvhXD8tAwEIB4h+BBgWCgAmAhsMFiEEycNwskawn228/HRM
+NEAQFdHS04YFAmWt8lwFCQ4SmLAACgkQNEAQFdHS04apHgD+MIRj2kujpxtQt04D
+ZB+hofBtHIEMo2tplFBYvhZ6KOMA/1q3aRv6jnWAv8woc50KitP4/+iPmfyzaBA/
+8XA5DdIKuDMEYza6bhYJKwYBBAHaRw8BAQdAgHXd0yf6MPXJZCZ3TFz8xLymyPsD
+TF2SQwwqM4+nYbeIfgQYFgoAJgIbIBYhBMnDcLJGsJ9tvPx0TDRAEBXR0tOGBQJl
+rfJcBQkOEpiiAAoJEDRAEBXR0tOGAUwA/jbaz04OXnV3PYC/yQUsUJsihCTqz4Ne
+lxxclgJYU604APsFzpoLD0oUlfMn5Fh75ftkKPrwiHpTj4rRU6oIQu1/Bg==
+=Ab7w
-----END PGP PUBLIC KEY BLOCK-----
pub rsa2048 2020-04-28 [SC] [expires: 2025-04-18]
@@ -159,11 +159,11 @@
=GkpD
-----END PGP PUBLIC KEY BLOCK-----
-pub rsa3072 2019-07-25 [SC] [expires: 2023-11-02]
+pub rsa3072 2019-07-25 [SC] [expires: 2025-07-27]
C020EA876CE4E06C7AB95AEF49524C6F9F638F1A
uid [ultimate] Akihiro Suda <akihiro.suda.cz(a)hco.ntt.co.jp>
uid [ultimate] Akihiro Suda <suda.kyoto(a)gmail.com>
-sub rsa3072 2019-07-25 [E] [expires: 2023-11-02]
+sub rsa3072 2019-07-25 [E] [expires: 2025-07-27]
-----BEGIN PGP PUBLIC KEY BLOCK-----
Comment: github=AkihiroSuda
@@ -178,26 +178,26 @@
9nezuUDg8SsaBg8O4tyv/CZq/FeF3RMMc2EHTiO8HTERqmRMxUFZv3bkgA4GnjnA
3wsZhLXQq+UaIJUAEQEAAbQsQWtpaGlybyBTdWRhIDxha2loaXJvLnN1ZGEuY3pA
aGNvLm50dC5jby5qcD6JAdQEEwEKAD4CGwMFCwkIBwIGFQoJCAsCBBYCAwECHgEC
-F4AWIQTAIOqHbOTgbHq5Wu9JUkxvn2OPGgUCYYDT5gUJCAkhxwAKCRBJUkxvn2OP
-GiHnC/wOqAvEcRmpKjqx4QUNkE34oGwiPgV5vyDlQElvBzyazQEcIdt9xaIE+4IS
-7L7L6Q7WOGxWCvmRZ58E32m4RB1F8L7XQW0l3f6jESYLGPb6XDloux5poJzGxaGK
-9gd6ItNmjOCmt08Icv0ZVTvKv20ej71aepllE5UaM9p5AlEwLkzQxPoGpB7E1Sdy
-citRg6YEqTY+i5IeZ5xMthWXcushyLRRvm43DwbPsuZHVC1yMfo5VrF9JE65BdE9
-dIsCrZDnde/jUm4pAAwyAKSLLRVgj4xVP0XIdO2nVXDBWp9z4gUt/gMjuutO1a2U
-Xw+XhkirUb2C++L0KvVBMbU303Q+xV/iaYjAuFjNy94HZms0iTBTB4qFHT4ClYHi
-mNwTgfwRclpywkHzDi8496hsyzoVCeHSsu+ScDE1qAw6zrxASZXevYhhB2aBLr1s
-d58WsYA37iXTEO4Hxm5V0Wh110hlCGFwcN8vWNhMCdIj7JN8nWZQNLZyppN7bCDu
-FX8cE260I0FraWhpcm8gU3VkYSA8c3VkYS5reW90b0BnbWFpbC5jb20+iQHUBBMB
+F4AWIQTAIOqHbOTgbHq5Wu9JUkxvn2OPGgUCZMPL2QUJC0wZugAKCRBJUkxvn2OP
+GqTiC/93jTl0ci2zWC8vVBPSyjHDrpOhn+3ukCeC7VxHOdo6hBwbsxqaBUWi0Maf
+p9oa4HzmsQjhMM+i3/Q/jHBvijXQ2UO5MaDrLhacoAW8i/YeU2aKn2yIyrQPIdc/
+tlcwjvsRPt534DOisf1N5+w6Y4DRgt2tNl0KOjEBmXsBWN7Fg+QRfLeNWKS9soq7
+QkI68T0e0h752FmI8TK4yy6FrhLVUU2ArLcOV2wjx5zKnWjgX7BbwYjAp8fi9hcC
+XdmSvllQ8U9Y2ll8dDq3HBmo+uI4lfz31S4B5EKo4Wn+3bA4Y+VBNoJfoKyLeOgr
+0cmo6SRJIsVaSvAJcMZ6oq+jvTDuygfRkxxgoTzCgwre7CPzcvC8gC0sYOB34TN4
+UogwN3pFmCPfi5TjXsx7vgfWKlHgwe3L/5aoQjTm+z6WanTHbIqOK9QkIuGykMpL
+7nOJeH9LoRzpzc8aOwIOki2bbo7s9yzL8Gil+zaqe16Q+Y7wVBxSRxbg/3oUTi1K
+/uM8N4S0I0FraWhpcm8gU3VkYSA8c3VkYS5reW90b0BnbWFpbC5jb20+iQHUBBMB
CgA+AhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAFiEEwCDqh2zk4Gx6uVrvSVJM
-b59jjxoFAmGA0+YFCQgJIccACgkQSVJMb59jjxoMJwwAgZxXa8DPoUWeazt5TIVX
-omVcsor2J75CqPKlOjvSVXSnCzkBM1kYN2RwVjNivuIEUWPDOohvUvJxllkm7dxd
-g+XfLL3/luB4B+R06n78339K0pu4+n5eDIF0UiNbfuGocqFtVBXuC0uj7ZWPJnZe
-tdbspisggJ8Q2Im7mQPQRQZ1Q1qBlogxpeeDzyGkrLRusryfd8LwPz7/8I59pkwG
-hkNm0+JbaDJ1NtFElX+XvPaOxfCB3ut94CUjac0DdkQNDX+i2ruZNAsIjEuxQbuT
-UAc1ouv+R126SBqVdkRLtRw+d0DmAR7PiL37C8KjQa6s+H46jzhLDQ0a3frZdo2w
-c1Sony8C60w9q8wpGjJjjelTimsEW8aa7e17xMVgZrawAOAPDuGvbRMGl6fla9T2
-ZYTF6QDzoeqB4VgL441yJm0c2/c6L8gz8ehCNGyqxtfFX+8OO4W3+p4a/mKP8MLz
-9l04g71QkuAi3bF7bbrsWmagMXJJJWTHbizDLaytI/6nuQGNBF06GR8BDACxpQ9c
+b59jjxoFAmTDy9kFCQtMGboACgkQSVJMb59jjxogzgv/a+4+T5Xoklt0rGujSgtD
+ogpQp4guaImEhkPieWMPG7+UfqxwoMLcvLE5kTzqLPe1DdYs8Tm/gtteHttLUfjD
+qwY/+BsqIYYMJMRoXFBk2iokn0m/36da7WKpN+5r5ssujsvGj991k4oLQgFV0kEx
+f4PSRxWQNlAqp4OfQNI91S7oMDH94dR+V5TIYYHxsPsnCvygD72GVER4G5mUvkCH
+Nf8aqeckVxu8uZ/2LiNtYxbh5pwriuj8XbifuawdMdjpTvwAAa2DuKqCtj9cuQIt
+hmOF1ux68TRxk//QGPqX49+WT0mwdHBX/I/nZVTOGt9sjjKU5m1o+rUiVHtQ3Yhw
+fSLWEbfZiTjWDPWpjLU+r3C2qCiJyPjNpsxYAp4y3v511BXesejcXm24+MHFym5F
+ngyAItzwDD9ieTt3uviuC64VZVz7NgnDMUK0LumKh9mrZZ20dTcX9Vw70o41CMQN
+yBKloXOSPzQDZp1ZXzR3P/22WXG/e52YuU3Aw1femld+uQGNBF06GR8BDACxpQ9c
y72+/WZGon+CToNj+a24PiduyExfFv26E0D77ACS6UAC5jz71mSuLbHiauQ3MHj+
786z4m4St8+HjDL9YrAe19MobxWsLHAFvBJ8UHfZdkLzBkIKPHz7TUqlhvFR13b6
ZAZVZk975hgCT3LpzA1miHBY2E5WDpVa3pe94xshVHL3iVf9Jv1a4hmM+eu0gxX4
@@ -206,17 +206,17 @@
bP7SoXx3qRhr993BDSP32r44hy+kYLhZP5K5oXivcITJZuGcJh49P4QuYGrnODIL
gEhedWeePcJXFcEz09teizlWKGzd+EA3uwYd/bQelflwXkGuCLaoNv4qcH3oJDp1
vYI0zT7hGvnz3thRLg3SOWFq5cBhnfNGXPLsoNZBzWGn2cm5MJYSKjIM470AEQEA
-AYkBvAQYAQoAJgIbDBYhBMAg6ods5OBserla70lSTG+fY48aBQJhgNRTBQkICSI0
-AAoJEElSTG+fY48a3YML/3snhGBx/Xd0EcK0pzyvyivZwavlGsQPAF2c1Rj7Lr1i
-eUrp6CZ/yW7/oAvlk6Ngc0SoWba/pgnz7bVQEc21JTY86M1bRLLh3fmYCx8YFbsR
-43zVr2bxDledzKV3bIuWStWbljHECuNTT91907pc3r4jv+jN4ZaXVUQ9pXj0DrV+
-MTJVCo7nrEXiq6q1WqaUAV9dMQE3rWGFa2u45QCZGLckOu3cuSCU8CVxSScmxgII
-bUBu17xDzQnDkdcEQzzkZtDOrwF76dPdlrW69PXtC9oElRJbGCERivqlrpKDagXI
-h4eZYfcFb2gc0qZjblvfVHiot65WM9bUsSAUAEfskYqIGLshzV9MrxFYQYvgt3ym
-Qs7D8ORJiphjaOvDeqVyGdPm/rN5SVMVGYpJX6EkZkHinV/kRChtuLAD7NQ3YH5O
-5l+Ehze9Nm4laEXQC/tme9B1XH0PUBJk1x8NeoVrYCTnypVFfRw37mC9XBu5TF6U
-ix7vx45U/EvZrqmkDrEFOQ==
-=4+1P
+AYkBvAQYAQoAJgIbDBYhBMAg6ods5OBserla70lSTG+fY48aBQJkw8uyBQkLTBmT
+AAoJEElSTG+fY48ayhsL+gLvKlfkYgxodyWKR5hOiUMKWE5tqfQY6kqrgssPYw+u
+Fn69AamQLt4I2AHRg0AHjoZEsMfR19uXZ24XwwcWwgWU6yRJgMSIK67bLvL+d686
+m2KQ2PpmfDrizUgY4J0sY+tzwNZeWxQiFy/Ni6AdEqJvJQDsrKYJ2GGWm6JMZCPw
+y3h5ouueieiEc0pvwEz2kg64uv6p8SUV1me66IXQaGseXb/BcW+Ap2WJO+IZjtNB
+qhk+V+1x5ZT6s9RecjiTDmKfZ71zyRWplkfL22+4XVEc3qLS3r0ZSzeIA4JPRf+N
+yCGjavdTNgu2bTo8iSgBq2NRT9kNwTaS8j883L0eY/JJktrfWnWE4qAuXBqLzkIl
+smspRWy0byLQrrzk9stncF/CDt5XuHPcsXOcRVXVyM+/RXqWKdNAwZO67HD4wJR9
+YR4avhGZZXguH3b0ka2zO8sxTju/09yb07NJ2qfjfWSHCmaj9KuhhE0EO625tckS
+58ceqolNBtrydoYZOc2CKw==
+=ol6W
-----END PGP PUBLIC KEY BLOCK-----
1
0
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package plasma5-addons for openSUSE:Factory checked in at 2024-02-01 18:04:05
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/plasma5-addons (Old)
and /work/SRC/openSUSE:Factory/.plasma5-addons.new.1815 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "plasma5-addons"
Thu Feb 1 18:04:05 2024 rev:156 rq:1143126 version:5.27.10
Changes:
--------
--- /work/SRC/openSUSE:Factory/plasma5-addons/plasma5-addons.changes 2023-12-07 19:11:00.164580838 +0100
+++ /work/SRC/openSUSE:Factory/.plasma5-addons.new.1815/plasma5-addons.changes 2024-02-01 18:04:10.352498514 +0100
@@ -1,0 +2,6 @@
+Wed Jan 31 14:35:45 UTC 2024 - Christophe Marin <christophe(a)krop.fr>
+
+- Switch to the latest GCC version available in Leap for packages
+ that can't build with the default compiler
+
+-------------------------------------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ plasma5-addons.spec ++++++
--- /var/tmp/diff_new_pack.6fFPEi/_old 2024-02-01 18:04:11.172528243 +0100
+++ /var/tmp/diff_new_pack.6fFPEi/_new 2024-02-01 18:04:11.172528243 +0100
@@ -67,8 +67,8 @@
BuildRequires: cmake(Qt5Widgets)
BuildRequires: cmake(Qt5X11Extras)
%if 0%{?suse_version} < 1550
-BuildRequires: gcc10-PIE
-BuildRequires: gcc10-c++
+BuildRequires: gcc13-PIE
+BuildRequires: gcc13-c++
%endif
BuildRequires: pkgconfig(x11)
BuildRequires: pkgconfig(xcb)
@@ -100,7 +100,7 @@
%build
%if 0%{?suse_version} < 1550
- export CXX=g++-10
+ export CXX=g++-13
%endif
%cmake_kf5 -d build -- -DCMAKE_INSTALL_LOCALEDIR=%{_kf5_localedir}
%cmake_build
1
0
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package kwin5 for openSUSE:Factory checked in at 2024-02-01 18:04:02
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/kwin5 (Old)
and /work/SRC/openSUSE:Factory/.kwin5.new.1815 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kwin5"
Thu Feb 1 18:04:02 2024 rev:193 rq:1143123 version:5.27.10
Changes:
--------
--- /work/SRC/openSUSE:Factory/kwin5/kwin5.changes 2023-12-07 19:10:41.751901577 +0100
+++ /work/SRC/openSUSE:Factory/.kwin5.new.1815/kwin5.changes 2024-02-01 18:04:07.660400915 +0100
@@ -1,0 +2,6 @@
+Wed Jan 31 14:35:29 UTC 2024 - Christophe Marin <christophe(a)krop.fr>
+
+- Switch to the latest GCC version available in Leap for packages
+ that can't build with the default compiler
+
+-------------------------------------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ kwin5.spec ++++++
--- /var/tmp/diff_new_pack.eS64hV/_old 2024-02-01 18:04:08.316424698 +0100
+++ /var/tmp/diff_new_pack.eS64hV/_new 2024-02-01 18:04:08.320424843 +0100
@@ -44,8 +44,8 @@
BuildRequires: extra-cmake-modules >= 0.0.11
BuildRequires: fdupes
%if 0%{?suse_version} < 1550
-BuildRequires: gcc10-PIE
-BuildRequires: gcc10-c++
+BuildRequires: gcc13-PIE
+BuildRequires: gcc13-c++
%endif
BuildRequires: kf5-filesystem
BuildRequires: libQt5Core-private-headers-devel >= %{qt5_version}
@@ -184,7 +184,7 @@
%build
%if 0%{?suse_version} < 1550
- export CXX=g++-10
+ export CXX=g++-13
%endif
%cmake_kf5 -d build -- -DCMAKE_INSTALL_LOCALEDIR=%{_kf5_localedir}
%cmake_build
1
0
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package kio for openSUSE:Factory checked in at 2024-02-01 18:03:59
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/kio (Old)
and /work/SRC/openSUSE:Factory/.kio.new.1815 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kio"
Thu Feb 1 18:03:59 2024 rev:151 rq:1143120 version:5.114.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/kio/kio.changes 2024-01-15 22:15:30.190656662 +0100
+++ /work/SRC/openSUSE:Factory/.kio.new.1815/kio.changes 2024-02-01 18:04:04.708293888 +0100
@@ -1,0 +2,6 @@
+Wed Jan 31 14:35:12 UTC 2024 - Christophe Marin <christophe(a)krop.fr>
+
+- Switch to the latest GCC version available in Leap for packages
+ that can't build with the default compiler
+
+-------------------------------------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ kio.spec ++++++
--- /var/tmp/diff_new_pack.E3bqK4/_old 2024-02-01 18:04:05.328316367 +0100
+++ /var/tmp/diff_new_pack.E3bqK4/_new 2024-02-01 18:04:05.328316367 +0100
@@ -39,8 +39,8 @@
BuildRequires: fdupes
# gcc7 is too old for std::transform_reduce
%if 0%{?suse_version} == 1500
-BuildRequires: gcc10-c++
-BuildRequires: gcc10-PIE
+BuildRequires: gcc13-c++
+BuildRequires: gcc13-PIE
%endif
BuildRequires: krb5-devel
BuildRequires: libacl-devel
@@ -139,7 +139,7 @@
%endif
%if 0%{?suse_version} == 1500
-export CXX=g++-10
+export CXX=g++-13
%endif
%cmake_kf5 -d build
1
0
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package iproute2 for openSUSE:Factory checked in at 2024-02-01 18:03:57
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/iproute2 (Old)
and /work/SRC/openSUSE:Factory/.iproute2.new.1815 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "iproute2"
Thu Feb 1 18:03:57 2024 rev:138 rq:1143108 version:6.7
Changes:
--------
--- /work/SRC/openSUSE:Factory/iproute2/iproute2.changes 2023-12-01 21:25:06.141292050 +0100
+++ /work/SRC/openSUSE:Factory/.iproute2.new.1815/iproute2.changes 2024-02-01 18:04:02.804224859 +0100
@@ -1,0 +2,12 @@
+Wed Jan 31 18:09:41 UTC 2024 - Jan Engelhardt <jengelh(a)inai.de>
+
+- Update to release 6.7
+ * devlink: Support setting port function ipsec_crypto cap and
+ ipsec_packet cap
+ * iplink: bridge: Add support for bridge FDB learning limits
+ * bridge: fdb: support match on source VNI, nexthop ID,
+ destination VNI, destination port, destination IP address and
+ [no]router flag in the flush command
+ * bridge: mdb: Add get support
+
+-------------------------------------------------------------------
Old:
----
iproute2-6.6.0.tar.sign
iproute2-6.6.0.tar.xz
New:
----
iproute2-6.7.0.tar.sign
iproute2-6.7.0.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ iproute2.spec ++++++
--- /var/tmp/diff_new_pack.Omrp7V/_old 2024-02-01 18:04:03.460248642 +0100
+++ /var/tmp/diff_new_pack.Omrp7V/_new 2024-02-01 18:04:03.460248642 +0100
@@ -1,7 +1,7 @@
#
# spec file for package iproute2
#
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -18,7 +18,7 @@
%define _buildshell /bin/bash
Name: iproute2
-Version: 6.6
+Version: 6.7
Release: 0
Summary: Linux network configuration utilities
License: GPL-2.0-only
@@ -166,7 +166,7 @@
%_mandir/man7/*
%_mandir/man8/*
%exclude %_mandir/man8/arpd.8*
-/usr/lib/iproute2
+%_datadir/iproute2/
%_libdir/tc/
%_datadir/tc/
%_docdir/%name/
++++++ adjust-installation-directories-for-openSUSE-SLE.patch ++++++
--- /var/tmp/diff_new_pack.Omrp7V/_old 2024-02-01 18:04:03.484249512 +0100
+++ /var/tmp/diff_new_pack.Omrp7V/_new 2024-02-01 18:04:03.484249512 +0100
@@ -10,19 +10,17 @@
tc/q_netem.c | 2 +-
3 files changed, 7 insertions(+), 6 deletions(-)
-Index: iproute2-6.6.0/Makefile
+Index: iproute2-6.7.0/Makefile
===================================================================
---- iproute2-6.6.0.orig/Makefile
-+++ iproute2-6.6.0/Makefile
-@@ -15,10 +15,10 @@ MAKEFLAGS += --no-print-directory
+--- iproute2-6.7.0.orig/Makefile
++++ iproute2-6.7.0/Makefile
+@@ -15,8 +15,8 @@ MAKEFLAGS += --no-print-directory
endif
PREFIX?=/usr
-SBINDIR?=/sbin
-+SBINDIR?=/usr/sbin
- CONF_ETC_DIR?=/etc/iproute2
- CONF_USR_DIR?=$(LIBDIR)/iproute2
-NETNS_RUN_DIR?=/var/run/netns
++SBINDIR?=/usr/sbin
+NETNS_RUN_DIR?=/run/netns
NETNS_ETC_DIR?=/etc/netns
DATADIR?=$(PREFIX)/share
@@ -36,10 +34,10 @@
ifneq ($(SHARED_LIBS),y)
DEFINES+= -DNO_SHARED_LIBS
endif
-Index: iproute2-6.6.0/netem/Makefile
+Index: iproute2-6.7.0/netem/Makefile
===================================================================
---- iproute2-6.6.0.orig/netem/Makefile
-+++ iproute2-6.6.0/netem/Makefile
+--- iproute2-6.7.0.orig/netem/Makefile
++++ iproute2-6.7.0/netem/Makefile
@@ -7,6 +7,7 @@ DISTDATA = normal.dist pareto.dist paret
HOSTCC ?= $(CC)
CCOPTS = $(CBUILD_CFLAGS)
@@ -60,10 +58,10 @@
done
clean:
-Index: iproute2-6.6.0/tc/q_netem.c
+Index: iproute2-6.7.0/tc/q_netem.c
===================================================================
---- iproute2-6.6.0.orig/tc/q_netem.c
-+++ iproute2-6.6.0/tc/q_netem.c
+--- iproute2-6.7.0.orig/tc/q_netem.c
++++ iproute2-6.7.0/tc/q_netem.c
@@ -131,7 +131,7 @@ static int get_distribution(const char *
char *line = NULL;
char name[128];
++++++ iproute2-6.6.0.tar.xz -> iproute2-6.7.0.tar.xz ++++++
++++ 5257 lines of diff (skipped)
1
0
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package ipset for openSUSE:Factory checked in at 2024-02-01 18:03:55
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/ipset (Old)
and /work/SRC/openSUSE:Factory/.ipset.new.1815 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ipset"
Thu Feb 1 18:03:55 2024 rev:48 rq:1143103 version:7.20
Changes:
--------
--- /work/SRC/openSUSE:Factory/ipset/ipset.changes 2023-09-29 21:13:03.732641053 +0200
+++ /work/SRC/openSUSE:Factory/.ipset.new.1815/ipset.changes 2024-02-01 18:03:58.216058519 +0100
@@ -1,0 +2,6 @@
+Wed Jan 31 18:08:54 UTC 2024 - Jan Engelhardt <jengelh(a)inai.de>
+
+- Update to release 7.20
+ * Bash completion utility updated
+
+-------------------------------------------------------------------
Old:
----
ipset-7.19.tar.bz2
New:
----
ipset-7.20.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ ipset.spec ++++++
--- /var/tmp/diff_new_pack.KJHvN0/_old 2024-02-01 18:03:59.908119863 +0100
+++ /var/tmp/diff_new_pack.KJHvN0/_new 2024-02-01 18:03:59.924120443 +0100
@@ -1,7 +1,7 @@
#
# spec file for package ipset
#
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -25,7 +25,7 @@
%define ipset_build_kmp 0
%endif
Name: ipset
-Version: 7.19
+Version: 7.20
Release: 0
Summary: Netfilter ipset administration utility
License: GPL-2.0-only
@@ -57,6 +57,7 @@
when matching an entry against a set.
ipset can:
+
* store multiple IP addresses or port numbers and match against the
collection by iptables in one swoop;
* dynamically update iptables rules against IP addresses or ports
++++++ ipset-7.19.tar.bz2 -> ipset-7.20.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-7.19/.gitignore new/ipset-7.20/.gitignore
--- old/ipset-7.19/.gitignore 2023-09-21 08:14:18.000000000 +0200
+++ new/ipset-7.20/.gitignore 2024-01-31 11:32:03.000000000 +0100
@@ -16,6 +16,8 @@
*.mod.o.cmd
*.mod.cmd
*.mod
+*.order.cmd
+*.symvers.cmd
.tmp_versions
Module.symvers
modules.order
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-7.19/ChangeLog new/ipset-7.20/ChangeLog
--- old/ipset-7.19/ChangeLog 2023-09-21 08:14:18.000000000 +0200
+++ new/ipset-7.20/ChangeLog 2024-01-31 11:32:03.000000000 +0100
@@ -1,3 +1,10 @@
+7.20
+ - Ignore *.order.cmd and *.symvers.cmd files in kernel builds
+ - Bash completion utility updated
+ - Fix json output for -name option (Mark)
+ - Fix hex literals in json output
+ - tests: increase timeout to cope with slow virtual test machine
+
7.19
- build: Fix the double-prefix in pkgconfig (Sam James)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-7.19/Makefile.in new/ipset-7.20/Makefile.in
--- old/ipset-7.19/Makefile.in 2023-09-21 08:15:45.000000000 +0200
+++ new/ipset-7.20/Makefile.in 2024-01-31 11:33:41.000000000 +0100
@@ -373,6 +373,7 @@
HAVE_TCF_EMATCH_STRUCT_NET = @HAVE_TCF_EMATCH_STRUCT_NET@
HAVE_TC_SKB_PROTOCOL = @HAVE_TC_SKB_PROTOCOL@
HAVE_TIMER_SETUP = @HAVE_TIMER_SETUP@
+HAVE_TIMER_SHUTDOWN_SYNC = @HAVE_TIMER_SHUTDOWN_SYNC@
HAVE_TYPEDEF_SCTP_SCTPHDR_T = @HAVE_TYPEDEF_SCTP_SCTPHDR_T@
HAVE_USER_NS_IN_STRUCT_NET = @HAVE_USER_NS_IN_STRUCT_NET@
HAVE_VLAN_PROTO_IN_SK_BUFF = @HAVE_VLAN_PROTO_IN_SK_BUFF@
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-7.19/configure new/ipset-7.20/configure
--- old/ipset-7.19/configure 2023-09-21 08:15:44.000000000 +0200
+++ new/ipset-7.20/configure 2024-01-31 11:33:40.000000000 +0100
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for ipset 7.19.
+# Generated by GNU Autoconf 2.69 for ipset 7.20.
#
# Report bugs to <kadlec(a)netfilter.org>.
#
@@ -594,8 +594,8 @@
# Identity of this package.
PACKAGE_NAME='ipset'
PACKAGE_TARNAME='ipset'
-PACKAGE_VERSION='7.19'
-PACKAGE_STRING='ipset 7.19'
+PACKAGE_VERSION='7.20'
+PACKAGE_STRING='ipset 7.20'
PACKAGE_BUGREPORT='kadlec(a)netfilter.org'
PACKAGE_URL=''
@@ -656,6 +656,7 @@
HAVE_STRSCPY
HAVE_NLA_STRSCPY
HAVE_LOCKDEP_NFNL_IS_HELD
+HAVE_TIMER_SHUTDOWN_SYNC
HAVE_TIMER_SETUP
HAVE_TYPEDEF_SCTP_SCTPHDR_T
HAVE_PASSING_EXTENDED_ACK_TO_CALLBACKS
@@ -1455,7 +1456,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures ipset 7.19 to adapt to many kinds of systems.
+\`configure' configures ipset 7.20 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1526,7 +1527,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of ipset 7.19:";;
+ short | recursive ) echo "Configuration of ipset 7.20:";;
esac
cat <<\_ACEOF
@@ -1666,7 +1667,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-ipset configure 7.19
+ipset configure 7.20
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2044,7 +2045,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by ipset $as_me 7.19, which was
+It was created by ipset $as_me 7.20, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -2976,7 +2977,7 @@
# Define the identity of the package.
PACKAGE='ipset'
- VERSION='7.19'
+ VERSION='7.20'
cat >>confdefs.h <<_ACEOF
@@ -15493,6 +15494,21 @@
fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking kernel source for timer_shutdown_sync() in timer.h" >&5
+$as_echo_n "checking kernel source for timer_shutdown_sync() in timer.h... " >&6; }
+if test -f $ksourcedir/include/linux/timer.h && \
+ $GREP -q ' timer_shutdown_sync' $ksourcedir/include/linux/timer.h; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ HAVE_TIMER_SHUTDOWN_SYNC=define
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ HAVE_TIMER_SHUTDOWN_SYNC=undef
+
+fi
+
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking kernel source for lockdep_nfnl_is_held() in nfnetlink.h" >&5
$as_echo_n "checking kernel source for lockdep_nfnl_is_held() in nfnetlink.h... " >&6; }
if test -f $ksourcedir/include/linux/netfilter/nfnetlink.h && \
@@ -18315,7 +18331,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by ipset $as_me 7.19, which was
+This file was extended by ipset $as_me 7.20, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -18381,7 +18397,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-ipset config.status 7.19
+ipset config.status 7.20
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-7.19/configure.ac new/ipset-7.20/configure.ac
--- old/ipset-7.19/configure.ac 2023-09-21 08:14:18.000000000 +0200
+++ new/ipset-7.20/configure.ac 2024-01-31 11:32:03.000000000 +0100
@@ -1,5 +1,5 @@
dnl Boilerplate
-AC_INIT([ipset], [7.19], [kadlec(a)netfilter.org])
+AC_INIT([ipset], [7.20], [kadlec(a)netfilter.org])
AC_CONFIG_AUX_DIR([build-aux])
AC_CANONICAL_HOST
AC_CONFIG_MACRO_DIR([m4])
@@ -725,6 +725,16 @@
AC_SUBST(HAVE_TIMER_SETUP, undef)
fi
+AC_MSG_CHECKING([kernel source for timer_shutdown_sync() in timer.h])
+if test -f $ksourcedir/include/linux/timer.h && \
+ $GREP -q ' timer_shutdown_sync' $ksourcedir/include/linux/timer.h; then
+ AC_MSG_RESULT(yes)
+ AC_SUBST(HAVE_TIMER_SHUTDOWN_SYNC, define)
+else
+ AC_MSG_RESULT(no)
+ AC_SUBST(HAVE_TIMER_SHUTDOWN_SYNC, undef)
+fi
+
AC_MSG_CHECKING([kernel source for lockdep_nfnl_is_held() in nfnetlink.h])
if test -f $ksourcedir/include/linux/netfilter/nfnetlink.h && \
$GREP -q ' lockdep_nfnl_is_held' $ksourcedir/include/linux/netfilter/nfnetlink.h; then
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-7.19/include/libipset/Makefile.in new/ipset-7.20/include/libipset/Makefile.in
--- old/ipset-7.19/include/libipset/Makefile.in 2023-09-21 08:15:45.000000000 +0200
+++ new/ipset-7.20/include/libipset/Makefile.in 2024-01-31 11:33:41.000000000 +0100
@@ -254,6 +254,7 @@
HAVE_TCF_EMATCH_STRUCT_NET = @HAVE_TCF_EMATCH_STRUCT_NET@
HAVE_TC_SKB_PROTOCOL = @HAVE_TC_SKB_PROTOCOL@
HAVE_TIMER_SETUP = @HAVE_TIMER_SETUP@
+HAVE_TIMER_SHUTDOWN_SYNC = @HAVE_TIMER_SHUTDOWN_SYNC@
HAVE_TYPEDEF_SCTP_SCTPHDR_T = @HAVE_TYPEDEF_SCTP_SCTPHDR_T@
HAVE_USER_NS_IN_STRUCT_NET = @HAVE_USER_NS_IN_STRUCT_NET@
HAVE_VLAN_PROTO_IN_SK_BUFF = @HAVE_VLAN_PROTO_IN_SK_BUFF@
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-7.19/include/libipset/session.h new/ipset-7.20/include/libipset/session.h
--- old/ipset-7.19/include/libipset/session.h 2023-09-21 08:14:18.000000000 +0200
+++ new/ipset-7.20/include/libipset/session.h 2024-01-31 11:32:03.000000000 +0100
@@ -84,6 +84,8 @@
IPSET_ENV_LIST_SETNAME = (1 << IPSET_ENV_BIT_LIST_SETNAME),
IPSET_ENV_BIT_LIST_HEADER = 5,
IPSET_ENV_LIST_HEADER = (1 << IPSET_ENV_BIT_LIST_HEADER),
+ IPSET_ENV_BIT_QUOTED = 6,
+ IPSET_ENV_QUOTED = (1 << IPSET_ENV_BIT_QUOTED),
};
extern bool ipset_envopt_test(struct ipset_session *session,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-7.19/kernel/ChangeLog new/ipset-7.20/kernel/ChangeLog
--- old/ipset-7.19/kernel/ChangeLog 2023-09-21 08:14:18.000000000 +0200
+++ new/ipset-7.20/kernel/ChangeLog 2024-01-31 11:32:03.000000000 +0100
@@ -1,3 +1,15 @@
+7.20
+ - treewide: Convert del_timer*() to timer_shutdown*() (Steven Rostedt)
+ - Use timer_shutdown_sync() when available, instead of del_timer_sync()
+ - netfilter: ipset: fix race condition between swap/destroy and kernel
+ side add/del/test v4
+ - netfilter: ipset: fix race condition between swap/destroy and kernel
+ side add/del/test v3
+ - netfilter: ipset: fix race condition between swap/destroy and kernel
+ side add/del/test v2
+ - netfilter: ipset: fix race condition between swap/destroy and kernel
+ side add/del/test
+
7.18
- netfilter: ipset: Fix race between IPSET_CMD_CREATE and IPSET_CMD_SWAP
(reported by Kyle Zeng)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-7.19/kernel/include/linux/netfilter/ipset/ip_set.h new/ipset-7.20/kernel/include/linux/netfilter/ipset/ip_set.h
--- old/ipset-7.19/kernel/include/linux/netfilter/ipset/ip_set.h 2023-09-21 08:14:18.000000000 +0200
+++ new/ipset-7.20/kernel/include/linux/netfilter/ipset/ip_set.h 2024-01-31 11:32:03.000000000 +0100
@@ -189,6 +189,8 @@
/* Return true if "b" set is the same as "a"
* according to the create set parameters */
bool (*same_set)(const struct ip_set *a, const struct ip_set *b);
+ /* Cancel ongoing garbage collectors before destroying the set*/
+ void (*cancel_gc)(struct ip_set *set);
/* Region-locking is used */
bool region_lock;
};
@@ -245,6 +247,8 @@
/* A generic IP set */
struct ip_set {
+ /* For call_cru in destroy */
+ struct rcu_head rcu;
/* The name of the set */
char name[IPSET_MAXNAMELEN];
/* Lock protecting the set data */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-7.19/kernel/include/linux/netfilter/ipset/ip_set_compat.h.in new/ipset-7.20/kernel/include/linux/netfilter/ipset/ip_set_compat.h.in
--- old/ipset-7.19/kernel/include/linux/netfilter/ipset/ip_set_compat.h.in 2023-09-21 08:14:18.000000000 +0200
+++ new/ipset-7.20/kernel/include/linux/netfilter/ipset/ip_set_compat.h.in 2024-01-31 11:32:03.000000000 +0100
@@ -51,6 +51,7 @@
#@HAVE_PASSING_EXTENDED_ACK_TO_CALLBACKS@ HAVE_PASSING_EXTENDED_ACK_TO_CALLBACKS
#@HAVE_TYPEDEF_SCTP_SCTPHDR_T@ HAVE_TYPEDEF_SCTP_SCTPHDR_T
#@HAVE_TIMER_SETUP@ HAVE_TIMER_SETUP
+#@HAVE_TIMER_SHUTDOWN_SYNC@ HAVE_TIMER_SHUTDOWN_SYNC
#@HAVE_STRSCPY@ HAVE_STRSCPY
#@HAVE_STRSCPY_PAD@ HAVE_STRSCPY_PAD
#@HAVE_SYNCHRONIZE_RCU_BH@ HAVE_SYNCHRONIZE_RCU_BH
@@ -506,6 +507,10 @@
struct type *var = set->data
#endif
+#ifndef HAVE_TIMER_SHUTDOWN_SYNC
+#define timer_shutdown_sync(timer) del_timer_sync(timer)
+#endif
+
#ifndef HAVE_STRSCPY
static inline ssize_t strscpy(char * dest, const char * src, size_t count)
{
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-7.19/kernel/net/netfilter/ipset/ip_set_bitmap_gen.h new/ipset-7.20/kernel/net/netfilter/ipset/ip_set_bitmap_gen.h
--- old/ipset-7.19/kernel/net/netfilter/ipset/ip_set_bitmap_gen.h 2023-09-21 08:14:18.000000000 +0200
+++ new/ipset-7.20/kernel/net/netfilter/ipset/ip_set_bitmap_gen.h 2024-01-31 11:32:03.000000000 +0100
@@ -29,6 +29,7 @@
#define mtype_del IPSET_TOKEN(MTYPE, _del)
#define mtype_list IPSET_TOKEN(MTYPE, _list)
#define mtype_gc IPSET_TOKEN(MTYPE, _gc)
+#define mtype_cancel_gc IPSET_TOKEN(MTYPE, _cancel_gc)
#define mtype MTYPE
#define get_ext(set, map, id) ((map)->extensions + ((set)->dsize * (id)))
@@ -58,9 +59,6 @@
{
struct mtype *map = set->data;
- if (SET_WITH_TIMEOUT(set))
- del_timer_sync(&map->gc);
-
if (set->dsize && set->extensions & IPSET_EXT_DESTROY)
mtype_ext_cleanup(set);
ip_set_free(map->members);
@@ -290,6 +288,15 @@
add_timer(&map->gc);
}
+static void
+mtype_cancel_gc(struct ip_set *set)
+{
+ struct mtype *map = set->data;
+
+ if (SET_WITH_TIMEOUT(set))
+ del_timer_sync(&map->gc);
+}
+
static const struct ip_set_type_variant mtype = {
.kadt = mtype_kadt,
.uadt = mtype_uadt,
@@ -303,6 +310,7 @@
.head = mtype_head,
.list = mtype_list,
.same_set = mtype_same_set,
+ .cancel_gc = mtype_cancel_gc,
};
#endif /* __IP_SET_BITMAP_IP_GEN_H */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-7.19/kernel/net/netfilter/ipset/ip_set_core.c new/ipset-7.20/kernel/net/netfilter/ipset/ip_set_core.c
--- old/ipset-7.19/kernel/net/netfilter/ipset/ip_set_core.c 2023-09-21 08:14:18.000000000 +0200
+++ new/ipset-7.20/kernel/net/netfilter/ipset/ip_set_core.c 2024-01-31 11:32:03.000000000 +0100
@@ -62,6 +62,8 @@
ip_set_dereference((inst)->ip_set_list)[id]
#define ip_set_ref_netlink(inst,id) \
rcu_dereference_raw((inst)->ip_set_list)[id]
+#define ip_set_dereference_nfnl(p) \
+ rcu_dereference_check(p, lockdep_nfnl_is_held(NFNL_SUBSYS_IPSET))
/* The set types are implemented in modules and registered set types
* can be found in ip_set_type_list. Adding/deleting types is
@@ -709,15 +711,10 @@
static struct ip_set *
ip_set_rcu_get(struct net *net, ip_set_id_t index)
{
- struct ip_set *set;
struct ip_set_net *inst = ip_set_pernet(net);
- rcu_read_lock();
- /* ip_set_list itself needs to be protected */
- set = rcu_dereference(inst->ip_set_list)[index];
- rcu_read_unlock();
-
- return set;
+ /* ip_set_list and the set pointer need to be protected */
+ return ip_set_dereference_nfnl(inst->ip_set_list)[index];
}
static inline void
@@ -1195,6 +1192,14 @@
kfree(set);
}
+static void
+ip_set_destroy_set_rcu(struct rcu_head *head)
+{
+ struct ip_set *set = container_of(head, struct ip_set, rcu);
+
+ ip_set_destroy_set(set);
+}
+
static int
IPSET_CBFN(ip_set_destroy, struct net *net, struct sock *ctnl,
struct sk_buff *skb, const struct nlmsghdr *nlh,
@@ -1210,9 +1215,6 @@
if (unlikely(protocol_min_failed(attr)))
return -IPSET_ERR_PROTOCOL;
- /* Must wait for flush to be really finished in list:set */
- rcu_barrier();
-
/* Commands are serialized and references are
* protected by the ip_set_ref_lock.
* External systems (i.e. xt_set) must call
@@ -1223,8 +1225,10 @@
* counter, so if it's already zero, we can proceed
* without holding the lock.
*/
- read_lock_bh(&ip_set_ref_lock);
if (!attr[IPSET_ATTR_SETNAME]) {
+ /* Must wait for flush to be really finished in list:set */
+ rcu_barrier();
+ read_lock_bh(&ip_set_ref_lock);
for (i = 0; i < inst->ip_set_max; i++) {
s = ip_set(inst, i);
if (s && (s->ref || s->ref_netlink)) {
@@ -1238,6 +1242,8 @@
s = ip_set(inst, i);
if (s) {
ip_set(inst, i) = NULL;
+ /* Must cancel garbage collectors */
+ s->variant->cancel_gc(s);
ip_set_destroy_set(s);
}
}
@@ -1245,6 +1251,9 @@
inst->is_destroyed = false;
} else {
u32 flags = flag_exist(INFO_NLH(info, nlh));
+ u16 features = 0;
+
+ read_lock_bh(&ip_set_ref_lock);
s = find_set_and_id(inst, nla_data(attr[IPSET_ATTR_SETNAME]),
&i);
if (!s) {
@@ -1255,10 +1264,16 @@
ret = -IPSET_ERR_BUSY;
goto out;
}
+ features = s->type->features;
ip_set(inst, i) = NULL;
read_unlock_bh(&ip_set_ref_lock);
-
- ip_set_destroy_set(s);
+ if (features & IPSET_TYPE_NAME) {
+ /* Must wait for flush to be really finished */
+ rcu_barrier();
+ }
+ /* Must cancel garbage collectors */
+ s->variant->cancel_gc(s);
+ call_rcu(&s->rcu, ip_set_destroy_set_rcu);
}
return 0;
out:
@@ -2540,8 +2555,11 @@
{
nf_unregister_sockopt(&so_set);
nfnetlink_subsys_unregister(&ip_set_netlink_subsys);
-
UNREGISTER_PERNET_SUBSYS(&ip_set_net_ops);
+
+ /* Wait for call_rcu() in destroy */
+ rcu_barrier();
+
pr_debug("these are the famous last words\n");
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-7.19/kernel/net/netfilter/ipset/ip_set_hash_gen.h new/ipset-7.20/kernel/net/netfilter/ipset/ip_set_hash_gen.h
--- old/ipset-7.19/kernel/net/netfilter/ipset/ip_set_hash_gen.h 2023-09-21 08:14:18.000000000 +0200
+++ new/ipset-7.20/kernel/net/netfilter/ipset/ip_set_hash_gen.h 2024-01-31 11:32:03.000000000 +0100
@@ -222,6 +222,7 @@
#undef mtype_gc_do
#undef mtype_gc
#undef mtype_gc_init
+#undef mtype_cancel_gc
#undef mtype_variant
#undef mtype_data_match
@@ -266,6 +267,7 @@
#define mtype_gc_do IPSET_TOKEN(MTYPE, _gc_do)
#define mtype_gc IPSET_TOKEN(MTYPE, _gc)
#define mtype_gc_init IPSET_TOKEN(MTYPE, _gc_init)
+#define mtype_cancel_gc IPSET_TOKEN(MTYPE, _cancel_gc)
#define mtype_variant IPSET_TOKEN(MTYPE, _variant)
#define mtype_data_match IPSET_TOKEN(MTYPE, _data_match)
@@ -450,9 +452,6 @@
struct htype *h = set->data;
struct list_head *l, *lt;
- if (SET_WITH_TIMEOUT(set))
- cancel_delayed_work_sync(&h->gc.dwork);
-
mtype_ahash_destroy(set, ipset_dereference_nfnl(h->table), true);
list_for_each_safe(l, lt, &h->ad) {
list_del(l);
@@ -598,6 +597,15 @@
queue_delayed_work(system_power_efficient_wq, &gc->dwork, HZ);
}
+static void
+mtype_cancel_gc(struct ip_set *set)
+{
+ struct htype *h = set->data;
+
+ if (SET_WITH_TIMEOUT(set))
+ cancel_delayed_work_sync(&h->gc.dwork);
+}
+
static int
mtype_add(struct ip_set *set, void *value, const struct ip_set_ext *ext,
struct ip_set_ext *mext, u32 flags);
@@ -1441,6 +1449,7 @@
.uref = mtype_uref,
.resize = mtype_resize,
.same_set = mtype_same_set,
+ .cancel_gc = mtype_cancel_gc,
.region_lock = true,
};
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-7.19/kernel/net/netfilter/ipset/ip_set_list_set.c new/ipset-7.20/kernel/net/netfilter/ipset/ip_set_list_set.c
--- old/ipset-7.19/kernel/net/netfilter/ipset/ip_set_list_set.c 2023-09-21 08:14:18.000000000 +0200
+++ new/ipset-7.20/kernel/net/netfilter/ipset/ip_set_list_set.c 2024-01-31 11:32:03.000000000 +0100
@@ -429,9 +429,6 @@
struct list_set *map = set->data;
struct set_elem *e, *n;
- if (SET_WITH_TIMEOUT(set))
- del_timer_sync(&map->gc);
-
list_for_each_entry_safe(e, n, &map->members, list) {
list_del(&e->list);
ip_set_put_byindex(map->net, e->id);
@@ -548,6 +545,15 @@
a->extensions == b->extensions;
}
+static void
+list_set_cancel_gc(struct ip_set *set)
+{
+ struct list_set *map = set->data;
+
+ if (SET_WITH_TIMEOUT(set))
+ timer_shutdown_sync(&map->gc);
+}
+
static const struct ip_set_type_variant set_variant = {
.kadt = list_set_kadt,
.uadt = list_set_uadt,
@@ -561,6 +567,7 @@
.head = list_set_head,
.list = list_set_list,
.same_set = list_set_same_set,
+ .cancel_gc = list_set_cancel_gc,
};
static void
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-7.19/lib/Makefile.in new/ipset-7.20/lib/Makefile.in
--- old/ipset-7.19/lib/Makefile.in 2023-09-21 08:15:45.000000000 +0200
+++ new/ipset-7.20/lib/Makefile.in 2024-01-31 11:33:41.000000000 +0100
@@ -380,6 +380,7 @@
HAVE_TCF_EMATCH_STRUCT_NET = @HAVE_TCF_EMATCH_STRUCT_NET@
HAVE_TC_SKB_PROTOCOL = @HAVE_TC_SKB_PROTOCOL@
HAVE_TIMER_SETUP = @HAVE_TIMER_SETUP@
+HAVE_TIMER_SHUTDOWN_SYNC = @HAVE_TIMER_SHUTDOWN_SYNC@
HAVE_TYPEDEF_SCTP_SCTPHDR_T = @HAVE_TYPEDEF_SCTP_SCTPHDR_T@
HAVE_USER_NS_IN_STRUCT_NET = @HAVE_USER_NS_IN_STRUCT_NET@
HAVE_VLAN_PROTO_IN_SK_BUFF = @HAVE_VLAN_PROTO_IN_SK_BUFF@
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-7.19/lib/print.c new/ipset-7.20/lib/print.c
--- old/ipset-7.19/lib/print.c 2023-09-21 08:14:18.000000000 +0200
+++ new/ipset-7.20/lib/print.c 2024-01-31 11:32:03.000000000 +0100
@@ -411,10 +411,11 @@
int
ipset_print_hexnumber(char *buf, unsigned int len,
const struct ipset_data *data, enum ipset_opt opt,
- uint8_t env UNUSED)
+ uint8_t env)
{
size_t maxsize;
const void *number;
+ const char *quoted = env & IPSET_ENV_QUOTED ? "\"" : "";
assert(buf);
assert(len > 0);
@@ -424,17 +425,17 @@
maxsize = ipset_data_sizeof(opt, AF_INET);
D("opt: %u, maxsize %zu", opt, maxsize);
if (maxsize == sizeof(uint8_t))
- return snprintf(buf, len, "0x%02"PRIx8,
- *(const uint8_t *) number);
+ return snprintf(buf, len, "%s0x%02"PRIx8"%s",
+ quoted, *(const uint8_t *) number, quoted);
else if (maxsize == sizeof(uint16_t))
- return snprintf(buf, len, "0x%04"PRIx16,
- *(const uint16_t *) number);
+ return snprintf(buf, len, "%s0x%04"PRIx16"%s",
+ quoted, *(const uint16_t *) number, quoted);
else if (maxsize == sizeof(uint32_t))
- return snprintf(buf, len, "0x%08"PRIx32,
- *(const uint32_t *) number);
+ return snprintf(buf, len, "%s0x%08"PRIx32"%s",
+ quoted, *(const uint32_t *) number, quoted);
else if (maxsize == sizeof(uint64_t))
- return snprintf(buf, len, "0x%016"PRIx64,
- *(const uint64_t *) number);
+ return snprintf(buf, len, "%s0x%016"PRIx64"%s",
+ quoted, *(const uint64_t *) number, quoted);
else
assert(0);
return 0;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-7.19/lib/session.c new/ipset-7.20/lib/session.c
--- old/ipset-7.19/lib/session.c 2023-09-21 08:14:18.000000000 +0200
+++ new/ipset-7.20/lib/session.c 2024-01-31 11:32:03.000000000 +0100
@@ -1306,6 +1306,7 @@
enum ipset_cmd cmd)
{
struct ipset_data *data = session->data;
+ static bool firstipset = true;
if (setjmp(printf_failure)) {
session->saved_setname[0] = '\0';
@@ -1324,10 +1325,13 @@
if (session->mode == IPSET_LIST_XML)
safe_snprintf(session, "<ipset name=\"%s\"/>\n",
ipset_data_setname(data));
- if (session->mode == IPSET_LIST_JSON)
- safe_snprintf(session, "\"name\" : \"%s\"\n",
+ else if (session->mode == IPSET_LIST_JSON) {
+ if (!firstipset)
+ safe_snprintf(session, ",\n");
+ firstipset = false;
+ safe_snprintf(session, " { \"name\" : \"%s\" }",
ipset_data_setname(data));
- else
+ } else
safe_snprintf(session, "%s\n",
ipset_data_setname(data));
return call_outfn(session) ? MNL_CB_ERROR : MNL_CB_OK;
@@ -2277,23 +2281,26 @@
session->cmd = cmd;
session->lineno = lineno;
- /* Set default output mode */
- if (cmd == IPSET_CMD_LIST) {
+ if (cmd == IPSET_CMD_LIST || cmd == IPSET_CMD_SAVE) {
+ /* Set default output mode */
if (session->mode == IPSET_LIST_NONE)
session->mode = IPSET_LIST_PLAIN;
- } else if (cmd == IPSET_CMD_SAVE) {
- if (session->mode == IPSET_LIST_NONE)
- session->mode = IPSET_LIST_SAVE;
+ /* Reset just in case there are multiple modes in a session */
+ ipset_envopt_unset(session, IPSET_ENV_QUOTED);
+ switch (session->mode) {
+ case IPSET_LIST_XML:
+ /* Start the root element in XML mode */
+ safe_snprintf(session, "<ipsets>\n");
+ break;
+ case IPSET_LIST_JSON:
+ /* Start the root element in json mode */
+ ipset_envopt_set(session, IPSET_ENV_QUOTED);
+ safe_snprintf(session, "[\n");
+ break;
+ default:
+ break;
+ }
}
- /* Start the root element in XML mode */
- if ((cmd == IPSET_CMD_LIST || cmd == IPSET_CMD_SAVE) &&
- session->mode == IPSET_LIST_XML)
- safe_snprintf(session, "<ipsets>\n");
-
- /* Start the root element in json mode */
- if ((cmd == IPSET_CMD_LIST || cmd == IPSET_CMD_SAVE) &&
- session->mode == IPSET_LIST_JSON)
- safe_snprintf(session, "[\n");
D("next: build_msg");
/* Build new message or append buffered commands */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-7.19/src/Makefile.in new/ipset-7.20/src/Makefile.in
--- old/ipset-7.19/src/Makefile.in 2023-09-21 08:15:45.000000000 +0200
+++ new/ipset-7.20/src/Makefile.in 2024-01-31 11:33:41.000000000 +0100
@@ -360,6 +360,7 @@
HAVE_TCF_EMATCH_STRUCT_NET = @HAVE_TCF_EMATCH_STRUCT_NET@
HAVE_TC_SKB_PROTOCOL = @HAVE_TC_SKB_PROTOCOL@
HAVE_TIMER_SETUP = @HAVE_TIMER_SETUP@
+HAVE_TIMER_SHUTDOWN_SYNC = @HAVE_TIMER_SHUTDOWN_SYNC@
HAVE_TYPEDEF_SCTP_SCTPHDR_T = @HAVE_TYPEDEF_SCTP_SCTPHDR_T@
HAVE_USER_NS_IN_STRUCT_NET = @HAVE_USER_NS_IN_STRUCT_NET@
HAVE_VLAN_PROTO_IN_SK_BUFF = @HAVE_VLAN_PROTO_IN_SK_BUFF@
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-7.19/tests/netnetgen.sh new/ipset-7.20/tests/netnetgen.sh
--- old/ipset-7.19/tests/netnetgen.sh 2023-09-21 08:14:18.000000000 +0200
+++ new/ipset-7.20/tests/netnetgen.sh 2024-01-31 11:32:03.000000000 +0100
@@ -6,7 +6,7 @@
comment=" comment"
;;
timeout)
- timeout=" timeout 10"
+ timeout=" timeout 60"
;;
*)
;;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-7.19/utils/Makefile.in new/ipset-7.20/utils/Makefile.in
--- old/ipset-7.19/utils/Makefile.in 2023-09-21 08:15:45.000000000 +0200
+++ new/ipset-7.20/utils/Makefile.in 2024-01-31 11:33:41.000000000 +0100
@@ -308,6 +308,7 @@
HAVE_TCF_EMATCH_STRUCT_NET = @HAVE_TCF_EMATCH_STRUCT_NET@
HAVE_TC_SKB_PROTOCOL = @HAVE_TC_SKB_PROTOCOL@
HAVE_TIMER_SETUP = @HAVE_TIMER_SETUP@
+HAVE_TIMER_SHUTDOWN_SYNC = @HAVE_TIMER_SHUTDOWN_SYNC@
HAVE_TYPEDEF_SCTP_SCTPHDR_T = @HAVE_TYPEDEF_SCTP_SCTPHDR_T@
HAVE_USER_NS_IN_STRUCT_NET = @HAVE_USER_NS_IN_STRUCT_NET@
HAVE_VLAN_PROTO_IN_SK_BUFF = @HAVE_VLAN_PROTO_IN_SK_BUFF@
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ipset-7.19/utils/ipset_bash_completion/ipset new/ipset-7.20/utils/ipset_bash_completion/ipset
--- old/ipset-7.19/utils/ipset_bash_completion/ipset 2023-09-21 08:14:18.000000000 +0200
+++ new/ipset-7.20/utils/ipset_bash_completion/ipset 2024-01-31 11:32:03.000000000 +0100
@@ -362,7 +362,7 @@
while read -r; do
REPLY="${REPLY#*: }"
printf "%s\n" ${REPLY%%:*}
-done < <(( PATH=${PATH}:/sbin command ip -o link show ) 2>/dev/null)
+done < <(PATH=${PATH}:/sbin ( command ip -o link show ) 2>/dev/null)
}
_ipset_get_iplist() {
@@ -1130,9 +1130,9 @@
# make sure it's not a filename named -o or -output
if [[ $str_filename != $prev ]]; then
if ((names_only || headers_only)); then
- COMPREPLY=( $( compgen -W 'plain xml json' -- "$cur" ) )
+ COMPREPLY=( $( compgen -W 'plain xml' -- "$cur" ) )
else
- COMPREPLY=( $( compgen -W 'plain save xml json' -- "$cur" ) )
+ COMPREPLY=( $( compgen -W 'plain save xml' -- "$cur" ) )
fi
return 0
fi
1
0
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package crun for openSUSE:Factory checked in at 2024-02-01 18:03:38
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/crun (Old)
and /work/SRC/openSUSE:Factory/.crun.new.1815 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "crun"
Thu Feb 1 18:03:38 2024 rev:20 rq:1143040 version:1.14
Changes:
--------
--- /work/SRC/openSUSE:Factory/crun/crun.changes 2023-12-05 17:01:01.560303659 +0100
+++ /work/SRC/openSUSE:Factory/.crun.new.1815/crun.changes 2024-02-01 18:03:40.415413174 +0100
@@ -1,0 +2,17 @@
+Sat Jan 27 16:21:04 UTC 2024 - Andrea Manzini <andrea.manzini(a)suse.com>
+
+- update to 1.14:
+ * build: drop dependency on libgcrypt. Use blake3 to compute the cache key.
+ * cpuset: don't clobber parent cgroup value when writing the cpuset value.
+ * linux: force umask(0). It ensures that the mknodat syscall is not affected by the umask of the calling process,
+ allowing file permissions to be set as specified in the OCI configuration.
+ * ebpf: do not require MEMLOCK for eBPF programs. This requirement was relaxed in Linux 5.11.
+
+- update to 1.13:
+ * src: use O_CLOEXEC for all open/openat calls
+ * cgroup v1: use "max" when pids limit < 0.
+ * improve error message when idmap mount fails because the underlying file system has no support for it.
+ * libcrun: fix compilation when building without libseccomp and libcap.
+ * fix relative idmapped mount when using the custom annotation.
+
+-------------------------------------------------------------------
Old:
----
crun-1.12.tar.xz
crun-1.12.tar.xz.asc
New:
----
crun-1.14.tar.xz
crun-1.14.tar.xz.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ crun.spec ++++++
--- /var/tmp/diff_new_pack.NyQqtu/_old 2024-02-01 18:03:42.435486410 +0100
+++ /var/tmp/diff_new_pack.NyQqtu/_new 2024-02-01 18:03:42.439486555 +0100
@@ -1,7 +1,7 @@
#
# spec file for package crun
#
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -23,7 +23,7 @@
%endif
Name: crun
-Version: 1.12
+Version: 1.14
Release: 0
Summary: OCI runtime written in C
License: GPL-2.0-or-later
++++++ crun-1.12.tar.xz -> crun-1.14.tar.xz ++++++
++++ 3341 lines of diff (skipped)
1
0
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package discord for openSUSE:Factory:NonFree checked in at 2024-02-01 18:03:04
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory:NonFree/discord (Old)
and /work/SRC/openSUSE:Factory:NonFree/.discord.new.1815 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "discord"
Thu Feb 1 18:03:04 2024 rev:45 rq:1143212 version:0.0.42
Changes:
--------
--- /work/SRC/openSUSE:Factory:NonFree/discord/discord.changes 2024-01-29 22:24:59.824704974 +0100
+++ /work/SRC/openSUSE:Factory:NonFree/.discord.new.1815/discord.changes 2024-02-01 18:03:06.230175032 +0100
@@ -1,0 +2,6 @@
+Tue Jan 30 23:55:47 UTC 2024 - Wojciech Kazubski <wk(a)ire.pw.edu.pl>
+
+- Update to version 0.0.42:
+ * No upstream release notes.
+
+-------------------------------------------------------------------
Old:
----
discord-0.0.41.tar.gz
New:
----
discord-0.0.42.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ discord.spec ++++++
--- /var/tmp/diff_new_pack.7NYkEA/_old 2024-02-01 18:03:07.794231572 +0100
+++ /var/tmp/diff_new_pack.7NYkEA/_new 2024-02-01 18:03:07.794231572 +0100
@@ -25,7 +25,7 @@
# This is to enable build with patent encoumbered codecs. Not allowed in OBS
%bcond_with x264
Name: discord
-Version: 0.0.41
+Version: 0.0.42
Release: 0
Summary: Voice and Text Chat for Gamers
License: SUSE-NonFree
++++++ discord-0.0.41.tar.gz -> discord-0.0.42.tar.gz ++++++
/work/SRC/openSUSE:Factory:NonFree/discord/discord-0.0.41.tar.gz /work/SRC/openSUSE:Factory:NonFree/.discord.new.1815/discord-0.0.42.tar.gz differ: char 5, line 1
1
0
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package distribution-logos-openSUSE for openSUSE:Factory checked in at 2024-02-01 16:06:05
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/distribution-logos-openSUSE (Old)
and /work/SRC/openSUSE:Factory/.distribution-logos-openSUSE.new.1815 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "distribution-logos-openSUSE"
Thu Feb 1 16:06:05 2024 rev:10 rq: version:20230921
Changes:
--------
--- /work/SRC/openSUSE:Factory/distribution-logos-openSUSE/distribution-logos-openSUSE.changes 2024-02-01 16:01:11.437169074 +0100
+++ /work/SRC/openSUSE:Factory/.distribution-logos-openSUSE.new.1815/distribution-logos-openSUSE.changes 2024-02-01 16:06:06.775812618 +0100
@@ -2,11 +1,0 @@
-Thu Feb 1 14:45:43 UTC 2024 - Dirk Müller <dmueller(a)suse.com>
-
-- list the source url
-
--------------------------------------------------------------------
-Thu Feb 1 10:15:48 UTC 2024 - Lubos Kocman <lubos.kocman(a)suse.com>
-
-- Update Leap 15.6 branding poo#131666
-
-
--------------------------------------------------------------------
Old:
----
distribution-logos-openSUSE-20240201.zip
New:
----
distribution-logos-main.zip
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ distribution-logos-openSUSE.spec ++++++
--- /var/tmp/diff_new_pack.wshqJL/_old 2024-02-01 16:06:07.191827686 +0100
+++ /var/tmp/diff_new_pack.wshqJL/_new 2024-02-01 16:06:07.195827831 +0100
@@ -1,7 +1,7 @@
#
# spec file for package distribution-logos-openSUSE
#
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
# Copyright (c) 2021 Sasi Olin <hellcp(a)opensuse.org>.
#
# All modifications and additions to the file contributed by third parties
@@ -18,26 +18,29 @@
Name: distribution-logos-openSUSE
-Version: 20240201
-Release: 0
Summary: Logos for openSUSE Distros
License: CC-BY-SA-4.0
-URL: https://github.com/openSUSE/distribution-logos
-Source: https://github.com/openSUSE/distribution-logos/archive/refs/heads/main.zip#…
-BuildRequires: hicolor-icon-theme
+Version: 20230921
+Release: 0
+Url: https://github.com/openSUSE/distribution-logos
+Source: distribution-logos-main.zip
BuildRequires: unzip
+BuildRequires: hicolor-icon-theme
BuildArch: noarch
%description
Logos for openSUSE Distributions
%if 0%{?sle_version}
+
%package Leap
Summary: Logos for openSUSE Leap
-Conflicts: distribution-logos
+
Obsoletes: distribution-logos
Provides: distribution-logos
-Removepathpostfixes: .Leap
+Conflicts: distribution-logos
+
+RemovePathPostfixes: .Leap
BuildArch: noarch
%description Leap
@@ -45,10 +48,12 @@
%package LeapMicro
Summary: Logos for openSUSE Leap Micro
-Conflicts: distribution-logos
+
Obsoletes: distribution-logos
Provides: distribution-logos
-Removepathpostfixes: .LeapMicro
+Conflicts: distribution-logos
+
+RemovePathPostfixes: .LeapMicro
BuildArch: noarch
%description LeapMicro
@@ -58,10 +63,12 @@
%package Tumbleweed
Summary: Logos for openSUSE Tumbleweed
-Conflicts: distribution-logos
+
Obsoletes: distribution-logos
Provides: distribution-logos
-Removepathpostfixes: .Tumbleweed
+Conflicts: distribution-logos
+
+RemovePathPostfixes: .Tumbleweed
BuildArch: noarch
%description Tumbleweed
@@ -69,10 +76,12 @@
%package Kubic
Summary: Logos for openSUSE Kubic
-Conflicts: distribution-logos
+
Obsoletes: distribution-logos
Provides: distribution-logos
-Removepathpostfixes: .Kubic
+Conflicts: distribution-logos
+
+RemovePathPostfixes: .Kubic
BuildArch: noarch
%description Kubic
@@ -80,10 +89,12 @@
%package MicroOS
Summary: Logos for openSUSE MicroOS
-Conflicts: distribution-logos
+
Obsoletes: distribution-logos
Provides: distribution-logos
-Removepathpostfixes: .MicroOS
+Conflicts: distribution-logos
+
+RemovePathPostfixes: .MicroOS
BuildArch: noarch
%description MicroOS
@@ -91,10 +102,12 @@
%package Aeon
Summary: Logos for openSUSE Aeon
-Conflicts: distribution-logos
+
Obsoletes: distribution-logos
Provides: distribution-logos
-Removepathpostfixes: .Aeon
+Conflicts: distribution-logos
+
+RemovePathPostfixes: .Aeon
BuildArch: noarch
%description Aeon
@@ -104,18 +117,20 @@
%package icons
Summary: Icons with distribution logos
+
Requires: distribution-logos
-Conflicts: systemd-icon-branding-openSUSE
Provides: systemd-icon-branding
Obsoletes: systemd-icon-branding-openSUSE < 84.87.20210910
Provides: systemd-icon-branding-openSUSE = 84.87.20210910
+Conflicts: systemd-icon-branding-openSUSE
+
BuildArch: noarch
%description icons
Icons with openSUSE distribution logos.
%prep
-%setup -q -n distribution-logos-main
+%setup -qn distribution-logos-main
%build
# Skip build
@@ -142,6 +157,7 @@
%dir %{_datadir}/pixmaps/distribution-logos
%if 0%{?sle_version}
+
%files Leap
%{_datadir}/pixmaps/distribution-logos/*.Leap
1
0