June 2017 - openSUSE Commits - openSUSE Mailing Lists

commit tor for openSUSE:Factory
by root＠hilbert.suse.de 30 Jun '17

30 Jun '17

Hello community, here is the log from the commit of package tor for openSUSE:Factory checked in at 2017-06-30 18:43:17 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/tor (Old) and /work/SRC/openSUSE:Factory/.tor.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "tor" Fri Jun 30 18:43:17 2017 rev:57 rq:507338 version:0.3.0.9 Changes: -------- --- /work/SRC/openSUSE:Factory/tor/tor.changes 2017-06-09 15:57:38.113739764 +0200 +++ /work/SRC/openSUSE:Factory/.tor.new/tor.changes 2017-06-30 18:43:53.789181802 +0200 @@ -1,0 +2,14 @@ +Fri Jun 30 11:53:59 UTC 2017 - astieger(a)suse.com + +- tor 0.3.0.9: + * CVE-2017-0377: Fix path selection bug that would allow a client + to use a guard that was in the same network family as a chosen + exit relay (bsc#1046845) + * Don't block bootstrapping when a primary bridge is offline and + tor cannot get its descriptor + * When starting with an old consensus, do not add new entry guards + unless the consensus is "reasonably live" (under 1 day old). + * Update geoip and geoip6 to the June 8 2017 Maxmind GeoLite2 + Country database. + +------------------------------------------------------------------- Old: ---- tor-0.3.0.8.tar.gz tor-0.3.0.8.tar.gz.asc New: ---- tor-0.3.0.9.tar.gz tor-0.3.0.9.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ tor.spec ++++++ --- /var/tmp/diff_new_pack.4Bftky/_old 2017-06-30 18:43:54.509080544 +0200 +++ /var/tmp/diff_new_pack.4Bftky/_new 2017-06-30 18:43:54.513079981 +0200 @@ -20,7 +20,7 @@ %define torgroup %{name} %define home_dir %{_localstatedir}/lib/empty Name: tor -Version: 0.3.0.8 +Version: 0.3.0.9 Release: 0 Summary: Anonymizing overlay network for TCP (The onion router) License: BSD-3-Clause ++++++ tor-0.3.0.8.tar.gz -> tor-0.3.0.9.tar.gz ++++++ ++++ 14307 lines of diff (skipped)

1 0

commit libmediainfo for openSUSE:Factory
by root＠hilbert.suse.de 30 Jun '17

30 Jun '17

Hello community, here is the log from the commit of package libmediainfo for openSUSE:Factory checked in at 2017-06-30 18:43:15 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libmediainfo (Old) and /work/SRC/openSUSE:Factory/.libmediainfo.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "libmediainfo" Fri Jun 30 18:43:15 2017 rev:5 rq:507337 version:0.7.97 Changes: -------- --- /work/SRC/openSUSE:Factory/libmediainfo/libmediainfo.changes 2017-06-02 10:34:36.937025754 +0200 +++ /work/SRC/openSUSE:Factory/.libmediainfo.new/libmediainfo.changes 2017-06-30 18:43:52.209404007 +0200 @@ -1,0 +2,30 @@ +Fri Jun 30 11:46:25 UTC 2017 - aloisio(a)gmx.com + +- Update to version 0.7.97 + * HEVC: support of stream having VPS hrd_parameters + * FLV: support of FLV files with an ID3v2 header + * FLV: detect some incoherent frame rates in buggy files + * TIFF: support of more tags + * I518, AAC: consider 4 back channels as 2 side + 2 back channels + * Matroska: integrate all elements from Matroska specs in + MediaTrace + * WAV: parsing of MPEG Audio extension "mext" chunk and + displayed in MediaTrace + * MPC: channels count + * AAC: ADTS/ADIF duration in case of full parsing and/or "risky + bitrate estimation" option + * MXF: less false-positive detection of some files as MXF + * B1053, WAV: metadata coherency, ignore "fact" chunk more often + in order to avoid bad information when this chunk is buggy + * B1029, DPX: DPX endianess not considered with some fields in + MediaTrace + * Custom template: can check "Other" part as any other parts + * Matroska: fix parsing issue with small byte blocks are taken + from the file e.g. when reading from HTTP link + * Matroska: files with unknown block size were flagged as + truncated + * MediaTrace: values with a \n were breaking the text report + lines + * Some typos (RefFrames, SPF) + +------------------------------------------------------------------- Old: ---- libmediainfo_0.7.96.tar.xz New: ---- libmediainfo_0.7.97.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libmediainfo.spec ++++++ --- /var/tmp/diff_new_pack.778jPD/_old 2017-06-30 18:43:52.721332001 +0200 +++ /var/tmp/diff_new_pack.778jPD/_new 2017-06-30 18:43:52.725331438 +0200 @@ -19,7 +19,7 @@ %define sover 0 Name: libmediainfo -Version: 0.7.96 +Version: 0.7.97 Release: 0 Summary: Supplies technical and tag information about a video or audio file License: BSD-2-Clause ++++++ libmediainfo_0.7.96.tar.xz -> libmediainfo_0.7.97.tar.xz ++++++ ++++ 6830 lines of diff (skipped)

1 0

commit armadillo for openSUSE:Factory
by root＠hilbert.suse.de 30 Jun '17

30 Jun '17

Hello community, here is the log from the commit of package armadillo for openSUSE:Factory checked in at 2017-06-30 18:43:09 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/armadillo (Old) and /work/SRC/openSUSE:Factory/.armadillo.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "armadillo" Fri Jun 30 18:43:09 2017 rev:108 rq:507287 version:7.950.1 Changes: -------- --- /work/SRC/openSUSE:Factory/armadillo/armadillo.changes 2017-06-08 14:58:27.901451365 +0200 +++ /work/SRC/openSUSE:Factory/.armadillo.new/armadillo.changes 2017-06-30 18:43:50.429654339 +0200 @@ -1,0 +2,10 @@ +Wed Jun 21 12:07:23 UTC 2017 - badshah400(a)gmail.com + +- Update to version 7.950.1: + + Expanded accu() and sum() to use OpenMP for processing + expressions with computationally expensive element-wise + functions. + + Expanded trimatu() and trimatl() to allow specification of the + diagonal which delineates the boundary of the triangular part. + +------------------------------------------------------------------- Old: ---- armadillo-7.900.1.tar.xz New: ---- armadillo-7.950.1.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ armadillo.spec ++++++ --- /var/tmp/diff_new_pack.a6jwXO/_old 2017-06-30 18:43:51.025570520 +0200 +++ /var/tmp/diff_new_pack.a6jwXO/_new 2017-06-30 18:43:51.029569957 +0200 @@ -18,7 +18,7 @@ %define soname libarmadillo7 Name: armadillo -Version: 7.900.1 +Version: 7.950.1 Release: 0 Summary: Fast C++ matrix library with interfaces to LAPACK and ATLAS License: Apache-2.0 ++++++ armadillo-7.900.1.tar.xz -> armadillo-7.950.1.tar.xz ++++++ ++++ 2877 lines of diff (skipped)

1 0

commit criu for openSUSE:Factory
by root＠hilbert.suse.de 30 Jun '17

30 Jun '17

Hello community, here is the log from the commit of package criu for openSUSE:Factory checked in at 2017-06-30 18:43:06 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/criu (Old) and /work/SRC/openSUSE:Factory/.criu.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "criu" Fri Jun 30 18:43:06 2017 rev:34 rq:507279 version:3.2.1 Changes: -------- --- /work/SRC/openSUSE:Factory/criu/criu.changes 2017-06-22 10:40:40.587224838 +0200 +++ /work/SRC/openSUSE:Factory/.criu.new/criu.changes 2017-06-30 18:43:47.890011554 +0200 @@ -1,0 +2,7 @@ +Fri Jun 30 11:33:54 CEST 2017 - tiwai(a)suse.de + +- update to criu 3.2.1: bug fix release, + * Restoring a stack fails on recent kernels due to kernel changes + * Restoring on a host with LSM profiles failed + +------------------------------------------------------------------- Old: ---- criu-3.2.tar.bz2 New: ---- criu-3.2.1.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ criu.spec ++++++ --- /var/tmp/diff_new_pack.hg6xmI/_old 2017-06-30 18:43:48.389941236 +0200 +++ /var/tmp/diff_new_pack.hg6xmI/_new 2017-06-30 18:43:48.389941236 +0200 @@ -17,7 +17,7 @@ Name: criu -Version: 3.2 +Version: 3.2.1 Release: 0 Summary: Checkpoint/Restore In Userspace Tools License: GPL-2.0 ++++++ criu-3.2.tar.bz2 -> criu-3.2.1.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/criu-3.2/.travis.yml new/criu-3.2.1/.travis.yml --- old/criu-3.2/.travis.yml 2017-06-19 11:59:14.000000000 +0200 +++ new/criu-3.2.1/.travis.yml 2017-06-28 07:49:36.000000000 +0200 @@ -22,3 +22,4 @@ after_success: - ccache -s - make -C scripts/travis after_success +group: deprecated-2017Q2 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/criu-3.2/Makefile.versions new/criu-3.2.1/Makefile.versions --- old/criu-3.2/Makefile.versions 2017-06-19 11:59:14.000000000 +0200 +++ new/criu-3.2.1/Makefile.versions 2017-06-28 07:49:36.000000000 +0200 @@ -2,7 +2,7 @@ # CRIU version. CRIU_VERSION_MAJOR := 3 CRIU_VERSION_MINOR := 2 -CRIU_VERSION_SUBLEVEL := +CRIU_VERSION_SUBLEVEL := 1 CRIU_VERSION_EXTRA := CRIU_VERSION_NAME := Tin Hoopoe CRIU_VERSION := $(CRIU_VERSION_MAJOR)$(if $(CRIU_VERSION_MINOR),.$(CRIU_VERSION_MINOR))$(if $(CRIU_VERSION_SUBLEVEL),.$(CRIU_VERSION_SUBLEVEL))$(if $(CRIU_VERSION_EXTRA),.$(CRIU_VERSION_EXTRA)) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/criu-3.2/criu/cr-dump.c new/criu-3.2.1/criu/cr-dump.c --- old/criu-3.2/criu/cr-dump.c 2017-06-19 11:59:14.000000000 +0200 +++ new/criu-3.2.1/criu/cr-dump.c 2017-06-28 07:49:36.000000000 +0200 @@ -1539,6 +1539,9 @@ if (kerndat_init()) goto err; + if (lsm_check_opts()) + goto err; + if (irmap_load_cache()) goto err; @@ -1689,6 +1692,9 @@ if (kerndat_init()) goto err; + if (lsm_check_opts()) + goto err; + if (irmap_load_cache()) goto err; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/criu-3.2/criu/cr-restore.c new/criu-3.2.1/criu/cr-restore.c --- old/criu-3.2/criu/cr-restore.c 2017-06-19 11:59:14.000000000 +0200 +++ new/criu-3.2.1/criu/cr-restore.c 2017-06-28 07:49:36.000000000 +0200 @@ -2134,6 +2134,9 @@ if (kerndat_init()) goto err; + if (lsm_check_opts()) + goto err; + timing_start(TIME_RESTORE); if (cpu_init() < 0) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/criu-3.2/criu/crtools.c new/criu-3.2.1/criu/crtools.c --- old/criu-3.2/criu/crtools.c 2017-06-19 11:59:14.000000000 +0200 +++ new/criu-3.2.1/criu/crtools.c 2017-06-28 07:49:36.000000000 +0200 @@ -511,8 +511,8 @@ return -1; break; case 1071: - if (parse_lsm_arg(optarg) < 0) - return -1; + opts.lsm_profile = optarg; + opts.lsm_supplied = true; break; case 1072: opts.timeout = atoi(optarg); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/criu-3.2/criu/include/kerndat.h new/criu-3.2.1/criu/include/kerndat.h --- old/criu-3.2/criu/include/kerndat.h 2017-06-19 11:59:14.000000000 +0200 +++ new/criu-3.2.1/criu/include/kerndat.h 2017-06-28 07:49:36.000000000 +0200 @@ -1,6 +1,8 @@ #ifndef __CR_KERNDAT_H__ #define __CR_KERNDAT_H__ +#include <stdbool.h> + #include "int.h" struct stat; @@ -44,6 +46,8 @@ unsigned int has_xtlocks; unsigned long mmap_min_addr; bool has_tcp_half_closed; + bool stack_guard_gap_hidden; + int lsm; }; extern struct kerndat_s kdat; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/criu-3.2/criu/include/lsm.h new/criu-3.2.1/criu/include/lsm.h --- old/criu-3.2/criu/include/lsm.h 2017-06-19 11:59:14.000000000 +0200 +++ new/criu-3.2.1/criu/include/lsm.h 2017-06-28 07:49:36.000000000 +0200 @@ -33,5 +33,5 @@ */ int render_lsm_profile(char *profile, char **val); -extern int parse_lsm_arg(char *arg); +extern int lsm_check_opts(void); #endif /* __CR_LSM_H__ */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/criu-3.2/criu/include/mem.h new/criu-3.2.1/criu/include/mem.h --- old/criu-3.2/criu/include/mem.h 2017-06-19 11:59:14.000000000 +0200 +++ new/criu-3.2.1/criu/include/mem.h 2017-06-28 07:49:36.000000000 +0200 @@ -9,11 +9,13 @@ struct vm_area_list; struct page_pipe; struct pstree_item; +struct vma_area; struct mem_dump_ctl { bool pre_dump; }; +extern bool vma_has_guard_gap_hidden(struct vma_area *vma); extern bool page_in_parent(bool dirty); extern int prepare_mm_pid(struct pstree_item *i); extern void prepare_cow_vmas(void); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/criu-3.2/criu/kerndat.c new/criu-3.2.1/criu/kerndat.c --- old/criu-3.2/criu/kerndat.c 2017-06-19 11:59:14.000000000 +0200 +++ new/criu-3.2.1/criu/kerndat.c 2017-06-28 07:49:36.000000000 +0200 @@ -563,6 +563,80 @@ return 0; } +static int kerndat_detect_stack_guard_gap(void) +{ + int num, ret = -1, detected = 0; + unsigned long start, end; + char r, w, x, s; + char buf[1024]; + FILE *maps; + void *mem; + + mem = mmap(NULL, (3ul << 20), PROT_READ | PROT_WRITE, + MAP_PRIVATE | MAP_ANONYMOUS | MAP_GROWSDOWN, -1, 0); + if (mem == MAP_FAILED) { + pr_perror("Can't mmap stack area"); + return -1; + } + munmap(mem, (3ul << 20)); + + mem = mmap(mem + (2ul << 20), (1ul << 20), PROT_READ | PROT_WRITE, + MAP_PRIVATE | MAP_ANONYMOUS | MAP_FIXED | MAP_GROWSDOWN, -1, 0); + if (mem == MAP_FAILED) { + pr_perror("Can't mmap stack area"); + return -1; + } + + maps = fopen("/proc/self/maps", "r"); + if (maps == NULL) { + munmap(mem, 4096); + return -1; + } + + while (fgets(buf, sizeof(buf), maps)) { + num = sscanf(buf, "%lx-%lx %c%c%c%c", + &start, &end, &r, &w, &x, &s); + if (num < 6) { + pr_err("Can't parse: %s\n", buf); + goto err; + } + + /* + * When reading /proc/$pid/[s]maps the + * start/end addresses migh be cutted off + * with PAGE_SIZE on kernels prior 4.12 + * (see kernel commit 1be7107fbe18ee). + * + * Same time there was semi-complete + * patch released which hitted a number + * of repos (Ubuntu, Fedora) where instead + * of PAGE_SIZE the 1M gap is cutted off. + */ + if (start == (unsigned long)mem) { + kdat.stack_guard_gap_hidden = false; + detected = 1; + break; + } else if (start == ((unsigned long)mem + (1ul << 20))) { + pr_warn("Unsupported stack guard detected, confused but continue\n"); + kdat.stack_guard_gap_hidden = true; + detected = 1; + break; + } else if (start == ((unsigned long)mem + PAGE_SIZE)) { + kdat.stack_guard_gap_hidden = true; + detected = 1; + break; + } + } + + if (detected) + ret = 0; + +err: + munmap(mem, (1ul << 20)); + fclose(maps); + return ret; +} + #define KERNDAT_CACHE_FILE KDAT_RUNDIR"/criu.kdat" #define KERNDAT_CACHE_FILE_TMP KDAT_RUNDIR"/.criu.kdat" @@ -676,6 +750,8 @@ ret = kerndat_compat_restore(); if (!ret) ret = kerndat_has_memfd_create(); + if (!ret) + ret = kerndat_detect_stack_guard_gap(); kerndat_lsm(); kerndat_mmap_min_addr(); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/criu-3.2/criu/lsm.c new/criu-3.2.1/criu/lsm.c --- old/criu-3.2/criu/lsm.c 2017-06-19 11:59:14.000000000 +0200 +++ new/criu-3.2.1/criu/lsm.c 2017-06-28 07:49:36.000000000 +0200 @@ -5,6 +5,7 @@ #include <sys/types.h> #include <unistd.h> +#include "kerndat.h" #include "config.h" #include "pstree.h" #include "util.h" @@ -19,10 +20,6 @@ #include <selinux/selinux.h> #endif -static Lsmtype lsmtype; -static int (*get_label)(pid_t, char **) = NULL; -static char *name = NULL; - static int apparmor_get_label(pid_t pid, char **profile_name) { FILE *f; @@ -109,18 +106,8 @@ void kerndat_lsm(void) { - /* On restore, if someone passes --lsm-profile, we might end up doing - * detection twice, once during flag parsing and once for - * kerndat_init(). Let's detect when we've already done detection - * and not do it again. - */ - if (name) - return; - if (access(AA_SECURITYFS_PATH, F_OK) == 0) { - get_label = apparmor_get_label; - lsmtype = LSMTYPE__APPARMOR; - name = "apparmor"; + kdat.lsm = LSMTYPE__APPARMOR; return; } @@ -131,37 +118,47 @@ * well. */ if (access("/sys/fs/selinux", F_OK) == 0) { - get_label = selinux_get_label; - lsmtype = LSMTYPE__SELINUX; - name = "selinux"; + kdat.lsm = LSMTYPE__SELINUX; return; } #endif - get_label = NULL; - lsmtype = LSMTYPE__NO_LSM; - name = "none"; + kdat.lsm = LSMTYPE__NO_LSM; } Lsmtype host_lsm_type(void) { - return lsmtype; + return kdat.lsm; } int collect_lsm_profile(pid_t pid, CredsEntry *ce) { - ce->lsm_profile = NULL; + int ret; - if (lsmtype == LSMTYPE__NO_LSM) - return 0; + ce->lsm_profile = NULL; - if (get_label(pid, &ce->lsm_profile) < 0) - return -1; + switch (kdat.lsm) { + case LSMTYPE__NO_LSM: + ret = 0; + break; + case LSMTYPE__APPARMOR: + ret = apparmor_get_label(pid, &ce->lsm_profile); + break; +#ifdef CONFIG_HAS_SELINUX + case LSMTYPE__SELINUX: + ret = selinux_get_label(pid, &ce->lsm_profile); + break; +#endif + default: + BUG(); + ret = -1; + break; + } if (ce->lsm_profile) pr_info("%d has lsm profile %s\n", pid, ce->lsm_profile); - return 0; + return ret; } // in inventory.c @@ -169,7 +166,7 @@ int validate_lsm(char *lsm_profile) { - if (image_lsm == LSMTYPE__NO_LSM || image_lsm == lsmtype) + if (image_lsm == LSMTYPE__NO_LSM || image_lsm == kdat.lsm) return 0; /* @@ -189,7 +186,7 @@ { *val = NULL; - switch (lsmtype) { + switch (kdat.lsm) { case LSMTYPE__APPARMOR: if (strcmp(profile, "unconfined") != 0 && asprintf(val, "changeprofile %s", profile) < 0) { pr_err("allocating lsm profile failed\n"); @@ -211,43 +208,42 @@ return 0; } -int parse_lsm_arg(char *arg) +int lsm_check_opts(void) { char *aux; - kerndat_lsm(); + if (!opts.lsm_supplied) + return 0; - aux = strchr(arg, ':'); + aux = strchr(opts.lsm_profile, ':'); if (aux == NULL) { - pr_err("invalid argument %s for --lsm-profile\n", arg); + pr_err("invalid argument %s for --lsm-profile\n", opts.lsm_profile); return -1; } *aux = '\0'; aux++; - if (strcmp(arg, "apparmor") == 0) { - if (lsmtype != LSMTYPE__APPARMOR) { + if (strcmp(opts.lsm_profile, "apparmor") == 0) { + if (kdat.lsm != LSMTYPE__APPARMOR) { pr_err("apparmor LSM specified but apparmor not supported by kernel\n"); return -1; } opts.lsm_profile = aux; - } else if (strcmp(arg, "selinux") == 0) { - if (lsmtype != LSMTYPE__SELINUX) { + } else if (strcmp(opts.lsm_profile, "selinux") == 0) { + if (kdat.lsm != LSMTYPE__SELINUX) { pr_err("selinux LSM specified but selinux not supported by kernel\n"); return -1; } opts.lsm_profile = aux; - } else if (strcmp(arg, "none") == 0) { + } else if (strcmp(opts.lsm_profile, "none") == 0) { opts.lsm_profile = NULL; } else { - pr_err("unknown lsm %s\n", arg); + pr_err("unknown lsm %s\n", opts.lsm_profile); return -1; } - opts.lsm_supplied = true; - return 0; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/criu-3.2/criu/mem.c new/criu-3.2.1/criu/mem.c --- old/criu-3.2/criu/mem.c 2017-06-19 11:59:14.000000000 +0200 +++ new/criu-3.2.1/criu/mem.c 2017-06-28 07:49:36.000000000 +0200 @@ -499,7 +499,7 @@ if (vma_area_is_private(vma, kdat.task_size)) { ri->vmas.priv_size += vma_area_len(vma); - if (vma->e->flags & MAP_GROWSDOWN) + if (vma_has_guard_gap_hidden(vma)) ri->vmas.priv_size += PAGE_SIZE; } @@ -634,7 +634,7 @@ * A grow-down VMA has a guard page, which protect a VMA below it. * So one more page is mapped here to restore content of the first page */ - if (vma->e->flags & MAP_GROWSDOWN) + if (vma_has_guard_gap_hidden(vma)) vma->e->start -= PAGE_SIZE; size = vma_entry_len(vma->e); @@ -686,7 +686,7 @@ */ paddr = decode_pointer(vma->pvma->premmaped_addr); - if (vma->e->flags & MAP_GROWSDOWN) + if (vma_has_guard_gap_hidden(vma)) paddr -= PAGE_SIZE; addr = mremap(paddr, size, size, @@ -702,7 +702,7 @@ pr_debug("\tpremap %#016"PRIx64"-%#016"PRIx64" -> %016lx\n", vma->e->start, vma->e->end, (unsigned long)addr); - if (vma->e->flags & MAP_GROWSDOWN) { /* Skip gurad page */ + if (vma_has_guard_gap_hidden(vma)) { /* Skip gurad page */ vma->e->start += PAGE_SIZE; vma->premmaped_addr += PAGE_SIZE; } @@ -717,7 +717,8 @@ static inline bool vma_force_premap(struct vma_area *vma, struct list_head *head) { /* - * Growsdown VMAs always have one guard page at the + * On kernels with 4K guard pages, growsdown VMAs + * always have one guard page at the * beginning and sometimes this page contains data. * In case the VMA is premmaped, we premmap one page * larger VMA. In case of in place restore we can only @@ -1046,6 +1047,11 @@ return ret; } +bool vma_has_guard_gap_hidden(struct vma_area *vma) +{ + return kdat.stack_guard_gap_hidden && (vma->e->flags & MAP_GROWSDOWN); +} + /* * A gard page must be unmapped after restoring content and * forking children to restore COW memory. @@ -1055,6 +1061,9 @@ struct vma_area *vma; struct list_head *vmas = &rsti(t)->vmas.h; + if (!kdat.stack_guard_gap_hidden) + return 0; + list_for_each_entry(vma, vmas, list) { if (!vma_area_is(vma, VMA_PREMMAPED)) continue; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/criu-3.2/criu/proc_parse.c new/criu-3.2.1/criu/proc_parse.c --- old/criu-3.2/criu/proc_parse.c 2017-06-19 11:59:14.000000000 +0200 +++ new/criu-3.2.1/criu/proc_parse.c 2017-06-28 07:49:36.000000000 +0200 @@ -25,6 +25,7 @@ #include "kerndat.h" #include "vdso.h" #include "vma.h" +#include "mem.h" #include "bfd.h" #include "proc_parse.h" #include "fdinfo.h" @@ -637,7 +638,7 @@ } /* Add a guard page only if here is enough space for it */ - if ((vma_area->e->flags & MAP_GROWSDOWN) && + if (vma_has_guard_gap_hidden(vma_area) && *prev_end < vma_area->e->start) vma_area->e->start -= PAGE_SIZE; /* Guard page */ *prev_end = vma_area->e->end; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/criu-3.2/test/zdtm/static/grow_map.desc new/criu-3.2.1/test/zdtm/static/grow_map.desc --- old/criu-3.2/test/zdtm/static/grow_map.desc 1970-01-01 01:00:00.000000000 +0100 +++ new/criu-3.2.1/test/zdtm/static/grow_map.desc 2017-06-28 07:49:36.000000000 +0200 @@ -0,0 +1 @@ +{'flags': 'noauto'} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/criu-3.2/test/zdtm/static/grow_map02.desc new/criu-3.2.1/test/zdtm/static/grow_map02.desc --- old/criu-3.2/test/zdtm/static/grow_map02.desc 1970-01-01 01:00:00.000000000 +0100 +++ new/criu-3.2.1/test/zdtm/static/grow_map02.desc 2017-06-28 07:49:36.000000000 +0200 @@ -0,0 +1 @@ +{'flags': 'noauto'} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/criu-3.2/test/zdtm/static/grow_map03.desc new/criu-3.2.1/test/zdtm/static/grow_map03.desc --- old/criu-3.2/test/zdtm/static/grow_map03.desc 1970-01-01 01:00:00.000000000 +0100 +++ new/criu-3.2.1/test/zdtm/static/grow_map03.desc 2017-06-28 07:49:36.000000000 +0200 @@ -0,0 +1 @@ +{'flags': 'noauto'}

1 0

commit transactional-update for openSUSE:Factory
by root＠hilbert.suse.de 30 Jun '17

30 Jun '17

Hello community, here is the log from the commit of package transactional-update for openSUSE:Factory checked in at 2017-06-30 18:42:58 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/transactional-update (Old) and /work/SRC/openSUSE:Factory/.transactional-update.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "transactional-update" Fri Jun 30 18:42:58 2017 rev:12 rq:507258 version:1.19 Changes: -------- --- /work/SRC/openSUSE:Factory/transactional-update/transactional-update.changes 2017-06-29 15:16:35.056594474 +0200 +++ /work/SRC/openSUSE:Factory/.transactional-update.new/transactional-update.changes 2017-06-30 18:43:46.298235447 +0200 @@ -1,0 +2,6 @@ +Fri Jun 30 09:58:51 CEST 2017 - kukuk(a)suse.de + +- Update to version 1.19 + - Add 'shell' option for debugging and testing + +------------------------------------------------------------------- @@ -12,0 +19 @@ + - unit file cleanup, no change of behavior Old: ---- transactional-update-1.18.tar.bz2 New: ---- transactional-update-1.19.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ transactional-update.spec ++++++ --- /var/tmp/diff_new_pack.ZDHAFQ/_old 2017-06-30 18:43:46.846158378 +0200 +++ /var/tmp/diff_new_pack.ZDHAFQ/_new 2017-06-30 18:43:46.850157816 +0200 @@ -17,7 +17,7 @@ Name: transactional-update -Version: 1.18 +Version: 1.19 Release: 0 Summary: Transactional Updates with btrfs and snapshots License: GPL-2.0+ ++++++ transactional-update-1.18.tar.bz2 -> transactional-update-1.19.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/transactional-update-1.18/NEWS new/transactional-update-1.19/NEWS --- old/transactional-update-1.18/NEWS 2017-06-28 14:12:44.000000000 +0200 +++ new/transactional-update-1.19/NEWS 2017-06-30 09:55:19.000000000 +0200 @@ -2,6 +2,9 @@ Copyright (C) 2016, 2017 Thorsten Kukuk +Version 1.19 +* Add undocumented 'shell' option for debugging and testing + Version 1.18 * Auto accept product license in non-interactive mode diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/transactional-update-1.18/configure new/transactional-update-1.19/configure --- old/transactional-update-1.18/configure 2017-06-28 14:13:11.000000000 +0200 +++ new/transactional-update-1.19/configure 2017-06-30 09:55:28.000000000 +0200 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for transactional-update 1.18. +# Generated by GNU Autoconf 2.69 for transactional-update 1.19. # # # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. @@ -576,8 +576,8 @@ # Identity of this package. PACKAGE_NAME='transactional-update' PACKAGE_TARNAME='transactional-update' -PACKAGE_VERSION='1.18' -PACKAGE_STRING='transactional-update 1.18' +PACKAGE_VERSION='1.19' +PACKAGE_STRING='transactional-update 1.19' PACKAGE_BUGREPORT='' PACKAGE_URL='' @@ -1211,7 +1211,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures transactional-update 1.18 to adapt to many kinds of systems. +\`configure' configures transactional-update 1.19 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1278,7 +1278,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of transactional-update 1.18:";; + short | recursive ) echo "Configuration of transactional-update 1.19:";; esac cat <<\_ACEOF @@ -1358,7 +1358,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -transactional-update configure 1.18 +transactional-update configure 1.19 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -1375,7 +1375,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by transactional-update $as_me 1.18, which was +It was created by transactional-update $as_me 1.19, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2238,7 +2238,7 @@ # Define the identity of the package. PACKAGE='transactional-update' - VERSION='1.18' + VERSION='1.19' cat >>confdefs.h <<_ACEOF @@ -3097,7 +3097,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by transactional-update $as_me 1.18, which was +This file was extended by transactional-update $as_me 1.19, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -3150,7 +3150,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -transactional-update config.status 1.18 +transactional-update config.status 1.19 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/transactional-update-1.18/configure.ac new/transactional-update-1.19/configure.ac --- old/transactional-update-1.18/configure.ac 2017-06-28 14:12:18.000000000 +0200 +++ new/transactional-update-1.19/configure.ac 2017-06-30 09:54:59.000000000 +0200 @@ -1,5 +1,5 @@ dnl Process this file with autoconf to produce a configure script. -AC_INIT(transactional-update, 1.18) +AC_INIT(transactional-update, 1.19) AM_INIT_AUTOMAKE AC_CONFIG_SRCDIR([sbin/transactional-update.in]) AC_PREFIX_DEFAULT(/usr) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/transactional-update-1.18/sbin/transactional-update.in new/transactional-update-1.19/sbin/transactional-update.in --- old/transactional-update-1.18/sbin/transactional-update.in 2017-06-28 14:08:51.000000000 +0200 +++ new/transactional-update-1.19/sbin/transactional-update.in 2017-06-30 09:39:17.000000000 +0200 @@ -32,6 +32,7 @@ DO_ROLLBACK=0 ROLLBACK_SNAPSHOT=0 REBOOT_AFTERWARDS=0 +RUN_SHELL=0 USE_SALT_GRAINS=0 LOGFILE="/var/log/transactional-update.log" STATE_FILE="/var/lib/misc/transactional-update.state" @@ -212,6 +213,10 @@ REWRITE_GRUB_CFG=1 shift ;; + shell) + RUN_SHELL=1 + shift + ;; initrd) REWRITE_INITRD=1 REBUILD_KDUMP_INITRD=1 @@ -368,7 +373,8 @@ fi if [ -n "${ZYPPER_ARG}" -o ${REWRITE_GRUB_CFG} -eq 1 \ - -o ${REWRITE_INITRD} -eq 1 -o ${REBUILD_KDUMP_INITRD} -eq 1 ]; then + -o ${REWRITE_INITRD} -eq 1 -o ${REBUILD_KDUMP_INITRD} -eq 1 \ + -o ${RUN_SHELL} -eq 1 ]; then if [ -n "${ZYPPER_ARG}" -a -n "${ZYPPER_NONINTERACTIVE}" ]; then #check if there are updates at all @@ -518,6 +524,11 @@ fi fi + if [ ${RUN_SHELL} -eq 1 ]; then + echo "Chroot in snapshot ${SNAPSHOT_ID}, continue with 'exit'" + env PS1="transactional update # " chroot ${MOUNT_DIR} bash + fi + # unset variable unset TRANSACTIONAL_UPDATE

1 0

commit legion for openSUSE:Factory
by root＠hilbert.suse.de 30 Jun '17

30 Jun '17

Hello community, here is the log from the commit of package legion for openSUSE:Factory checked in at 2017-06-30 18:42:52 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/legion (Old) and /work/SRC/openSUSE:Factory/.legion.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "legion" Fri Jun 30 18:42:52 2017 rev:5 rq:507148 version:17.05.0 Changes: -------- --- /work/SRC/openSUSE:Factory/legion/legion.changes 2017-06-15 11:24:22.599070277 +0200 +++ /work/SRC/openSUSE:Factory/.legion.new/legion.changes 2017-06-30 18:43:45.518345143 +0200 @@ -1,0 +2,7 @@ +Thu Jun 22 15:01:27 UTC 2017 - nmoreychaisemartin(a)suse.com + +- Fix support on big endian systems by adding: + * realm-detect-big-endian-systems-and-reverse-order-of-ID-fields.patch + * tutorial-fix-bad-type-size-causing-crash-on-big-endian-systems.patch + +------------------------------------------------------------------- New: ---- realm-detect-big-endian-systems-and-reverse-order-of-ID-fields.patch tutorial-fix-bad-type-size-causing-crash-on-big-endian-systems.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ legion.spec ++++++ --- /var/tmp/diff_new_pack.h837KP/_old 2017-06-30 18:43:46.090264699 +0200 +++ /var/tmp/diff_new_pack.h837KP/_new 2017-06-30 18:43:46.090264699 +0200 @@ -25,6 +25,8 @@ Group: Productivity/Networking/Other Url: http://legion.stanford.edu/ Source0: https://github.com/StanfordLegion/legion/archive/%{name}-%{version}.tar.gz#… +Patch0: realm-detect-big-endian-systems-and-reverse-order-of-ID-fields.patch +Patch1: tutorial-fix-bad-type-size-causing-crash-on-big-endian-systems.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -34,8 +36,6 @@ BuildRequires: hwloc-devel BuildRequires: openmpi BuildRequires: openmpi-devel -# Bug opened upstream https://github.com/StanfordLegion/legion/issues/265 -ExcludeArch: ppc64 s390x %description Legion is a data-centric parallel programming system for writing portable @@ -82,6 +82,8 @@ %prep %setup -q -n %{name}-%{name}-%{version} +%patch0 +%patch1 %build %{cmake} -DLegion_USE_HWLOC=ON \ ++++++ realm-detect-big-endian-systems-and-reverse-order-of-ID-fields.patch ++++++ diff --git runtime/realm/id.h runtime/realm/id.h index b68bed1a..d645d89a 100644 --- runtime/realm/id.h +++ runtime/realm/id.h @@ -20,6 +20,16 @@ #include <iostream> +// we use bit-field structures below, and the order of them isn't guaranteed to +// match the system endianness (which itself has no standard way to be +// detected, so define our own REALM_REVERSE_ID_FIELDS which can be further +// tweaked as needed +#if defined(__BYTE_ORDER__) && defined(__ORDER_BIG_ENDIAN__) + #if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ + #define REALM_REVERSE_ID_FIELDS + #endif +#endif + namespace Realm { class ID { @@ -46,83 +56,154 @@ namespace Realm { static const unsigned MAX_NODE_ID = (1U << NODE_FIELD_WIDTH) - 2; // reserve all 1's for special cases struct FMT_Event { +#ifdef REALM_REVERSE_ID_FIELDS + IDType type_tag : 1; + IDType creator_node : NODE_FIELD_WIDTH; + IDType gen_event_idx : 27; + IDType generation : 20; +#else IDType generation : 20; IDType gen_event_idx : 27; IDType creator_node : NODE_FIELD_WIDTH; IDType type_tag : 1; +#endif static const IDType TAG_VALUE = 1; }; struct FMT_Barrier { +#ifdef REALM_REVERSE_ID_FIELDS + IDType type_tag : 4; + IDType creator_node : 16; + IDType barrier_idx : 24; + IDType generation : 20; // MUST MATCH FMT_Event::generation size +#else IDType generation : 20; // MUST MATCH FMT_Event::generation size IDType barrier_idx : 24; IDType creator_node : 16; IDType type_tag : 4; +#endif static const IDType TAG_VALUE = 0x7; }; struct FMT_Reservation { +#ifdef REALM_REVERSE_ID_FIELDS + IDType type_tag : 8; + IDType creator_node : 16; + IDType unused : 8; + IDType rsrv_idx : 32; +#else IDType rsrv_idx : 32; IDType unused : 8; IDType creator_node : 16; IDType type_tag : 8; +#endif static const IDType TAG_VALUE = 0x1f; }; struct FMT_Memory { +#ifdef REALM_REVERSE_ID_FIELDS + IDType type_tag : 8; + IDType owner_node : 16; + IDType unused : 28; + IDType mem_idx : 12; +#else IDType mem_idx : 12; IDType unused : 28; IDType owner_node : 16; IDType type_tag : 8; +#endif static const IDType TAG_VALUE = 0x1e; }; struct FMT_IB_Memory { +#ifdef REALM_REVERSE_ID_FIELDS + IDType type_tag : 8; + IDType owner_node : 16; + IDType unused : 28; + IDType mem_idx : 12; +#else IDType mem_idx : 12; IDType unused : 28; IDType owner_node : 16; IDType type_tag : 8; +#endif static const IDType TAG_VALUE = 0x1a; }; struct FMT_Instance { +#ifdef REALM_REVERSE_ID_FIELDS + IDType type_tag : 4; + IDType owner_node : 16; + IDType creator_node : 16; + IDType mem_idx : 12; + IDType inst_idx : 16; +#else IDType inst_idx : 16; IDType mem_idx : 12; IDType creator_node : 16; IDType owner_node : 16; IDType type_tag : 4; +#endif static const IDType TAG_VALUE = 0x6; }; struct FMT_Processor { +#ifdef REALM_REVERSE_ID_FIELDS + IDType type_tag : 8; + IDType owner_node : 16; + IDType unused : 28; + IDType proc_idx : 12; +#else IDType proc_idx : 12; IDType unused : 28; IDType owner_node : 16; IDType type_tag : 8; +#endif static const IDType TAG_VALUE = 0x1d; }; struct FMT_ProcGroup { +#ifdef REALM_REVERSE_ID_FIELDS + IDType type_tag : 8; + IDType owner_node : 16; + IDType creator_node : 16; + IDType pgroup_idx : 24; +#else IDType pgroup_idx : 24; IDType creator_node : 16; IDType owner_node : 16; IDType type_tag : 8; +#endif static const IDType TAG_VALUE = 0x1c; }; struct FMT_IdxSpace { +#ifdef REALM_REVERSE_ID_FIELDS + IDType type_tag : 4; + IDType owner_node : 16; + IDType creator_node : 16; + IDType idxspace_idx : 28; +#else IDType idxspace_idx : 28; IDType creator_node : 16; IDType owner_node : 16; IDType type_tag : 4; +#endif static const IDType TAG_VALUE = 0x5; }; struct FMT_Allocator { +#ifdef REALM_REVERSE_ID_FIELDS + IDType type_tag : 8; + IDType owner_node : 16; + IDType creator_node : 16; + IDType allocator_idx : 24; +#else IDType allocator_idx : 24; IDType creator_node : 16; IDType owner_node : 16; IDType type_tag : 8; +#endif static const IDType TAG_VALUE = 0x1b; }; ++++++ tutorial-fix-bad-type-size-causing-crash-on-big-endian-systems.patch ++++++ diff --git tutorial/09_custom_mapper/custom_mapper.cc tutorial/09_custom_mapper/custom_mapper.cc index 4d4adaea..3ceea606 100644 --- tutorial/09_custom_mapper/custom_mapper.cc +++ tutorial/09_custom_mapper/custom_mapper.cc @@ -709,7 +709,7 @@ void top_level_task(const Task *task, } int num_subregions = runtime->select_tunable_value(ctx, SUBREGION_TUNABLE, - PARTITIONING_MAPPER_ID).get_result<int>(); + PARTITIONING_MAPPER_ID).get_result<size_t>(); printf("Running daxpy for %d elements...\n", num_elements); printf("Partitioning data into %d sub-regions...\n", num_subregions);

1 0

commit policycoreutils for openSUSE:Factory
by root＠hilbert.suse.de 30 Jun '17

30 Jun '17

Hello community, here is the log from the commit of package policycoreutils for openSUSE:Factory checked in at 2017-06-30 18:42:49 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/policycoreutils (Old) and /work/SRC/openSUSE:Factory/.policycoreutils.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "policycoreutils" Fri Jun 30 18:42:49 2017 rev:41 rq:507122 version:2.5 Changes: -------- --- /work/SRC/openSUSE:Factory/policycoreutils/policycoreutils.changes 2016-08-05 18:16:35.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.policycoreutils.new/policycoreutils.changes 2017-06-30 18:43:44.570478466 +0200 @@ -1,0 +2,6 @@ +Mon Dec 19 07:21:22 UTC 2016 - jsegitz(a)novell.com + +- Added CVE-2016-7545_sandbox_escape.patch to fix CVE-2016-7545, bsc#1000998 + Sandboxed session could have escaped to the parent session + +------------------------------------------------------------------- New: ---- CVE-2016-7545_sandbox_escape.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ policycoreutils.spec ++++++ --- /var/tmp/diff_new_pack.38zjuk/_old 2017-06-30 18:43:45.290377208 +0200 +++ /var/tmp/diff_new_pack.38zjuk/_new 2017-06-30 18:43:45.294376645 +0200 @@ -1,7 +1,7 @@ # # spec file for package policycoreutils # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -40,6 +40,7 @@ Patch4: policycoreutils-initscript.patch Patch5: policycoreutils-pam-common.patch Patch10: loadpolicy_path.patch +Patch11: CVE-2016-7545_sandbox_escape.patch BuildRequires: audit-devel >= %{libaudit_ver} BuildRequires: dbus-1-glib-devel BuildRequires: fdupes @@ -108,7 +109,6 @@ Group: Productivity/Security Requires: policycoreutils-python = %{version} Requires: xorg-x11-server-extra -# Requires: matchbox-window-manager %description sandbox The sandbox package contains the scripts to create graphical sandboxes. @@ -127,8 +127,6 @@ Summary: SELinux configuration GUI Group: Productivity/Security Requires: policycoreutils-python = %{version} -# Requires: gnome-python2-canvas -# Requires: usermode-gtk Requires: python Requires: python-gnome Requires: python-gtk @@ -143,9 +141,7 @@ %patch4 %patch5 %patch10 -p1 -# sleep 5 -# touch po/policycoreutils.pot -# sleep 5 +%patch11 -p1 %build export SUSE_ASNEEDED=0 ++++++ CVE-2016-7545_sandbox_escape.patch ++++++ Index: policycoreutils-2.5/sandbox/sandbox =================================================================== --- policycoreutils-2.5.orig/sandbox/sandbox 2016-02-23 17:31:41.000000000 +0100 +++ policycoreutils-2.5/sandbox/sandbox 2016-12-19 08:20:38.507223657 +0100 @@ -467,10 +467,15 @@ sandbox [-h] [-l level ] [-[X|M] [-H hom cmds += ["--"] + self.__paths return subprocess.Popen(cmds).wait() - selinux.setexeccon(self.__execcon) - rc = subprocess.Popen(self.__cmds).wait() - selinux.setexeccon(None) - return rc + pid = os.fork() + if pid == 0: + rc = os.setsid() + if rc: + return rc + selinux.setexeccon(self.__execcon) + os.execv(self.__cmds[0], self.__cmds) + rc = os.waitpid(pid, 0) + return os.WEXITSTATUS(rc[1]) finally: for i in self.__paths:

1 0

commit ucode-intel for openSUSE:Factory
by root＠hilbert.suse.de 30 Jun '17

30 Jun '17

Hello community, here is the log from the commit of package ucode-intel for openSUSE:Factory checked in at 2017-06-30 18:42:45 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ucode-intel (Old) and /work/SRC/openSUSE:Factory/.ucode-intel.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "ucode-intel" Fri Jun 30 18:42:45 2017 rev:26 rq:507079 version:20170511 Changes: -------- --- /work/SRC/openSUSE:Factory/ucode-intel/ucode-intel.changes 2017-05-22 10:48:45.014201515 +0200 +++ /work/SRC/openSUSE:Factory/.ucode-intel.new/ucode-intel.changes 2017-06-30 18:43:43.838581412 +0200 @@ -4 +4,12 @@ -- Update to version 20170511 +- Update to version 20170511: + + BDX-ML B0/M0/R0 (06-4f-01:ef) b00001f->b000021 + Skylake D0 (06-4e-03:c0) 9e->ba + Broadwell ULT/ULX E/F-step (06-3d-04:c0) 24->25 + ULT Cx/Dx (06-45-01:72) 1f->20 + Crystalwell Cx (06-46-01:32) 16->17 + Broadwell Halo E/G-step (06-47-01:22) 16->17 + HSX EX E0 (06-3f-04:80) d->f + Skylake R0 (06-5e-03:36) 9e->ba + Haswell Cx/Dx (06-3c-03:32) 20->22 + HSX C0 (06-3f-02:6f) 39->3a ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------

1 0

commit libyubikey for openSUSE:Factory
by root＠hilbert.suse.de 30 Jun '17

30 Jun '17

Hello community, here is the log from the commit of package libyubikey for openSUSE:Factory checked in at 2017-06-30 18:42:40 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libyubikey (Old) and /work/SRC/openSUSE:Factory/.libyubikey.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "libyubikey" Fri Jun 30 18:42:40 2017 rev:3 rq:507072 version:1.13 Changes: -------- --- /work/SRC/openSUSE:Factory/libyubikey/libyubikey.changes 2015-04-15 16:27:42.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.libyubikey.new/libyubikey.changes 2017-06-30 18:43:40.970984756 +0200 @@ -1,0 +2,7 @@ +Mon Jun 26 11:49:15 UTC 2017 - mpluskal(a)suse.com + +- Add gpg signature +- Make building more verbose +- Enable internal testsuite + +------------------------------------------------------------------- New: ---- libyubikey-1.13.tar.gz.sig libyubikey.keyring ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libyubikey.spec ++++++ --- /var/tmp/diff_new_pack.6ozmq5/_old 2017-06-30 18:43:41.458916125 +0200 +++ /var/tmp/diff_new_pack.6ozmq5/_new 2017-06-30 18:43:41.462915563 +0200 @@ -1,7 +1,7 @@ # # spec file for package libyubikey # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,6 +16,7 @@ # +%define sover 0 Name: libyubikey Version: 1.13 Release: 0 @@ -25,53 +26,62 @@ Url: https://developers.yubico.com/ # a different tarball is available from github. It will not build with this spec file Source0: https://developers.yubico.com/yubico-c/Releases/%{name}-%{version}.tar.gz -BuildRoot: %{_tmppath}/%{name}-%{version}-build +Source1: https://developers.yubico.com/yubico-c/Releases/%{name}-%{version}.tar.gz.s… +Source2: %{name}.keyring %description -Low-level library for decrypting and parsing Yubikey One-Time Passwords (OTP) in C. +Low-level library for decrypting and parsing Yubikey One-Time Passwords +(OTP) in C. -%package -n libyubikey0 +%package -n %{name}%{sover} Summary: Yubico's USB key low-level C library Group: Productivity/Networking/Security -%description -n libyubikey0 -Low-level library for decrypting and parsing Yubikey One-Time Passwords (OTP) in C. +%description -n %{name}%{sover} +Low-level library for decrypting and parsing Yubikey One-Time Passwords +(OTP) in C. %package devel Summary: Yubico's USB key low-level C library Group: Development/Libraries/C and C++ +Requires: %{name}%{sover} = %{version} Requires: glibc-devel -Requires: libyubikey0 = %{version} %description devel -Low-level library for decrypting and parsing Yubikey One-Time Passwords (OTP) in C. +Low-level library for decrypting and parsing Yubikey One-Time Passwords +(OTP) in C. %package tools Summary: Tools to support Yubico's USB key low-level C library Group: Development/Libraries/C and C++ -Requires: libyubikey0 = %{version} %description tools -Binary tools to support Yubico's Low-level library for decrypting and parsing Yubikey One-Time Passwords (OTP) in C. +Binary tools to support Yubico's Low-level library for decrypting and +parsing Yubikey One-Time Passwords (OTP) in C. %prep %setup -q %build -%configure --disable-static +%configure \ + --disable-silent-rules \ + --disable-static sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool make %{?_smp_mflags} %install - -make DESTDIR=%{buildroot} install %{?_smp_mflags} +%make_install find %{buildroot} -type f -name "*.la" -delete -print -%post -n libyubikey0 -p /sbin/ldconfig +%check +# path needs to be exported otherwise unit tests will fail +export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:%{buildroot}%{_libdir} +make %{?_smp_mflags} check -%postun -n libyubikey0 -p /sbin/ldconfig +%post -n %{name}%{sover} -p /sbin/ldconfig +%postun -n %{name}%{sover} -p /sbin/ldconfig %files tools %defattr(-,root,root,-) @@ -79,12 +89,14 @@ %{_bindir}/modhex %{_bindir}/ykgenerate %{_bindir}/ykparse -%{_mandir}/man1/* +%{_mandir}/man1/modhex.1%{ext_man} +%{_mandir}/man1/ykgenerate.1%{ext_man} +%{_mandir}/man1/ykparse.1%{ext_man} -%files -n libyubikey0 +%files -n %{name}%{sover} %defattr(-,root,root,-) %doc COPYING AUTHORS NEWS -%{_libdir}/libyubikey.so.* +%{_libdir}/libyubikey.so.%{sover}* %files devel %defattr(-,root,root,-)

1 0

commit lxqt-config for openSUSE:Factory
by root＠hilbert.suse.de 30 Jun '17

30 Jun '17

Hello community, here is the log from the commit of package lxqt-config for openSUSE:Factory checked in at 2017-06-30 18:42:37 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/lxqt-config (Old) and /work/SRC/openSUSE:Factory/.lxqt-config.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "lxqt-config" Fri Jun 30 18:42:37 2017 rev:12 rq:507071 version:0.11.1 Changes: -------- --- /work/SRC/openSUSE:Factory/lxqt-config/lxqt-config.changes 2017-03-12 19:59:00.520133138 +0100 +++ /work/SRC/openSUSE:Factory/.lxqt-config.new/lxqt-config.changes 2017-06-30 18:43:40.215091077 +0200 @@ -1,0 +2,6 @@ +Tue Jun 20 15:23:01 UTC 2017 - alarrosa(a)suse.com + +- Add add-include-directory-for-uic-files.diff to fix a failing build by + including the directory where uic files are generated. + +------------------------------------------------------------------- New: ---- add-include-directory-for-uic-files.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ lxqt-config.spec ++++++ --- /var/tmp/diff_new_pack.J7snFI/_old 2017-06-30 18:43:40.763014008 +0200 +++ /var/tmp/diff_new_pack.J7snFI/_new 2017-06-30 18:43:40.767013446 +0200 @@ -26,6 +26,8 @@ Source: http://downloads.lxqt.org/lxqt/%{version}/%{name}-%{version}.tar.xz Source1: http://downloads.lxqt.org/lxqt/%{version}/%{name}-%{version}.tar.xz.asc Source2: lxqt-config.keyring +# PATCH-FIX-UPSTREAM add-include-directory-for-uic-files.diff -- Fix build by including the directory where uic files are generated +Patch0: add-include-directory-for-uic-files.diff BuildRequires: cmake >= 3.0.2 BuildRequires: fdupes BuildRequires: gcc-c++ @@ -58,6 +60,7 @@ %prep %setup -q +%patch0 -p1 # Changing LXQt into X-LXQt in desktop files to be freedesktop compliant and shut rpmlint warnings #find -name '*desktop.in*' -exec sed -ri 's/(LXQt;)/X-\1/' {} + ++++++ add-include-directory-for-uic-files.diff ++++++ Index: lxqt-config-0.11.1/liblxqt-config-cursor/CMakeLists.txt =================================================================== --- lxqt-config-0.11.1.orig/liblxqt-config-cursor/CMakeLists.txt +++ lxqt-config-0.11.1/liblxqt-config-cursor/CMakeLists.txt @@ -8,6 +8,7 @@ link_libraries(${XCB_LIBRARIES}) include_directories ( ${X11_INCLUDE_DIR} ${CMAKE_CURRENT_SOURCE_DIR}/xcr + ${AUTOGEN_TARGETS_FOLDER} ) set(lxqt-config-cursor_HDRS Index: lxqt-config-0.11.1/lxqt-config-appearance/CMakeLists.txt =================================================================== --- lxqt-config-0.11.1.orig/lxqt-config-appearance/CMakeLists.txt +++ lxqt-config-0.11.1/lxqt-config-appearance/CMakeLists.txt @@ -4,6 +4,7 @@ include_directories( ${Qt5Gui_PRIVATE_INCLUDE_DIRS} "${CMAKE_CURRENT_SOURCE_DIR}/../liblxqt-config-cursor" "${CMAKE_CURRENT_BINARY_DIR}/../liblxqt-config-cursor" + "${CMAKE_CURRENT_BINARY_DIR}/../liblxqt-config-cursor/lxqt-config-cursor_autogen/include" ) set(H_FILES Index: lxqt-config-0.11.1/lxqt-config-monitor/CMakeLists.txt =================================================================== --- lxqt-config-0.11.1.orig/lxqt-config-monitor/CMakeLists.txt +++ lxqt-config-0.11.1/lxqt-config-monitor/CMakeLists.txt @@ -3,6 +3,10 @@ project(lxqt-config-monitor) find_package(KF5Screen REQUIRED) find_package(Qt5Svg REQUIRED) +include_directories( + "${CMAKE_CURRENT_BINARY_DIR}/../liblxqt-config-cursor/lxqt-config-cursor_autogen/include" +) + set(HEADERS monitorsettingsdialog.h monitor.h Index: lxqt-config-0.11.1/lxqt-config-input/CMakeLists.txt =================================================================== --- lxqt-config-0.11.1.orig/lxqt-config-input/CMakeLists.txt +++ lxqt-config-0.11.1/lxqt-config-input/CMakeLists.txt @@ -5,6 +5,7 @@ include_directories( ${X11_INCLUDE_DIR} "${CMAKE_CURRENT_SOURCE_DIR}/../liblxqt-config-cursor" "${CMAKE_CURRENT_BINARY_DIR}/../liblxqt-config-cursor" + "${CMAKE_CURRENT_BINARY_DIR}/../liblxqt-config-cursor/lxqt-config-cursor_autogen/include" ) set(lxqt-config-input_HDRS

1 0