![](https://seccdn.libravatar.org/avatar/e2145bc5cf53dda95c308a3c75e8fef3.jpg?s=120&d=mm&r=g)
Hello community,
here is the log from the commit of package lxc for openSUSE:Factory checked in at 2015-08-12 15:15:29
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/lxc (Old)
and /work/SRC/openSUSE:Factory/.lxc.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "lxc"
Changes:
--------
--- /work/SRC/openSUSE:Factory/lxc/lxc.changes 2015-07-27 09:13:52.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.lxc.new/lxc.changes 2015-08-12 15:15:30.000000000 +0200
@@ -1,0 +2,5 @@
+Wed Aug 5 08:17:01 UTC 2015 - jslaby@suse.com
+
+- Added templates-lxc-opensuse-use-rpm-to-determine-build-ve.patch
+
+-------------------------------------------------------------------
New:
----
templates-lxc-opensuse-use-rpm-to-determine-build-ve.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ lxc.spec ++++++
--- /var/tmp/diff_new_pack.5QT6Nt/_old 2015-08-12 15:15:31.000000000 +0200
+++ /var/tmp/diff_new_pack.5QT6Nt/_new 2015-08-12 15:15:31.000000000 +0200
@@ -30,6 +30,7 @@
Patch1: CVE-2015-1331-lxclock-use-run-lxc-lock-rather-than-r.patch
Patch2: attach-mount-a-sane-prox-for-LSM-setup.patch
Patch3: CVE-2015-1334-Don-t-use-the-container-s-proc-during-.patch
+Patch4: templates-lxc-opensuse-use-rpm-to-determine-build-ve.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@@ -83,6 +84,7 @@
%patch1 -p1
%patch2 -p1
%patch3 -p1
+%patch4 -p1
%build
chmod 755 configure
++++++ CVE-2015-1331-lxclock-use-run-lxc-lock-rather-than-r.patch ++++++
--- /var/tmp/diff_new_pack.5QT6Nt/_old 2015-08-12 15:15:31.000000000 +0200
+++ /var/tmp/diff_new_pack.5QT6Nt/_new 2015-08-12 15:15:31.000000000 +0200
@@ -5,6 +5,7 @@
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Patch-mainline: yes
+Git-commit: 72cf81f6a3404e35028567db2c99a90406e9c6e6
References: bnc#938522
This prevents an unprivileged user to use LXC to create arbitrary file
++++++ CVE-2015-1334-Don-t-use-the-container-s-proc-during-.patch ++++++
--- /var/tmp/diff_new_pack.5QT6Nt/_old 2015-08-12 15:15:31.000000000 +0200
+++ /var/tmp/diff_new_pack.5QT6Nt/_new 2015-08-12 15:15:31.000000000 +0200
@@ -5,6 +5,7 @@
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Patch-mainline: yes
+Git-commit: 5c3fcae78b63ac9dd56e36075903921bd9461f9e
References: bnc#938523
A user could otherwise over-mount /proc and prevent the apparmor profile
++++++ attach-mount-a-sane-prox-for-LSM-setup.patch ++++++
--- /var/tmp/diff_new_pack.5QT6Nt/_old 2015-08-12 15:15:31.000000000 +0200
+++ /var/tmp/diff_new_pack.5QT6Nt/_new 2015-08-12 15:15:31.000000000 +0200
@@ -4,7 +4,8 @@
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
-Patch-mainline: no
+Patch-mainline: yes
+Git-commit: ced03a017b2d72b44bd76ee195fd2c953120f49b
References: bnc#938523
To set lsm labels, a namespace-local proc mount is needed.
++++++ templates-lxc-opensuse-use-rpm-to-determine-build-ve.patch ++++++
From: Jiri Slaby
participants (1)
-
root@hilbert.suse.de