Hello community, here is the log from the commit of package lxc for openSUSE:Factory checked in at 2015-08-12 15:15:29 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/lxc (Old) and /work/SRC/openSUSE:Factory/.lxc.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "lxc" Changes: -------- --- /work/SRC/openSUSE:Factory/lxc/lxc.changes 2015-07-27 09:13:52.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.lxc.new/lxc.changes 2015-08-12 15:15:30.000000000 +0200 @@ -1,0 +2,5 @@ +Wed Aug 5 08:17:01 UTC 2015 - [email protected] + +- Added templates-lxc-opensuse-use-rpm-to-determine-build-ve.patch + +------------------------------------------------------------------- New: ---- templates-lxc-opensuse-use-rpm-to-determine-build-ve.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ lxc.spec ++++++ --- /var/tmp/diff_new_pack.5QT6Nt/_old 2015-08-12 15:15:31.000000000 +0200 +++ /var/tmp/diff_new_pack.5QT6Nt/_new 2015-08-12 15:15:31.000000000 +0200 @@ -30,6 +30,7 @@ Patch1: CVE-2015-1331-lxclock-use-run-lxc-lock-rather-than-r.patch Patch2: attach-mount-a-sane-prox-for-LSM-setup.patch Patch3: CVE-2015-1334-Don-t-use-the-container-s-proc-during-.patch +Patch4: templates-lxc-opensuse-use-rpm-to-determine-build-ve.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -83,6 +84,7 @@ %patch1 -p1 %patch2 -p1 %patch3 -p1 +%patch4 -p1 %build chmod 755 configure ++++++ CVE-2015-1331-lxclock-use-run-lxc-lock-rather-than-r.patch ++++++ --- /var/tmp/diff_new_pack.5QT6Nt/_old 2015-08-12 15:15:31.000000000 +0200 +++ /var/tmp/diff_new_pack.5QT6Nt/_new 2015-08-12 15:15:31.000000000 +0200 @@ -5,6 +5,7 @@ Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Patch-mainline: yes +Git-commit: 72cf81f6a3404e35028567db2c99a90406e9c6e6 References: bnc#938522 This prevents an unprivileged user to use LXC to create arbitrary file ++++++ CVE-2015-1334-Don-t-use-the-container-s-proc-during-.patch ++++++ --- /var/tmp/diff_new_pack.5QT6Nt/_old 2015-08-12 15:15:31.000000000 +0200 +++ /var/tmp/diff_new_pack.5QT6Nt/_new 2015-08-12 15:15:31.000000000 +0200 @@ -5,6 +5,7 @@ Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Patch-mainline: yes +Git-commit: 5c3fcae78b63ac9dd56e36075903921bd9461f9e References: bnc#938523 A user could otherwise over-mount /proc and prevent the apparmor profile ++++++ attach-mount-a-sane-prox-for-LSM-setup.patch ++++++ --- /var/tmp/diff_new_pack.5QT6Nt/_old 2015-08-12 15:15:31.000000000 +0200 +++ /var/tmp/diff_new_pack.5QT6Nt/_new 2015-08-12 15:15:31.000000000 +0200 @@ -4,7 +4,8 @@ MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit -Patch-mainline: no +Patch-mainline: yes +Git-commit: ced03a017b2d72b44bd76ee195fd2c953120f49b References: bnc#938523 To set lsm labels, a namespace-local proc mount is needed. ++++++ templates-lxc-opensuse-use-rpm-to-determine-build-ve.patch ++++++ From: Jiri Slaby <[email protected]> Date: Wed, 5 Aug 2015 10:32:54 +0200 Subject: templates: lxc-opensuse, use rpm to determine build version Patch-mainline: yes Git-commit: fe89217a880dafc8da0357fa1444e24d0bf9f202 zypper info's output is not usable for several reasons: * it is localized -- there is no "Version: " in my output * it shows results both from the repo and local system So use plain rpm to determine whether build is installed and if proper version is in place. Signed-off-by: Jiri Slaby <[email protected]> --- templates/lxc-opensuse.in | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/templates/lxc-opensuse.in b/templates/lxc-opensuse.in index 7c0a40ee2cb1..45b072c68c60 100644 --- a/templates/lxc-opensuse.in +++ b/templates/lxc-opensuse.in @@ -422,7 +422,8 @@ if [ -z "$path" ]; then fi if grep -q Harlequin /etc/os-release || grep -q Tumbleweed /etc/os-release ; then - if [[ "$(zypper info build|awk -F "[- ]" '/Version/ {print $2}')" -lt "20141120" ]] ; then + BVER=`rpm -q --qf '%{version}\n' build` + if [ $? -ne 0 -o "$BVER" -lt "20141120" ]; then echo "Building openSUSE containers with your version of the build package is broken. Please install the update to version 20141120 or newer." exit 1 fi -- 2.5.0
