Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package uid_wrapper for openSUSE:Factory
checked in at 2021-12-16 21:18:43
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/uid_wrapper (Old)
and /work/SRC/openSUSE:Factory/.uid_wrapper.new.2520 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "uid_wrapper"
Thu Dec 16 21:18:43 2021 rev:13 rq:940395 version:1.2.9
Changes:
--------
--- /work/SRC/openSUSE:Factory/uid_wrapper/uid_wrapper.changes 2021-04-12
12:33:44.425051794 +0200
+++ /work/SRC/openSUSE:Factory/.uid_wrapper.new.2520/uid_wrapper.changes
2021-12-16 21:18:51.242510777 +0100
@@ -1,0 +2,7 @@
+Thu Dec 2 13:50:42 UTC 2021 - Andreas Schneider <a...@cryptomilk.org>
+
+- Update to version 1.2.9
+ * Add support for getgroups_chk()
+ * Added (de)contructor support on AIX with pragma init/finish
+
+-------------------------------------------------------------------
Old:
----
uid_wrapper-1.2.8.tar.gz
uid_wrapper-1.2.8.tar.gz.asc
New:
----
uid_wrapper-1.2.9.tar.gz
uid_wrapper-1.2.9.tar.gz.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ uid_wrapper.spec ++++++
--- /var/tmp/diff_new_pack.fTCDES/_old 2021-12-16 21:18:52.238511155 +0100
+++ /var/tmp/diff_new_pack.fTCDES/_new 2021-12-16 21:18:52.242511157 +0100
@@ -23,7 +23,7 @@
#
############################# NOTE ##################################
Name: uid_wrapper
-Version: 1.2.8
+Version: 1.2.9
Release: 0
Summary: A wrapper for privilege seperation
License: GPL-3.0-or-later
++++++ uid_wrapper-1.2.8.tar.gz -> uid_wrapper-1.2.9.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/uid_wrapper-1.2.8/.gitlab-ci.yml
new/uid_wrapper-1.2.9/.gitlab-ci.yml
--- old/uid_wrapper-1.2.8/.gitlab-ci.yml 2019-07-15 10:59:11.000000000
+0200
+++ new/uid_wrapper-1.2.9/.gitlab-ci.yml 2021-11-08 15:46:40.000000000
+0100
@@ -5,7 +5,7 @@
CENTOS7_BUILD: buildenv-centos7
TUMBLEWEED_BUILD: buildenv-tumbleweed
MINGW_BUILD: buildenv-mingw
- DEBIAN_CROSS_BUILD: buildenv-debian-cross
+ UBUNTU_BUILD: buildenv-ubuntu
centos7/x86_64:
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$CENTOS7_BUILD
@@ -133,30 +133,6 @@
paths:
- obj/
-.Debian.cross.template: &Debian_cross_template
- stage: test
- image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$DEBIAN_CROSS_BUILD
- script:
- - build=$(dpkg-architecture -qDEB_HOST_GNU_TYPE)
- - host="${CI_JOB_NAME#*.cross.}"
- - mkdir -p obj && cd obj && cmake
- -DCMAKE_TOOLCHAIN_FILE=../cmake/Toolchain-Debian-mips.cmake
- -DCMAKE_BUILD_TYPE=RelWithDebInfo
- -DUNIT_TESTING=ON .. && make -j$(nproc) &&
- ctest --output-on-failure
- tags:
- - shared
- except:
- - tags
- artifacts:
- expire_in: 1 week
- when: on_failure
- paths:
- - obj/
-
-Debian.cross.mips-linux-gnu:
- <<: *Debian_cross_template
-
tumbleweed/x86_64/gcc:
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$TUMBLEWEED_BUILD
script:
@@ -233,3 +209,21 @@
when: on_failure
paths:
- obj/scan
+
+ubuntu/x86_64:
+ image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$UBUNTU_BUILD
+ script:
+ - mkdir -p obj && cd obj && cmake
+ -DCMAKE_BUILD_TYPE=RelWithDebInfo
+ -DPICKY_DEVELOPER=ON
+ -DUNIT_TESTING=ON .. &&
+ make -j$(nproc) && ctest --output-on-failure
+ tags:
+ - shared
+ except:
+ - tags
+ artifacts:
+ expire_in: 1 week
+ when: on_failure
+ paths:
+ - obj/
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/uid_wrapper-1.2.8/CMakeLists.txt
new/uid_wrapper-1.2.9/CMakeLists.txt
--- old/uid_wrapper-1.2.8/CMakeLists.txt 2020-03-05 15:43:46.000000000
+0100
+++ new/uid_wrapper-1.2.9/CMakeLists.txt 2021-12-02 14:46:31.000000000
+0100
@@ -11,7 +11,7 @@
include(DefineCMakeDefaults)
include(DefineCompilerFlags)
-project(uid_wrapper VERSION 1.2.8 LANGUAGES C)
+project(uid_wrapper VERSION 1.2.9 LANGUAGES C)
# global needed variables
set(APPLICATION_NAME ${PROJECT_NAME})
@@ -23,7 +23,7 @@
# Increment AGE. Set REVISION to 0
# If the source code was changed, but there were no interface changes:
# Increment REVISION.
-set(LIBRARY_VERSION "0.0.9")
+set(LIBRARY_VERSION "0.1.0")
set(LIBRARY_SOVERSION "0")
# add definitions
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/uid_wrapper-1.2.8/ChangeLog
new/uid_wrapper-1.2.9/ChangeLog
--- old/uid_wrapper-1.2.8/ChangeLog 2020-03-05 15:43:14.000000000 +0100
+++ new/uid_wrapper-1.2.9/ChangeLog 2021-12-02 14:46:31.000000000 +0100
@@ -1,6 +1,10 @@
ChangeLog
==========
+version 1.2.9 (released 2021-12-02)
+ * Add support for getgroups_chk()
+ * Added (de)contructor support on AIX with pragma init/finish
+
version 1.2.8 (released 2020-03-05)
* Fix path in pkgconfig module
* Fix path in cmake find module
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/uid_wrapper-1.2.8/ConfigureChecks.cmake
new/uid_wrapper-1.2.9/ConfigureChecks.cmake
--- old/uid_wrapper-1.2.8/ConfigureChecks.cmake 2019-10-18 12:27:23.000000000
+0200
+++ new/uid_wrapper-1.2.9/ConfigureChecks.cmake 2021-12-02 14:37:46.000000000
+0100
@@ -65,6 +65,7 @@
check_function_exists(setresgid HAVE_SETRESGID)
check_function_exists(getgroups HAVE_GETGROUPS)
+check_function_exists(__getgroups_chk HAVE___GETGROUPS_CHK)
check_function_exists(setgroups HAVE_SETGROUPS)
if (HAVE_SETGROUPS)
@@ -163,6 +164,32 @@
return 0;
}" HAVE_DESTRUCTOR_ATTRIBUTE)
+check_c_source_compiles("
+#pragma init (test_constructor)
+void test_constructor(void);
+
+void test_constructor(void)
+{
+ return;
+}
+
+int main(void) {
+ return 0;
+}" HAVE_PRAGMA_INIT)
+
+check_c_source_compiles("
+#pragma fini (test_destructor)
+void test_destructor(void);
+
+void test_destructor(void)
+{
+ return;
+}
+
+int main(void) {
+ return 0;
+}" HAVE_PRAGMA_FINI)
+
# If this produces a warning treat it as error!
set(CMAKE_REQUIRED_FLAGS "-Werror")
check_c_source_compiles("
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/uid_wrapper-1.2.8/README.install
new/uid_wrapper-1.2.9/README.install
--- old/uid_wrapper-1.2.8/README.install 2014-07-31 10:24:25.000000000
+0200
+++ new/uid_wrapper-1.2.9/README.install 2021-12-02 14:37:46.000000000
+0100
@@ -32,10 +32,6 @@
$ cmake -DCMAKE_INSTALL_PREFIX=<prefix> ..
-or on a 64 bit red hat system:
-
- $ cmake -DCMAKE_INSTALL_PREFIX=<prefix> -DLIB_SUFFIX=64 ..
-
The "<prefix>" should be replaced by the intended installation
target prefix directory, typically /usr or /usr/local.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/uid_wrapper-1.2.8/README.md
new/uid_wrapper-1.2.9/README.md
--- old/uid_wrapper-1.2.8/README.md 2019-07-15 08:11:02.000000000 +0200
+++ new/uid_wrapper-1.2.9/README.md 2021-12-02 14:37:46.000000000 +0100
@@ -1,7 +1,7 @@
UID_WRAPPER
===========
-This is a wrapper for the user, group and hosts NSS API.
+This is a testing tool to fake privilege separition without being root.
DESCRIPTION
-----------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/uid_wrapper-1.2.8/config.h.cmake
new/uid_wrapper-1.2.9/config.h.cmake
--- old/uid_wrapper-1.2.8/config.h.cmake 2019-10-18 12:27:23.000000000
+0200
+++ new/uid_wrapper-1.2.9/config.h.cmake 2021-12-02 14:37:46.000000000
+0100
@@ -41,6 +41,10 @@
/* Define to 1 if you have the `getresgid' function. */
#cmakedefine HAVE_GETRESGID 1
+/* Define to 1 if you have the `getgroups' function. */
+#cmakedefine HAVE_GETGROUPS 1
+#cmakedefine HAVE___GETGROUPS_CHK 1
+
/* Define to 1 if you have the `setgroups' function. */
#cmakedefine HAVE_SETGROUPS 1
#cmakedefine HAVE_SETGROUPS_INT 1
@@ -61,6 +65,8 @@
#cmakedefine HAVE_GCC_ATOMIC_BUILTINS 1
#cmakedefine HAVE_CONSTRUCTOR_ATTRIBUTE 1
#cmakedefine HAVE_DESTRUCTOR_ATTRIBUTE 1
+#cmakedefine HAVE_PRAGMA_INIT 1
+#cmakedefine HAVE_PRAGMA_FINI 1
#cmakedefine HAVE_ADDRESS_SANITIZER_ATTRIBUTE 1
#cmakedefine HAVE_FUNCTION_ATTRIBUTE_FORMAT 1
#cmakedefine HAVE_FALLTHROUGH_ATTRIBUTE 1
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/uid_wrapper-1.2.8/src/uid_wrapper.c
new/uid_wrapper-1.2.9/src/uid_wrapper.c
--- old/uid_wrapper-1.2.8/src/uid_wrapper.c 2019-07-16 11:15:57.000000000
+0200
+++ new/uid_wrapper-1.2.9/src/uid_wrapper.c 2021-12-02 14:37:46.000000000
+0100
@@ -240,6 +240,9 @@
typedef gid_t (*__libc_getegid)(void);
typedef int (*__libc_getgroups)(int size, gid_t list[]);
+#ifdef HAVE___GETGROUPS_CHK
+typedef int (*__libc___getgroups_chk)(int size, gid_t list[], size_t listlen);
+#endif
typedef int (*__libc_setgroups)(size_t size, const gid_t *list);
@@ -285,6 +288,9 @@
#endif
UWRAP_SYMBOL_ENTRY(getegid);
UWRAP_SYMBOL_ENTRY(getgroups);
+#ifdef HAVE___GETGROUPS_CHK
+ UWRAP_SYMBOL_ENTRY(__getgroups_chk);
+#endif
UWRAP_SYMBOL_ENTRY(setgroups);
#ifdef HAVE_SYSCALL
UWRAP_SYMBOL_ENTRY(syscall);
@@ -374,7 +380,14 @@
*********************************************************/
bool uid_wrapper_enabled(void);
+#if ! defined(HAVE_CONSTRUCTOR_ATTRIBUTE) && defined(HAVE_PRAGMA_INIT)
+/* xlC and other oldschool compilers support (only) this */
+#pragma init (uwrap_constructor)
+#endif
void uwrap_constructor(void) CONSTRUCTOR_ATTRIBUTE;
+#if ! defined(HAVE_DESTRUCTOR_ATTRIBUTE) && defined(HAVE_PRAGMA_FINI)
+#pragma fini (uwrap_destructor)
+#endif
void uwrap_destructor(void) DESTRUCTOR_ATTRIBUTE;
/*********************************************************
@@ -630,6 +643,17 @@
return uwrap.libc.symbols._libc_getgroups.f(size, list);
}
+#ifdef HAVE___GETGROUPS_CHK
+static int libc___getgroups_chk(int size, gid_t list[], size_t listlen)
+{
+ uwrap_bind_symbol_libc(__getgroups_chk);
+
+ return uwrap.libc.symbols._libc___getgroups_chk.f(size,
+ list,
+ listlen);
+}
+#endif /* HAVE___GETGROUPS_CHK */
+
static int libc_setgroups(size_t size, const gid_t *list)
{
uwrap_bind_symbol_libc(setgroups);
@@ -2130,6 +2154,30 @@
return uwrap_getgroups(size, list);
}
+#ifdef HAVE___GETGROUPS_CHK
+static int uwrap___getgroups_chk(int size, gid_t *list, size_t listlen)
+{
+ if (size * sizeof(gid_t) > listlen) {
+ UWRAP_LOG(UWRAP_LOG_DEBUG, "Buffer overflow detected");
+ abort();
+ }
+
+ return uwrap_getgroups(size, list);
+}
+
+int __getgroups_chk(int size, gid_t *list, size_t listlen);
+
+int __getgroups_chk(int size, gid_t *list, size_t listlen)
+{
+ if (!uid_wrapper_enabled()) {
+ return libc___getgroups_chk(size, list, listlen);
+ }
+
+ uwrap_init();
+ return uwrap___getgroups_chk(size, list, listlen);
+}
+#endif /* HAVE___GETGROUPS_CHK */
+
#if (defined(HAVE_SYS_SYSCALL_H) || defined(HAVE_SYSCALL_H)) \
&& (defined(SYS_setreuid) || defined(SYS_setreuid32))
static long int uwrap_syscall (long int sysno, va_list vp)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/uid_wrapper-1.2.8/tests/test_setresgid_unprivileged.c
new/uid_wrapper-1.2.9/tests/test_setresgid_unprivileged.c
--- old/uid_wrapper-1.2.8/tests/test_setresgid_unprivileged.c 2015-10-30
13:41:32.000000000 +0100
+++ new/uid_wrapper-1.2.9/tests/test_setresgid_unprivileged.c 2021-11-08
15:48:02.000000000 +0100
@@ -74,7 +74,8 @@
assert_int_equal(cp_egid, 0x0);
assert_int_equal(cp_sgid, 0x0);
- setresuid(0x0, 0x0, 0x0);
+ rc = setresuid(0x0, 0x0, 0x0);
+ assert_int_equal(rc, 0x0);
}
static void test_uwrap_setresgid_unprivileged_uid_and_gid(void **state)
@@ -129,8 +130,10 @@
assert_int_equal(rc, -1);
assert_int_equal(errno, EPERM);
- setresuid(0x0, 0x0, 0x0);
- setresgid(0x0, 0x0, 0x0);
+ rc = setresuid(0x0, 0x0, 0x0);
+ assert_int_equal(rc, 0x0);
+ rc = setresgid(0x0, 0x0, 0x0);
+ assert_int_equal(rc, 0x0);
}
int main(void) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/uid_wrapper-1.2.8/tests/test_uwrap_disabled.c
new/uid_wrapper-1.2.9/tests/test_uwrap_disabled.c
--- old/uid_wrapper-1.2.8/tests/test_uwrap_disabled.c 2019-05-07
18:15:46.000000000 +0200
+++ new/uid_wrapper-1.2.9/tests/test_uwrap_disabled.c 2021-11-08
15:48:06.000000000 +0100
@@ -53,12 +53,17 @@
static int teardown(void **state)
{
+ int rc;
struct test_opts *t = (struct test_opts *)*state;
- setuid(t->myuid);
- seteuid(t->myuid);
- setgid(t->mygid);
- setegid(t->mygid);
+ rc = setuid(t->myuid);
+ assert_int_equal(rc, 0x0);
+ rc = seteuid(t->myuid);
+ assert_int_equal(rc, 0x0);
+ rc = setgid(t->mygid);
+ assert_int_equal(rc, 0x0);
+ rc = setegid(t->mygid);
+ assert_int_equal(rc, 0x0);
free(t);
