Hello community,
here is the log from the commit of package lxc for openSUSE:Factory checked in
at 2017-05-27 13:16:55
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/lxc (Old)
and /work/SRC/openSUSE:Factory/.lxc.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "lxc"
Sat May 27 13:16:55 2017 rev:72 rq:497945 version:2.0.8
Changes:
--------
--- /work/SRC/openSUSE:Factory/lxc/lxc.changes 2017-04-28 09:13:33.675900057
+0200
+++ /work/SRC/openSUSE:Factory/.lxc.new/lxc.changes 2017-05-27
13:17:16.336774253 +0200
@@ -1,0 +2,115 @@
+Tue May 16 16:47:47 UTC 2017 - opensuse_buildserv...@ojkastl.de
+
+- Update to version 2.0.8
+ * Security fix for CVE-2017-5985
+ * All templates have been updated to not set default passwords anymore,
instead requiring lxc-attach be used to configure users.
+ * This may affect some automated environments that were relying on our
default (very much insecure) users.
+
+ Bugfixes:
+ Make lxc-start-ephemeral Python 3.2-compatible
+ Fix typo
+ Allow build without sys/capability.h
+ lxc-opensuse: fix default value for release code
+ util: always malloc for setproctitle
+ util: update setproctitle comments
+ confile: clear lxc.network..ipv{4,6} when empty
+ lxc_setup_tios(): Ignore SIGTTOU and SIGTTIN signals
+ Make lxc-net return non-zero on failure
+ seccomp: allow x32 guests on amd64 hosts.
+ Add HAVE_LIBCAP
+ c/r: only supply --ext-mount-map for bind mounts
+ Added 'mkdir -p' functionality in create_or_remove_cgroup
+ Use LXC_ROOTFS_MOUNT in clonehostname hook
+ squeeze is not a supported release anymore, drop the key
+ start: dumb down SIGCHLD from WARN() to NOTICE()
+ log: fix lxc_unix_epoch_to_utc()
+ cgfsng: make trim() safer
+ seccomp: set SCMP_FLTATR_ATL_TSKIP if available
+ lxc-user-nic: re-order #includes
+ lxc-user-nic: improve + bugfix
+ lxc-user-nic: delete link on failure
+ conf: only try to delete veth when privileged
+ Fix lxc-containers to support multiple bridges
+ Fix mixed tab/spaces in previous patch
+ lxc-alpine: use dl-cdn.a.o as default mirror instead of random one
+ lxc-checkconfig: verify new[ug]idmap are setuid-root
+ [templates] archlinux: resolve conflicting files
+ [templates] archlinux: noneed default_timezone variable
+ python3: Deal with potential NULL char*
+ lxc-download.in / allow setting keyserver from env
+ lxc-download.in / Document keyserver change in help
+ Change variable check to match existing style
+ tree-wide: include directly
+ conf/ile: make sure buffer is large enough
+ tree-wide: include directly
+ tests: Support running on IPv6 networks
+ tests: Kill containers (don't wait for shutdown)
+ Fix opening wrong file in suggest_default_idmap
+ do not set the root password in the debian template
+ do not set insecure passwords
+ don't set a default password for altlinux, gentoo, openmandriva and pld
+ tools: exit with return code of lxc_execute()
+ Keep veth.pair.name on network shutdown
+ Makefile: fix static clang init.lxc build
+ Avoid waiting for bridge interface if disabled in sysconfig/lxc | lxc-net
via USE_LXC_BRIDGE
+ Increased buffer length in print_stats()
+ avoid assigning to a variable which is not POSIX shell proof (bug #1498)
+ remove obsolete note about api stability
+ conf: less error prone pointer access
+ conf: lxc_map_ids() non-functional changes
+ caps: add lxc_{proc,file}_cap_is_set()
+ conf: check for {filecaps,setuid} on new{g,u}idmap
+ conf: improve log when mounting rootfs
+ ls: simplify the judgment condition when list active containers
+ fix typo introduced in #1509
+ attach|unshare: fix the wrong comment
+ caps: skip file capability checks on android
+ autotools: check for cap_get_file
+ caps: return false if caps are not supported
+ conf: non-functional changes to setup_pts()
+ conf: use bind-mount for /dev/ptmx
+ conf: non-functional changes
+ utils: use loop device helpers from LXD
+ create ISSUE_TEMPLATE.md
+ cgroups: improve cgfsng debugging
+ issue template: fix typo
+ conf: close fd in lxc_setup_devpts()
+ conf: non-functional changes
+ utils: tweak lxc_mount_proc_if_needed()
+ Change sshd template to work with Ubuntu 17.04
+ conf: order mount options
+ conf: add MS_LAZYTIME to mount options
+ monitor: report errno on exec() error
+ af unix: allow for maximum socket name
+ commands: avoid NULL pointer dereference
+ commands: non-functional changes
+ lxccontainer: avoid NULL pointer dereference
+ monitor: simplify abstract socket logic
+ precise is not the latest LTS, let's use xenial instead
+ fix the wrong exit status
+ conf: non-functional changes lxc_fill_autodev()
+ conf: remove /dev/console from lxc_fill_autodev()
+ conf: non-functional changes lxc_setup()
+ conf: non-functional changes to console functions
+ conf: improve lxc_setup_dev_console()
+ conf: lxc_setup_ttydir_console()
+ config: remove /dev/console bind mount
+ doc: document console behavior
+ utils: add lxc_unstack_mountpoint()
+ conf: unstack all mounts atop /dev/console
+ console: fail when we cannot allocate peer tty
+ start: remove umount2()
+ conf: non-functional changes
+ utils: handle > 2^31 in lxc_unstack_mountpoint()
+ Install systemd units for CentOS
+ Merge ubuntu and debiancase
+ start: add crucial details about lxc_spawn()
+
+- Deleted patches that have been backported before:
+ - 0003-CVE-2017-5985-Ensure-target-netns-is-caller-owned.patch
+ - 0001-tree-wide-include-sys-sysmacros.h-directly.patch
+ - 0002-tree-wide-include-sys-sysmacros.h-directly.patch
+
+- added signature verification
+
+-------------------------------------------------------------------
Old:
----
0001-tree-wide-include-sys-sysmacros.h-directly.patch
0002-tree-wide-include-sys-sysmacros.h-directly.patch
0003-CVE-2017-5985-Ensure-target-netns-is-caller-owned.patch
lxc-2.0.7.tar.gz
New:
----
lxc-2.0.8.tar.gz
lxc-2.0.8.tar.gz.asc
lxc.keyring
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ lxc.spec ++++++
--- /var/tmp/diff_new_pack.3i2ftd/_old 2017-05-27 13:17:19.960261981 +0200
+++ /var/tmp/diff_new_pack.3i2ftd/_new 2017-05-27 13:17:19.960261981 +0200
@@ -18,21 +18,18 @@
%define shlib_version 1
Name: lxc
-Version: 2.0.7
+Version: 2.0.8
Release: 0
Url: http://linuxcontainers.org/
Summary: Userspace tools for Linux kernel containers
License: LGPL-2.1+
Group: System/Management
Source: http://linuxcontainers.org/downloads/%{name}-%{version}.tar.gz
-Source1: lxc-createconfig.in
-Source2: README.SUSE
-Source3: openSUSE_apparmor_mount.conf
-%if 0%{?suse_version} > 1315
-Patch0: 0001-tree-wide-include-sys-sysmacros.h-directly.patch
-Patch1: 0002-tree-wide-include-sys-sysmacros.h-directly.patch
-%endif
-Patch2: 0003-CVE-2017-5985-Ensure-target-netns-is-caller-owned.patch
+Source1:
http://linuxcontainers.org/downloads/%{name}-%{version}.tar.gz.asc#/%{name}-%{version}.tar.gz.asc
+Source2: %{name}.keyring
+Source3: lxc-createconfig.in
+Source4: README.SUSE
+Source5: openSUSE_apparmor_mount.conf
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: docbook-utils
@@ -96,11 +93,6 @@
%prep
%setup
-%if 0%{?suse_version} > 1315
-%patch0 -p1
-%patch1 -p1
-%endif
-%patch2 -p1
%build
chmod 755 configure
@@ -109,8 +101,8 @@
--with-init-script=systemd \
--with-systemdsystemunitdir=%{_unitdir}
make %{?_smp_mflags}
-cp %{SOURCE2} .
-cp %{SOURCE3} .
+cp %{SOURCE4} .
+cp %{SOURCE5} .
rm -rf .doc
mkdir -p .doc/examples
cp doc/examples/*.conf .doc/examples
@@ -120,11 +112,11 @@
install -d -m 755 %{buildroot}/var/lib/lxc
find %buildroot -type f -name '*.la' -delete
chmod u-s %{buildroot}/%{_libexecdir}/%{name}/lxc-user-nic
-./config.status --file=%{buildroot}%{_bindir}/lxc-createconfig:%{S:1}
+./config.status --file=%{buildroot}%{_bindir}/lxc-createconfig:%{S:3}
chmod a+x %{buildroot}%{_bindir}/lxc-createconfig
ln -s /usr/sbin/service %{buildroot}%{_sbindir}/rclxc
ln -s /usr/sbin/service %{buildroot}%{_sbindir}/rclxc-net
-cp %{SOURCE3} %{buildroot}/usr/share/lxc/config/common.conf.d/
+cp %{SOURCE5} %{buildroot}/usr/share/lxc/config/common.conf.d/
%fdupes %{buildroot}/%{_datadir}/%{name}/config/
%pre
++++++ lxc-2.0.7.tar.gz -> lxc-2.0.8.tar.gz ++++++
++++ 5307 lines of diff (skipped)
++++++ lxc.keyring ++++++
pub rsa4096/0xC638974D64792D67 2010-10-23 [SC]
602F567663E593BCBD14F338C638974D64792D67
uid [ unknown] Stéphane Graber <stgra...@stgraber.org>
uid [ unknown] Stéphane Graber <stgra...@ubuntu.com>
sub rsa4096/0x9E4B2A99D7B3258F 2010-10-23 [E]
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBEzDJtYBEADeY2GjCIHiP69HyT6dea1bcBYKHzGusmPjUGfNExAgseCgkFGo
xROSpjt5ez8FGyvjvSevVTtWTO955eLrhj7fUzfcN8ot+Lj5EeCeyX6evR/jv/Kw
dJZfKNHEKFlsRL74NEodSIvxDxANsu4iggpPWe+RMcZt7yP/4j5j7/yfZHCtDNVe
6vYr6FvR9YmJ1TK3SudKQ0eLYBgW75V45xtgl1dzcTfmmnQKRq0NBgGHQ9P+VdA5
TTaKDxDyVGuGL3eSBABLKiOTVxn8cLK75NOHH920PbOIKAfXh0StvIRbHL0EcwNj
4nrSHHsDqFwQaieVueEpxaL3OfKXlF/4KdkCz8J1fXMiKd7MrOaVCGfriU4J9H3V
2JUPzHCv1QOLlJFkzyfbAh/62xRuUKihqBnLvMStl1wCesbMSAUxZZs2u+emqjD7
wqf7bj5u34bCb/7eBnirBhk7fCPrWeiw+tyr8focN3TB9ZjoFba+lzReP+ehYpFI
15ro7wJ82VvEYw3/UIOyUhGBdGWZzwoag6Y2sm7zY84YGtNV44LsaKpJYZUi7er4
2JQZ6PN68lfkGgTyjd3eFQ4la7pmhOWDZt9ldy8rz8dw0K8gKRP+b5NNmaPznCcM
tg8s+mQqcjWpeqwmq93JrgbxGwgiI2qw9P+dZI0jn+Aoth+DDki3MC6ZXwARAQAB
tCZTdMOpcGhhbmUgR3JhYmVyIDxzdGdyYWJlckB1YnVudHUuY29tPokCNwQTAQoA
IQUCTMMuOgIbAwULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRDGOJdNZHktZ35S
D/434tFecFY622NY/YLjQUN++bSvP+mbeCeOXnOULZozURQTuQzneTWFgkPOL7Uv
RIrw0WznQEwhUMai7PUF3SbOYcj7iYSXJM6t3aNfW0zmjS185Ny2bRB7URihTAyE
eM4Jpk6oMTmhqmH2OHnFQuNqmCl1tiH44KVv/sQAEzN/txjxj64YSq5NSzkQKlMG
/n7QfLL+RhoB4db1wY8vhnrryP7vUx5DR1A5z9MYfFTIJb75vsQM6r4s3sVtwSTG
kozJMUZAs0EXbI2Tgx2Wd7t2ix21lBu0PDb/RINpXQV0pyhT1kQxa1ZKfpLoM2LR
Wp6ctqmU+qkryaW8cLEHkYmDKEQIgQ7/DrOJPrPgjfBIC9LOcXgI1LbIh1L7tNFA
OiOVS/e4C3zxBowCS4VCWq9m0LrmC531sFF46cmAMhrmtStWqJpn/Yaxn8VmhhTU
zIVOUr3gL9RzbynYGIiSif+LXsrPLzEaDTGjmKm3oFvDadUHmb6HyuQ0M9UCgLQK
kWiOvybx6Q16doFm61VQsJMqHDSpLBjOc5cSHO9PiXlYzkK0dv8h8e0LG2MORHCJ
K4s8SfsPAXBCJwoZufcohaO0DD/fx93ErcAyNlDiwL2TxrQ4wEMHj73lt18A/HqP
VpU0zTWDpNDe/N12a3sfTfs9IdB/izq6k2kTzZwHmqgpKbQoU3TDqXBoYW5lIEdy
YWJlciA8c3RncmFiZXJAc3RncmFiZXIub3JnPokCOgQTAQoAJAIbAwULCQgHAwUV
CgkICwUWAgMBAAIeAQIXgAUCTMMuYQIZAQAKCRDGOJdNZHktZyTdEACcaGpJvqa8
uDiVrmbyaK/LDWhKdVE9JujTg4g05xtRpEE/yQKwHXKKxQfe8wQRuNOXWLj66w4o
UBKJs7Rc/DdNEM/RfYiTJD0dZ2fPq3GcU5rbZos1Tvmdpc1qVOyEMf3VJQ/vZEEy
7SM+i+jHx7lCx8lE0D6TsdrLVyh9cvr5+MwiqcVQXqK0aqGKjCdbEjUtsPz1d5Cu
Mq95ZQff6W6m1yNlxMnRMxdreYXCrjtv78RzlQi8dTgboaOOBC3TYQQwHx9ZrLGM
3WuPmUl9uecPTOSxIqoZHEpvz5fUQ0DhnlcxCd3R2qgPneEq0yEuaZrq8UZNyp/o
4iQAAz9BH/I7i34HySBuEzkCOSgRd1zMmuXGyrgg67kSMUFs8zyMqyjgups+ig1f
x8mKmwykVdH5Wgc310sy2W9wG5lWET45Z7gCDiu9x8B+3l6Qwn4WNffSI39ryTG4
aPGbQ/Z3+Ipm+uEV98Gm8TDcj0GUhL5XmsQ9DEcftGfw/Kxt4vaDtCOFaSZqmsoV
b325sKF+LhCZTUwZVCHrkSIC75bJ0JtxRWu+4qWtBgbFTgx5jpr1zWP524x+c0a7
aLGrsB1lAnmFqFoipzvfj2grNgtY7zDf3rcf/lBwt6VKGTCPuoJW0iRLhJQGK3AZ
Nkeu4F9t4IC5XcNKSnWJNQg0PiF0sfxTFbkCDQRMwybWARAApvNuefvVycI47ABo
T7AzBsHf0lbt4ihMpugZ+GfubzK98kn8pDRprUAfACx6+NLkxuAf9WyL7CFoFLSJ
je1m7ZhYeeNckrF5Ir1VRsF+6DueantQzawL8tq6o/sr+4/F5e0jwpXAbHNKiuqj
Q/DbLVPEmln29aYtJT3Vtm1eVzK2XkxicSlRROKHrGbaGSHEJgWr/7zqNcDPY9Ss
/pms2lqGCWK7MMG/PGVhYIJ9LKNK4yGQtxD51UuruAy6MmRfu1cKDzJ4frQjJTkr
c746uofRzK7F/uTQYFpXXd2uQ2/xi+dRnTyoqszvlS7Cm5/V2AhblbnUVE+gWgcR
lg3WXetJmI/jMwPCYSy1wxWFwZGYs/VTXcimHBcOZWu7cAur8zDNkm6uQaMaFRrq
LmkkLjoY0e8cXZIkcmQfvlWHdDkebQevRvKlNWIJChRXLU7SAKjrIe5y1lxyzy3y
dS8saK1nt7swubf737jHahQkNev9QwZ3r9ZxsyRXXRkXpKOoHQ2MVqyId+6Nk8Pn
/0yE6RPN+t01je/I731fLUZzsCs6y2e5d+xxQzQSTGBiJfxfHodBts3D6r3sxxYn
nvIe3H2Trzv34lNmiwX6RhxqPGiHBSvRxoTXz4luydDKIrBdaN+sgTkMINa3KDhf
VMmbdnwTOQbW2pi3qUCbjA0TI+EAEQEAAYkCHwQYAQoACQUCTMMm1gIbDAAKCRDG
OJdNZHktZxrrD/97bryBoLKJNc4tAtDY8umo+phdL/kUTx9gVeKHpZZVoymHW7pS
3stXC9UJigHuaDjkdvHq1v9fUdIp9mD8uqWgGJNO+hV99ARZSEkXfAFtNHYw0gVi
izz0J0FEmMibJJBjj4kDi9Z/2fWRKsvNfwQ6UKrKtYkkM1DWNnqhNJVDVNJ+4Mr5
Y8wbkItPV07f5L3kdYFE90K08IJh/pvalt383RuNmuqFwNGjStLcfo2YRpTyjmWA
oR7qaGflTAKm0+Qj/vx8vfHu7WAfcdcAT6ftZ5Q7C0LcPPuNkTBGFUyvJwW+7AV5
3Pln6vsbZg451J4iFQ0FTAYys40LbkLKYSAXfvfYHXY9ZOCvoZvsoeDG8zDUEGj5
EnsiJNlJx2xCRwjIrCzujUs91HdxQoVtXWwtlknZNwO46x433+ukhkTGJGQ7YFao
x/JxkvQOhndYJBKm5C1P7ZlLmcRndv7Lrld9rVsYGk4/lCLDPXb/ZJ0jmZLYNqez
2z0Pcd0m+jtbVVuMxuIMI2NOFIccVsQxlrtWCdhnGfs+KH1D1eyLNB7PpzWq01yI
z3pNBo5YYOLovpu0wVB0vxLTkDxmcl4aoM6MGkbnDfK4al+RQ+hDJlCAW+z3hUxH
2CmlO+WHtRJyXqE37QX6y9xmflvckMvo+CB+gopGyzMJuLqkBL2sFHZbIw==
=JVth
-----END PGP PUBLIC KEY BLOCK-----
