Hello community, here is the log from the commit of package lxc for openSUSE:Factory checked in at 2020-04-07 10:31:56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/lxc (Old) and /work/SRC/openSUSE:Factory/.lxc.new.3248 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "lxc" Tue Apr 7 10:31:56 2020 rev:92 rq:791872 version:4.0.0 Changes: -------- --- /work/SRC/openSUSE:Factory/lxc/lxc.changes 2020-04-02 17:43:37.769408764 +0200 +++ /work/SRC/openSUSE:Factory/.lxc.new.3248/lxc.changes 2020-04-07 10:32:48.246614495 +0200 @@ -1,0 +2,14 @@ +Tue Apr 7 01:19:17 UTC 2020 - Aleksa Sarai <asa...@suse.com> + +- Fix mis-use of %suse_version when we actually want to check against + %sle_version when determining whether lxc-user-nic should be setuid. + +------------------------------------------------------------------- +Thu Apr 2 08:24:44 UTC 2020 - Aleksa Sarai <asa...@suse.com> + +- Add backport of https://github.com/lxc/lxc/pull/3347 and + https://github.com/lxc/lxc/pull/3349 to fix builds on Leap. + + 0002-cgroups-fix-uninitialized-transient_len-warning.patch + + 0003-cgroups-fix-build-warning-on-GCC-7.patch + +------------------------------------------------------------------- New: ---- 0002-cgroups-fix-uninitialized-transient_len-warning.patch 0003-cgroups-fix-build-warning-on-GCC-7.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ lxc.spec ++++++ --- /var/tmp/diff_new_pack.vM3qhl/_old 2020-04-07 10:32:48.894615339 +0200 +++ /var/tmp/diff_new_pack.vM3qhl/_new 2020-04-07 10:32:48.894615339 +0200 @@ -1,7 +1,7 @@ # # spec file for package lxc # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -15,15 +15,16 @@ # Please submit bugfixes or comments via https://bugs.opensuse.org/ # + # On pre-15 SLE versions, _sharedstatedir was /usr/com -- which is just wrong. -%if 0%{suse_version} < 1500 +%if 0%{?suse_version} < 1500 %define _sharedstatedir /var/lib %endif # In later versions of openSUSE's permissions config, lxc-user-nic was # whitelisted with a setuid bit enabled -- but in order to allow building on # old distros we must not make it setuid on pre-15.1 distros. See bsc#988348. -%if 0%{suse_version} < 1510 +%if 0%{suse_version} <= 1500 && 0%{?sle_version} < 150100 %define old_permissions 1 %endif %define setuid_mode 0%{!?old_permissions:4}750 @@ -36,7 +37,7 @@ Name: lxc Version: 4.0.0 Release: 0 -Url: http://linuxcontainers.org/ +URL: http://linuxcontainers.org/ Summary: Userspace tools for Linux kernel containers License: LGPL-2.1-or-later Group: System/Management @@ -48,23 +49,27 @@ Source91: missing_setuid.txt.in # FIX-UPSTREAM: Backport of https://github.com/lxc/lxc/pull/3345. Patch1: 0001-autotools-don-t-install-run-coccinelle.sh.patch -BuildRequires: gcc +# FIX-UPSTREAM: Backport of https://github.com/lxc/lxc/pull/3347. +Patch2: 0002-cgroups-fix-uninitialized-transient_len-warning.patch +# FIX-UPSTREAM: Backport of https://github.com/lxc/lxc/pull/3349 . +Patch3: 0003-cgroups-fix-build-warning-on-GCC-7.patch BuildRequires: automake -BuildRequires: libtool -BuildRequires: pkg-config -BuildRequires: libgnutls-devel +BuildRequires: gcc BuildRequires: libapparmor-devel -BuildRequires: libselinux-devel BuildRequires: libcap-devel +BuildRequires: libgnutls-devel +BuildRequires: libselinux-devel +BuildRequires: libtool BuildRequires: pam-devel +BuildRequires: pkg-config %ifarch %ix86 x86_64 BuildRequires: libseccomp-devel %endif -BuildRequires: libxslt -BuildRequires: fdupes +BuildRequires: bash-completion BuildRequires: docbook-utils BuildRequires: docbook2x -BuildRequires: bash-completion +BuildRequires: fdupes +BuildRequires: libxslt BuildRequires: pkgconfig(systemd) Requires: libcap-progs Requires: lxcfs @@ -99,7 +104,7 @@ # Older SLE versions didn't have -abstractions but instead had -profiles # (though Leap has -abstractions regardless of it being based on SLE). We only # need them to not have to own /etc/apparmor.d/abstractions. -%if 0%{?is_opensuse} || %{?suse_version} >= 1500 +%if 0%{?is_opensuse} || 0%{?suse_version} >= 1500 BuildRequires: apparmor-abstractions %else BuildRequires: apparmor-profiles @@ -119,6 +124,7 @@ %package bash-completion Summary: Bash Completion for %{name} +License: LGPL-2.1-or-later Group: System/Management Requires: %{name} = %{version} Supplements: packageand(%{name}:bash-completion) @@ -130,6 +136,8 @@ %prep %setup %patch1 -p1 +%patch2 -p1 +%patch3 -p1 %build ./autogen.sh ++++++ 0002-cgroups-fix-uninitialized-transient_len-warning.patch ++++++ >From 346830421a968c41e3198ca64ab3f7217075e491 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai <cyp...@cyphar.com> Date: Thu, 2 Apr 2020 19:15:11 +1100 Subject: [PATCH] cgroups: fix "uninitialized transient_len" warning Without this change, a build error is triggered if you compile with -Werror=maybe-uninitialized. cgroups/cgfsng.c: In function 'cgfsng_monitor_enter': groups/cgfsng.c:1387:9: error: 'transient_len' may be used uninitialized in this function ret = lxc_writeat(h->cgfd_mon, "cgroup.procs", transient, transient_len); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The issue is that if handler->transient_pid is 0, then transient_len is uninitialised but lxc_writeat(..., transient_len) still gets called. Signed-off-by: Aleksa Sarai <cyp...@cyphar.com> --- src/lxc/cgroups/cgfsng.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c index 564400221fae..21c2c3f7cec5 100644 --- a/src/lxc/cgroups/cgfsng.c +++ b/src/lxc/cgroups/cgfsng.c @@ -1388,7 +1388,7 @@ __cgfsng_ops static bool cgfsng_monitor_enter(struct cgroup_ops *ops, if (ret) return log_error_errno(false, errno, "Failed to enter cgroup \"%s\"", h->monitor_full_path); - if (handler->transient_pid < 0) + if (handler->transient_pid <= 0) return true; ret = lxc_writeat(h->cgfd_mon, "cgroup.procs", transient, transient_len); -- 2.26.0 ++++++ 0003-cgroups-fix-build-warning-on-GCC-7.patch ++++++ >From fdb0b8ab2d83eace642153626a5dd5ef04d6f749 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai <cyp...@cyphar.com> Date: Fri, 3 Apr 2020 02:13:11 +1100 Subject: [PATCH] cgroups: fix build warning on GCC 7 GCC 7 appears to be clever enough to detect that transient_len is uninitialised but not that it won't be used despite [1]. Just initialise it to zero to stop the complaining, and allow LXC to build on openSUSE Leap. [1]: 346830421a96 ("cgroups: fix "uninitialized transient_len" warning") Signed-off-by: Aleksa Sarai <cyp...@cyphar.com> --- src/lxc/cgroups/cgfsng.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c index 21c2c3f7cec5..d3595bcdf9ee 100644 --- a/src/lxc/cgroups/cgfsng.c +++ b/src/lxc/cgroups/cgfsng.c @@ -1360,7 +1360,7 @@ __cgfsng_ops static inline bool cgfsng_payload_create(struct cgroup_ops *ops, __cgfsng_ops static bool cgfsng_monitor_enter(struct cgroup_ops *ops, struct lxc_handler *handler) { - int monitor_len, transient_len; + int monitor_len, transient_len = 0; char monitor[INTTYPE_TO_STRLEN(pid_t)], transient[INTTYPE_TO_STRLEN(pid_t)]; -- 2.26.0