Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package uid_wrapper for openSUSE:Factory
checked in at 2024-06-14 18:57:27
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/uid_wrapper (Old)
and /work/SRC/openSUSE:Factory/.uid_wrapper.new.19518 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "uid_wrapper"
Fri Jun 14 18:57:27 2024 rev:17 rq:1180655 version:1.3.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/uid_wrapper/uid_wrapper.changes 2023-03-03
22:25:03.534658446 +0100
+++ /work/SRC/openSUSE:Factory/.uid_wrapper.new.19518/uid_wrapper.changes
2024-06-14 18:57:29.153573790 +0200
@@ -1,0 +2,10 @@
+Thu Jun 13 05:43:25 UTC 2024 - Andreas Schneider <a...@cryptomilk.org>
+
+- Update to version 1.3.1
+ * Added support to find libc via LIBC_SO define
+ * Fixed uid_wrapper running with jemalloc compiled binaries
+ * Fixed socket_wrapper interaction test
+ * Fixed thread sanitizer on modern Linux Kernels
+- Removed uid_wrapper-fix-cmocka-1.1.6+-support.patch
+
+-------------------------------------------------------------------
Old:
----
uid_wrapper-1.3.0.tar.gz
uid_wrapper-1.3.0.tar.gz.asc
uid_wrapper-fix-cmocka-1.1.6+-support.patch
New:
----
uid_wrapper-1.3.1.tar.gz
uid_wrapper-1.3.1.tar.gz.asc
BETA DEBUG BEGIN:
Old: * Fixed thread sanitizer on modern Linux Kernels
- Removed uid_wrapper-fix-cmocka-1.1.6+-support.patch
BETA DEBUG END:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ uid_wrapper.spec ++++++
--- /var/tmp/diff_new_pack.yXDtKQ/_old 2024-06-14 18:57:30.397618729 +0200
+++ /var/tmp/diff_new_pack.yXDtKQ/_new 2024-06-14 18:57:30.397618729 +0200
@@ -1,7 +1,7 @@
#
# spec file for package uid_wrapper
#
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -23,7 +23,7 @@
#
############################# NOTE ##################################
Name: uid_wrapper
-Version: 1.3.0
+Version: 1.3.1
Release: 0
Summary: A wrapper for privilege seperation
License: GPL-3.0-or-later
@@ -33,7 +33,6 @@
Source1: %{name}-rpmlintrc
Source2: https://ftp.samba.org/pub/cwrap/%{name}-%{version}.tar.gz.asc
Source3: uid_wrapper.keyring
-Patch0: uid_wrapper-fix-cmocka-1.1.6+-support.patch
BuildRequires: cmake
BuildRequires: libcmocka-devel
BuildRequires: pkgconf
++++++ uid_wrapper-1.3.0.tar.gz -> uid_wrapper-1.3.1.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/uid_wrapper-1.3.0/.git new/uid_wrapper-1.3.1/.git
--- old/uid_wrapper-1.3.0/.git 1970-01-01 01:00:00.000000000 +0100
+++ new/uid_wrapper-1.3.1/.git 2024-06-12 11:12:50.000000000 +0200
@@ -0,0 +1 @@
+gitdir: /home/asn/workspace/prj/oss/uid_wrapper/.bare/worktrees/master
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/uid_wrapper-1.3.0/.gitlab-ci.yml
new/uid_wrapper-1.3.1/.gitlab-ci.yml
--- old/uid_wrapper-1.3.0/.gitlab-ci.yml 2023-01-17 14:35:25.000000000
+0100
+++ new/uid_wrapper-1.3.1/.gitlab-ci.yml 2024-06-13 07:34:50.000000000
+0200
@@ -22,8 +22,6 @@
-DPICKY_DEVELOPER=ON
-DUNIT_TESTING=ON .. &&
make -j$(nproc) && ctest --output-on-failure
- tags:
- - shared
except:
- tags
artifacts:
@@ -42,8 +40,6 @@
-DPICKY_DEVELOPER=ON
-DUNIT_TESTING=ON .. &&
make -j$(nproc) && ctest --output-on-failure && make install
- tags:
- - shared
except:
- tags
artifacts:
@@ -61,8 +57,6 @@
-DPICKY_DEVELOPER=ON
-DUNIT_TESTING=ON .. &&
make -j$(nproc) && ctest --output-on-failure
- tags:
- - shared
except:
- tags
artifacts:
@@ -79,8 +73,6 @@
-DCMAKE_BUILD_TYPE=UndefinedSanitizer
-DUNIT_TESTING=ON ..
&& make -j$(nproc) && ctest --output-on-failure
- tags:
- - shared
except:
- tags
artifacts:
@@ -93,13 +85,14 @@
stage: analysis
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$TUMBLEWEED_BUILD
script:
+ # Workaround for TSAN with ASLR on newer kernel
+ # https://github.com/google/sanitizers/issues/1716
- mkdir -p obj && cd obj && cmake
-DCMAKE_BUILD_TYPE=ThreadSanitizer
-DPICKY_DEVELOPER=ON
-DUNIT_TESTING=ON .. &&
- make -j$(nproc) && ctest --output-on-failure
- tags:
- - shared
+ make -j$(nproc) &&
+ setarch --addr-no-randomize -- ctest --output-on-failure
except:
- tags
artifacts:
@@ -132,8 +125,6 @@
--git-commit-range $CI_COMMIT_RANGE
--color
--print-current --print-fixed
- tags:
- - shared
except:
- tags
artifacts:
@@ -174,8 +165,6 @@
-DPICKY_DEVELOPER=ON
-DUNIT_TESTING=ON .. &&
make -j$(nproc) && ctest --output-on-failure
- tags:
- - shared
except:
- tags
artifacts:
@@ -194,8 +183,6 @@
-DPICKY_DEVELOPER=ON
-DUNIT_TESTING=ON .. &&
make -j$(nproc) && ctest --output-on-failure
- tags:
- - shared
except:
- tags
artifacts:
@@ -214,8 +201,6 @@
-DPICKY_DEVELOPER=ON
-DUNIT_TESTING=ON .. &&
make -j$(nproc) && ctest --output-on-failure
- tags:
- - shared
except:
- tags
artifacts:
@@ -236,8 +221,6 @@
-DPICKY_DEVELOPER=ON
-DUNIT_TESTING=ON .. &&
scan-build --status-bugs -o scan make -j$(nproc)
- tags:
- - shared
except:
- tags
artifacts:
@@ -255,8 +238,6 @@
-DPICKY_DEVELOPER=ON
-DUNIT_TESTING=ON .. &&
make -j$(nproc) && ctest --output-on-failure
- tags:
- - shared
except:
- tags
artifacts:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/uid_wrapper-1.3.0/CHANGELOG
new/uid_wrapper-1.3.1/CHANGELOG
--- old/uid_wrapper-1.3.0/CHANGELOG 2023-01-17 14:38:46.000000000 +0100
+++ new/uid_wrapper-1.3.1/CHANGELOG 2024-06-13 07:34:50.000000000 +0200
@@ -1,6 +1,12 @@
CHANGELOG
=========
+version 1.3.1 (released 2024-06-12)
+ * Added support to find libc via LIBC_SO define
+ * Fixed uid_wrapper running with jemalloc compiled binaries
+ * Fixed socket_wrapper interaction test
+ * Fixed thread sanitizer on modern Linux Kernels
+
version 1.3.0 (released 2023-01-17)
* Added support to interact with socket_wrapper syscall()
* Fixed deadlocks with threads
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/uid_wrapper-1.3.0/CMakeLists.txt
new/uid_wrapper-1.3.1/CMakeLists.txt
--- old/uid_wrapper-1.3.0/CMakeLists.txt 2023-01-17 14:39:27.000000000
+0100
+++ new/uid_wrapper-1.3.1/CMakeLists.txt 2024-06-13 07:34:50.000000000
+0200
@@ -11,7 +11,7 @@
include(DefineCMakeDefaults)
include(DefineCompilerFlags)
-project(uid_wrapper VERSION 1.3.0 LANGUAGES C)
+project(uid_wrapper VERSION 1.3.1 LANGUAGES C)
# global needed variables
set(APPLICATION_NAME ${PROJECT_NAME})
@@ -23,7 +23,7 @@
# Increment AGE. Set REVISION to 0
# If the source code was changed, but there were no interface changes:
# Increment REVISION.
-set(LIBRARY_VERSION "0.2.0")
+set(LIBRARY_VERSION "0.2.1")
set(LIBRARY_SOVERSION "0")
# add definitions
@@ -68,6 +68,8 @@
)
# cmake config files
+set(PACKAGE_NAME "uid_wrapper")
+set(PACKAGE_NAME_UPPER "UID_WRAPPER")
configure_file(uid_wrapper-config-version.cmake.in
${CMAKE_CURRENT_BINARY_DIR}/uid_wrapper-config-version.cmake @ONLY)
configure_file(uid_wrapper-config.cmake.in
${CMAKE_CURRENT_BINARY_DIR}/uid_wrapper-config.cmake @ONLY)
install(
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/uid_wrapper-1.3.0/ConfigureChecks.cmake
new/uid_wrapper-1.3.1/ConfigureChecks.cmake
--- old/uid_wrapper-1.3.0/ConfigureChecks.cmake 2023-01-17 14:35:25.000000000
+0100
+++ new/uid_wrapper-1.3.1/ConfigureChecks.cmake 2024-06-13 07:34:50.000000000
+0200
@@ -48,6 +48,7 @@
check_include_file(syscall.h HAVE_SYSCALL_H)
check_include_file(grp.h HAVE_GRP_H)
check_include_file(unistd.h HAVE_UNISTD_H)
+check_include_file(gnu/lib-names.h HAVE_GNU_LIB_NAMES_H)
# FUNCTIONS
check_function_exists(strncpy HAVE_STRNCPY)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/uid_wrapper-1.3.0/config.h.cmake
new/uid_wrapper-1.3.1/config.h.cmake
--- old/uid_wrapper-1.3.0/config.h.cmake 2023-01-17 14:35:25.000000000
+0100
+++ new/uid_wrapper-1.3.1/config.h.cmake 2024-06-13 07:34:50.000000000
+0200
@@ -14,6 +14,7 @@
#cmakedefine HAVE_SYSCALL_H 1
#cmakedefine HAVE_UNISTD_H 1
#cmakedefine HAVE_GRP_H 1
+#cmakedefine HAVE_GNU_LIB_NAMES_H 1
/*************************** FUNCTIONS ***************************/
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/uid_wrapper-1.3.0/src/uid_wrapper.c
new/uid_wrapper-1.3.1/src/uid_wrapper.c
--- old/uid_wrapper-1.3.0/src/uid_wrapper.c 2023-01-17 14:35:25.000000000
+0100
+++ new/uid_wrapper-1.3.1/src/uid_wrapper.c 2024-06-13 07:34:50.000000000
+0200
@@ -38,6 +38,10 @@
#include <pthread.h>
+#ifdef HAVE_GNU_LIB_NAMES_H
+#include <gnu/lib-names.h>
+#endif
+
#ifdef HAVE_GCC_THREAD_LOCAL_STORAGE
# define UWRAP_THREAD __thread
#else
@@ -558,6 +562,13 @@
switch (lib) {
case UWRAP_LIBC:
handle = uwrap.libc.handle;
+#ifdef LIBC_SO
+ if (handle == NULL) {
+ handle = dlopen(LIBC_SO, flags);
+
+ uwrap.libc.handle = handle;
+ }
+#endif
if (handle == NULL) {
for (i = 10; i >= 0; i--) {
char soname[256] = {0};
@@ -656,6 +667,9 @@
dlsym(RTLD_DEFAULT, #sym_name); \
}
+/* JEMALLOC: This tells uid_wrapper if it should handle syscall() */
+static bool uwrap_handle_syscall;
+
/* DO NOT call this function during library initialization! */
static void __uwrap_bind_symbol_all_once(void)
{
@@ -699,6 +713,8 @@
#endif
uwrap_bind_symbol_libpthread(pthread_create);
uwrap_bind_symbol_libpthread(pthread_exit);
+
+ uwrap_handle_syscall = true;
}
static void uwrap_bind_symbol_all(void)
@@ -863,7 +879,27 @@
long int rc;
int i;
- uwrap_bind_symbol_all();
+ /*
+ * JEMALLOC:
+ *
+ * This is a workaround to prevent a deadlock in jemalloc calling
+ * malloc_init() twice. The first allocation call will trigger a
+ * malloc_init() of jemalloc. The functions calls syscall(SYS_open, ...)
+ * so it goes to socket or uid wrapper. In this code path we need to
+ * avoid any allocation calls. This will prevent the deadlock.
+ *
+ * We also need to avoid dlopen() as that would trigger the recursion
+ * into malloc_init(), so we use dlsym(RTLD_NEXT), until we reached
+ * swrap_constructor() or any real socket call at that time
+ * swrap_bind_symbol_all() will replace the function pointer again after
+ * dlopen of libc.
+ */
+ if (uwrap_handle_syscall) {
+ uwrap_bind_symbol_all();
+ } else if (uwrap.libc.symbols._libc_syscall.obj == NULL) {
+ uwrap.libc.symbols._libc_syscall.obj = dlsym(RTLD_NEXT,
+ "syscall");
+ }
for (i = 0; i < 8; i++) {
args[i] = va_arg(va, long int);
@@ -1375,7 +1411,7 @@
exit(-1);
}
- UWRAP_LOG(UWRAP_LOG_DEBUG, "Initalize groups with %s", env);
+ UWRAP_LOG(UWRAP_LOG_DEBUG, "Initialize groups with %s", env);
id->ngroups = ngroups;
}
}
@@ -2709,6 +2745,21 @@
va_start(va, sysno);
/*
+ * JEMALLOC:
+ *
+ * This is a workaround to prevent a deadlock in jemalloc calling
+ * malloc_init() twice. The first allocation call will trigger a
+ * malloc_init() of jemalloc. The functions calls syscall(SYS_open, ...)
+ * so it goes to socket or uid wrapper. In this code path we need to
+ * avoid any allocation calls. This will prevent the deadlock.
+ */
+ if (!uwrap_handle_syscall) {
+ rc = libc_vsyscall(sysno, va);
+ va_end(va);
+ return rc;
+ }
+
+ /*
* We need to check for uwrap related syscall numbers before calling
* uid_wrapper_enabled() otherwise we'd deadlock during the freebsd libc
* fork() which calls syscall() after invoking uwrap_thread_prepare().
@@ -2821,6 +2872,9 @@
* for main process.
*/
uwrap_init();
+
+ /* Let socket_wrapper handle syscall() */
+ uwrap_handle_syscall = true;
}
/****************************
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/uid_wrapper-1.3.0/tests/CMakeLists.txt
new/uid_wrapper-1.3.1/tests/CMakeLists.txt
--- old/uid_wrapper-1.3.0/tests/CMakeLists.txt 2023-01-17 14:35:25.000000000
+0100
+++ new/uid_wrapper-1.3.1/tests/CMakeLists.txt 2024-06-12 11:12:50.000000000
+0200
@@ -1,5 +1,9 @@
project(tests C)
+if (TARGET cmocka::cmocka)
+ set(CMOCKA_LIBRARY cmocka::cmocka)
+endif()
+
add_library(uwrap_fake_socket_wrapper SHARED uwrap_fake_socket_wrapper.c)
target_compile_options(uwrap_fake_socket_wrapper
PRIVATE
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/uid_wrapper-1.3.0/tests/uwrap_fake_socket_wrapper.c
new/uid_wrapper-1.3.1/tests/uwrap_fake_socket_wrapper.c
--- old/uid_wrapper-1.3.0/tests/uwrap_fake_socket_wrapper.c 2023-01-17
14:35:25.000000000 +0100
+++ new/uid_wrapper-1.3.1/tests/uwrap_fake_socket_wrapper.c 2024-06-12
11:12:50.000000000 +0200
@@ -23,7 +23,7 @@
/* simulate socket_wrapper hooks */
bool socket_wrapper_syscall_valid(long int sysno)
{
- if (sysno == __FAKE_SOCKET_WRAPPER_SYSCALL_NO) {
+ if (sysno >= __FAKE_SOCKET_WRAPPER_SYSCALL_NO) {
return true;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/uid_wrapper-1.3.0/uid_wrapper-config-version.cmake.in
new/uid_wrapper-1.3.1/uid_wrapper-config-version.cmake.in
--- old/uid_wrapper-1.3.0/uid_wrapper-config-version.cmake.in 2019-07-15
08:11:02.000000000 +0200
+++ new/uid_wrapper-1.3.1/uid_wrapper-config-version.cmake.in 2024-06-12
11:12:50.000000000 +0200
@@ -1,11 +1,40 @@
set(PACKAGE_VERSION @PROJECT_VERSION@)
-# Check whether the requested PACKAGE_FIND_VERSION is compatible
-if("${PACKAGE_VERSION}" VERSION_LESS "${PACKAGE_FIND_VERSION}")
- set(PACKAGE_VERSION_COMPATIBLE FALSE)
+if(PACKAGE_VERSION VERSION_LESS PACKAGE_FIND_VERSION)
+ set(PACKAGE_VERSION_COMPATIBLE FALSE)
else()
- set(PACKAGE_VERSION_COMPATIBLE TRUE)
- if ("${PACKAGE_VERSION}" VERSION_EQUAL "${PACKAGE_FIND_VERSION}")
- set(PACKAGE_VERSION_EXACT TRUE)
+ if(${PACKAGE_VERSION} MATCHES "^([0-9]+)\\.")
+ set(CVF_VERSION_MAJOR "${CMAKE_MATCH_1}")
+ if(NOT CVF_VERSION_MAJOR VERSION_EQUAL 0)
+ string(REGEX REPLACE "^0+" "" CVF_VERSION_MAJOR "${CVF_VERSION_MAJOR}")
endif()
+ else()
+ set(CVF_VERSION_MAJOR ${PACKAGE_VERSION})
+ endif()
+
+ if(PACKAGE_FIND_VERSION_RANGE)
+ # both endpoints of the range must have the expected major version
+ math (EXPR CVF_VERSION_MAJOR_NEXT "${CVF_VERSION_MAJOR} + 1")
+ if (NOT PACKAGE_FIND_VERSION_MIN_MAJOR STREQUAL CVF_VERSION_MAJOR
+ OR ((PACKAGE_FIND_VERSION_RANGE_MAX STREQUAL "INCLUDE" AND NOT
PACKAGE_FIND_VERSION_MAX_MAJOR STREQUAL CVF_VERSION_MAJOR)
+ OR (PACKAGE_FIND_VERSION_RANGE_MAX STREQUAL "EXCLUDE" AND NOT
PACKAGE_FIND_VERSION_MAX VERSION_LESS_EQUAL CVF_VERSION_MAJOR_NEXT)))
+ set(PACKAGE_VERSION_COMPATIBLE FALSE)
+ elseif(PACKAGE_FIND_VERSION_MIN_MAJOR STREQUAL CVF_VERSION_MAJOR
+ AND ((PACKAGE_FIND_VERSION_RANGE_MAX STREQUAL "INCLUDE" AND
PACKAGE_VERSION VERSION_LESS_EQUAL PACKAGE_FIND_VERSION_MAX)
+ OR (PACKAGE_FIND_VERSION_RANGE_MAX STREQUAL "EXCLUDE" AND
PACKAGE_VERSION VERSION_LESS PACKAGE_FIND_VERSION_MAX)))
+ set(PACKAGE_VERSION_COMPATIBLE TRUE)
+ else()
+ set(PACKAGE_VERSION_COMPATIBLE FALSE)
+ endif()
+ else()
+ if(PACKAGE_FIND_VERSION_MAJOR STREQUAL CVF_VERSION_MAJOR)
+ set(PACKAGE_VERSION_COMPATIBLE TRUE)
+ else()
+ set(PACKAGE_VERSION_COMPATIBLE FALSE)
+ endif()
+
+ if(PACKAGE_FIND_VERSION STREQUAL PACKAGE_VERSION)
+ set(PACKAGE_VERSION_EXACT TRUE)
+ endif()
+ endif()
endif()
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/uid_wrapper-1.3.0/uid_wrapper-config.cmake.in
new/uid_wrapper-1.3.1/uid_wrapper-config.cmake.in
--- old/uid_wrapper-1.3.0/uid_wrapper-config.cmake.in 2021-11-08
15:46:40.000000000 +0100
+++ new/uid_wrapper-1.3.1/uid_wrapper-config.cmake.in 2024-06-12
11:12:50.000000000 +0200
@@ -1 +1,14 @@
-set(UID_WRAPPER_LIBRARY @CMAKE_INSTALL_FULL_LIBDIR@/@UID_WRAPPER_LIB@)
+set(@PACKAGE_NAME_UPPER@_LIBRARY @CMAKE_INSTALL_FULL_LIBDIR@/@UID_WRAPPER_LIB@)
+
+# Load information for each installed configuration.
+file(GLOB _cmake_config_files
"${CMAKE_CURRENT_LIST_DIR}/@PACKAGE_NAME@-config-*.cmake")
+foreach(_cmake_config_file IN LISTS _cmake_config_files)
+ include("${_cmake_config_file}")
+endforeach()
+unset(_cmake_config_files)
+unset(_cmake_config_file)
+
+include(FindPackageMessage)
+find_package_message(@PACKAGE_NAME@
+ "Found @PACKAGE_NAME@: ${@PACKAGE_NAME_UPPER@_LIBRARY}
(version \"${PACKAGE_VERSION}\")"
+ "[${@PACKAGE_NAME_UPPER@_LIBRARY}][${PACKAGE_VERSION}]")
