Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package uid_wrapper for openSUSE:Factory checked in at 2024-06-14 18:57:27 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/uid_wrapper (Old) and /work/SRC/openSUSE:Factory/.uid_wrapper.new.19518 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "uid_wrapper" Fri Jun 14 18:57:27 2024 rev:17 rq:1180655 version:1.3.1 Changes: -------- --- /work/SRC/openSUSE:Factory/uid_wrapper/uid_wrapper.changes 2023-03-03 22:25:03.534658446 +0100 +++ /work/SRC/openSUSE:Factory/.uid_wrapper.new.19518/uid_wrapper.changes 2024-06-14 18:57:29.153573790 +0200 @@ -1,0 +2,10 @@ +Thu Jun 13 05:43:25 UTC 2024 - Andreas Schneider <a...@cryptomilk.org> + +- Update to version 1.3.1 + * Added support to find libc via LIBC_SO define + * Fixed uid_wrapper running with jemalloc compiled binaries + * Fixed socket_wrapper interaction test + * Fixed thread sanitizer on modern Linux Kernels +- Removed uid_wrapper-fix-cmocka-1.1.6+-support.patch + +------------------------------------------------------------------- Old: ---- uid_wrapper-1.3.0.tar.gz uid_wrapper-1.3.0.tar.gz.asc uid_wrapper-fix-cmocka-1.1.6+-support.patch New: ---- uid_wrapper-1.3.1.tar.gz uid_wrapper-1.3.1.tar.gz.asc BETA DEBUG BEGIN: Old: * Fixed thread sanitizer on modern Linux Kernels - Removed uid_wrapper-fix-cmocka-1.1.6+-support.patch BETA DEBUG END: ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ uid_wrapper.spec ++++++ --- /var/tmp/diff_new_pack.yXDtKQ/_old 2024-06-14 18:57:30.397618729 +0200 +++ /var/tmp/diff_new_pack.yXDtKQ/_new 2024-06-14 18:57:30.397618729 +0200 @@ -1,7 +1,7 @@ # # spec file for package uid_wrapper # -# Copyright (c) 2023 SUSE LLC +# Copyright (c) 2024 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -23,7 +23,7 @@ # ############################# NOTE ################################## Name: uid_wrapper -Version: 1.3.0 +Version: 1.3.1 Release: 0 Summary: A wrapper for privilege seperation License: GPL-3.0-or-later @@ -33,7 +33,6 @@ Source1: %{name}-rpmlintrc Source2: https://ftp.samba.org/pub/cwrap/%{name}-%{version}.tar.gz.asc Source3: uid_wrapper.keyring -Patch0: uid_wrapper-fix-cmocka-1.1.6+-support.patch BuildRequires: cmake BuildRequires: libcmocka-devel BuildRequires: pkgconf ++++++ uid_wrapper-1.3.0.tar.gz -> uid_wrapper-1.3.1.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/uid_wrapper-1.3.0/.git new/uid_wrapper-1.3.1/.git --- old/uid_wrapper-1.3.0/.git 1970-01-01 01:00:00.000000000 +0100 +++ new/uid_wrapper-1.3.1/.git 2024-06-12 11:12:50.000000000 +0200 @@ -0,0 +1 @@ +gitdir: /home/asn/workspace/prj/oss/uid_wrapper/.bare/worktrees/master diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/uid_wrapper-1.3.0/.gitlab-ci.yml new/uid_wrapper-1.3.1/.gitlab-ci.yml --- old/uid_wrapper-1.3.0/.gitlab-ci.yml 2023-01-17 14:35:25.000000000 +0100 +++ new/uid_wrapper-1.3.1/.gitlab-ci.yml 2024-06-13 07:34:50.000000000 +0200 @@ -22,8 +22,6 @@ -DPICKY_DEVELOPER=ON -DUNIT_TESTING=ON .. && make -j$(nproc) && ctest --output-on-failure - tags: - - shared except: - tags artifacts: @@ -42,8 +40,6 @@ -DPICKY_DEVELOPER=ON -DUNIT_TESTING=ON .. && make -j$(nproc) && ctest --output-on-failure && make install - tags: - - shared except: - tags artifacts: @@ -61,8 +57,6 @@ -DPICKY_DEVELOPER=ON -DUNIT_TESTING=ON .. && make -j$(nproc) && ctest --output-on-failure - tags: - - shared except: - tags artifacts: @@ -79,8 +73,6 @@ -DCMAKE_BUILD_TYPE=UndefinedSanitizer -DUNIT_TESTING=ON .. && make -j$(nproc) && ctest --output-on-failure - tags: - - shared except: - tags artifacts: @@ -93,13 +85,14 @@ stage: analysis image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$TUMBLEWEED_BUILD script: + # Workaround for TSAN with ASLR on newer kernel + # https://github.com/google/sanitizers/issues/1716 - mkdir -p obj && cd obj && cmake -DCMAKE_BUILD_TYPE=ThreadSanitizer -DPICKY_DEVELOPER=ON -DUNIT_TESTING=ON .. && - make -j$(nproc) && ctest --output-on-failure - tags: - - shared + make -j$(nproc) && + setarch --addr-no-randomize -- ctest --output-on-failure except: - tags artifacts: @@ -132,8 +125,6 @@ --git-commit-range $CI_COMMIT_RANGE --color --print-current --print-fixed - tags: - - shared except: - tags artifacts: @@ -174,8 +165,6 @@ -DPICKY_DEVELOPER=ON -DUNIT_TESTING=ON .. && make -j$(nproc) && ctest --output-on-failure - tags: - - shared except: - tags artifacts: @@ -194,8 +183,6 @@ -DPICKY_DEVELOPER=ON -DUNIT_TESTING=ON .. && make -j$(nproc) && ctest --output-on-failure - tags: - - shared except: - tags artifacts: @@ -214,8 +201,6 @@ -DPICKY_DEVELOPER=ON -DUNIT_TESTING=ON .. && make -j$(nproc) && ctest --output-on-failure - tags: - - shared except: - tags artifacts: @@ -236,8 +221,6 @@ -DPICKY_DEVELOPER=ON -DUNIT_TESTING=ON .. && scan-build --status-bugs -o scan make -j$(nproc) - tags: - - shared except: - tags artifacts: @@ -255,8 +238,6 @@ -DPICKY_DEVELOPER=ON -DUNIT_TESTING=ON .. && make -j$(nproc) && ctest --output-on-failure - tags: - - shared except: - tags artifacts: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/uid_wrapper-1.3.0/CHANGELOG new/uid_wrapper-1.3.1/CHANGELOG --- old/uid_wrapper-1.3.0/CHANGELOG 2023-01-17 14:38:46.000000000 +0100 +++ new/uid_wrapper-1.3.1/CHANGELOG 2024-06-13 07:34:50.000000000 +0200 @@ -1,6 +1,12 @@ CHANGELOG ========= +version 1.3.1 (released 2024-06-12) + * Added support to find libc via LIBC_SO define + * Fixed uid_wrapper running with jemalloc compiled binaries + * Fixed socket_wrapper interaction test + * Fixed thread sanitizer on modern Linux Kernels + version 1.3.0 (released 2023-01-17) * Added support to interact with socket_wrapper syscall() * Fixed deadlocks with threads diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/uid_wrapper-1.3.0/CMakeLists.txt new/uid_wrapper-1.3.1/CMakeLists.txt --- old/uid_wrapper-1.3.0/CMakeLists.txt 2023-01-17 14:39:27.000000000 +0100 +++ new/uid_wrapper-1.3.1/CMakeLists.txt 2024-06-13 07:34:50.000000000 +0200 @@ -11,7 +11,7 @@ include(DefineCMakeDefaults) include(DefineCompilerFlags) -project(uid_wrapper VERSION 1.3.0 LANGUAGES C) +project(uid_wrapper VERSION 1.3.1 LANGUAGES C) # global needed variables set(APPLICATION_NAME ${PROJECT_NAME}) @@ -23,7 +23,7 @@ # Increment AGE. Set REVISION to 0 # If the source code was changed, but there were no interface changes: # Increment REVISION. -set(LIBRARY_VERSION "0.2.0") +set(LIBRARY_VERSION "0.2.1") set(LIBRARY_SOVERSION "0") # add definitions @@ -68,6 +68,8 @@ ) # cmake config files +set(PACKAGE_NAME "uid_wrapper") +set(PACKAGE_NAME_UPPER "UID_WRAPPER") configure_file(uid_wrapper-config-version.cmake.in ${CMAKE_CURRENT_BINARY_DIR}/uid_wrapper-config-version.cmake @ONLY) configure_file(uid_wrapper-config.cmake.in ${CMAKE_CURRENT_BINARY_DIR}/uid_wrapper-config.cmake @ONLY) install( diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/uid_wrapper-1.3.0/ConfigureChecks.cmake new/uid_wrapper-1.3.1/ConfigureChecks.cmake --- old/uid_wrapper-1.3.0/ConfigureChecks.cmake 2023-01-17 14:35:25.000000000 +0100 +++ new/uid_wrapper-1.3.1/ConfigureChecks.cmake 2024-06-13 07:34:50.000000000 +0200 @@ -48,6 +48,7 @@ check_include_file(syscall.h HAVE_SYSCALL_H) check_include_file(grp.h HAVE_GRP_H) check_include_file(unistd.h HAVE_UNISTD_H) +check_include_file(gnu/lib-names.h HAVE_GNU_LIB_NAMES_H) # FUNCTIONS check_function_exists(strncpy HAVE_STRNCPY) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/uid_wrapper-1.3.0/config.h.cmake new/uid_wrapper-1.3.1/config.h.cmake --- old/uid_wrapper-1.3.0/config.h.cmake 2023-01-17 14:35:25.000000000 +0100 +++ new/uid_wrapper-1.3.1/config.h.cmake 2024-06-13 07:34:50.000000000 +0200 @@ -14,6 +14,7 @@ #cmakedefine HAVE_SYSCALL_H 1 #cmakedefine HAVE_UNISTD_H 1 #cmakedefine HAVE_GRP_H 1 +#cmakedefine HAVE_GNU_LIB_NAMES_H 1 /*************************** FUNCTIONS ***************************/ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/uid_wrapper-1.3.0/src/uid_wrapper.c new/uid_wrapper-1.3.1/src/uid_wrapper.c --- old/uid_wrapper-1.3.0/src/uid_wrapper.c 2023-01-17 14:35:25.000000000 +0100 +++ new/uid_wrapper-1.3.1/src/uid_wrapper.c 2024-06-13 07:34:50.000000000 +0200 @@ -38,6 +38,10 @@ #include <pthread.h> +#ifdef HAVE_GNU_LIB_NAMES_H +#include <gnu/lib-names.h> +#endif + #ifdef HAVE_GCC_THREAD_LOCAL_STORAGE # define UWRAP_THREAD __thread #else @@ -558,6 +562,13 @@ switch (lib) { case UWRAP_LIBC: handle = uwrap.libc.handle; +#ifdef LIBC_SO + if (handle == NULL) { + handle = dlopen(LIBC_SO, flags); + + uwrap.libc.handle = handle; + } +#endif if (handle == NULL) { for (i = 10; i >= 0; i--) { char soname[256] = {0}; @@ -656,6 +667,9 @@ dlsym(RTLD_DEFAULT, #sym_name); \ } +/* JEMALLOC: This tells uid_wrapper if it should handle syscall() */ +static bool uwrap_handle_syscall; + /* DO NOT call this function during library initialization! */ static void __uwrap_bind_symbol_all_once(void) { @@ -699,6 +713,8 @@ #endif uwrap_bind_symbol_libpthread(pthread_create); uwrap_bind_symbol_libpthread(pthread_exit); + + uwrap_handle_syscall = true; } static void uwrap_bind_symbol_all(void) @@ -863,7 +879,27 @@ long int rc; int i; - uwrap_bind_symbol_all(); + /* + * JEMALLOC: + * + * This is a workaround to prevent a deadlock in jemalloc calling + * malloc_init() twice. The first allocation call will trigger a + * malloc_init() of jemalloc. The functions calls syscall(SYS_open, ...) + * so it goes to socket or uid wrapper. In this code path we need to + * avoid any allocation calls. This will prevent the deadlock. + * + * We also need to avoid dlopen() as that would trigger the recursion + * into malloc_init(), so we use dlsym(RTLD_NEXT), until we reached + * swrap_constructor() or any real socket call at that time + * swrap_bind_symbol_all() will replace the function pointer again after + * dlopen of libc. + */ + if (uwrap_handle_syscall) { + uwrap_bind_symbol_all(); + } else if (uwrap.libc.symbols._libc_syscall.obj == NULL) { + uwrap.libc.symbols._libc_syscall.obj = dlsym(RTLD_NEXT, + "syscall"); + } for (i = 0; i < 8; i++) { args[i] = va_arg(va, long int); @@ -1375,7 +1411,7 @@ exit(-1); } - UWRAP_LOG(UWRAP_LOG_DEBUG, "Initalize groups with %s", env); + UWRAP_LOG(UWRAP_LOG_DEBUG, "Initialize groups with %s", env); id->ngroups = ngroups; } } @@ -2709,6 +2745,21 @@ va_start(va, sysno); /* + * JEMALLOC: + * + * This is a workaround to prevent a deadlock in jemalloc calling + * malloc_init() twice. The first allocation call will trigger a + * malloc_init() of jemalloc. The functions calls syscall(SYS_open, ...) + * so it goes to socket or uid wrapper. In this code path we need to + * avoid any allocation calls. This will prevent the deadlock. + */ + if (!uwrap_handle_syscall) { + rc = libc_vsyscall(sysno, va); + va_end(va); + return rc; + } + + /* * We need to check for uwrap related syscall numbers before calling * uid_wrapper_enabled() otherwise we'd deadlock during the freebsd libc * fork() which calls syscall() after invoking uwrap_thread_prepare(). @@ -2821,6 +2872,9 @@ * for main process. */ uwrap_init(); + + /* Let socket_wrapper handle syscall() */ + uwrap_handle_syscall = true; } /**************************** diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/uid_wrapper-1.3.0/tests/CMakeLists.txt new/uid_wrapper-1.3.1/tests/CMakeLists.txt --- old/uid_wrapper-1.3.0/tests/CMakeLists.txt 2023-01-17 14:35:25.000000000 +0100 +++ new/uid_wrapper-1.3.1/tests/CMakeLists.txt 2024-06-12 11:12:50.000000000 +0200 @@ -1,5 +1,9 @@ project(tests C) +if (TARGET cmocka::cmocka) + set(CMOCKA_LIBRARY cmocka::cmocka) +endif() + add_library(uwrap_fake_socket_wrapper SHARED uwrap_fake_socket_wrapper.c) target_compile_options(uwrap_fake_socket_wrapper PRIVATE diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/uid_wrapper-1.3.0/tests/uwrap_fake_socket_wrapper.c new/uid_wrapper-1.3.1/tests/uwrap_fake_socket_wrapper.c --- old/uid_wrapper-1.3.0/tests/uwrap_fake_socket_wrapper.c 2023-01-17 14:35:25.000000000 +0100 +++ new/uid_wrapper-1.3.1/tests/uwrap_fake_socket_wrapper.c 2024-06-12 11:12:50.000000000 +0200 @@ -23,7 +23,7 @@ /* simulate socket_wrapper hooks */ bool socket_wrapper_syscall_valid(long int sysno) { - if (sysno == __FAKE_SOCKET_WRAPPER_SYSCALL_NO) { + if (sysno >= __FAKE_SOCKET_WRAPPER_SYSCALL_NO) { return true; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/uid_wrapper-1.3.0/uid_wrapper-config-version.cmake.in new/uid_wrapper-1.3.1/uid_wrapper-config-version.cmake.in --- old/uid_wrapper-1.3.0/uid_wrapper-config-version.cmake.in 2019-07-15 08:11:02.000000000 +0200 +++ new/uid_wrapper-1.3.1/uid_wrapper-config-version.cmake.in 2024-06-12 11:12:50.000000000 +0200 @@ -1,11 +1,40 @@ set(PACKAGE_VERSION @PROJECT_VERSION@) -# Check whether the requested PACKAGE_FIND_VERSION is compatible -if("${PACKAGE_VERSION}" VERSION_LESS "${PACKAGE_FIND_VERSION}") - set(PACKAGE_VERSION_COMPATIBLE FALSE) +if(PACKAGE_VERSION VERSION_LESS PACKAGE_FIND_VERSION) + set(PACKAGE_VERSION_COMPATIBLE FALSE) else() - set(PACKAGE_VERSION_COMPATIBLE TRUE) - if ("${PACKAGE_VERSION}" VERSION_EQUAL "${PACKAGE_FIND_VERSION}") - set(PACKAGE_VERSION_EXACT TRUE) + if(${PACKAGE_VERSION} MATCHES "^([0-9]+)\\.") + set(CVF_VERSION_MAJOR "${CMAKE_MATCH_1}") + if(NOT CVF_VERSION_MAJOR VERSION_EQUAL 0) + string(REGEX REPLACE "^0+" "" CVF_VERSION_MAJOR "${CVF_VERSION_MAJOR}") endif() + else() + set(CVF_VERSION_MAJOR ${PACKAGE_VERSION}) + endif() + + if(PACKAGE_FIND_VERSION_RANGE) + # both endpoints of the range must have the expected major version + math (EXPR CVF_VERSION_MAJOR_NEXT "${CVF_VERSION_MAJOR} + 1") + if (NOT PACKAGE_FIND_VERSION_MIN_MAJOR STREQUAL CVF_VERSION_MAJOR + OR ((PACKAGE_FIND_VERSION_RANGE_MAX STREQUAL "INCLUDE" AND NOT PACKAGE_FIND_VERSION_MAX_MAJOR STREQUAL CVF_VERSION_MAJOR) + OR (PACKAGE_FIND_VERSION_RANGE_MAX STREQUAL "EXCLUDE" AND NOT PACKAGE_FIND_VERSION_MAX VERSION_LESS_EQUAL CVF_VERSION_MAJOR_NEXT))) + set(PACKAGE_VERSION_COMPATIBLE FALSE) + elseif(PACKAGE_FIND_VERSION_MIN_MAJOR STREQUAL CVF_VERSION_MAJOR + AND ((PACKAGE_FIND_VERSION_RANGE_MAX STREQUAL "INCLUDE" AND PACKAGE_VERSION VERSION_LESS_EQUAL PACKAGE_FIND_VERSION_MAX) + OR (PACKAGE_FIND_VERSION_RANGE_MAX STREQUAL "EXCLUDE" AND PACKAGE_VERSION VERSION_LESS PACKAGE_FIND_VERSION_MAX))) + set(PACKAGE_VERSION_COMPATIBLE TRUE) + else() + set(PACKAGE_VERSION_COMPATIBLE FALSE) + endif() + else() + if(PACKAGE_FIND_VERSION_MAJOR STREQUAL CVF_VERSION_MAJOR) + set(PACKAGE_VERSION_COMPATIBLE TRUE) + else() + set(PACKAGE_VERSION_COMPATIBLE FALSE) + endif() + + if(PACKAGE_FIND_VERSION STREQUAL PACKAGE_VERSION) + set(PACKAGE_VERSION_EXACT TRUE) + endif() + endif() endif() diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/uid_wrapper-1.3.0/uid_wrapper-config.cmake.in new/uid_wrapper-1.3.1/uid_wrapper-config.cmake.in --- old/uid_wrapper-1.3.0/uid_wrapper-config.cmake.in 2021-11-08 15:46:40.000000000 +0100 +++ new/uid_wrapper-1.3.1/uid_wrapper-config.cmake.in 2024-06-12 11:12:50.000000000 +0200 @@ -1 +1,14 @@ -set(UID_WRAPPER_LIBRARY @CMAKE_INSTALL_FULL_LIBDIR@/@UID_WRAPPER_LIB@) +set(@PACKAGE_NAME_UPPER@_LIBRARY @CMAKE_INSTALL_FULL_LIBDIR@/@UID_WRAPPER_LIB@) + +# Load information for each installed configuration. +file(GLOB _cmake_config_files "${CMAKE_CURRENT_LIST_DIR}/@PACKAGE_NAME@-config-*.cmake") +foreach(_cmake_config_file IN LISTS _cmake_config_files) + include("${_cmake_config_file}") +endforeach() +unset(_cmake_config_files) +unset(_cmake_config_file) + +include(FindPackageMessage) +find_package_message(@PACKAGE_NAME@ + "Found @PACKAGE_NAME@: ${@PACKAGE_NAME_UPPER@_LIBRARY} (version \"${PACKAGE_VERSION}\")" + "[${@PACKAGE_NAME_UPPER@_LIBRARY}][${PACKAGE_VERSION}]")