lxc: update to 3.0.2, enable apparmor

CVE-2018-6556
2018-08-22 13:13:18 -07:00 · 2018-08-22 13:13:18 -07:00 · e8a2ab0fb5
commit e8a2ab0fb5
parent 2d41382e7c
3 changed files with 104 additions and 7 deletions
--- a/srcpkgs/lxc/patches/musl-strerror.patch
+++ b/srcpkgs/lxc/patches/musl-strerror.patch
@ -0,0 +1,97 @@
 diff --git configure.ac configure.ac
 index 19d9ea22..b2b2f71c 100644
 --- configure.ac
 +++ configure.ac
@@ -619,6 +619,12 @@ AC_HEADER_MAJOR
 # Check for some syscalls functions
 AC_CHECK_FUNCS([setns pivot_root sethostname unshare rand_r confstr faccessat gettid memfd_create])
 +# Check for strerror_r() support. Defines:
 +# - HAVE_STRERROR_R if available
 +# - HAVE_DECL_STRERROR_R if defined
 +# - STRERROR_R_CHAR_P if it returns char *
 +AC_FUNC_STRERROR_R
 +
 # Check for some functions
 AC_CHECK_LIB(pthread, main)
 AC_CHECK_FUNCS(statvfs)
@@ -676,6 +682,11 @@ if test "x$enable_werror" = "xyes"; then
 	CFLAGS="$CFLAGS -Werror -Wvla -std=gnu11"
 fi
 +AC_ARG_ENABLE([thread-safety],
 +	[AC_HELP_STRING([--enable-thread-safety], [enforce thread-safety otherwise fail the build [default=yes]])],
 +	[], [enable_thread_safety=yes])
 +AM_CONDITIONAL([ENFORCE_THREAD_SAFETY], [test "x$enable_thread_safety" = "xyes"])
 +
 # Files requiring some variable expansion
 AC_CONFIG_FILES([
 	Makefile
@@ -919,4 +930,7 @@ Debugging:
 Paths:
  - Logs in configpath: $enable_configpath_log
 +
 +Thread-safety:
 + - enforce: $enable_thread_safety
 EOF
 diff --git src/lxc/log.h src/lxc/log.h
 index 4654fd91..a7f72b4c 100644
 --- src/lxc/log.h
 +++ src/lxc/log.h
@@ -327,22 +327,40 @@ ATTR_UNUSED static inline void LXC_##LEVEL(struct lxc_log_locinfo* locinfo,	\
 /*
  * Helper macro to define errno string.
  */
 -#if (_POSIX_C_SOURCE >= 200112L || _XOPEN_SOURCE >= 600) && !defined(_GNU_SOURCE) || IS_BIONIC
 -#define lxc_log_strerror_r                                               \
 -	char errno_buf[MAXPATHLEN / 2] = {"Failed to get errno string"}; \
 -	char *ptr = errno_buf;                                           \
 -	{                                                                \
 -		(void)strerror_r(errno, errno_buf, sizeof(errno_buf));   \
 -	}
 +#if HAVE_STRERROR_R
 +	#ifndef HAVE_DECL_STRERROR_R
 +		#ifdef STRERROR_R_CHAR_P
 +			char *strerror_r(int errnum, char *buf, size_t buflen);
 +		#else
 +			int strerror_r(int errnum, char *buf, size_t buflen);
 +		#endif
 +	#endif
 +
 +	#ifdef STRERROR_R_CHAR_P
 +		#define lxc_log_strerror_r                                               \
 +			char errno_buf[MAXPATHLEN / 2] = {"Failed to get errno string"}; \
 +			char *ptr = NULL;                                                \
 +			{                                                                \
 +				ptr = strerror_r(errno, errno_buf, sizeof(errno_buf));   \
 +				if (!ptr)                                                \
 +					ptr = errno_buf;                                 \
 +			}
 +	#else
 +		#define lxc_log_strerror_r                                               \
 +			char errno_buf[MAXPATHLEN / 2] = {"Failed to get errno string"}; \
 +			char *ptr = errno_buf;                                           \
 +			{                                                                \
 +				(void)strerror_r(errno, errno_buf, sizeof(errno_buf));   \
 +			}
 +	#endif
 +#elif ENFORCE_THREAD_SAFETY
 +	#error ENFORCE_THREAD_SAFETY was set but cannot be guaranteed
 #else
 -#define lxc_log_strerror_r                                               \
 -	char errno_buf[MAXPATHLEN / 2] = {"Failed to get errno string"}; \
 -	char *ptr;                                                       \
 -	{                                                                \
 -		ptr = strerror_r(errno, errno_buf, sizeof(errno_buf));   \
 -		if (!ptr)                                                \
 -			ptr = errno_buf;                                 \
 -	}
 +	#define lxc_log_strerror_r             \
 +		char *ptr = NULL;              \
 +		{                              \
 +			ptr = strerror(errno); \
 +		}
 #endif
 /*
--- a/srcpkgs/lxc/template
+++ b/srcpkgs/lxc/template
@ -2,21 +2,21 @@
 _desc="Linux Containers"
 pkgname=lxc
-version=3.0.1
+version=3.0.2
-revision=2
+revision=1
 build_style=gnu-configure
 configure_args="--enable-doc --enable-seccomp
- --enable-capabilities --disable-apparmor --with-distro=none
+ --enable-capabilities --enable-apparmor --with-distro=none
 --with-rootfs-path=/var/lxc/containers --with-log-path=/var/lxc/log"
 hostmakedepends="automake libtool pkg-config docbook2x"
-makedepends="libcap-devel libseccomp-devel gnutls-devel"
+makedepends="libcap-devel libseccomp-devel gnutls-devel libapparmor-devel"
 depends="xz gnupg"
 short_desc="${_desc} - utilities"
 maintainer="Juan RP <xtraeme@voidlinux.eu>"
 homepage="https://linuxcontainers.org"
 license="LGPL-2.1"
 distfiles="https://linuxcontainers.org/downloads/lxc-${version}.tar.gz"
-checksum=45986c49be1c048fa127bd3e7ea1bd3347e25765c008a09a2e4c233151a2d5db
+checksum=6ab7117b17066220da450c55ed77953998cf2336d415143b879554364af12f5c
 conf_files="/etc/lxc/default.conf"
 make_dirs="