gentoo resync : 07.10.2018

4 files changed, 3 insertions, 279 deletions

diff --git a/app-emulation/lxc/Manifest b/app-emulation/lxc/Manifest
index c79557bcd940..591cec905334 100644
--- a/app-emulation/lxc/Manifest
+++ b/app-emulation/lxc/Manifest
@@ -4,13 +4,10 @@ AUX lxc-2.1.1-cgroups-enable-container-without-CAP_SYS_ADMIN.patch 5145 BLAKE2B
 AUX lxc-2.1.1-cve-2018-6556.patch 3994 BLAKE2B 791b80852408df5f325465a6ceea5bf7986641da4c988db1f61bebabe656554aa5032186f4e5409093c14b9c9fb3ee3d7bf06e338c5f4c19cb4e2eb9d8d1db36 SHA512 fcce5387cc1d67fcb035073a5295e15570b114d202f4b077363a5059813a28b7165b5ea3e32beb4b1be8d45613bc5d7d8223ed2ebff45d5e95b5fd1e87dbd490
 AUX lxc-2.1.1-fix-cgroup2-detection.patch 856 BLAKE2B e877e8a968d059c2034a2b5c23946241a6b45172f893e313bff30a7f798e3b1440e5a1e8ee277816308fb509901b52584a44021a156a91671e299964dd69b1bd SHA512 eb0fc8dee5a59d1641e8b3024bf79be2273aa15131fd7eaee98d80585c39ddb93d8d9cfe98c7f866ab2461fe8c6c7e3c038ec1a1263a6f9b02ed323a267b87f2
 AUX lxc-3.0.0-bash-completion.patch 915 BLAKE2B 8bb879e391cec349d211b47d321c64ea091c8475ac9a8c4adfb45918c044f6c49d9b9bce546082907d696f697baf0870893c4427abeafa496db89f99190cd091 SHA512 2f3728fcf5e88eecc1ae05bf038ef83baa375194c5bef0d0ef68feaf4d8092cdd8efef6b3c27207c4abd28b085f087af517242c65747b47d0a8fa840f6b9d279
-AUX lxc-3.0.1-cve-2018-6556.patch 3481 BLAKE2B 2ee1d488f7be81d97908d83d84346c5800b2d3f5ef395fb97c60263134b6e7e5048be7020e296e9d45b2ca17b0d8d0d911d0e3e1b08fe02866f506743f13270d SHA512 0cfc93c4f1a989e6c8d29c232aa8569649dd0797419f58c5e83b9febf851ed7b605a552a0b521e1c57de0179a08ee9e6ee8243130758867901fd5b26533425ca
 AUX lxc.initd.7 3468 BLAKE2B 37b0d044594f1c66631f991315e49c4ceea4640bf6c459e6bba713fb76ef9a8ee1fcbc49da68bd0f1e2929cf9904e0113a3b321166f7c3d360fcebeab6665e5a SHA512 c5841cff7d8b58d4283a26719e8a5db1be2c4add0f31065393b863b6626460180d91632106bc50cde4d3e74ae46a57d581fa1f01140dfa95522aba12277f9eaa
 AUX lxc_at.service.4 265 BLAKE2B 4454528e69a5c986c23c0c4ccc10ebe03a0650e47cd30208355d2f4a70a4cb46392473eccddd736988f1b72954948876601aaf99977d8e6014a7c774a416160f SHA512 d61e7103e90e6ffb3202533e7d7555d8c02b943f06ec6c0d673713c1c0ede58641312c65d6dd6a15907c1171522e6148c2313d7b11acbd85d59fe65758cd52b3
 DIST lxc-2.1.1.tar.gz 1378640 BLAKE2B 5fca516540a886729434579ff99acf3baa06977fa0e0b6f24dbf15094626335fc073597d308276e3dd20e27ceabf1477cc8e99d1fd24cf50b9aed2720b887b69 SHA512 2989d57acddfe091adcf8031721c3c9a2f8eff5476bd6155366b76ea7511e0f6120e669276e056e3963863e0f0acf3b095d44c36fa6652e67c197671f28cbdd4
-DIST lxc-3.0.1.tar.gz 1239920 BLAKE2B 7be668c11d7211540fe7e2fb6318d38eac0d8d493914f4705d097fca4c004a8d2191609d02bd9e1d9204c3c0b9ea937084d3f9050fc841f6d777768067af3d19 SHA512 f51b0844f61f64d4efc530454eae1fa499f7f1b908bd3b40d7031e7f311a402893a7504bddbc53f2ef9da2b3154d1b047fc4d876b99f0d487d7c79de64eea505
 DIST lxc-3.0.2.tar.gz 1236975 BLAKE2B 68047f6374b9081fb308586726797ed94fa66b5e94eb3fc12ad1a0aedc15ac1ee518ca5a341db79a715015e34ad38659200ad6aaf21f74639ebb55e7e1360645 SHA512 d7f5e3f91e5c8800e3e092ab209158a4d3e3c2816623249aeaaf2e0950428484ac5d1432d71298787721e1419cd962c0798ba14979e62161299fa15a299efde8
 EBUILD lxc-2.1.1-r1.ebuild 6818 BLAKE2B e885b3a11de8a131433bec83b1d47b8c2277fd575d2d8bbf475bbb6ad5b1b520fbe204f61034816a96eef2734b5986d1bdaf9f39c2c61f4d1e47597c49eaf90c SHA512 15d46b88c5163ed35d25e404696350d0ef4906c4b264f5c1e9987a2f98a24b68c8187222a39a041a7de622621ae3dc5a9e6b58ab24754e57a70e2e1374f8c840
-EBUILD lxc-3.0.1-r1.ebuild 5191 BLAKE2B 9f459a526990f82180248e70c618479b12bd2f0ebbed6531d380a379256f214511b1213e1627a4fc813d36d38a05b4f44894f14ce9d7fef2da1fd0f5d1db9b51 SHA512 3e32d03eb7bf76be38b9fba3b2b0645273c497d9053ff91167908675d133b7e55ab80f7f8bb6a58ecefb1c9b002ef8727b63af56cd2c478a6dea2e8dd9c4f033
-EBUILD lxc-3.0.2.ebuild 5033 BLAKE2B 3687be7ad11e70d8955f671e463a5311f0d5f5948e1c3ad1b31eab8071e5960d9b232dc5b8a176d56006e56e5ec39fd31197f75a9a20c24ce9131235151f287e SHA512 9b21e7225343ab7379dad667652acafe1f3e32c0b90edd8df4b0385bedb742f43f1998711be8039d673affac066b5aa9f70e2ee9557cd7d207b6c064dba440d3
+EBUILD lxc-3.0.2.ebuild 5028 BLAKE2B f51ca223fc632d7475e1353b6309b96ec8a97e40508c3f7aeb6bf3a9f0727981bd7217adea2b881be3c191494e56a33b44e19b07d7f2b1772697fbf466774baa SHA512 f6cd8a534453b85a4bc12c187dbef844722bf7f94150693683e486bf3daaeaf12a968d20c9c93261eaadb1b27511b083b4ab5bde13e4bd7b3624ab6a9826f765
 MISC metadata.xml 727 BLAKE2B f1f8eedf4986f221535eacc12429dadb73c25d07e67962d6676ca8f5303d971828df6bf781628fc0089ba29766136c73d164208f057bd59ca3789fab73ab7d47 SHA512 025b93960856b23bb9817b38fadb6ef9d6dfd2ab98f813de840634396fed8e577b8ff52c2d4698d21e0a18d3196d3233da0bf400bee4775cc1fa12b1014ec9f4
diff --git a/app-emulation/lxc/files/lxc-3.0.1-cve-2018-6556.patch b/app-emulation/lxc/files/lxc-3.0.1-cve-2018-6556.patch
deleted file mode 100644
index 198e835e6c59..000000000000
--- a/app-emulation/lxc/files/lxc-3.0.1-cve-2018-6556.patch
+++ /dev/null
@@ -1,110 +0,0 @@
-From f2314625c5702cfd25974929599fa439bdac8bdf Mon Sep 17 00:00:00 2001
-From: Christian Brauner <christian.brauner@ubuntu.com>
-Date: Wed, 25 Jul 2018 19:56:54 +0200
-Subject: [PATCH] CVE 2018-6556: verify netns fd in lxc-user-nic
-
-Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
----
- src/lxc/cmd/lxc_user_nic.c | 35 ++++++++++++++++++++++++++++++++---
- src/lxc/utils.c            | 12 ++++++++++++
- src/lxc/utils.h            |  5 +++++
- 3 files changed, 49 insertions(+), 3 deletions(-)
-
-diff --git a/src/lxc/cmd/lxc_user_nic.c b/src/lxc/cmd/lxc_user_nic.c
-index ec9cd97e..c5beb6c8 100644
---- a/src/lxc/cmd/lxc_user_nic.c
-+++ b/src/lxc/cmd/lxc_user_nic.c
-@@ -1179,12 +1179,41 @@ int main(int argc, char *argv[])
- 			exit(EXIT_FAILURE);
- 		}
- 	} else if (request == LXC_USERNIC_DELETE) {
--		netns_fd = open(args.pid, O_RDONLY);
-+		char opath[LXC_PROC_PID_FD_LEN];
-+
-+		/* Open the path with O_PATH which will not trigger an actual
-+		 * open(). Don't report an errno to the caller to not leak
-+		 * information whether the path exists or not.
-+		 * When stracing setuid is stripped so this is not a concern
-+		 * either.
-+		 */
-+		netns_fd = open(args.pid, O_PATH | O_CLOEXEC);
- 		if (netns_fd < 0) {
--			usernic_error("Could not open \"%s\": %s\n", args.pid,
--				      strerror(errno));
-+			usernic_error("Failed to open \"%s\"\n", args.pid);
-+			exit(EXIT_FAILURE);
-+		}
-+
-+		if (!fhas_fs_type(netns_fd, NSFS_MAGIC)) {
-+			usernic_error("Path \"%s\" does not refer to a network namespace path\n", args.pid);
-+			close(netns_fd);
-+			exit(EXIT_FAILURE);
-+		}
-+
-+		ret = snprintf(opath, sizeof(opath), "/proc/self/fd/%d", netns_fd);
-+		if (ret < 0 || (size_t)ret >= sizeof(opath)) {
-+			close(netns_fd);
-+			exit(EXIT_FAILURE);
-+		}
-+
-+		/* Now get an fd that we can use in setns() calls. */
-+		ret = open(opath, O_RDONLY | O_CLOEXEC);
-+		if (ret < 0) {
-+			usernic_error("Failed to open \"%s\": %s\n", args.pid, strerror(errno));
-+			close(netns_fd);
- 			exit(EXIT_FAILURE);
- 		}
-+		close(netns_fd);
-+		netns_fd = ret;
- 	}
- 
- 	if (!create_db_dir(LXC_USERNIC_DB)) {
-diff --git a/src/lxc/utils.c b/src/lxc/utils.c
-index 26f1b058..69d362dc 100644
---- a/src/lxc/utils.c
-+++ b/src/lxc/utils.c
-@@ -2548,6 +2548,18 @@ bool has_fs_type(const char *path, fs_type_magic magic_val)
- 	return has_type;
- }
- 
-+bool fhas_fs_type(int fd, fs_type_magic magic_val)
-+{
-+	int ret;
-+	struct statfs sb;
-+
-+	ret = fstatfs(fd, &sb);
-+	if (ret < 0)
-+		return false;
-+
-+	return is_fs_type(&sb, magic_val);
-+}
-+
- bool lxc_nic_exists(char *nic)
- {
- #define __LXC_SYS_CLASS_NET_LEN 15 + IFNAMSIZ + 1
-diff --git a/src/lxc/utils.h b/src/lxc/utils.h
-index 7d672b77..fedc395b 100644
---- a/src/lxc/utils.h
-+++ b/src/lxc/utils.h
-@@ -95,6 +95,10 @@
- #define CGROUP2_SUPER_MAGIC 0x63677270
- #endif
- 
-+#ifndef NSFS_MAGIC
-+#define NSFS_MAGIC 0x6e736673
-+#endif
-+
- /* Useful macros */
- /* Maximum number for 64 bit integer is a string with 21 digits: 2^64 - 1 = 21 */
- #define LXC_NUMSTRLEN64 21
-@@ -581,6 +585,7 @@ extern void *must_realloc(void *orig, size_t sz);
- /* __typeof__ should be safe to use with all compilers. */
- typedef __typeof__(((struct statfs *)NULL)->f_type) fs_type_magic;
- extern bool has_fs_type(const char *path, fs_type_magic magic_val);
-+extern bool fhas_fs_type(int fd, fs_type_magic magic_val);
- extern bool is_fs_type(const struct statfs *fs, fs_type_magic magic_val);
- extern bool lxc_nic_exists(char *nic);
- extern int lxc_make_tmpfile(char *template, bool rm);
--- 
-2.17.1
-
diff --git a/app-emulation/lxc/lxc-3.0.1-r1.ebuild b/app-emulation/lxc/lxc-3.0.1-r1.ebuild
deleted file mode 100644
index bf2c75e44b88..000000000000
--- a/app-emulation/lxc/lxc-3.0.1-r1.ebuild
+++ /dev/null
@@ -1,163 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-inherit autotools bash-completion-r1 linux-info flag-o-matic systemd readme.gentoo-r1 pam
-
-DESCRIPTION="LinuX Containers userspace utilities"
-HOMEPAGE="https://linuxcontainers.org/"
-SRC_URI="https://linuxcontainers.org/downloads/lxc/${P}.tar.gz"
-
-KEYWORDS="amd64 ~arm ~arm64 ~ppc64 x86"
-
-LICENSE="LGPL-3"
-SLOT="0"
-IUSE="examples pam python seccomp selinux +templates"
-
-RDEPEND="
-	net-libs/gnutls
-	sys-libs/libcap
-	pam? ( virtual/pam )
-	seccomp? ( sys-libs/libseccomp )
-	selinux? ( sys-libs/libselinux )"
-
-DEPEND="${RDEPEND}
-	>=app-text/docbook-sgml-utils-0.6.14-r2
-	>=sys-kernel/linux-headers-3.2"
-
-RDEPEND="${RDEPEND}
-	sys-apps/util-linux
-	app-misc/pax-utils
-	virtual/awk"
-
-PDEPEND="templates? ( app-emulation/lxc-templates )
-	python? ( dev-python/python3-lxc )"
-
-CONFIG_CHECK="~CGROUPS ~CGROUP_DEVICE
-	~CPUSETS ~CGROUP_CPUACCT
-	~CGROUP_SCHED
-
-	~NAMESPACES
-	~IPC_NS ~USER_NS ~PID_NS
-
-	~CGROUP_FREEZER
-	~UTS_NS ~NET_NS
-	~VETH ~MACVLAN
-
-	~POSIX_MQUEUE
-	~!NETPRIO_CGROUP
-
-	~!GRKERNSEC_CHROOT_MOUNT
-	~!GRKERNSEC_CHROOT_DOUBLE
-	~!GRKERNSEC_CHROOT_PIVOT
-	~!GRKERNSEC_CHROOT_CHMOD
-	~!GRKERNSEC_CHROOT_CAPS
-	~!GRKERNSEC_PROC
-	~!GRKERNSEC_SYSFS_RESTRICT
-"
-
-ERROR_DEVPTS_MULTIPLE_INSTANCES="CONFIG_DEVPTS_MULTIPLE_INSTANCES:  needed for pts inside container"
-
-ERROR_CGROUP_FREEZER="CONFIG_CGROUP_FREEZER:  needed to freeze containers"
-
-ERROR_UTS_NS="CONFIG_UTS_NS:  needed to unshare hostnames and uname info"
-ERROR_NET_NS="CONFIG_NET_NS:  needed for unshared network"
-
-ERROR_VETH="CONFIG_VETH:  needed for internal (host-to-container) networking"
-ERROR_MACVLAN="CONFIG_MACVLAN:  needed for internal (inter-container) networking"
-
-ERROR_POSIX_MQUEUE="CONFIG_POSIX_MQUEUE:  needed for lxc-execute command"
-
-ERROR_NETPRIO_CGROUP="CONFIG_NETPRIO_CGROUP:  as of kernel 3.3 and lxc 0.8.0_rc1 this causes LXCs to fail booting."
-
-ERROR_GRKERNSEC_CHROOT_MOUNT="CONFIG_GRKERNSEC_CHROOT_MOUNT:  some GRSEC features make LXC unusable see postinst notes"
-ERROR_GRKERNSEC_CHROOT_DOUBLE="CONFIG_GRKERNSEC_CHROOT_DOUBLE:  some GRSEC features make LXC unusable see postinst notes"
-ERROR_GRKERNSEC_CHROOT_PIVOT="CONFIG_GRKERNSEC_CHROOT_PIVOT:  some GRSEC features make LXC unusable see postinst notes"
-ERROR_GRKERNSEC_CHROOT_CHMOD="CONFIG_GRKERNSEC_CHROOT_CHMOD:  some GRSEC features make LXC unusable see postinst notes"
-ERROR_GRKERNSEC_CHROOT_CAPS="CONFIG_GRKERNSEC_CHROOT_CAPS:  some GRSEC features make LXC unusable see postinst notes"
-ERROR_GRKERNSEC_PROC="CONFIG_GRKERNSEC_PROC:  this GRSEC feature is incompatible with unprivileged containers"
-ERROR_GRKERNSEC_SYSFS_RESTRICT="CONFIG_GRKERNSEC_SYSFS_RESTRICT:  this GRSEC feature is incompatible with unprivileged containers"
-
-DOCS=(AUTHORS CONTRIBUTING MAINTAINERS NEWS README doc/FAQ.txt)
-
-pkg_setup() {
-	kernel_is -lt 4 7 && CONFIG_CHECK="${CONFIG_CHECK} ~DEVPTS_MULTIPLE_INSTANCES"
-	linux-info_pkg_setup
-}
-
-src_prepare() {
-	eapply "${FILESDIR}"/${PN}-3.0.0-bash-completion.patch
-	#558854
-	eapply "${FILESDIR}"/${PN}-2.0.5-omit-sysconfig.patch
-	eapply "${FILESDIR}"/${PN}-3.0.1-cve-2018-6556.patch
-	eapply_user
-	eautoreconf
-}
-
-src_configure() {
-	append-flags -fno-strict-aliasing
-
-	# I am not sure about the --with-rootfs-path
-	# /var/lib/lxc is probably more appropriate than
-	# /usr/lib/lxc.
-	# Note by holgersson: Why is apparmor disabled?
-
-	# --enable-doc is for manpages which is why we don't link it to a "doc"
-	# USE flag. We always want man pages.
-	econf \
-		--localstatedir=/var \
-		--bindir=/usr/bin \
-		--sbindir=/usr/bin \
-		--with-config-path=/var/lib/lxc	\
-		--with-rootfs-path=/var/lib/lxc/rootfs \
-		--with-distro=gentoo \
-		--with-runtime-path=/run \
-		--disable-apparmor \
-		--disable-werror \
-		--enable-doc \
-		$(use_enable examples) \
-		$(use_enable pam) \
-		$(use_with pam pamdir $(getpam_mod_dir)) \
-		$(use_enable seccomp) \
-		$(use_enable selinux)
-}
-
-src_install() {
-	default
-
-	mv "${ED}"/usr/share/bash-completion/completions/${PN} "${ED}"/$(get_bashcompdir)/${PN}-start || die
-	bashcomp_alias ${PN}-start \
-		${PN}-{attach,cgroup,copy,console,create,destroy,device,execute,freeze,info,monitor,snapshot,stop,unfreeze,wait}
-
-	keepdir /etc/lxc /var/lib/lxc/rootfs /var/log/lxc
-	rmdir "${D}"/var/cache/lxc "${D}"/var/cache || die "rmdir failed"
-
-	find "${D}" -name '*.la' -delete
-
-	# Gentoo-specific additions!
-	newinitd "${FILESDIR}/${PN}.initd.7" ${PN}
-
-	# Remember to compare our systemd unit file with the upstream one
-	# config/init/systemd/lxc.service.in
-	systemd_newunit "${FILESDIR}"/${PN}_at.service.4 "lxc@.service"
-
-	DOC_CONTENTS="
-	For openrc, there is an init script provided with the package.
-	You _should_ only need to symlink /etc/init.d/lxc to
-	/etc/init.d/lxc.configname to start the container defined in
-	/etc/lxc/configname.conf.
-
-	Correspondingly, for systemd a service file lxc@.service is installed.
-	Enable and start lxc@configname in order to start the container defined
-	in /etc/lxc/configname.conf.
-
-	If you want checkpoint/restore functionality, please install criu
-	(sys-process/criu)."
-	DISABLE_AUTOFORMATTING=true
-	readme.gentoo_create_doc
-}
-
-pkg_postinst() {
-	readme.gentoo_print_elog
-}
diff --git a/app-emulation/lxc/lxc-3.0.2.ebuild b/app-emulation/lxc/lxc-3.0.2.ebuild
index a80befa826a2..9d075f8a2a63 100644
--- a/app-emulation/lxc/lxc-3.0.2.ebuild
+++ b/app-emulation/lxc/lxc-3.0.2.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2018 Gentoo Foundation
+# Copyright 1999-2018 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=7
@@ -11,7 +11,7 @@ DESCRIPTION="LinuX Containers userspace utilities"
 HOMEPAGE="https://linuxcontainers.org/"
 SRC_URI="https://linuxcontainers.org/downloads/lxc/${P}.tar.gz"
 
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~x86"
+KEYWORDS="amd64 ~arm ~arm64 ~ppc64 x86"
 
 LICENSE="LGPL-3"
 SLOT="0"