Sync from SUSE:ALP:Source:Standard:1.0 libpulp revision 99ab3563401efb5964d6489ca0fae580

libpulp.changes

@@ -1,3 +1,141 @@
+-------------------------------------------------------------------
+Thu Oct  2 14:45:48 UTC 2025 - Giuliano Belinassi <giuliano.belinassi@suse.com>
+
+- Update package with libpulp-0.3.17:
+  - Fix dlopen and dlmopen search paths (bsc#1250436).
+
+-------------------------------------------------------------------
+Mon Sep 22 14:39:22 UTC 2025 - Giuliano Belinassi <giuliano.belinassi@suse.com>
+
+- Fix ld.so.conf being modified in SLE-16.
+
+-------------------------------------------------------------------
+Wed Sep 17 15:29:56 UTC 2025 - Giuliano Belinassi <giuliano.belinassi@suse.com>
+
+- Fix `ldconfig` constructing ld.so.cache in the new snapshot (bsc#1249417).
+
+-------------------------------------------------------------------
+Thu Sep  4 21:12:23 UTC 2025 - Giuliano Belinassi <giuliano.belinassi@suse.com>
+
+- Update package with libpulp-0.3.16:
+  - Improve `ulp <command> --help` (bsc#1243787).
+  - Add support to glibc 2.42.
+
+-------------------------------------------------------------------
+Wed Jun 18 13:57:40 UTC 2025 - Giuliano Belinassi <giuliano.belinassi@suse.com>
+
+- Update package with libpulp-0.3.15:
+  - Fix race condition on ppc64le livepatching (bsc#1244263)
+  - Fix SIGABRT when non-valid JSON is given at input (bsc#1243923)
+  - Fix linking against libpthread on older versions of glibc for ppc64le.
+
+-------------------------------------------------------------------
+Wed Apr 30 15:39:17 UTC 2025 - Giuliano Belinassi <giuliano.belinassi@suse.com>
+
+- Update package with libpulp-0.3.14:
+  - Remove any linking to GLIBC_PRIVATE symbols.
+
+-------------------------------------------------------------------
+Tue Apr 29 13:18:14 UTC 2025 - Giuliano Belinassi <giuliano.belinassi@suse.com>
+
+- Update package with libpulp-0.3.13:
+  - Improve detection of -msplit-patch-nops flag (bsc#1240031).
+  - Allow `trigger` to disable seccomp in target process while livepaching.
+  - Make sure libpulp don't crash when calling libc.so.6 (bsc#1241897)
+
+-------------------------------------------------------------------
+Fri Apr  4 15:33:01 UTC 2025 - Giuliano Belinassi <giuliano.belinassi@suse.com>
+
+- Update package with libpulp-0.3.12:
+  - Remove TEXTRELs in ppc64le port (bsc#1239092).
+  - Check for -msplit-patch-nops flag.
+
+-------------------------------------------------------------------
+Tue Feb 25 12:20:15 UTC 2025 - Giuliano Belinassi <giuliano.belinassi@suse.com>
+
+- Update package with libpulp-0.3.11:
+  - Detect whenever the process was loaded in a custom starting address.
+  - ulp_stack now allocates multiples of page size.
+  - Fix livepatching of `malloc` in ppc64le (jsc#PED-11850).
+
+-------------------------------------------------------------------
+Mon Feb 10 20:42:18 UTC 2025 - Giuliano Belinassi <giuliano.belinassi@suse.com>
+
+- Update package with libpulp-0.3.10:
+  - Fix livepatching on Debian systems.
+  - Improve error message when ptrace_scope is active.
+  - Avoid saving unecessary registers in ppc64le.
+  - Fix failing tests when libpulp is loaded system-wide.
+  - Correct TOC loading in ppc64le (jsc#PED-11850).
+
+-------------------------------------------------------------------
+Thu Jan 30 21:25:17 UTC 2025 - Giuliano Belinassi <giuliano.belinassi@suse.com>
+
+- Update package with libpulp-0.3.9:
+  - Fix limitation in ppc64le not being able to livepatch functions with more
+    than 8 parameters (jsc#PED-11850).
+
+-------------------------------------------------------------------
+Fri Jan 17 11:41:13 UTC 2025 - Giuliano Belinassi <giuliano.belinassi@suse.com>
+
+- Re-enable support for userspace livepatching in ppc64le (jsc#PED-11850).
+
+-------------------------------------------------------------------
+Fri Jan 10 13:25:15 UTC 2025 - Giuliano Belinassi <giuliano.belinassi@suse.com>
+
+- Disable build on ppc64le until gcc-13 pfe patch reaches SP7.
+
+-------------------------------------------------------------------
+Thu Dec 19 23:10:29 UTC 2024 - Giuliano Belinassi <giuliano.belinassi@suse.com>
+
+- Update package with libpulp-0.3.8:
+  - Fix livepatching failure in glibc 2.40.
+- Force compilation with gcc-13 for SP7 and Tumbleweed (jsc#PED-10952).
+- Add ppc64le as supported architecture (jsc#PED-10952).
+
+-------------------------------------------------------------------
+Thu Dec 12 19:41:51 UTC 2024 - Giuliano Belinassi <giuliano.belinassi@suse.com>
+
+- Cleanup /var/livepatches on boot time.
+
+-------------------------------------------------------------------
+Sat Dec  7 00:59:13 UTC 2024 - Giuliano Belinassi <giuliano.belinassi@suse.com>
+
+- Add timestamps on each message.
+
+-------------------------------------------------------------------
+Wed Dec  4 18:58:38 UTC 2024 - Giuliano Belinassi <giuliano.belinassi@suse.com>
+
+- Update rpm-helper script for SLE Micro (bsc#1228879).
+- Update macros.userspace-livepatch for SLE Micro (bsc#1228879).
+- Guard macros behind sle_version >= 1600.
+
+-------------------------------------------------------------------
+Thu Nov 14 01:15:15 UTC 2024 - Giuliano Belinassi <giuliano.belinassi@suse.com>
+
+- Add SELinux policy for /var/livepatches (bsc#1228879).
+- Update rpm-helper script for SLE Micro.
+
+-------------------------------------------------------------------
+Fri Oct 18 19:24:22 UTC 2024 - Giuliano Belinassi <giuliano.belinassi@suse.com>
+
+- Update package with libpulp-0.3.7
+  - Fix fails due to realpath returning NULL in SLE-Micro.
+  - Return insn_queue because of permission errors on /proc/self/mem.
+  - Fix livepatch of malloc (bsc#1231727).
+
+-------------------------------------------------------------------
+Wed Sep 11 13:27:19 UTC 2024 - Giuliano Belinassi <giuliano.belinassi@suse.com>
+
+- Update .spec license to match libpulp's license.
+
+-------------------------------------------------------------------
+Fri Sep  6 14:34:08 UTC 2024 - Giuliano Belinassi <giuliano.belinassi@suse.com>
+
+- Update package with libpulp-0.3.6
+  * Ptrace-yama-scope (bsc#1221763).
+  * Drop insn_queue in favor of /proc/self/mem.
+
 -------------------------------------------------------------------
 Wed Jul  3 15:01:44 UTC 2024 - Giuliano Belinassi <giuliano.belinassi@suse.com>
 

libpulp.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package libpulp
 #
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,15 +17,17 @@
 
 
 Name:           libpulp
-Version:        0.3.5
+Version:        0.3.17
 Release:        0
 Summary:        Userspace live patching library and tools
-License:        LGPL-2.1-only
+License:        LGPL-2.1-or-later
 Group:          Productivity/Security
 URL:            https://github.com/suse/libpulp
 Source0:        %{name}-%{version}.tar.gz
 Source1:        rpm-helper
 Source2:        macros.userspace-livepatch
+Source3:        selinux-ulp.conf
+Source4:        ulp-tmp.conf
 Source99:       libpulp.rpmlintrc
 # Required to hardlink identical files.
 BuildRequires:  fdupes
@@ -34,17 +36,27 @@ BuildRequires:  gcc-c++
 # Required to build the tools, which are needed to run the tests.
 BuildRequires:  libjson-c-devel
 BuildRequires:  libelf-devel
+BuildRequires:  procps
 BuildRequires:  python3-pexpect
 BuildRequires:  python3-psutil
 BuildRequires:  libseccomp-devel
 
 # Disable ptrace_scope on tumbleweed
-%if 0%{?suse_version} > 1600
+%if 0%{?suse_version} >= 1600
 BuildRequires:  aaa_base-yama-enable-ptrace
 %endif
 
 # Only available for these architectures.
+%if 0%{?sle_version} >= 150700 || 0%{suse_version} >= 1570
+# For ppc64le onwards we need gcc-13 for a fix to -fpatchable-function-entry
+# which is not currently upstream and not in gcc-14.
+BuildRequires: gcc13
+BuildRequires: gcc13-c++
+ExclusiveArch:  x86_64 ppc64le
+%else
+# Block to x86_64 for older versions of SLE.
 ExclusiveArch:  x86_64
+%endif
 
 %description
 Library and tools for user space live patching.
@@ -74,6 +86,13 @@ This package contains the tools to apply user-space live patches.
 
 %build
 
+# For ppc64le onwards we need gcc-13 for a fix to -fpatchable-function-entry
+# which is not currently upstream and not in gcc-14.
+%if 0%{?sle_version} >= 150700 || 0%{suse_version} >= 1570
+export CC=gcc-13
+export CXX=g++-13
+%endif
+
 %configure
 %make_build
 
@@ -84,6 +103,11 @@ This package contains the tools to apply user-space live patches.
 %make_install
 install -D -m0755 %{SOURCE1} %{buildroot}%{_prefix}/lib/userspace-livepatch/rpm-helper
 install -D -m0644 %{SOURCE2} %{buildroot}%{_prefix}/lib/rpm/macros.d/macros.userspace-livepatch
+install -D -m0644 %{SOURCE3} %{buildroot}%{_prefix}/etc/tukit.conf.d/selinux-ulp.conf
+install -D -m0644 %{SOURCE4} %{buildroot}%{_prefix}/lib/tmpfiles.d/ulp-tmp.conf
+
+# Create /var/livepatches
+mkdir -p %{buildroot}/var/livepatches/
 
 # Convert identical files into hardlinks.
 %fdupes %{buildroot}/%{_prefix}
@@ -93,6 +117,28 @@ install -D -m0644 %{SOURCE2} %{buildroot}%{_prefix}/lib/rpm/macros.d/macros.user
 find %{buildroot}/%{_prefix} -name libpulp.la -delete
 find %{buildroot}/%{_prefix} -name libpulp.so -delete
 
+%post -n libpulp-tools
+%define ld_so_conf  /etc/ld.so.conf
+%define addline     include /var/livepatches/ld.so.conf
+
+# There are special logic needed in sle-micro onwards.
+if [ "$TRANSACTIONAL_UPDATE" = "true" ] && [ "x$TRANSACTIONAL_UPDATE_ROOT" != "x" ]; then
+  # Add instance of /var/livepatches if it doesn't already exist.
+  grep -qxF '%{addline}' %{ld_so_conf} || echo '%{addline}' >> %{ld_so_conf}
+else
+  # Remove any instance of /var/livepatches from ld.so.conf if it exists.  There
+  # is a bug in older verisons of libpulp tools that add this live even for
+  # non-transactional systems.
+  sed -i '\#%{addline}#d' %{ld_so_conf}
+fi
+
+%postun -n libpulp-tools
+
+if [ "$1" == "0" ]; then
+  # Delete all instances of libpulp in the ld_so_conf.
+  sed -i '\#%{addline}#d' %{ld_so_conf}
+fi
+
 %post -n libpulp0 -p /sbin/ldconfig
 %postun -n libpulp0 -p /sbin/ldconfig
 
@@ -107,6 +153,11 @@ find %{buildroot}/%{_prefix} -name libpulp.so -delete
 %dir %{_prefix}/lib/userspace-livepatch
 %{_prefix}/lib/userspace-livepatch/*
 %{_prefix}/lib/rpm/*
+%{_prefix}/lib/tmpfiles.d/ulp-tmp.conf
+%{_prefix}/etc/tukit.conf.d/selinux-ulp.conf
+%{_prefix}/etc/tukit.conf.d
+%{_prefix}/etc
+/var/livepatches
 %license LICENSE
 
 %changelog

macros.userspace-livepatch

@@ -7,3 +7,27 @@ echo "Executing ulp_post_hook(). About to execute rpm-helper..." \
 /bin/bash /usr/lib/userspace-livepatch/rpm-helper install "%1" "%2" "%3" $1 \
 echo "Done executing rpm-helper." \
 %{nil}
+
+# Hook for %post used by livepatch packages move the system libraries to the
+# current snapshot for sle-micro.
+#
+# The parameters are <package_name> <livepatch_version> <files_to_copy1> ...
+%ulp_post_move_libs() \
+%if 0%{?suse_version} >= 1600 \
+echo "Executing ulp_post_move_libs()" \
+/bin/bash /usr/lib/userspace-livepatch/rpm-helper movelibs "%1" "%2" "%3" $1 \
+echo "Done executing ulp_post_move_libs()" \
+%endif \
+%{nil}
+
+# Hook for %postun used by livepatch packages to remove the moved system
+# libraries
+#
+# The parameters are <package_name> <livepatch_version>
+%ulp_post_remove_libs() \
+%if 0%{?suse_version} >= 1600 \
+echo "Executing ulp_post_remove_libs()" \
+/bin/bash /usr/lib/userspace-livepatch/rpm-helper removelibs "%1" "%2" "%3" $1 \
+echo "Done executing ulp_post_remove_libs()" \
+%endif \
+%{nil}

rpm-helper

@@ -45,14 +45,26 @@ do_install()
 
   check_livepatching_env || return 0
 
-  # Check if we are running a transactional update. If yes, set the root
-  # accordingly.
+  INSTALL_DIR="/usr/lib64/$PACKAGE/$VER"
+  TRIGGER_PATH="$INSTALL_DIR"
+
+  # Check if we are running a transactional update. If yes, then we need to
+  # move the livepatches to a better location.
   if [ "$TRANSACTIONAL_UPDATE" = "true" ] && [ "x$TRANSACTIONAL_UPDATE_ROOT" != "x" ]; then
-    ROOT="-R $TRANSACTIONAL_UPDATE_ROOT"
+    TRIGGER_PATH="/var/livepatches/$PACKAGE/$VER/lp"
+
+    # Create path if it doesn't already exist.
+    mkdir -p "$TRIGGER_PATH"
+
+    # Clean the path
+    rm -rf "$TRIGGER_PATH"
+
+    # Copy the patches to the location we have permission.
+    cp -rZ "$INSTALL_DIR" "$TRIGGER_PATH"
   fi
 
-  ulp trigger $ROOT --recursive -r 100 --timeout 200 --revert-all=target \
-    "/usr/lib64/$PACKAGE/$VER/*.so"
+  ulp trigger --recursive -r 100 --timeout 200 --revert-all=target \
+    "$TRIGGER_PATH/*.so"
 
   echo "ulp trigger executed."
 }
@@ -62,10 +74,66 @@ do_remove()
 	: # reserved for future use
 }
 
-if test $# -ne 5; then
-	echo 'WARNING: Unexpected number of parameters. Are the live patch RPM scripts compatible with this rpm-helper?' >&2
-fi
+# Execute this on sle-micro to move the new libraries to the current snapshot.
+do_movelibs()
+{
+  if test -e /.buildenv; then
+    echo "Skipping move libs in buildroot"
+    return 0
+  fi
 
+  local ld_so_conf="/var/livepatches/ld.so.conf"
+  local addline="/var/livepatches/$PACKAGE/$VER/libs"
+  local line_pattern="/var/livepatches/$PACKAGE/.*/libs"
+
+  # check if we are running a transactional update. if no, there is no need to
+  # move libraries around.
+  if [ "$TRANSACTIONAL_UPDATE" = "true" ] && [ "x$TRANSACTIONAL_UPDATE_ROOT" != "x" ]; then
+    [[ -e $ld_so_conf ]] && sed -i "\#$line_pattern#d" $ld_so_conf
+
+    echo "$addline" >> $ld_so_conf
+
+    mkdir -p $addline
+
+    for i in $(seq 1 3); do
+      shift
+    done
+
+    for file in "$@"; do
+      [[ -e $file ]] && install -D -Z $file "$addline/$(basename $file)"
+    done
+
+    # Update ldconfig cache for the old snapshot.
+    /sbin/ldconfig -r /proc/1/root/
+  fi
+}
+
+# Execute this on sle-micro to move the new libraries to the current snapshot.
+do_removelibs()
+{
+  if test -e /.buildenv; then
+    echo "Skipping move libs in buildroot"
+    return 0
+  fi
+
+  local ld_so_conf="/var/livepatches/ld.so.conf"
+  local addline="/var/livepatches/$PACKAGE/$VER/libs"
+  local line_pattern="/var/livepatches/$PACKAGE/.*/libs"
+
+  # check if we are running a transactional update. if no, there is no need to
+  # move libraries around.
+  if [ "$TRANSACTIONAL_UPDATE" = "true" ] && [ "x$TRANSACTIONAL_UPDATE_ROOT" != "x" ]; then
+    # Remove the line of ld.so.conf
+    [[ -e $ld_so_conf ]] && sed -i "\#$line_pattern#d" $ld_so_conf
+
+    # Update ldconfig cache for the new snapshot, as programs may be using
+    # libraries in that folder.
+    /sbin/ldconfig
+
+    # Delete copied libs.
+    rm -rf $addline
+  fi
+}
 
 # Parse first argument (install or remove).
 cmd=$1
@@ -73,9 +141,10 @@ PACKAGE=$2
 VER=$3
 TARGET_LIB=$4
 NUM_PACKAGES=${5-0}
+
 case "$cmd" in
-install|remove)
-	do_$cmd
+install|remove|movelibs|removelibs)
+	do_$cmd "$@"
 	exit
 	;;
 *)

selinux-ulp.conf

@@ -0,0 +1 @@
+BINDDIRS[ulp]=/var/livepatches

ulp-tmp.conf

@@ -0,0 +1 @@
+R     /var/livepatches/*