commit a887cd04012b6c80b2310235347a288895bfdce78876f82bf785f2c214ff183c Author: Adrian Schröter Date: Sat May 4 01:35:47 2024 +0200 Sync from SUSE:SLFO:Main uid_wrapper revision 72ccab77b13692465db5af9d26f41a49 diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/uid_wrapper-1.3.0.tar.gz b/uid_wrapper-1.3.0.tar.gz new file mode 100644 index 0000000..7e1cdad --- /dev/null +++ b/uid_wrapper-1.3.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f7e7c1bde533530051931414724453e14e02adbb614824b6fe27cbb98654b762 +size 51126 diff --git a/uid_wrapper-1.3.0.tar.gz.asc b/uid_wrapper-1.3.0.tar.gz.asc new file mode 100644 index 0000000..14381e0 --- /dev/null +++ b/uid_wrapper-1.3.0.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEjf9T4Y8qvI2PPJIjfuD8TcwBTj0FAmPGqIYACgkQfuD8TcwB +Tj1n2xAAugnfwNIyCHmy/rcb/c6y5IYCFOgdtOdh6mGJhiEvpoa46Zovt6L621DG +laCnfaRiutocHb9u2S+xLddNG8l1ZnUB5mp3QYhey0tNtcHZiU+QV6OkesLsrm6l +98qBgZqoxaatR28SbXus5ypH3bCZIgturj8nme44Prck+V/vQuOAggGok02GwvuG +7CyR9cYA9vg4RrL60ZDXhMB6jWCVnbgHHMjxp5iyeyTMphPKMzCcWDNC9O93RQFJ +pe5AAwSIH8xmOZSb1Z+uVu3J0WnjubcK8PcoEIW/303d4XRvY+w1T+z1Qu+RxXCH +tRTg2+ysRnWtxcKALzbHmbTaggJpsFZyRuu8Rf7E4H+6cCSvQv8qYiIY4wqcebBE ++Xxytb9BYUY24n4HwkpL/3OScNxV5H4S2o2lHd7QT190IW26CaOJx1WGm90EGQKC +LUh8lPNJqETEIu5Dke3PiUoZJ0x7zd235NbmM3rmJ0B2bhtL/L3yP1H2zslMuus3 +5D3XU0IkUykd6wtgO1He+v1JRZl+mFzkeGPakS9IoIj4E4QVJ3jQAe9UeHL4h3Ac +JG5Yl8T6BTyL72xJUjS0C1DOPSj13pZiUD4FTqHr7mUi9xT6Fmg+IK4xfIYMaqWh +3Pf9q+SyHmaml58rxi5CFYvfkhAIa1Frr/VUHg4izuuA6Gc1IgI= +=SrQO +-----END PGP SIGNATURE----- diff --git a/uid_wrapper-fix-cmocka-1.1.6+-support.patch b/uid_wrapper-fix-cmocka-1.1.6+-support.patch new file mode 100644 index 0000000..dc14396 --- /dev/null +++ b/uid_wrapper-fix-cmocka-1.1.6+-support.patch @@ -0,0 +1,31 @@ +From 850f24c6366abda30bfd77734b90330b8809d306 Mon Sep 17 00:00:00 2001 +From: Andreas Schneider +Date: Fri, 17 Feb 2023 17:51:27 +0100 +Subject: [PATCH] cmake: Fix cmocka >= 1.1.6 find_package() in CONFIG mode +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Andreas Schneider +Reviewed-by: Pavel Filipenský +--- + tests/CMakeLists.txt | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt +index 635e86e..68e050e 100644 +--- a/tests/CMakeLists.txt ++++ b/tests/CMakeLists.txt +@@ -1,5 +1,9 @@ + project(tests C) + ++if (TARGET cmocka::cmocka) ++ set(CMOCKA_LIBRARY cmocka::cmocka) ++endif() ++ + add_library(uwrap_fake_socket_wrapper SHARED uwrap_fake_socket_wrapper.c) + target_compile_options(uwrap_fake_socket_wrapper + PRIVATE +-- +2.39.2 + diff --git a/uid_wrapper-rpmlintrc b/uid_wrapper-rpmlintrc new file mode 100644 index 0000000..46c642d --- /dev/null +++ b/uid_wrapper-rpmlintrc @@ -0,0 +1,9 @@ +# This is a special library only for testing purposes. You cannot link this +# library. It is only inteded to be used with LD_PRELOAD. This package is +# the devel package. +# +# Learn more at http://cwrap.org +# +addFilter("shlib-policy-name-error") +addFilter("shared-lib-calls-exit") +addFilter("devel-file-in-non-devel-package") diff --git a/uid_wrapper.changes b/uid_wrapper.changes new file mode 100644 index 0000000..898be79 --- /dev/null +++ b/uid_wrapper.changes @@ -0,0 +1,162 @@ +------------------------------------------------------------------- +Thu Mar 2 10:55:49 UTC 2023 - Dominique Leuenberger + +- Actually apply uid_wrapper-fix-cmocka-1.1.6+-support.patch (use + autosetup instead of setup). + +------------------------------------------------------------------- +Mon Feb 27 09:32:20 UTC 2023 - Andreas Schneider + +- Fix building with cmocka >= 1.1.6 + * Added uid_wrapper-fix-cmocka-1.1.6+-support.patch + +------------------------------------------------------------------- +Tue Jan 17 13:56:46 UTC 2023 - Andreas Schneider + +- Update to version 1.3.0 + * Added support to interact with socket_wrapper syscall() + * Fixed deadlocks with threads + * Improved log output + +------------------------------------------------------------------- +Thu Dec 2 13:50:42 UTC 2021 - Andreas Schneider + +- Update to version 1.2.9 + * Add support for getgroups_chk() + * Added (de)contructor support on AIX with pragma init/finish + +------------------------------------------------------------------- +Wed Apr 7 22:12:18 UTC 2021 - Dirk Müller + +- remove pkgconfig and cmake directory from filelist - provided by filesystem package + +------------------------------------------------------------------- +Tue Jan 26 14:11:29 UTC 2021 - Dominique Leuenberger + +- Replace system-user-nobody with user(nobody): be resilient to + package name changes. + +------------------------------------------------------------------- +Thu Mar 5 15:16:09 UTC 2020 - Andreas Schneider + +- Update to version 1.2.8 + * Fix path in pkgconfig module + * Fix path in cmake find module + +------------------------------------------------------------------- +Wed Aug 21 08:46:42 UTC 2019 - Andreas Schneider + +- Change BR to pkgconf +- Change Requires to Recommends for pkgconf and cmake + +------------------------------------------------------------------- +Tue Jul 16 09:18:30 UTC 2019 - Andreas Schneider + +- Update to version 1.2.7 + * Fix unsetting initial XIDs +- Fix running the tests + +------------------------------------------------------------------- +Mon Jul 15 09:30:54 UTC 2019 - Andreas Schneider + +- Update to version 1.2.6 + * Fix manpage installation + * Fix cmake-config installation + * Fixed running with sanitizers + +------------------------------------------------------------------- +Tue Jul 25 09:17:48 UTC 2017 - asn@cryptomilk.org + +- Update to version 1.2.4 + * Added deadlock workaround for glibc < 2.24 + * Fixed a possible deadlock bug if uid_wrapper is turned off + +------------------------------------------------------------------- +Fri Jul 14 13:24:08 UTC 2017 - asn@cryptomilk.org + +- Update to version 1.2.3 + * Logging is always turned on now + * Fixed a memory leak + * Limited number of groups during fork+exec + +------------------------------------------------------------------- +Thu Jul 13 06:54:57 UTC 2017 - asn@cryptomilk.org + +- Update to version 1.2.2 + * Added support for fork'ed and then exec'ed processes + * Added support for Alpha + +------------------------------------------------------------------- +Mon Mar 21 18:17:52 UTC 2016 - asn@cryptomilk.org + +- Update to version 1.2.1 + * Documented missing options. + * Fixed a comipilation issue with -O3. + +------------------------------------------------------------------- +Sun Feb 14 11:47:01 UTC 2016 - jengelh@inai.de + +- Editorial fixes to the description + +------------------------------------------------------------------- +Thu Oct 29 11:57:14 UTC 2015 - asn@cryptomilk.org + +- Update to version 1.2.0 + * Added privilege checks for all set*uid and set*gid functions. + * Added a lot more and accurate tests which work as root. + * Fixed some minor issues + +------------------------------------------------------------------- +Wed Sep 2 11:30:45 UTC 2015 - asn@cryptomilk.org + +- Update to version 1.1.1 + * Fixed getres(uid|gid) detection if unsupported. + * Fixed the configure on Solaris + * Added a lot more tests + +------------------------------------------------------------------- +Fri Jun 26 06:52:03 UTC 2015 - mpluskal@suse.com + +- Rename rpmlintrc so that it complies with packaging guidelines +- Add rpmlintrc as source + +------------------------------------------------------------------- +Thu Jun 25 15:30:48 UTC 2015 - asn@cryptomilk.org + +- Fix make install + +------------------------------------------------------------------- +Mon May 11 08:35:22 CEST 2015 - asn@cryptomilk.org + +- Cleanup specfile + +------------------------------------------------------------------- +Wed Jan 21 12:48:00 UTC 2015 - asn@cryptomilk.org + +- Update to version 1.1.0 + * Added support for gesresuid(). + * Added support for gesresgid(). + * Added MacOSX support. + * Added fully working thread support. + * Added more tests. + * Fixed issues with older gcc versions. + +------------------------------------------------------------------- +Mon Oct 6 08:50:39 UTC 2014 - asn@cryptomilk.org + +- Fix test on AArch64. + +------------------------------------------------------------------- +Thu Jul 31 07:43:35 UTC 2014 - asn@cryptomilk.org + +- Update to version 1.0.2. + * Added better logging system. + * Added a mapnpage + * Added build and install instructions + * Fixed threading issue in the desctructor. + +------------------------------------------------------------------- +Thu Feb 13 10:25:37 UTC 2014 - asn@cryptomilk.org + +- Initial package. + diff --git a/uid_wrapper.keyring b/uid_wrapper.keyring new file mode 100644 index 0000000..da7a828 Binary files /dev/null and b/uid_wrapper.keyring differ diff --git a/uid_wrapper.spec b/uid_wrapper.spec new file mode 100644 index 0000000..1fa93d4 --- /dev/null +++ b/uid_wrapper.spec @@ -0,0 +1,88 @@ +# +# spec file for package uid_wrapper +# +# Copyright (c) 2023 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +############################# NOTE ################################## +# +# This is a special library. You are not able to link this library. +# Do NOT create library package or a devel package! +# +############################# NOTE ################################## +Name: uid_wrapper +Version: 1.3.0 +Release: 0 +Summary: A wrapper for privilege seperation +License: GPL-3.0-or-later +Group: Development/Libraries/C and C++ +URL: https://cwrap.org/ +Source0: https://ftp.samba.org/pub/cwrap/%{name}-%{version}.tar.gz +Source1: %{name}-rpmlintrc +Source2: https://ftp.samba.org/pub/cwrap/%{name}-%{version}.tar.gz.asc +Source3: uid_wrapper.keyring +Patch0: uid_wrapper-fix-cmocka-1.1.6+-support.patch +BuildRequires: cmake +BuildRequires: libcmocka-devel +BuildRequires: pkgconf +BuildRequires: user(nobody) +Recommends: cmake +Recommends: pkgconf + +%description +Some projects like a file server need privilege separation to be able to switch +to the connnection user and do file operations. uid_wrapper convincingly lies +to the application, letting it believe it is operating as root and even +switching betwen UIDs and GIDs as needed. + +To use it, set the following environment variables: + +LD_PRELOAD=libuid_wrapper.so +UID_WRAPPER=1 + +This package does not have a devel package, because this project is for +development/testing. + +%prep +%autosetup -p1 + +%build +# CMAKE_SKIP_RPATH:BOOL=OFF is need to run the tests! +%cmake \ + -DUNIT_TESTING=ON \ + -DCMAKE_SKIP_RPATH:BOOL=OFF + +%make_build + +%install +%cmake_install + +%check +%ctest + +%post -p /sbin/ldconfig +%postun -p /sbin/ldconfig + +%files +%doc AUTHORS README.md CHANGELOG +%license LICENSE +%{_libdir}/libuid_wrapper.so* +%dir %{_libdir}/cmake/uid_wrapper +%{_libdir}/cmake/uid_wrapper/uid_wrapper-config-version.cmake +%{_libdir}/cmake/uid_wrapper/uid_wrapper-config.cmake +%{_libdir}/pkgconfig/uid_wrapper.pc +%{_mandir}/man1/uid_wrapper.1%{?ext_man} + +%changelog