From cc32e84e0ab58accc8e58ae05afca90ecdd0f7a5e054c1db29d741bd5877273f Mon Sep 17 00:00:00 2001
From: Takashi Iwai <tiwai@suse.com>
Date: Fri, 11 Sep 2015 14:43:47 +0000
Subject: [PATCH] Accepting request 330520 from home:tiwai:branches:devel:tools

- Disable systemd service as a temporary workaround for possibile
  security issues (CVE-2015-5228, CVE-2015-5231, bsc#943105)
- Update to criu 1.7:
  * Improved cgroups management
  * Support for seccomp strict mode
  * Support for stream unix sockets inheritance
  * Support uid/gid-restricted mounts in userns
  * Support deleted bind-mounts
  * Ability to specify maximum ghost file size
  * OverlayFS support
  * Support relative unix sockets' bind paths
  * Altivec and PSX support for PPC
  * Small PIE loader
  * Temporary proc mountpoint is mounted with nosuid, noexec and nodev
  * Less memory copies when preparing restorer binary
  * CRIT action "show" for less keystrokes on common use-case
  * Fsnotify log messages now use hex everywhere :)
  * CRIT output doesn't mix fields any more
  * Many fixes

OBS-URL: https://build.opensuse.org/request/show/330520
OBS-URL: https://build.opensuse.org/package/show/devel:tools/criu?expand=0&rev=29
---
 4c5b23e5-criu.pc.diff    | 34 ---------------------------
 crit-install-prefix.diff | 15 ------------
 criu-1.6.tar.bz2         |  3 ---
 criu-1.7.tar.bz2         |  3 +++
 criu.changes             | 23 ++++++++++++++++++
 criu.spec                | 20 +++++++++-------
 lsm-prototype-fix.diff   | 51 ----------------------------------------
 7 files changed, 37 insertions(+), 112 deletions(-)
 delete mode 100644 4c5b23e5-criu.pc.diff
 delete mode 100644 crit-install-prefix.diff
 delete mode 100644 criu-1.6.tar.bz2
 create mode 100644 criu-1.7.tar.bz2
 delete mode 100644 lsm-prototype-fix.diff

diff --git a/4c5b23e5-criu.pc.diff b/4c5b23e5-criu.pc.diff
deleted file mode 100644
index 22887d4..0000000
--- a/4c5b23e5-criu.pc.diff
+++ /dev/null
@@ -1,34 +0,0 @@
-From 4c5b23e52c1dc4e3fbbc7472b92e7b1ce9d22f02 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= <cbosdonnat@suse.com>
-Date: Thu, 30 Jul 2015 18:44:00 +0300
-Subject: [PATCH] Fix criu.pc version
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Use CRTOOLSVERSION instead of GITID to write criu.pc version. With
-GITID, criu.pc had version '0' when built from tarballs.
-
-Signed-off-by: Cédric Bosdonnat <cbosdonnat@suse.com>
-Acked-by: Tycho Andersen <tycho.andersen@canonical.com>
-Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
----
- Makefile | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/Makefile b/Makefile
-index 6ed4c90..7f5c890 100644
---- a/Makefile
-+++ b/Makefile
-@@ -339,7 +339,7 @@ install-criu: $(PROGRAM) $(CRIU-LIB) install-crit
- 	$(Q) install -m 644 scripts/sd/criu.service $(DESTDIR)$(SYSTEMDUNITDIR)
- 	$(Q) mkdir -p $(DESTDIR)$(LOGROTATEDIR)
- 	$(Q) install -m 644 scripts/logrotate.d/criu-service $(DESTDIR)$(LOGROTATEDIR)
--	$(Q) sed -e 's,@version@,$(GITID),' \
-+	$(Q) sed -e 's,@version@,$(CRTOOLSVERSION),' \
- 		-e 's,@libdir@,$(LIBDIR),' \
- 		-e 's,@includedir@,$(dir $(INCLUDEDIR)),' \
- 		lib/criu.pc.in > criu.pc
--- 
-2.1.4
-
diff --git a/crit-install-prefix.diff b/crit-install-prefix.diff
deleted file mode 100644
index d46822f..0000000
--- a/crit-install-prefix.diff
+++ /dev/null
@@ -1,15 +0,0 @@
----
- Makefile |    2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- a/Makefile
-+++ b/Makefile
-@@ -314,7 +314,7 @@ install-man:
- 
- install-crit: crit
- 	$(E) "  INSTALL crit"
--	$(Q) python scripts/crit-setup.py install --prefix=$(DESTDIR)$(PREFIX)
-+	$(Q) python scripts/crit-setup.py install --root=$(DESTDIR) --prefix=$(PREFIX)
- 
- .PHONY: install install-man install-crit
- 
diff --git a/criu-1.6.tar.bz2 b/criu-1.6.tar.bz2
deleted file mode 100644
index e1c0877..0000000
--- a/criu-1.6.tar.bz2
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:35ba6f5df90bfb8a25ae5e53459272bb37b8a69790e084f86d7a9ffa0df35993
-size 484513
diff --git a/criu-1.7.tar.bz2 b/criu-1.7.tar.bz2
new file mode 100644
index 0000000..6825b7e
--- /dev/null
+++ b/criu-1.7.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:977cf03d94415c2858581bb9894cfb90ac0c0b4b045e9bfa7c04c230aae01a21
+size 507224
diff --git a/criu.changes b/criu.changes
index 5e18abf..39414b0 100644
--- a/criu.changes
+++ b/criu.changes
@@ -1,3 +1,26 @@
+-------------------------------------------------------------------
+Fri Sep 11 16:06:30 CEST 2015 - tiwai@suse.de
+
+- Disable systemd service as a temporary workaround for possibile
+  security issues (CVE-2015-5228, CVE-2015-5231, bsc#943105)
+- Update to criu 1.7:
+  * Improved cgroups management
+  * Support for seccomp strict mode
+  * Support for stream unix sockets inheritance
+  * Support uid/gid-restricted mounts in userns
+  * Support deleted bind-mounts
+  * Ability to specify maximum ghost file size
+  * OverlayFS support
+  * Support relative unix sockets' bind paths
+  * Altivec and PSX support for PPC
+  * Small PIE loader
+  * Temporary proc mountpoint is mounted with nosuid, noexec and nodev
+  * Less memory copies when preparing restorer binary
+  * CRIT action "show" for less keystrokes on common use-case
+  * Fsnotify log messages now use hex everywhere :)
+  * CRIT output doesn't mix fields any more
+  * Many fixes
+
 -------------------------------------------------------------------
 Fri Jul 31 07:47:22 UTC 2015 - cbosdonnat@suse.com
 
diff --git a/criu.spec b/criu.spec
index 5194db2..7fb1a26 100644
--- a/criu.spec
+++ b/criu.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package criu
 #
-# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -16,18 +16,16 @@
 #
 
 
-%define package_version 1.6
+%define with_systemd_service 0
+%define package_version 1.7
 Name:           criu
-Version:        1.6
+Version:        1.7
 Release:        0
 Summary:        Checkpoint/Restore In Userspace Tools
 License:        GPL-2.0
 Group:          System/Console
 Url:            http://criu.org/
 Source0:        http://download.openvz.org/criu/criu-%{package_version}.tar.bz2
-Patch1:         crit-install-prefix.diff
-Patch2:         lsm-prototype-fix.diff
-Patch3:         4c5b23e5-criu.pc.diff
 BuildRequires:  asciidoc
 BuildRequires:  pkg-config
 BuildRequires:  protobuf-c
@@ -67,9 +65,6 @@ to develop applications with CRIU library.
 
 %prep
 %setup -q -n %{name}-%{package_version}
-%patch1 -p1
-%patch2 -p1
-%patch3 -p1
 # fix up the broken protobuf descriptor.proto (comment-in-comment)
 rm -f protobuf/google/protobuf/descriptor.proto
 sed -e's@/\*@@g' -e's@\*/@@g' /usr/include/google/protobuf/descriptor.proto > protobuf/google/protobuf/descriptor.proto
@@ -92,7 +87,11 @@ mv %{buildroot}%{_sysconfdir}/logrotate.d/criu-service \
 # for compatiblity
 ln -s criu %{buildroot}%{_sbindir}/crtools
 ln -s criu.8 %{buildroot}%{_mandir}/man8/crtools.8
+%if !%with_systemd_service
+rm -f %{buildroot}%{_unitdir}/criu.*
+%endif
 
+%if %with_systemd_service
 %pre
 %service_add_pre criu.service criu.socket
 exit 0
@@ -108,6 +107,7 @@ exit 0
 %postun
 %service_del_postun criu.service criu.socket
 exit 0
+%endif
 
 %post -n libcriu1 -p /sbin/ldconfig
 
@@ -119,7 +119,9 @@ exit 0
 %{_sbindir}/*
 %{_bindir}/*
 %{_mandir}/man*/*
+%if %with_systemd_service
 %{_unitdir}/criu.*
+%endif
 %config %{_sysconfdir}/logrotate.d/*
 /usr/lib/python*/site-packages/crit-*.egg-info
 /usr/lib/python*/site-packages/pycriu
diff --git a/lsm-prototype-fix.diff b/lsm-prototype-fix.diff
deleted file mode 100644
index dae6d0d..0000000
--- a/lsm-prototype-fix.diff
+++ /dev/null
@@ -1,51 +0,0 @@
----
- include/lsm.h |    6 +++---
- lsm.c         |    4 ++--
- 2 files changed, 5 insertions(+), 5 deletions(-)
-
---- a/include/lsm.h
-+++ b/include/lsm.h
-@@ -7,12 +7,12 @@
- /*
-  * Get the Lsmtype for the current host.
-  */
--extern Lsmtype host_lsm_type();
-+extern Lsmtype host_lsm_type(void);
- 
- /*
-  * Initilize the Lsmtype for the current host
-  */
--extern void kerndat_lsm();
-+extern void kerndat_lsm(void);
- 
- /*
-  * Read the LSM profile for the pstree item
-@@ -23,7 +23,7 @@ extern int collect_lsm_profile(pid_t, Cr
-  * Validate that the LSM profiles can be correctly applied (must happen after
-  * pstree is set up).
-  */
--extern int validate_lsm();
-+int validate_lsm(CredsEntry *ce);
- 
- /*
-  * Render the profile name in the way that the LSM wants it written to
---- a/lsm.c
-+++ b/lsm.c
-@@ -102,7 +102,7 @@ static int selinux_get_label(pid_t pid,
- }
- #endif
- 
--void kerndat_lsm()
-+void kerndat_lsm(void)
- {
- 	if (access("/sys/kernel/security/apparmor", F_OK) == 0) {
- 		get_label = apparmor_get_label;
-@@ -130,7 +130,7 @@ void kerndat_lsm()
- 	name = "none";
- }
- 
--Lsmtype host_lsm_type()
-+Lsmtype host_lsm_type(void)
- {
- 	return lsmtype;
- }