qemu/0043-configure-require-libseccomp-2.2.0.patch

From a9794287e84a87f4372a4aed027319491ec5eb68 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
Date: Wed, 22 Aug 2018 19:02:49 +0200
Subject: [PATCH] configure: require libseccomp 2.2.0
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The following patch is going to require TSYNC, which is only available
since libseccomp 2.2.0.

libseccomp 2.2.0 was released February 12, 2015.

According to repology, libseccomp version in different distros:

  RHEL-7: 2.3.1
  Debian (Stretch): 2.3.1
  OpenSUSE Leap 15: 2.3.2
  Ubuntu (Xenial):  2.3.1

This will drop support for -sandbox on:

  Debian (Jessie): 2.1.1 (but 2.2.3 in backports)

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Acked-by: Eduardo Otubo <otubo@redhat.com>
(cherry picked from commit d0699bd37c48067cffbd80383172efc29da6d2f9)
[LD: BSC#1106222 CVE-2018-15746]
Signed-off-by: Larry Dewey <ldewey@suse.com>
---
 configure | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/configure b/configure
index f08f2812e4..bceba37e90 100755
--- a/configure
+++ b/configure
@@ -2216,13 +2216,10 @@ fi
 ##########################################
 # libseccomp check
 
+libseccomp_minver="2.2.0"
 if test "$seccomp" != "no" ; then
     case "$cpu" in
-    i386|x86_64)
-        libseccomp_minver="2.1.0"
-        ;;
-    mips)
-        libseccomp_minver="2.2.0"
+    i386|x86_64|mips)
         ;;
     arm|aarch64)
         libseccomp_minver="2.2.3"
Accepting request 640126 from home:ldewey:branches:Virtualization - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.0 * Patches added: 0042-seccomp-prefer-SCMP_ACT_KILL_PROCES.patch 0043-configure-require-libseccomp-2.2.0.patch 0044-seccomp-set-the-seccomp-filter-to-a.patch 0045-sandbox-disable-sandbox-if-CONFIG_S.patch 0046-seccomp-check-TSYNC-host-capability.patch * Adding changes to mitigate seccomp vulnerability (CVE-2018-15746 bsc#1106222) - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.0 * Patches added: 0042-seccomp-prefer-SCMP_ACT_KILL_PROCES.patch 0043-configure-require-libseccomp-2.2.0.patch 0044-seccomp-set-the-seccomp-filter-to-a.patch 0045-sandbox-disable-sandbox-if-CONFIG_S.patch 0046-seccomp-check-TSYNC-host-capability.patch * Adding changes to mitigate seccomp vulnerability (CVE-2018-15746 bsc#1106222) - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.0 * Patches added: 0042-seccomp-prefer-SCMP_ACT_KILL_PROCES.patch 0043-configure-require-libseccomp-2.2.0.patch 0044-seccomp-set-the-seccomp-filter-to-a.patch 0045-sandbox-disable-sandbox-if-CONFIG_S.patch 0046-seccomp-check-TSYNC-host-capability.patch OBS-URL: https://build.opensuse.org/request/show/640126 OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=431 2018-10-05 19:07:45 +00:00			`From a9794287e84a87f4372a4aed027319491ec5eb68 Mon Sep 17 00:00:00 2001`
			`From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>`
			`Date: Wed, 22 Aug 2018 19:02:49 +0200`
			`Subject: [PATCH] configure: require libseccomp 2.2.0`
			`MIME-Version: 1.0`
			`Content-Type: text/plain; charset=UTF-8`
			`Content-Transfer-Encoding: 8bit`

			`The following patch is going to require TSYNC, which is only available`
			`since libseccomp 2.2.0.`

			`libseccomp 2.2.0 was released February 12, 2015.`

			`According to repology, libseccomp version in different distros:`

			`RHEL-7: 2.3.1`
			`Debian (Stretch): 2.3.1`
			`OpenSUSE Leap 15: 2.3.2`
			`Ubuntu (Xenial): 2.3.1`

			`This will drop support for -sandbox on:`

			`Debian (Jessie): 2.1.1 (but 2.2.3 in backports)`

			`Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>`
			`Acked-by: Eduardo Otubo <otubo@redhat.com>`
			`(cherry picked from commit d0699bd37c48067cffbd80383172efc29da6d2f9)`
			`[LD: BSC#1106222 CVE-2018-15746]`
			`Signed-off-by: Larry Dewey <ldewey@suse.com>`
			`---`
			`configure \| 7 ++-----`
			`1 file changed, 2 insertions(+), 5 deletions(-)`

			`diff --git a/configure b/configure`
			`index f08f2812e4..bceba37e90 100755`
			`--- a/configure`
			`+++ b/configure`
			`@@ -2216,13 +2216,10 @@ fi`
			`##########################################`
			`# libseccomp check`

			`+libseccomp_minver="2.2.0"`
			`if test "$seccomp" != "no" ; then`
			`case "$cpu" in`
			`- i386\|x86_64)`
			`- libseccomp_minver="2.1.0"`
			`- ;;`
			`- mips)`
			`- libseccomp_minver="2.2.0"`
			`+ i386\|x86_64\|mips)`
			`;;`
			`arm\|aarch64)`
			`libseccomp_minver="2.2.3"`