pool/qemu
SHA256
6
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity
qemu/0043-configure-require-libseccomp-2.2.0.patch
Bruce Rogers 72f4642d7c Accepting request 640126 from home:ldewey:branches:Virtualization 
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.0
* Patches added:
  0042-seccomp-prefer-SCMP_ACT_KILL_PROCES.patch
  0043-configure-require-libseccomp-2.2.0.patch
  0044-seccomp-set-the-seccomp-filter-to-a.patch
  0045-sandbox-disable-sandbox-if-CONFIG_S.patch
  0046-seccomp-check-TSYNC-host-capability.patch
* Adding changes to mitigate seccomp vulnerability
  (CVE-2018-15746 bsc#1106222)
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.0
* Patches added:
  0042-seccomp-prefer-SCMP_ACT_KILL_PROCES.patch
  0043-configure-require-libseccomp-2.2.0.patch
  0044-seccomp-set-the-seccomp-filter-to-a.patch
  0045-sandbox-disable-sandbox-if-CONFIG_S.patch
  0046-seccomp-check-TSYNC-host-capability.patch
* Adding changes to mitigate seccomp vulnerability
  (CVE-2018-15746 bsc#1106222)
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.0
* Patches added:
  0042-seccomp-prefer-SCMP_ACT_KILL_PROCES.patch
  0043-configure-require-libseccomp-2.2.0.patch
  0044-seccomp-set-the-seccomp-filter-to-a.patch
  0045-sandbox-disable-sandbox-if-CONFIG_S.patch
  0046-seccomp-check-TSYNC-host-capability.patch

OBS-URL: https://build.opensuse.org/request/show/640126
OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=431
2018-10-05 19:07:45 +00:00

54 lines
1.5 KiB
Diff
Raw Blame History

From a9794287e84a87f4372a4aed027319491ec5eb68 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
Date: Wed, 22 Aug 2018 19:02:49 +0200
Subject: [PATCH] configure: require libseccomp 2.2.0
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The following patch is going to require TSYNC, which is only available
since libseccomp 2.2.0.
libseccomp 2.2.0 was released February 12, 2015.
According to repology, libseccomp version in different distros:
RHEL-7: 2.3.1
Debian (Stretch): 2.3.1
OpenSUSE Leap 15: 2.3.2
Ubuntu (Xenial): 2.3.1
This will drop support for -sandbox on:
Debian (Jessie): 2.1.1 (but 2.2.3 in backports)
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Acked-by: Eduardo Otubo <otubo@redhat.com>
(cherry picked from commit d0699bd37c48067cffbd80383172efc29da6d2f9)
[LD: BSC#1106222 CVE-2018-15746]
Signed-off-by: Larry Dewey <ldewey@suse.com>
---
configure | 7 ++-----
1 file changed, 2 insertions(+), 5 deletions(-)
diff --git a/configure b/configure
index f08f2812e4..bceba37e90 100755
--- a/configure
+++ b/configure
@@ -2216,13 +2216,10 @@ fi
##########################################
# libseccomp check
+libseccomp_minver="2.2.0"
if test "$seccomp" != "no" ; then
case "$cpu" in
- i386|x86_64)
- libseccomp_minver="2.1.0"
- ;;
- mips)
- libseccomp_minver="2.2.0"
+ i386|x86_64|mips)
;;
arm|aarch64)
libseccomp_minver="2.2.3"
Reference in New Issue View Git Blame Copy Permalink