This is the fifth bugfix release for LXC 1.1.
https://linuxcontainers.org/lxc/news/

setproctile patch is already commited upstream:
        https://github.com/lxc/lxc/commit/2681c0e7eae2c4008fc6bc79a4c128cbaca8beab

download-template patch fixes the download directory if /tmp is mounted separately
(& is therefore probably either a tmpfs / zram or mounted noexec).
---
 main/lxc/APKBUILD                         | 22 +++++++++++++---------
 main/lxc/download-template-tmpfs.patch    | 23 +++++++++++++++++++++++
 main/lxc/setproctitle-info-not-warn.patch | 13 +++++++++++++
 3 files changed, 49 insertions(+), 9 deletions(-)
 create mode 100644 main/lxc/download-template-tmpfs.patch
 create mode 100644 main/lxc/setproctitle-info-not-warn.patch

diff --git a/main/lxc/APKBUILD b/main/lxc/APKBUILD
index 8da83e9..32bdb48 100644
--- a/main/lxc/APKBUILD
+++ b/main/lxc/APKBUILD
@@ -2,9 +2,9 @@
 # Contributor: William Pitcock <nenolod@dereferenced.org>
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=lxc
-pkgver=1.1.3
+pkgver=1.1.5
 _mypkgver=${pkgver/_rc/.rc}
-pkgrel=2
+pkgrel=0
 pkgdesc="linux containers - tools"
 url="http://lxc.sourceforge.net/"
 arch="all"
@@ -20,7 +20,8 @@ subpackages="$pkgname-dev $pkgname-doc $pkgname-lvm lua5.2-lxc:_lua52
 source="https://github.com/lxc/lxc/archive/lxc-$_mypkgver.tar.gz
 	0001-Clone-bridge-interface-MTU-setting.patch
 	version.patch
-	CVE-2015-1335.patch
+	download-template-tmpfs.patch
+	setproctitle-info-not-warn.patch
 	lxc.initd
 	"
 
@@ -89,18 +90,21 @@ dev() {
 		"$pkgdir"/usr/bin/ || return 1
 }
 
-md5sums="680198729359bd5e58dc14ce617e72b1  lxc-1.1.3.tar.gz
+md5sums="a7a1b0699bce6fdc31cd512afeff479e  lxc-1.1.5.tar.gz
 d41088af5dee2e2df7975bb33d5d1537  0001-Clone-bridge-interface-MTU-setting.patch
 79e90616b5049a472ccdcb5b1dcdd8b1  version.patch
-7327d4e94f1f23473d82c1fe98706eb2  CVE-2015-1335.patch
+e8fd932f3ec6d52d7b4c183fc58c0b24  download-template-tmpfs.patch
+bd7419669ed6c5578d876ef8a4d06c38  setproctitle-info-not-warn.patch
 1e47412382517ee2adcbca00f07377ca  lxc.initd"
-sha256sums="b75fb8e376d3313e152f31fb7372b68f33a953a12191a39de4cded04fff94300  lxc-1.1.3.tar.gz
+sha256sums="eefce4cc679656cb8636bf0849f3ba6981c48167884e13dbcb377820a717c09c  lxc-1.1.5.tar.gz
 e9a6c2e5f98a5f03bf772333c91efe7dafbc4f8d699dced73859e7d6c98d2d42  0001-Clone-bridge-interface-MTU-setting.patch
 b6d85fb23940d2511b3951de56b2532843c0e03ec1613548366361cc0c1a46b9  version.patch
-85af34f968ed1e00de357c2ff6d3234c144f53878a707d1d5f8d864407f23726  CVE-2015-1335.patch
+8cb638f927d51f05884439e6db15092e902a9c59ef830cbdcb07d88f5cff11e1  download-template-tmpfs.patch
+d5a2194d1d9dc8b171668532b8f8f26d0e1a4bb8fcea9694d28a5fbc850698ad  setproctitle-info-not-warn.patch
 ce4c30c65832c4b79df1c3c1ef6a444247e2866ab24690f1476e7b98b722fac1  lxc.initd"
-sha512sums="cafa4fbe4fe23b8c0b98007a79f20899c4a3b98c51d797b9c16e38dfec1eee5a513b58621308fe6551707d38028d9e5bd78ade8822691ffe4a7a369b10a48dda  lxc-1.1.3.tar.gz
+sha512sums="e48ab549f1317afcb5f7768ab988ba27a3e9f1458504e1d70b2e27c502233e7b3538b8ce0b79940140a59a37681bcd8e459416e814f9e4814a4ed86b89e8df1c  lxc-1.1.5.tar.gz
 6c4dc0a53ba8947a37faa14bb81a7bbed7a88fb118513842f5a5a37e9d23fbd2bee4f8f513d3f686a34d373869008ee5ccbd4b9e20615d4b9e4b8139119adce3  0001-Clone-bridge-interface-MTU-setting.patch
 e2ffcbf55447291a8434a4f37255c3a6a119bc4116c75d205006aa2b070bf6be28535cf6107bead14bbf64bf9fa415346ab544bd1c15e1add7d1c6380e6b2def  version.patch
-d8b0a7827a96a4d5c10e7ebf7ca65f415f6895d3b6371cfc1edda2a9a07ea99b9d3db5d8e5cc542ad88b25e717534755faa9938901183a90c7587d83d3fa81aa  CVE-2015-1335.patch
+b3b8c47a8594cefff58cef74efe9e6bf0dd8422a40289c4398ea34e61d04dd3d95c567e880a4b123df42ffac3fae179b63b130b357eb6659f73f922f2908d971  download-template-tmpfs.patch
+b839650c9be38a7c6e9c327c04433ec72043cca039bed34c6b8a30d1ce5fa9ed40ae71ab6bb7e7b2cd144af7670bbe4737d5a86e61e31cd006aa6234b93256ec  setproctitle-info-not-warn.patch
 4ff815d354f022854535a0069033f314263623ead48220d732683d5a268f14f221cbfe1aa9515adf1c2e47de71f1b1f1dda374a1f5f15d6f7025d2de91143d9a  lxc.initd"
diff --git a/main/lxc/download-template-tmpfs.patch b/main/lxc/download-template-tmpfs.patch
new file mode 100644
index 0000000..de36c36
--- /dev/null
+++ b/main/lxc/download-template-tmpfs.patch
@@ -0,0 +1,23 @@
+--- a/templates/lxc-download.in
++++ b/templates/lxc-download.in
+@@ -298,11 +298,15 @@ fi
+ # Trap all exit signals
+ trap cleanup EXIT HUP INT TERM
+ 
+-if ! type mktemp >/dev/null 2>&1; then
+-    DOWNLOAD_TEMP=/tmp/lxc-download.$$
+-    mkdir -p $DOWNLOAD_TEMP
+-else
+-    DOWNLOAD_TEMP=$(mktemp -d)
++if ! grep -qw '/tmp' /proc/mounts; then
++    if ! type mktemp >/dev/null 2>&1; then
++        DOWNLOAD_TEMP=/tmp/lxc-download.$$
++        mkdir -p $DOWNLOAD_TEMP
++    else
++         DOWNLOAD_TEMP=$(mktemp -d)
++    fi
++else # /tmp may be mounted in tmpfs / zram or noexec
++    DOWNLOAD_TEMP=$(mktemp -d -p $LXC_PATH)
+ fi
+ 
+ # Simply list images
diff --git a/main/lxc/setproctitle-info-not-warn.patch b/main/lxc/setproctitle-info-not-warn.patch
new file mode 100644
index 0000000..5e7272c
--- /dev/null
+++ b/main/lxc/setproctitle-info-not-warn.patch
@@ -0,0 +1,13 @@
+### If you want the fancy proctitles, then you need to enable
+### CONFIG_CHECKPOINT_RESTORE in your kernel.
+--- a/src/lxc/utils.c
++++ b/src/lxc/utils.c
+@@ -1458,7 +1458,7 @@ int setproctitle(char *title)
+ 	if (ret == 0)
+ 		strcpy((char*)arg_start, title);
+ 	else
+-		SYSERROR("setting cmdline failed");
++		INFO("setting cmdline failed - %s", strerror(errno));
+ 
+ 	return ret;
+ }
-- 
2.6.3



---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---

On Fri, 13 Nov 2015 05:37:47 +0000
Stuart Cardall <developer@it-offshore.co.uk> wrote:

> This is the fifth bugfix release for LXC 1.1.
> https://linuxcontainers.org/lxc/news/
> 
> setproctile patch is already commited upstream:
>         https://github.com/lxc/lxc/commit/2681c0e7eae2c4008fc6bc79a4c128cbaca8beab
> 
> download-template patch fixes the download directory if /tmp is mounted separately
> (& is therefore probably either a tmpfs / zram or mounted noexec).

I pushed without realizing that there were custom patches added.

Is the download-template problem reported upstream?

Seems also like you forgot to git rm CVE-2015-1335.patch

-nc


---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---

CVE-2015-1335 is already part of LXC 1.1.4
https://linuxcontainers.org/lxc/news/ (scroll down a little)

I proposed the tmpfs patch upstream a while ago but the issue is still
open https://github.com/lxc/lxc/issues/516

Will send a patch to remove CVE-2015-1335.patch

Stuart.

On 13/11/15 07:36, Natanael Copa wrote:
> On Fri, 13 Nov 2015 05:37:47 +0000
> Stuart Cardall <developer@it-offshore.co.uk> wrote:
>
>> This is the fifth bugfix release for LXC 1.1.
>> https://linuxcontainers.org/lxc/news/
>>
>> setproctile patch is already commited upstream:
>>         https://github.com/lxc/lxc/commit/2681c0e7eae2c4008fc6bc79a4c128cbaca8beab
>>
>> download-template patch fixes the download directory if /tmp is mounted separately
>> (& is therefore probably either a tmpfs / zram or mounted noexec).
> I pushed without realizing that there were custom patches added.
>
> Is the download-template problem reported upstream?
>
> Seems also like you forgot to git rm CVE-2015-1335.patch
>
> -nc