From patchwork Fri Aug 16 17:03:15 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Fabrice Fontaine X-Patchwork-Id: 1148360 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=busybox.net (client-ip=140.211.166.137; helo=fraxinus.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="AnRus0Y1"; dkim-atps=neutral Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4698lh5THBz9sN1 for ; Sat, 17 Aug 2019 03:03:11 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id 2AEC786B18; Fri, 16 Aug 2019 17:03:09 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N1KTqD2DFpNg; Fri, 16 Aug 2019 17:03:08 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by fraxinus.osuosl.org (Postfix) with ESMTP id ECC4786B25; Fri, 16 Aug 2019 17:03:07 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by ash.osuosl.org (Postfix) with ESMTP id B2F0A1BF94B for ; Fri, 16 Aug 2019 17:03:04 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id AA96787C1A for ; Fri, 16 Aug 2019 17:03:04 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id raOfWoTfK-0X for ; Fri, 16 Aug 2019 17:03:02 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail-wm1-f54.google.com (mail-wm1-f54.google.com [209.85.128.54]) by whitealder.osuosl.org (Postfix) with ESMTPS id CEC1087C16 for ; Fri, 16 Aug 2019 17:03:01 +0000 (UTC) Received: by mail-wm1-f54.google.com with SMTP id f72so4578261wmf.5 for ; Fri, 16 Aug 2019 10:03:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=adQ2DJcKQ1x2Hj4CJMrzBm63BzjczoV5yHWr+/SU1m4=; b=AnRus0Y1gyY/HhZskFoReZQuaoIpf29wK+6MUbuUtU1wtpngYLXfOfo0YBsDhcSyTb LaA0PVpwq+ohygqb4wyDtB/H9KSi0pr3Sa2qUz4Fh+aBtAWLjc5Yd1NhVjg//NVTg1vN ssRLPbtqALQSKhzO1OCQMJ9dipHOiWQ2CeanlWaNvFgLkqJ41X1WB4pGQgQgOO304sYX ozVEDMuqY3OUseTR2IjBj2dhhU1Gkks9DoAYbsbteNhoMEDJONK7O/+aNeZ6L779Vhmw Om90NrSDEUixd94T4a/z4d0WeklrHgYik5K8Aqn14TnzUoymEcbypI6JZVNG2TOveeox y5ug== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=adQ2DJcKQ1x2Hj4CJMrzBm63BzjczoV5yHWr+/SU1m4=; b=rbPOfk0oYeSHItzxCcI429vxosqpYjz/vBIkJUVYrIvWnKIUYaecKhB6hcg5rALn+T 9b3YPNxZgd+cyquP0NHWz88vs3iNZyPkgjsKeuvYR25YfisswzZ3u1sRM23tM3wXL3Bt zLzSKWzmzFfW6S8PUhc0J1/hizt+IkpQZQIqA5rfXYeGg000cqvjRS+KFXA9XzdsP4iR N2cZBmPWKJUNAt9lpy+AzZyg/uI/xtc9cCuZI5l18vpXIah7MI9L+TXpe7hJoc5jmu3W IpW8RT+Th/Y6qgRttDC/VAs5tVKp0M9iSyuav5DbrF/F9+vf3ivQEyPkUwh/Cd214idd lB/g== X-Gm-Message-State: APjAAAV4X4hozlopZQE1yBqV3t6ZrBBlMt9R/DDviONAO6F0ZPv1xSwy HBtDPIJyo2k4XLmyEEndp+ZLD86d X-Google-Smtp-Source: APXvYqy+07Uh8EbegzjP/I6/YN2V7DKD+vbvwpeleJEfL4sHfbwkrcuBbX+Jxiw3u8UC2hZ/brEl2g== X-Received: by 2002:a05:600c:21d3:: with SMTP id x19mr8265851wmj.45.1565974979056; Fri, 16 Aug 2019 10:02:59 -0700 (PDT) Received: from kali.home (lfbn-ren-1-605-248.w81-53.abo.wanadoo.fr. [81.53.181.248]) by smtp.gmail.com with ESMTPSA id c12sm5377885wrx.46.2019.08.16.10.02.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 16 Aug 2019 10:02:58 -0700 (PDT) From: Fabrice Fontaine To: buildroot@buildroot.org Date: Fri, 16 Aug 2019 19:03:15 +0200 Message-Id: <20190816170315.8763-1-fontaine.fabrice@gmail.com> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 Subject: [Buildroot] [PATCH/next 1/1] package/lxc: security bump to version 3.2.1 X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Fabrice Fontaine , =?utf-8?b?SsOpcsO0bWUg?= =?utf-8?q?Pouiller?= Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" - lxc switched from gnutls to openssl since version 3.2.0 and https://github.com/lxc/lxc/commit/fa2bb6ba532c5e7f92df8cbae50a68af519f9997 - lxc needs a glibc or musl toolchain since version 3.2.0 and https://github.com/lxc/lxc/commit/6400238d08cdf1ca20d49bafb85f4e224348bf9d - This version includes a security fix (named CVE-2019-5736 on runC): https://github.com/lxc/lxc/commit/6400238d08cdf1ca20d49bafb85f4e224348bf9d Signed-off-by: Fabrice Fontaine Tested-by: Bernd Kuhls --- package/lxc/Config.in | 5 +++-- package/lxc/lxc.hash | 2 +- package/lxc/lxc.mk | 16 ++++++++-------- 3 files changed, 12 insertions(+), 11 deletions(-) diff --git a/package/lxc/Config.in b/package/lxc/Config.in index d8d8f50c8e..0b3c1b923e 100644 --- a/package/lxc/Config.in +++ b/package/lxc/Config.in @@ -6,6 +6,7 @@ config BR2_PACKAGE_LXC depends on !BR2_STATIC_LIBS depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_7 # C++11 depends on BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_0 # setns() system call + depends on !BR2_TOOLCHAIN_USES_UCLIBC # no fexecve help Linux Containers (LXC), provides the ability to group and isolate of a set of processes in a jail by virtualizing and @@ -14,9 +15,9 @@ config BR2_PACKAGE_LXC https://linuxcontainers.org/ -comment "lxc needs a toolchain w/ threads, headers >= 3.0, dynamic library, gcc >= 4.7" +comment "lxc needs a glibc or musl toolchain w/ threads, headers >= 3.0, dynamic library, gcc >= 4.7" depends on BR2_USE_MMU depends on !BR2_TOOLCHAIN_HAS_THREADS \ || !BR2_TOOLCHAIN_GCC_AT_LEAST_4_7 \ || !BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_0 \ - || BR2_STATIC_LIBS + || BR2_STATIC_LIBS || BR2_TOOLCHAIN_USES_UCLIBC diff --git a/package/lxc/lxc.hash b/package/lxc/lxc.hash index aad38ca57a..d5ea799776 100644 --- a/package/lxc/lxc.hash +++ b/package/lxc/lxc.hash @@ -1,3 +1,3 @@ # Locally calculated -sha256 4d8772c25baeaea2c37a954902b88c05d1454c91c887cb6a0997258cfac3fdc5 lxc-3.1.0.tar.gz +sha256 5f903986a4b17d607eea28c0aa56bf1e76e8707747b1aa07d31680338b1cc3d4 lxc-3.2.1.tar.gz sha256 dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551 COPYING diff --git a/package/lxc/lxc.mk b/package/lxc/lxc.mk index a059fd578e..81adeef5ee 100644 --- a/package/lxc/lxc.mk +++ b/package/lxc/lxc.mk @@ -4,7 +4,7 @@ # ################################################################################ -LXC_VERSION = 3.1.0 +LXC_VERSION = 3.2.1 LXC_SITE = https://linuxcontainers.org/downloads/lxc LXC_LICENSE = LGPL-2.1+ LXC_LICENSE_FILES = COPYING @@ -19,13 +19,6 @@ ifeq ($(BR2_PACKAGE_BASH_COMPLETION),y) LXC_DEPENDENCIES += bash-completion endif -ifeq ($(BR2_PACKAGE_GNUTLS),y) -LXC_CONF_OPTS += --enable-gnutls -LXC_DEPENDENCIES += gnutls -else -LXC_CONF_OPTS += --disable-gnutls -endif - ifeq ($(BR2_PACKAGE_LIBCAP),y) LXC_CONF_OPTS += --enable-capabilities LXC_DEPENDENCIES += libcap @@ -47,4 +40,11 @@ else LXC_CONF_OPTS += --disable-selinux endif +ifeq ($(BR2_PACKAGE_OPENSSL),y) +LXC_CONF_OPTS += --enable-openssl +LXC_DEPENDENCIES += openssl +else +LXC_CONF_OPTS += --disable-openssl +endif + $(eval $(autotools-package))