* [Buildroot] [git commit] package/lxc: security bump to version 3.0.3
@ 2018-12-03 8:09 Thomas Petazzoni
0 siblings, 0 replies; only message in thread
From: Thomas Petazzoni @ 2018-12-03 8:09 UTC (permalink / raw)
To: buildroot
commit: https://git.buildroot.net/buildroot/commit/?id=df6a01af235c02104e88ea771a5e9c74698d1aba
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master
This bump also includes the fix for CVE-2018-6556 released in 3.0.2 via
commit "CVE 2018-6556: verify netns fd in lxc-user-nic": lxc-user-nic
when asked to delete a network interface will unconditionally open a
user provided path:
https://github.com/lxc/lxc/commit/c1cf54ebf251fdbad1e971679614e81649f1c032
This code path may be used by an unprivileged user to check for the
existence of a path which they wouldn't otherwise be able to reach. It
may also be used to trigger side effects by causing a (read-only) open
of special kernel files (ptmx, proc, sys).
Also add a dependency on gcc >= 4.7
(https://github.com/lxc/lxc/issues/2592)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
package/lxc/Config.in | 4 +++-
package/lxc/lxc.hash | 2 +-
package/lxc/lxc.mk | 2 +-
3 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/package/lxc/Config.in b/package/lxc/Config.in
index d90e78857a..d8d8f50c8e 100644
--- a/package/lxc/Config.in
+++ b/package/lxc/Config.in
@@ -4,6 +4,7 @@ config BR2_PACKAGE_LXC
depends on BR2_USE_MMU # fork()
# build system forcefully builds a shared library
depends on !BR2_STATIC_LIBS
+ depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_7 # C++11
depends on BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_0 # setns() system call
help
Linux Containers (LXC), provides the ability to group and
@@ -13,8 +14,9 @@ config BR2_PACKAGE_LXC
https://linuxcontainers.org/
-comment "lxc needs a toolchain w/ threads, headers >= 3.0, dynamic library"
+comment "lxc needs a toolchain w/ threads, headers >= 3.0, dynamic library, gcc >= 4.7"
depends on BR2_USE_MMU
depends on !BR2_TOOLCHAIN_HAS_THREADS \
+ || !BR2_TOOLCHAIN_GCC_AT_LEAST_4_7 \
|| !BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_0 \
|| BR2_STATIC_LIBS
diff --git a/package/lxc/lxc.hash b/package/lxc/lxc.hash
index f46b1e1f5e..c741a5baba 100644
--- a/package/lxc/lxc.hash
+++ b/package/lxc/lxc.hash
@@ -1,3 +1,3 @@
# Locally calculated
-sha256 45986c49be1c048fa127bd3e7ea1bd3347e25765c008a09a2e4c233151a2d5db lxc-3.0.1.tar.gz
+sha256 620cb832cc02c63bf4d330657bf6176544e145da281ee384a34d689635a19841 lxc-3.0.3.tar.gz
sha256 dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551 COPYING
diff --git a/package/lxc/lxc.mk b/package/lxc/lxc.mk
index d1487e0e59..48d5b20329 100644
--- a/package/lxc/lxc.mk
+++ b/package/lxc/lxc.mk
@@ -4,7 +4,7 @@
#
################################################################################
-LXC_VERSION = 3.0.1
+LXC_VERSION = 3.0.3
LXC_SITE = https://linuxcontainers.org/downloads/lxc
LXC_LICENSE = LGPL-2.1+
LXC_LICENSE_FILES = COPYING
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2018-12-03 8:09 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-12-03 8:09 [Buildroot] [git commit] package/lxc: security bump to version 3.0.3 Thomas Petazzoni
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.