* [Buildroot] [PATCH 1/1] lxc: security bump to version 3.0.3
@ 2018-12-02 9:08 Fabrice Fontaine
2018-12-03 8:09 ` Thomas Petazzoni
0 siblings, 1 reply; 3+ messages in thread
From: Fabrice Fontaine @ 2018-12-02 9:08 UTC (permalink / raw)
To: buildroot
This bump also includes the fix for CVE-2018-6556 released in 3.0.2 via
commit "CVE 2018-6556: verify netns fd in lxc-user-nic": lxc-user-nic
when asked to delete a network interface will unconditionally open a
user provided path:
https://github.com/lxc/lxc/commit/c1cf54ebf251fdbad1e971679614e81649f1c032
This code path may be used by an unprivileged user to check for the
existence of a path which they wouldn't otherwise be able to reach. It
may also be used to trigger side effects by causing a (read-only) open
of special kernel files (ptmx, proc, sys).
Also add a dependency on gcc >= 4.7
(https://github.com/lxc/lxc/issues/2592)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
package/lxc/Config.in | 4 +++-
package/lxc/lxc.hash | 2 +-
package/lxc/lxc.mk | 2 +-
3 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/package/lxc/Config.in b/package/lxc/Config.in
index d90e78857a..d8d8f50c8e 100644
--- a/package/lxc/Config.in
+++ b/package/lxc/Config.in
@@ -4,6 +4,7 @@ config BR2_PACKAGE_LXC
depends on BR2_USE_MMU # fork()
# build system forcefully builds a shared library
depends on !BR2_STATIC_LIBS
+ depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_7 # C++11
depends on BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_0 # setns() system call
help
Linux Containers (LXC), provides the ability to group and
@@ -13,8 +14,9 @@ config BR2_PACKAGE_LXC
https://linuxcontainers.org/
-comment "lxc needs a toolchain w/ threads, headers >= 3.0, dynamic library"
+comment "lxc needs a toolchain w/ threads, headers >= 3.0, dynamic library, gcc >= 4.7"
depends on BR2_USE_MMU
depends on !BR2_TOOLCHAIN_HAS_THREADS \
+ || !BR2_TOOLCHAIN_GCC_AT_LEAST_4_7 \
|| !BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_0 \
|| BR2_STATIC_LIBS
diff --git a/package/lxc/lxc.hash b/package/lxc/lxc.hash
index f46b1e1f5e..c741a5baba 100644
--- a/package/lxc/lxc.hash
+++ b/package/lxc/lxc.hash
@@ -1,3 +1,3 @@
# Locally calculated
-sha256 45986c49be1c048fa127bd3e7ea1bd3347e25765c008a09a2e4c233151a2d5db lxc-3.0.1.tar.gz
+sha256 620cb832cc02c63bf4d330657bf6176544e145da281ee384a34d689635a19841 lxc-3.0.3.tar.gz
sha256 dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551 COPYING
diff --git a/package/lxc/lxc.mk b/package/lxc/lxc.mk
index d1487e0e59..48d5b20329 100644
--- a/package/lxc/lxc.mk
+++ b/package/lxc/lxc.mk
@@ -4,7 +4,7 @@
#
################################################################################
-LXC_VERSION = 3.0.1
+LXC_VERSION = 3.0.3
LXC_SITE = https://linuxcontainers.org/downloads/lxc
LXC_LICENSE = LGPL-2.1+
LXC_LICENSE_FILES = COPYING
--
2.17.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [Buildroot] [PATCH 1/1] lxc: security bump to version 3.0.3
2018-12-02 9:08 [Buildroot] [PATCH 1/1] lxc: security bump to version 3.0.3 Fabrice Fontaine
@ 2018-12-03 8:09 ` Thomas Petazzoni
2018-12-09 21:36 ` Peter Korsgaard
0 siblings, 1 reply; 3+ messages in thread
From: Thomas Petazzoni @ 2018-12-03 8:09 UTC (permalink / raw)
To: buildroot
Hello,
On Sun, 2 Dec 2018 10:08:38 +0100, Fabrice Fontaine wrote:
> This bump also includes the fix for CVE-2018-6556 released in 3.0.2 via
> commit "CVE 2018-6556: verify netns fd in lxc-user-nic": lxc-user-nic
> when asked to delete a network interface will unconditionally open a
> user provided path:
> https://github.com/lxc/lxc/commit/c1cf54ebf251fdbad1e971679614e81649f1c032
>
> This code path may be used by an unprivileged user to check for the
> existence of a path which they wouldn't otherwise be able to reach. It
> may also be used to trigger side effects by causing a (read-only) open
> of special kernel files (ptmx, proc, sys).
>
> Also add a dependency on gcc >= 4.7
> (https://github.com/lxc/lxc/issues/2592)
>
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> ---
> package/lxc/Config.in | 4 +++-
> package/lxc/lxc.hash | 2 +-
> package/lxc/lxc.mk | 2 +-
> 3 files changed, 5 insertions(+), 3 deletions(-)
Applied to master, thanks.
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Buildroot] [PATCH 1/1] lxc: security bump to version 3.0.3
2018-12-03 8:09 ` Thomas Petazzoni
@ 2018-12-09 21:36 ` Peter Korsgaard
0 siblings, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2018-12-09 21:36 UTC (permalink / raw)
To: buildroot
>>>>> "Thomas" == Thomas Petazzoni <thomas.petazzoni@bootlin.com> writes:
> On Sun, 2 Dec 2018 10:08:38 +0100, Fabrice Fontaine wrote:
>> This bump also includes the fix for CVE-2018-6556 released in 3.0.2 via
>> commit "CVE 2018-6556: verify netns fd in lxc-user-nic": lxc-user-nic
>> when asked to delete a network interface will unconditionally open a
>> user provided path:
>> https://github.com/lxc/lxc/commit/c1cf54ebf251fdbad1e971679614e81649f1c032
>>
>> This code path may be used by an unprivileged user to check for the
>> existence of a path which they wouldn't otherwise be able to reach. It
>> may also be used to trigger side effects by causing a (read-only) open
>> of special kernel files (ptmx, proc, sys).
>>
>> Also add a dependency on gcc >= 4.7
>> (https://github.com/lxc/lxc/issues/2592)
>>
>> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
>> ---
>> package/lxc/Config.in | 4 +++-
>> package/lxc/lxc.hash | 2 +-
>> package/lxc/lxc.mk | 2 +-
>> 3 files changed, 5 insertions(+), 3 deletions(-)
Committed to 2018.11.x, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2018-12-09 21:36 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-12-02 9:08 [Buildroot] [PATCH 1/1] lxc: security bump to version 3.0.3 Fabrice Fontaine
2018-12-03 8:09 ` Thomas Petazzoni
2018-12-09 21:36 ` Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.