From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH/next 1/1] package/lxc: security bump to version 3.2.1
Date: Fri, 16 Aug 2019 19:03:15 +0200 [thread overview]
Message-ID: <20190816170315.8763-1-fontaine.fabrice@gmail.com> (raw)
- lxc switched from gnutls to openssl since version 3.2.0 and
https://github.com/lxc/lxc/commit/fa2bb6ba532c5e7f92df8cbae50a68af519f9997
- lxc needs a glibc or musl toolchain since version 3.2.0 and
https://github.com/lxc/lxc/commit/6400238d08cdf1ca20d49bafb85f4e224348bf9d
- This version includes a security fix (named CVE-2019-5736 on runC):
https://github.com/lxc/lxc/commit/6400238d08cdf1ca20d49bafb85f4e224348bf9d
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
package/lxc/Config.in | 5 +++--
package/lxc/lxc.hash | 2 +-
package/lxc/lxc.mk | 16 ++++++++--------
3 files changed, 12 insertions(+), 11 deletions(-)
diff --git a/package/lxc/Config.in b/package/lxc/Config.in
index d8d8f50c8e..0b3c1b923e 100644
--- a/package/lxc/Config.in
+++ b/package/lxc/Config.in
@@ -6,6 +6,7 @@ config BR2_PACKAGE_LXC
depends on !BR2_STATIC_LIBS
depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_7 # C++11
depends on BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_0 # setns() system call
+ depends on !BR2_TOOLCHAIN_USES_UCLIBC # no fexecve
help
Linux Containers (LXC), provides the ability to group and
isolate of a set of processes in a jail by virtualizing and
@@ -14,9 +15,9 @@ config BR2_PACKAGE_LXC
https://linuxcontainers.org/
-comment "lxc needs a toolchain w/ threads, headers >= 3.0, dynamic library, gcc >= 4.7"
+comment "lxc needs a glibc or musl toolchain w/ threads, headers >= 3.0, dynamic library, gcc >= 4.7"
depends on BR2_USE_MMU
depends on !BR2_TOOLCHAIN_HAS_THREADS \
|| !BR2_TOOLCHAIN_GCC_AT_LEAST_4_7 \
|| !BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_0 \
- || BR2_STATIC_LIBS
+ || BR2_STATIC_LIBS || BR2_TOOLCHAIN_USES_UCLIBC
diff --git a/package/lxc/lxc.hash b/package/lxc/lxc.hash
index aad38ca57a..d5ea799776 100644
--- a/package/lxc/lxc.hash
+++ b/package/lxc/lxc.hash
@@ -1,3 +1,3 @@
# Locally calculated
-sha256 4d8772c25baeaea2c37a954902b88c05d1454c91c887cb6a0997258cfac3fdc5 lxc-3.1.0.tar.gz
+sha256 5f903986a4b17d607eea28c0aa56bf1e76e8707747b1aa07d31680338b1cc3d4 lxc-3.2.1.tar.gz
sha256 dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551 COPYING
diff --git a/package/lxc/lxc.mk b/package/lxc/lxc.mk
index a059fd578e..81adeef5ee 100644
--- a/package/lxc/lxc.mk
+++ b/package/lxc/lxc.mk
@@ -4,7 +4,7 @@
#
################################################################################
-LXC_VERSION = 3.1.0
+LXC_VERSION = 3.2.1
LXC_SITE = https://linuxcontainers.org/downloads/lxc
LXC_LICENSE = LGPL-2.1+
LXC_LICENSE_FILES = COPYING
@@ -19,13 +19,6 @@ ifeq ($(BR2_PACKAGE_BASH_COMPLETION),y)
LXC_DEPENDENCIES += bash-completion
endif
-ifeq ($(BR2_PACKAGE_GNUTLS),y)
-LXC_CONF_OPTS += --enable-gnutls
-LXC_DEPENDENCIES += gnutls
-else
-LXC_CONF_OPTS += --disable-gnutls
-endif
-
ifeq ($(BR2_PACKAGE_LIBCAP),y)
LXC_CONF_OPTS += --enable-capabilities
LXC_DEPENDENCIES += libcap
@@ -47,4 +40,11 @@ else
LXC_CONF_OPTS += --disable-selinux
endif
+ifeq ($(BR2_PACKAGE_OPENSSL),y)
+LXC_CONF_OPTS += --enable-openssl
+LXC_DEPENDENCIES += openssl
+else
+LXC_CONF_OPTS += --disable-openssl
+endif
+
$(eval $(autotools-package))
--
2.20.1
next reply other threads:[~2019-08-16 17:03 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-16 17:03 Fabrice Fontaine [this message]
2019-08-17 13:41 ` [Buildroot] [PATCH/next 1/1] package/lxc: security bump to version 3.2.1 Thomas Petazzoni
2019-08-17 19:36 ` Fabrice Fontaine
2019-08-17 19:59 ` Thomas Petazzoni
2019-08-27 20:39 ` Peter Korsgaard
2019-10-05 13:37 ` Arnout Vandecappelle
2019-10-04 19:47 ` Bernd Kuhls
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190816170315.8763-1-fontaine.fabrice@gmail.com \
--to=fontaine.fabrice@gmail.com \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.