From mboxrd@z Thu Jan 1 00:00:00 1970 From: Fabrice Fontaine Date: Fri, 16 Aug 2019 19:03:15 +0200 Subject: [Buildroot] [PATCH/next 1/1] package/lxc: security bump to version 3.2.1 Message-ID: <20190816170315.8763-1-fontaine.fabrice@gmail.com> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: buildroot@busybox.net - lxc switched from gnutls to openssl since version 3.2.0 and https://github.com/lxc/lxc/commit/fa2bb6ba532c5e7f92df8cbae50a68af519f9997 - lxc needs a glibc or musl toolchain since version 3.2.0 and https://github.com/lxc/lxc/commit/6400238d08cdf1ca20d49bafb85f4e224348bf9d - This version includes a security fix (named CVE-2019-5736 on runC): https://github.com/lxc/lxc/commit/6400238d08cdf1ca20d49bafb85f4e224348bf9d Signed-off-by: Fabrice Fontaine --- package/lxc/Config.in | 5 +++-- package/lxc/lxc.hash | 2 +- package/lxc/lxc.mk | 16 ++++++++-------- 3 files changed, 12 insertions(+), 11 deletions(-) diff --git a/package/lxc/Config.in b/package/lxc/Config.in index d8d8f50c8e..0b3c1b923e 100644 --- a/package/lxc/Config.in +++ b/package/lxc/Config.in @@ -6,6 +6,7 @@ config BR2_PACKAGE_LXC depends on !BR2_STATIC_LIBS depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_7 # C++11 depends on BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_0 # setns() system call + depends on !BR2_TOOLCHAIN_USES_UCLIBC # no fexecve help Linux Containers (LXC), provides the ability to group and isolate of a set of processes in a jail by virtualizing and @@ -14,9 +15,9 @@ config BR2_PACKAGE_LXC https://linuxcontainers.org/ -comment "lxc needs a toolchain w/ threads, headers >= 3.0, dynamic library, gcc >= 4.7" +comment "lxc needs a glibc or musl toolchain w/ threads, headers >= 3.0, dynamic library, gcc >= 4.7" depends on BR2_USE_MMU depends on !BR2_TOOLCHAIN_HAS_THREADS \ || !BR2_TOOLCHAIN_GCC_AT_LEAST_4_7 \ || !BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_0 \ - || BR2_STATIC_LIBS + || BR2_STATIC_LIBS || BR2_TOOLCHAIN_USES_UCLIBC diff --git a/package/lxc/lxc.hash b/package/lxc/lxc.hash index aad38ca57a..d5ea799776 100644 --- a/package/lxc/lxc.hash +++ b/package/lxc/lxc.hash @@ -1,3 +1,3 @@ # Locally calculated -sha256 4d8772c25baeaea2c37a954902b88c05d1454c91c887cb6a0997258cfac3fdc5 lxc-3.1.0.tar.gz +sha256 5f903986a4b17d607eea28c0aa56bf1e76e8707747b1aa07d31680338b1cc3d4 lxc-3.2.1.tar.gz sha256 dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551 COPYING diff --git a/package/lxc/lxc.mk b/package/lxc/lxc.mk index a059fd578e..81adeef5ee 100644 --- a/package/lxc/lxc.mk +++ b/package/lxc/lxc.mk @@ -4,7 +4,7 @@ # ################################################################################ -LXC_VERSION = 3.1.0 +LXC_VERSION = 3.2.1 LXC_SITE = https://linuxcontainers.org/downloads/lxc LXC_LICENSE = LGPL-2.1+ LXC_LICENSE_FILES = COPYING @@ -19,13 +19,6 @@ ifeq ($(BR2_PACKAGE_BASH_COMPLETION),y) LXC_DEPENDENCIES += bash-completion endif -ifeq ($(BR2_PACKAGE_GNUTLS),y) -LXC_CONF_OPTS += --enable-gnutls -LXC_DEPENDENCIES += gnutls -else -LXC_CONF_OPTS += --disable-gnutls -endif - ifeq ($(BR2_PACKAGE_LIBCAP),y) LXC_CONF_OPTS += --enable-capabilities LXC_DEPENDENCIES += libcap @@ -47,4 +40,11 @@ else LXC_CONF_OPTS += --disable-selinux endif +ifeq ($(BR2_PACKAGE_OPENSSL),y) +LXC_CONF_OPTS += --enable-openssl +LXC_DEPENDENCIES += openssl +else +LXC_CONF_OPTS += --disable-openssl +endif + $(eval $(autotools-package)) -- 2.20.1