[Buildroot] [PATCH 1/1] package/lxc: bump to version 3.2.1

[Buildroot] [PATCH 1/1] package/lxc: bump to version 3.2.1

[Patrick Havelange]

Some lxc segfaults (in 3.1.0) are fixed in this newer version.
New dependency on !UCLIBC as fexecve() is required now.

Signed-off-by: Patrick Havelange <patrick.havelange@essensium.com>
---
 package/lxc/Config.in | 6 ++++--
 package/lxc/lxc.hash  | 2 +-
 package/lxc/lxc.mk    | 2 +-
 3 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/package/lxc/Config.in b/package/lxc/Config.in
index d8d8f50c8e..72b675113d 100644
--- a/package/lxc/Config.in
+++ b/package/lxc/Config.in
@@ -6,6 +6,7 @@ config BR2_PACKAGE_LXC
 	depends on !BR2_STATIC_LIBS
 	depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_7 # C++11
 	depends on BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_0 # setns() system call
+	depends on !BR2_TOOLCHAIN_USES_UCLIBC # no fexecve
 	help
 	  Linux Containers (LXC), provides the ability to group and
 	  isolate of a set of processes in a jail by virtualizing and
@@ -14,9 +15,10 @@ config BR2_PACKAGE_LXC
 
 	  https://linuxcontainers.org/
 
-comment "lxc needs a toolchain w/ threads, headers >= 3.0, dynamic library, gcc >= 4.7"
+comment "lxc needs a glibc or musl toolchain w/ threads, headers >= 3.0, dynamic library, gcc >= 4.7"
 	depends on BR2_USE_MMU
 	depends on !BR2_TOOLCHAIN_HAS_THREADS \
 		|| !BR2_TOOLCHAIN_GCC_AT_LEAST_4_7 \
 		|| !BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_0 \
-		|| BR2_STATIC_LIBS
+		|| BR2_STATIC_LIBS \
+		|| BR2_TOOLCHAN_USES_UCLIBC
diff --git a/package/lxc/lxc.hash b/package/lxc/lxc.hash
index aad38ca57a..d5ea799776 100644
--- a/package/lxc/lxc.hash
+++ b/package/lxc/lxc.hash
@@ -1,3 +1,3 @@
 # Locally calculated
-sha256	4d8772c25baeaea2c37a954902b88c05d1454c91c887cb6a0997258cfac3fdc5	lxc-3.1.0.tar.gz
+sha256	5f903986a4b17d607eea28c0aa56bf1e76e8707747b1aa07d31680338b1cc3d4	lxc-3.2.1.tar.gz
 sha256	dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551	COPYING
diff --git a/package/lxc/lxc.mk b/package/lxc/lxc.mk
index a059fd578e..6d94c0c735 100644
--- a/package/lxc/lxc.mk
+++ b/package/lxc/lxc.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-LXC_VERSION = 3.1.0
+LXC_VERSION = 3.2.1
 LXC_SITE = https://linuxcontainers.org/downloads/lxc
 LXC_LICENSE = LGPL-2.1+
 LXC_LICENSE_FILES = COPYING
-- 
2.17.1

[Buildroot] [PATCH 1/1] package/lxc: bump to version 3.2.1

[Thomas Petazzoni]

On Mon,  4 Nov 2019 14:12:37 +0100
Patrick Havelange <patrick.havelange@essensium.com> wrote:

> Some lxc segfaults (in 3.1.0) are fixed in this newer version.
> New dependency on !UCLIBC as fexecve() is required now.
> 
> Signed-off-by: Patrick Havelange <patrick.havelange@essensium.com>
> ---
>  package/lxc/Config.in | 6 ++++--
>  package/lxc/lxc.hash  | 2 +-
>  package/lxc/lxc.mk    | 2 +-
>  3 files changed, 6 insertions(+), 4 deletions(-)

Applied to master, thanks. Could you report the bug to the upstream
uClibc-ng project that lxc can't be built/used anymore due to fexecve()
being missing ?

Thanks,

Thomas
-- 
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com

[Buildroot] [PATCH 1/1] package/lxc: bump to version 3.2.1

[Bernd Kuhls]

Am Mon, 04 Nov 2019 22:01:47 +0100 schrieb Thomas Petazzoni:

> Applied to master, thanks. Could you report the bug to the upstream
> uClibc-ng project that lxc can't be built/used anymore due to fexecve()
> being missing ?

Hi Thomas,

we already had http://patchwork.ozlabs.org/patch/1148360/ which also 
included the information that this bump fixed CVE-2019-5736.

Regards, Bernd

[Buildroot] [PATCH 1/1] package/lxc: bump to version 3.2.1

[Peter Korsgaard]

>>>>> "Bernd" == Bernd Kuhls <bernd.kuhls@t-online.de> writes:

 > Am Mon, 04 Nov 2019 22:01:47 +0100 schrieb Thomas Petazzoni:
 >> Applied to master, thanks. Could you report the bug to the upstream
 >> uClibc-ng project that lxc can't be built/used anymore due to fexecve()
 >> being missing ?

 > Hi Thomas,

 > we already had http://patchwork.ozlabs.org/patch/1148360/ which also 
 > included the information that this bump fixed CVE-2019-5736.

And was more complete, E.G. had the openssl support logic.

Care to send a followup patch adding that?

-- 
Bye, Peter Korsgaard

[Buildroot] [PATCH 1/1] package/lxc: bump to version 3.2.1

[Thomas Petazzoni]

On Mon, 04 Nov 2019 22:30:49 +0100
Bernd Kuhls <bernd.kuhls@t-online.de> wrote:

> we already had http://patchwork.ozlabs.org/patch/1148360/ which also 
> included the information that this bump fixed CVE-2019-5736.

Ah, my bad. I even replied to this patch originally, but forgot about
it. I guess there are too many pending patches :-/

Thomas
-- 
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com

[Buildroot] [PATCH 1/1] package/lxc: bump to version 3.2.1

[Patrick Havelange]

On 04.11.19 22:01, Thomas Petazzoni wrote:
> On Mon,  4 Nov 2019 14:12:37 +0100
> Patrick Havelange <patrick.havelange@essensium.com> wrote:
> 
>> Some lxc segfaults (in 3.1.0) are fixed in this newer version.
>> New dependency on !UCLIBC as fexecve() is required now.
>>
>> Signed-off-by: Patrick Havelange <patrick.havelange@essensium.com>
>> ---
>>   package/lxc/Config.in | 6 ++++--
>>   package/lxc/lxc.hash  | 2 +-
>>   package/lxc/lxc.mk    | 2 +-
>>   3 files changed, 6 insertions(+), 4 deletions(-)
> 
> Applied to master, thanks. Could you report the bug to the upstream
> uClibc-ng project that lxc can't be built/used anymore due to fexecve()
> being missing ?

Done, https://gogs.waldemar-brodkorb.de/oss/uclibc-ng/issues/5

> 
> Thanks,
> 
> Thomas
> 

[Buildroot] [PATCH 1/1] package/lxc: bump to version 3.2.1

[Bernd Kuhls]

Am Tue, 05 Nov 2019 09:27:09 +0100 schrieb Peter Korsgaard:

> And was more complete, E.G. had the openssl support logic.
> 
> Care to send a followup patch adding that?

Hi Peter,

sent patch for master branch: http://patchwork.ozlabs.org/patch/1190528/

Regards, Bernd