[Buildroot] [PATCH/next 1/1] package/lxc: security bump to version 3.2.1
Fabrice Fontaine
fontaine.fabrice at gmail.com
Fri Aug 16 17:03:15 UTC 2019
- lxc switched from gnutls to openssl since version 3.2.0 and
https://github.com/lxc/lxc/commit/fa2bb6ba532c5e7f92df8cbae50a68af519f9997
- lxc needs a glibc or musl toolchain since version 3.2.0 and
https://github.com/lxc/lxc/commit/6400238d08cdf1ca20d49bafb85f4e224348bf9d
- This version includes a security fix (named CVE-2019-5736 on runC):
https://github.com/lxc/lxc/commit/6400238d08cdf1ca20d49bafb85f4e224348bf9d
Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
---
package/lxc/Config.in | 5 +++--
package/lxc/lxc.hash | 2 +-
package/lxc/lxc.mk | 16 ++++++++--------
3 files changed, 12 insertions(+), 11 deletions(-)
diff --git a/package/lxc/Config.in b/package/lxc/Config.in
index d8d8f50c8e..0b3c1b923e 100644
--- a/package/lxc/Config.in
+++ b/package/lxc/Config.in
@@ -6,6 +6,7 @@ config BR2_PACKAGE_LXC
depends on !BR2_STATIC_LIBS
depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_7 # C++11
depends on BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_0 # setns() system call
+ depends on !BR2_TOOLCHAIN_USES_UCLIBC # no fexecve
help
Linux Containers (LXC), provides the ability to group and
isolate of a set of processes in a jail by virtualizing and
@@ -14,9 +15,9 @@ config BR2_PACKAGE_LXC
https://linuxcontainers.org/
-comment "lxc needs a toolchain w/ threads, headers >= 3.0, dynamic library, gcc >= 4.7"
+comment "lxc needs a glibc or musl toolchain w/ threads, headers >= 3.0, dynamic library, gcc >= 4.7"
depends on BR2_USE_MMU
depends on !BR2_TOOLCHAIN_HAS_THREADS \
|| !BR2_TOOLCHAIN_GCC_AT_LEAST_4_7 \
|| !BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_0 \
- || BR2_STATIC_LIBS
+ || BR2_STATIC_LIBS || BR2_TOOLCHAIN_USES_UCLIBC
diff --git a/package/lxc/lxc.hash b/package/lxc/lxc.hash
index aad38ca57a..d5ea799776 100644
--- a/package/lxc/lxc.hash
+++ b/package/lxc/lxc.hash
@@ -1,3 +1,3 @@
# Locally calculated
-sha256 4d8772c25baeaea2c37a954902b88c05d1454c91c887cb6a0997258cfac3fdc5 lxc-3.1.0.tar.gz
+sha256 5f903986a4b17d607eea28c0aa56bf1e76e8707747b1aa07d31680338b1cc3d4 lxc-3.2.1.tar.gz
sha256 dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551 COPYING
diff --git a/package/lxc/lxc.mk b/package/lxc/lxc.mk
index a059fd578e..81adeef5ee 100644
--- a/package/lxc/lxc.mk
+++ b/package/lxc/lxc.mk
@@ -4,7 +4,7 @@
#
################################################################################
-LXC_VERSION = 3.1.0
+LXC_VERSION = 3.2.1
LXC_SITE = https://linuxcontainers.org/downloads/lxc
LXC_LICENSE = LGPL-2.1+
LXC_LICENSE_FILES = COPYING
@@ -19,13 +19,6 @@ ifeq ($(BR2_PACKAGE_BASH_COMPLETION),y)
LXC_DEPENDENCIES += bash-completion
endif
-ifeq ($(BR2_PACKAGE_GNUTLS),y)
-LXC_CONF_OPTS += --enable-gnutls
-LXC_DEPENDENCIES += gnutls
-else
-LXC_CONF_OPTS += --disable-gnutls
-endif
-
ifeq ($(BR2_PACKAGE_LIBCAP),y)
LXC_CONF_OPTS += --enable-capabilities
LXC_DEPENDENCIES += libcap
@@ -47,4 +40,11 @@ else
LXC_CONF_OPTS += --disable-selinux
endif
+ifeq ($(BR2_PACKAGE_OPENSSL),y)
+LXC_CONF_OPTS += --enable-openssl
+LXC_DEPENDENCIES += openssl
+else
+LXC_CONF_OPTS += --disable-openssl
+endif
+
$(eval $(autotools-package))
--
2.20.1
More information about the buildroot
mailing list