OpenPOWER buildroot sources https://git.raptorcs.com/git/buildroot/atom?h=2019.02-op-build 2019-03-04T15:25:44+00:00 2019-03-04T15:25:44+00:00 Peter Korsgaard peter@korsgaard.com 2019-03-03T20:38:45+00:00 urn:sha1:ce76a989022baa6395b874ed44b9246bba053f8a Fixes: http://autobuild.buildroot.net/results/018e309caa0fc662aa2993e47b2037fb6c569011/ This toolchain uses glibc 2.18, which does not provide O_TMPFILE support. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2019-02-27T09:05:49+00:00 Christian Stewart christian@paral.in 2019-02-19T22:35:28+00:00 urn:sha1:905e976a6af224b3ed015c46fcea2d717c155f55 Fixes: http://autobuild.buildroot.net/results/63e9d88ae5177541be463f1e2aafec59aa410479 Add dependency on headers >= 3.11 for O_TMPFILE, used by runc after the fix for CVE-2019-5736 and propagate to the reverse dependencies of runc. Notice that C library support for O_TMPFILE is also needed, which was added in glibc 2.19 and musl 0.9.15. Signed-off-by: Christian Stewart <christian@paral.in> [Peter: squash series, extend commit message, mention C library dependency, fix indentation] Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2019-02-14T10:06:02+00:00 Thomas Petazzoni thomas.petazzoni@bootlin.com 2019-02-14T08:53:10+00:00 urn:sha1:17c7b9337989092ee3659aaa01fb508efd144c16 Commit 6e3f7fbc072c88ab344f2ffa39e402464b566f19 ("package/runc: add upstream security fix for CVE-2019-5736") added a dependency of docker-containerd to uclibc (inherited from runc), but the depends on has a typo that makes it ineffective. Due to this, docker-containerd can still be selected in uClibc configurations, causing runc to be build, and failing to build due fexecve() being missing in uClibc. Fixes: http://autobuild.buildroot.net/results/64ecdb1e007106fdb05979b10b42b90591255504/ Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2019-02-12T19:21:30+00:00 Christian Stewart christian@paral.in 2019-02-12T09:35:28+00:00 urn:sha1:f51e3a50041eb18604b81c18c146d97cdb0afd35 Signed-off-by: Christian Stewart <christian@paral.in> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2019-02-12T19:04:14+00:00 Peter Korsgaard peter@korsgaard.com 2019-02-12T13:15:04+00:00 urn:sha1:6e3f7fbc072c88ab344f2ffa39e402464b566f19 The vulnerability allows a malicious container to (with minimal user interaction) overwrite the host runc binary and thus gain root-level code execution on the host. The level of user interaction is being able to run any command (it doesn't matter if the command is not attacker-controlled) as root within a container in either of these contexts: * Creating a new container using an attacker-controlled image. * Attaching (docker exec) into an existing container which the attacker had previous write access to. For more details, see the advisory: https://www.openwall.com/lists/oss-security/2019/02/11/2 The fix for this issue uses fexecve(3), which isn't available on uClibc, so add a dependency on !uclibc to runc and propagate to the reverse dependencies (containerd/docker-engine). Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2018-12-30T15:57:14+00:00 Thomas Petazzoni thomas.petazzoni@bootlin.com 2018-12-28T15:07:40+00:00 urn:sha1:14cbcbe2d4ba01754b745101b365f0e80c6c87d8 When libsseccomp support is enabled, docker-containerd uses pkg-config to find libsseccomp, so we must depend on host-pkconf. Fixes the following build issue, detected with per-package directory support: pkg-config: exec: "pkg-config": executable file not found in $PATH Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: Christian Stewart <christian@paral.in> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> 2018-12-30T13:40:00+00:00 Christian Stewart christian@paral.in 2018-12-29T10:42:17+00:00 urn:sha1:ff92d5d1b66b4d66873f661ba91c3ccc57aba83e This commit bumps docker-containerd to the latest tagged release, v1.2.1. This release is compatible with the current docker engine release (18.09). Signed-off-by: Christian Stewart <christian@paral.in> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> 2018-09-16T19:39:08+00:00 Christian Stewart christian@paral.in 2018-09-13T05:22:24+00:00 urn:sha1:c5a33a11be080fe8385787fa652b58e448d6c256 This commit bumps docker-containerd to v1.1.3. This is a requisite bump for the upgrade of docker-engine to 2018.06. The license file was renamed from LICENSE.code to LICENSE, so we take this opportunity to add the hash for the license file. The only change between LICENSE.code and LICENSE is: - Copyright 2013-2016 Docker, Inc. + Copyright The containerd Authors Signed-off-by: Christian Stewart <christian@paral.in> [Thomas: fix legal info, add hash for license file.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> 2018-06-07T13:47:53+00:00 Sam Lancia sam@gpsm.co.uk 2018-06-07T07:51:07+00:00 urn:sha1:ded50f69c691e4b4a391ee23ec466abaad4bed99 Prior to commit 2dccb4f2fefd8a0dbda65dd0f7537f811e920b13 ("package/docker-containerd: convert to golang infrastructure"), the containerd binary was installed as docker-containerd. Following the conversion to the golang package infrastructure, the binary is now installed as "containerd", which breaks some use cases. Let's add a symlink link docker-containerd -> containerd to fix such use cases. Fixes: https://bugs.busybox.net/show_bug.cgi?id=11076 Signed-off-by: Sam Lancia <sam@gpsm.co.uk> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> 2018-03-31T17:57:31+00:00 Angelo Compagnucci angelo@amarulasolutions.com 2018-03-31T13:27:34+00:00 urn:sha1:2dccb4f2fefd8a0dbda65dd0f7537f811e920b13 Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>