<feed xmlns='http://www.w3.org/2005/Atom'>
<title>buildroot/package/docker-engine, branch 2019.02-op-build</title>
<subtitle>OpenPOWER buildroot sources</subtitle>
<id>https://git.raptorcs.com/git/buildroot/atom?h=2019.02-op-build</id>
<link rel='self' href='https://git.raptorcs.com/git/buildroot/atom?h=2019.02-op-build'/>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/'/>
<updated>2019-03-04T15:25:44+00:00</updated>
<entry>
<title>package/runc: blacklist Codesourcery ARM toolchain</title>
<updated>2019-03-04T15:25:44+00:00</updated>
<author>
<name>Peter Korsgaard</name>
<email>peter@korsgaard.com</email>
</author>
<published>2019-03-03T20:38:45+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=ce76a989022baa6395b874ed44b9246bba053f8a'/>
<id>urn:sha1:ce76a989022baa6395b874ed44b9246bba053f8a</id>
<content type='text'>
Fixes:
http://autobuild.buildroot.net/results/018e309caa0fc662aa2993e47b2037fb6c569011/

This toolchain uses glibc 2.18, which does not provide O_TMPFILE support.

Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>runc: depend on linux headers &gt;= 3.11 for O_TMPFILE</title>
<updated>2019-02-27T09:05:49+00:00</updated>
<author>
<name>Christian Stewart</name>
<email>christian@paral.in</email>
</author>
<published>2019-02-19T22:35:28+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=905e976a6af224b3ed015c46fcea2d717c155f55'/>
<id>urn:sha1:905e976a6af224b3ed015c46fcea2d717c155f55</id>
<content type='text'>
Fixes:
http://autobuild.buildroot.net/results/63e9d88ae5177541be463f1e2aafec59aa410479

Add dependency on headers &gt;= 3.11 for O_TMPFILE, used by runc after the
fix for CVE-2019-5736 and propagate to the reverse dependencies of runc.

Notice that C library support for O_TMPFILE is also needed, which was added
in glibc 2.19 and musl 0.9.15.

Signed-off-by: Christian Stewart &lt;christian@paral.in&gt;
[Peter: squash series, extend commit message, mention C library dependency,
	fix indentation]
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>docker-engine: fix runc version check warning</title>
<updated>2019-02-12T19:21:44+00:00</updated>
<author>
<name>Christian Stewart</name>
<email>christian@paral.in</email>
</author>
<published>2019-02-12T09:35:31+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=424a90241c07fd15cd1caadd707f751461cf11fc'/>
<id>urn:sha1:424a90241c07fd15cd1caadd707f751461cf11fc</id>
<content type='text'>
Fixes the startup warning from Docker:

failed to retrieve runc version: unknown output format: runc version commit ...

Introduces a patch to replace the faulty version detection logic in the Docker
engine.

Signed-off-by: Christian Stewart &lt;christian@paral.in&gt;
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>docker-engine: bump to v18.09.2</title>
<updated>2019-02-12T19:21:39+00:00</updated>
<author>
<name>Christian Stewart</name>
<email>christian@paral.in</email>
</author>
<published>2019-02-12T09:35:30+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=087e5147c32ed8e75e462e4ea5c0cf2fd3c40be4'/>
<id>urn:sha1:087e5147c32ed8e75e462e4ea5c0cf2fd3c40be4</id>
<content type='text'>
Signed-off-by: Christian Stewart &lt;christian@paral.in&gt;
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>package/runc: add upstream security fix for CVE-2019-5736</title>
<updated>2019-02-12T19:04:14+00:00</updated>
<author>
<name>Peter Korsgaard</name>
<email>peter@korsgaard.com</email>
</author>
<published>2019-02-12T13:15:04+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=6e3f7fbc072c88ab344f2ffa39e402464b566f19'/>
<id>urn:sha1:6e3f7fbc072c88ab344f2ffa39e402464b566f19</id>
<content type='text'>
The vulnerability allows a malicious container to (with minimal user
interaction) overwrite the host runc binary and thus gain root-level
code execution on the host. The level of user interaction is being able
to run any command (it doesn't matter if the command is not
attacker-controlled) as root within a container in either of these
contexts:

  * Creating a new container using an attacker-controlled image.
  * Attaching (docker exec) into an existing container which the
    attacker had previous write access to.

For more details, see the advisory:

https://www.openwall.com/lists/oss-security/2019/02/11/2

The fix for this issue uses fexecve(3), which isn't available on uClibc, so
add a dependency on !uclibc to runc and propagate to the reverse
dependencies (containerd/docker-engine).

Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>packages: update sysv S* scripts to 644</title>
<updated>2019-02-08T10:35:22+00:00</updated>
<author>
<name>Matt Weber</name>
<email>matthew.weber@rockwellcollins.com</email>
</author>
<published>2019-02-05T19:23:38+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=590e9e05b683ee521d4984b5cb77a590ebb3fd17'/>
<id>urn:sha1:590e9e05b683ee521d4984b5cb77a590ebb3fd17</id>
<content type='text'>
Signed-off-by: Matthew Weber &lt;matthew.weber@rockwellcollins.com&gt;
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>package/docker-engine: drop unused _DAEMON option</title>
<updated>2019-02-02T11:06:03+00:00</updated>
<author>
<name>Peter Korsgaard</name>
<email>peter@korsgaard.com</email>
</author>
<published>2019-02-01T22:04:08+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=1c47edee82c556b01153bc8f6e440d50f782f50e'/>
<id>urn:sha1:1c47edee82c556b01153bc8f6e440d50f782f50e</id>
<content type='text'>
Since commit de336584d2 (package/docker-engine: split docker-{cli, engine},
bump to v18.09.0), the docker-engine package only builds the daemon part,
and the .mk file no longer use the _DAEMON option, so drop it.

Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
Tested-by: Christian Stewart &lt;christian@paral.in&gt;
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>package/docker-engine: add sysv init script</title>
<updated>2019-01-31T07:33:09+00:00</updated>
<author>
<name>Peter Korsgaard</name>
<email>peter@korsgaard.com</email>
</author>
<published>2019-01-30T22:28:09+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=30f23f9980efa612aae5cecc3d4221b912248095'/>
<id>urn:sha1:30f23f9980efa612aae5cecc3d4221b912248095</id>
<content type='text'>
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
Acked-by: Christian Stewart &lt;christian@paral.in&gt;
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>package/docker-engine: split docker-{cli, engine}, bump to v18.09.0</title>
<updated>2018-12-03T20:11:03+00:00</updated>
<author>
<name>Christian Stewart</name>
<email>christian@paral.in</email>
</author>
<published>2018-11-27T08:56:55+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=de336584d255bc27a52957323b2b320bb984151f'/>
<id>urn:sha1:de336584d255bc27a52957323b2b320bb984151f</id>
<content type='text'>
Docker upstream has split the Docker daemon and CLI into separate
codebases:

 - github.com/docker/engine: daemon, "dockerd" binary
 - github.com/docker/cli: "docker" command line interface

This commit splits the docker-engine package into docker-engine and
docker-cli.  Conveniently, the Docker project has begun maintaining
two separate release-tagged repositories for the CLI and daemon as of
v18.06-ce-rc1. Previous versions were tagged in a common "docker-ce"
repository which makes compilation awkward for Buildroot, especially
due to some limitations in the new Go package infrastructure.

Docker repositories "engine" and "cli" recently started tagging
releases. Select the latest stable release, v18.09.0.

The CLI is no longer automatically included with the engine. Users
will need to select BR2_PACKAGE_DOCKER_CLI to produce a both docker
and dockerd target binaries.

Docker CLI can be statically compiled. This enables usage of the
system docker client binary to access the parent daemon API from
within containers, where shared libraries are not available.

While at it, drop the useless host-go dependency from docker-engine,
since it's already added by the golang-package infrastructure.

Signed-off-by: Christian Stewart &lt;christian@paral.in&gt;
[Thomas: drop the host-go dependency from both docker-cli and
docker-engine]
Signed-off-by: Thomas Petazzoni &lt;thomas.petazzoni@bootlin.com&gt;
</content>
</entry>
<entry>
<title>package/docker-engine: convert to golang infrastructure</title>
<updated>2018-03-31T18:20:02+00:00</updated>
<author>
<name>Angelo Compagnucci</name>
<email>angelo@amarulasolutions.com</email>
</author>
<published>2018-03-07T22:19:38+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=390b8cdba7112bc5dc06955136c9ddb1215d3c53'/>
<id>urn:sha1:390b8cdba7112bc5dc06955136c9ddb1215d3c53</id>
<content type='text'>
Signed-off-by: Angelo Compagnucci &lt;angelo@amarulasolutions.com&gt;
[Thomas:
 - adapt to the changes in the golang-package infrastructure
 - keep the logic to support BR2_PACKAGE_DOCKER_ENGINE_STATIC_CLIENT]
Signed-off-by: Thomas Petazzoni &lt;thomas.petazzoni@bootlin.com&gt;
</content>
</entry>
</feed>
