buildroot/package/runc, branch 2019.02-op-build

package/runc: blacklist Codesourcery ARM toolchain

2019-03-04T15:25:44+00:00

Fixes: http://autobuild.buildroot.net/results/018e309caa0fc662aa2993e47b2037fb6c569011/ This toolchain uses glibc 2.18, which does not provide O_TMPFILE support. Signed-off-by: Peter Korsgaard

runc: depend on linux headers >= 3.11 for O_TMPFILE

2019-02-27T09:05:49+00:00

Fixes: http://autobuild.buildroot.net/results/63e9d88ae5177541be463f1e2aafec59aa410479 Add dependency on headers >= 3.11 for O_TMPFILE, used by runc after the fix for CVE-2019-5736 and propagate to the reverse dependencies of runc. Notice that C library support for O_TMPFILE is also needed, which was added in glibc 2.19 and musl 0.9.15. Signed-off-by: Christian Stewart [Peter: squash series, extend commit message, mention C library dependency, fix indentation] Signed-off-by: Peter Korsgaard

package/runc: add upstream security fix for CVE-2019-5736

2019-02-12T19:04:14+00:00

The vulnerability allows a malicious container to (with minimal user interaction) overwrite the host runc binary and thus gain root-level code execution on the host. The level of user interaction is being able to run any command (it doesn't matter if the command is not attacker-controlled) as root within a container in either of these contexts: * Creating a new container using an attacker-controlled image. * Attaching (docker exec) into an existing container which the attacker had previous write access to. For more details, see the advisory: https://www.openwall.com/lists/oss-security/2019/02/11/2 The fix for this issue uses fexecve(3), which isn't available on uClibc, so add a dependency on !uclibc to runc and propagate to the reverse dependencies (containerd/docker-engine). Signed-off-by: Peter Korsgaard

package/runc: bump to version 1.0.0-rc6

2018-12-30T13:39:16+00:00

Previously, a specific commit hash from the Docker runc.installer was used to determine the required runc version for the Docker Engine. This old commit hash used was a untagged pre-1.0.0 release of runc, closer to an earlier release candidate. The runc version used in the Debian distribution is not the pinned version previously used by Buildroot. It is the latest release candidate. The latest release candidate is known to be compatible with the Docker Engine, and there is no justification for pinning to an older RC anymore. This commit bumps to the latest RC, 1.0.0-rc6. A v1.0.0 is expected soon. Signed-off-by: Christian Stewart Signed-off-by: Thomas Petazzoni

runc: bump to 69663f0b

2018-09-16T19:38:51+00:00

This commit bumps runc to the requisite version for Docker 2018.06. Added note about where runc version dependency is declared: RUNC_VERSION = 69663f0bd4b60df09991c08812a60108003fa340 We take this opportunity to add the hash for the license file. Signed-off-by: Christian Stewart [Thomas: add hash for license file.] Signed-off-by: Thomas Petazzoni

package/runc: convert to golang infrastructure

2018-03-31T17:57:31+00:00

Signed-off-by: Angelo Compagnucci Signed-off-by: Thomas Petazzoni Reviewed-by: "Yann E. MORIN" Signed-off-by: Arnout Vandecappelle (Essensium/Mind)

Revert "runc: bump to v1.0.0-rc4"

2017-11-22T21:14:16+00:00

This reverts commit 3861ce09d0acd6425873332300c6caa75863017f. As reported on IRC, runc v1.0.0-rc4 is not compatible with the docker-engine version we are using, so lets revert for 2017.11: 20:27 < eschu> It looks like 25 days ago buildroot had runc updated to 1.0.0-rc4, which breaks compatibility with the docker-engine version 17.05. Is there somewhere issues like this are reported? Or is it just expected on non-release versions of buildroot? 20:47 < Jacmet> eschu: ahh, so the new runc doesn't work with the old docker-engine? what kind of errors do you get exactly? 20:49 < eschu> Jacmet: yes, runc made a change from -console to --console-socket, which results in "Incorrect Usage" error "flag provided but not defined: -console" 20:51 < eschu> Jacmet: basically docker-engine 17.05 uses -console, but support for that was cut off in runc around the first 1.0.0 versions. I'll check the patches out, or might just downgrade to buildroot 2017.08 release 20:51 < agb> Jacmet: unfortunately this issue has hit a number of distributions https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877146 20:53 < Jacmet> agb: thanks. I'll send a revert for 2017.11 and hopefully we can make progress on the other docker packages for 2018.02 Cc: Christian Stewart Signed-off-by: Peter Korsgaard Signed-off-by: Thomas Petazzoni

runc: bump to v1.0.0-rc4

2017-10-22T10:18:05+00:00

This is a dependency of docker-engine v2017.07.0-ce. Signed-off-by: Christian Stewart Signed-off-by: Thomas Petazzoni

Globally replace $(HOST_DIR)/usr/bin with $(HOST_DIR)/bin

2017-07-05T13:19:29+00:00

Since things are no longer installed in $(HOST_DIR)/usr, the callers should also not refer to it. This is a mechanical change with git grep -l '$(HOST_DIR)/usr/bin' | xargs sed -i 's%$(HOST_DIR)/usr/bin%$(HOST_DIR)/bin%g' Signed-off-by: Arnout Vandecappelle (Essensium/Mind) Signed-off-by: Thomas Petazzoni

runc: bump to version 9c2d8d184e5da67c95d601382adf14862e4f2228

2017-04-06T19:49:38+00:00

This is a runtime dependency of docker-engine in version 17.04.0-ce Signed-off-by: Fabrice Fontaine Signed-off-by: Thomas Petazzoni