Mathieu Tortuyaux
ca192320b3
dev-libs/openssl: sync with upstream
...
it basically brings this commit: 895d71e3d1
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
2021-11-02 18:24:35 +01:00
Sayan Chowdhury
10316541c9
Merge pull request #1379 from flatcar-linux/linux-5.10.76-main
...
Upgrade Linux Kernel in main from 5.10.75 to 5.10.76
2021-11-02 20:39:14 +05:30
Dongsu Park
95c2a8fe10
Merge pull request #1383 from flatcar-linux/dongsu/ncurses-6.2-20210619
...
sys-libs/ncurses: update to 6.2_p20210619
2021-11-02 15:15:35 +01:00
Dongsu Park
1f8a64c14c
Merge pull request #1381 from flatcar-linux/dongsu/wget-1.21.2
...
profiles: accept keywords for wget 1.21.2.
2021-11-02 14:24:41 +01:00
Dongsu Park
524afe8ae2
Merge pull request #1386 from flatcar-linux/dongsu/github-https
...
*: use https instead of git for Github URLs
2021-11-02 14:02:51 +01:00
Dongsu Park
6e3c5a85d6
profiles: update dev-lang/yasm to 1.3.0-r1 for ~arm64
2021-11-02 08:36:05 +01:00
Dongsu Park
68bc2f4d3c
*: use https instead of git for Github URLs
...
Replace `git://` with `https://` for GITHUB URLs, because Github now
rejects an unauthenticated git access.
* app-admin/locksmith
* app-admin/mayday
* app-admin/sdnotify-proxy
* app-admin/toolbox
* app-admin/updateservicectl
* app-arch/torcx
* app-crypt/go-tspi
* app-emulation/acbuild
* app-emulation/actool
* coreos-base/afterburn
* coreos-base/coreos-cloudinit
* coreos-base/coreos-init
* coreos-base/emerge-gitclone
* coreos-base/nova-agent-watcher
* coreos-base/update-ssh-keys
* coreos-base/update_engine
* coreos-devel/fero-client
* coreos-devel/mantle
* sys-apps/baselayout
* sys-apps/ignition
* sys-apps/seismograph
* sys-boot/grub
* sys-boot/shim
* sys-kernel/bootengine
* sys-libs/nss-usrfiles
See also
https://github.blog/2021-09-01-improving-git-protocol-security-github/ .
2021-11-02 08:27:25 +01:00
Dongsu Park
0072354ed4
Merge pull request #1385 from flatcar-linux/rust-1.56.1-main
...
Upgrade dev-lang/rust in main from 1.56.0 to 1.56.1
2021-11-01 17:25:25 +01:00
Flatcar Buildbot
03f98ebe38
dev-lang: Upgrade dev-lang/rust 1.56.0 to 1.56.1
2021-11-01 13:19:18 +00:00
Dongsu Park
d2e91b9a3d
app-emulation/qemu: unicode(+) for sys-libs/ncurses
...
Now that sys-libs/ncurses 6.2_p20210619 dropped the USE flag 'unicode',
it is not possible to specify the flag in app-emulation/qemu.
Make the unicode flag optional, by specifying '(+)'.
See also https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=20ea02f40f21d21e584fe45c9d1c8cfb57f5acc6
2021-11-01 11:25:34 +01:00
Dongsu Park
fcf60d15ef
profiles: delete unnecessary keywords for ncurses
...
Since ncurses 6.2_p20210619 does not have the USE flag `unicode`,
we should clean up from profiles.
2021-11-01 09:40:08 +01:00
Dongsu Park
b41edc4cf1
sys-libs/ncurses: Apply Flatcar patches
...
Add a symlink-usr USE flag for keeping a minimal set of terminfo
files in /usr/share/terminfo.
Also allow writes to /dev/ptmx, which sometimes causes the sandbox
to fail Jenkins builds.
Based on 9a6728f5f5d63626e4a806664c0c031e913fd758 and
380aa9c60af1e68911a479747d12b5fddaf2b1a2 .
2021-11-01 09:40:08 +01:00
Dongsu Park
da0f8fde32
sys-libs/ncurses: update to 6.2_p20210619
...
Update sys-libs/ncurses to 6.2_p20210619, mainly to address
CVE-2021-39537.
2021-11-01 09:40:08 +01:00
Dongsu Park
49eaaefc82
Merge pull request #1382 from flatcar-linux/jepio/selinux-base-bootstrap-fix
...
selinux-base: fix build issue during boostrap
2021-11-01 09:32:06 +01:00
Jeremi Piotrowski
2497549aa9
Update sec-policy/selinux-base/selinux-base-2.20200818-r2.ebuild
...
Co-authored-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
2021-10-29 12:43:04 +02:00
Jeremi Piotrowski
62a5205559
sec-policy/selinux-base: add missing BDEPEND=python[xml]
...
selinux-base requires python to generate xml files, but the dependency
is implicit (through policycoreutils). Flatcar made that dependency
conditional on USE=python in policycoreutils so that we don't include
python in our images, but this causes selinux-base to fail depending on
ordering in the bootstrap process.
Fix that failure by addin an explicit dependency.
2021-10-29 07:55:42 +00:00
Jeremi Piotrowski
3e548aca7e
Revert "sec-policy/selinux-base: force sequential build in src_configure"
...
This is not the cause for the build failure - a missing build time
dependency is.
This reverts commit ee3a8514ebd144f081b679225b332ef13b010e26.
2021-10-29 07:54:25 +00:00
Dongsu Park
6b1f6ff813
Merge pull request #1375 from flatcar-linux/firmware-20211027-main
...
Upgrade Linux Firmware in main from 20210919 to 20211027
2021-10-28 16:49:17 +02:00
Dongsu Park
f6b3e2d375
sys-kernel/coreos-firmware: bump cxgb4 firmware version to 1.26.2.0
...
Since linux-firmware 20211027 has a new cxgb4 firmware version 1.26.2.0,
we have to bump CXGB_VERSION, to avoid build failures.
2021-10-28 12:39:27 +02:00
Dongsu Park
61fde6cbed
profiles: accept keywords for wget 1.21.2.
...
Accept both keywords ~amd64 and ~arm64, mainly to address
CVE-2021-31879.
2021-10-28 10:19:38 +02:00
Flatcar Buildbot
ff345e0697
sys-kernel: Upgrade Kernel 5.10.75 to 5.10.76
2021-10-28 07:35:14 +00:00
Flatcar Buildbot
9fa19b06ac
sys-kernel: Upgrade Linux Firmware 20210919 to 20211027
2021-10-28 07:11:13 +00:00
Jeremi Piotrowski
1507a314b4
Merge pull request #1372 from flatcar-linux/jepio/selinux-base-sequential
...
sec-policy/selinux-base: force sequential build in src_configure.
2021-10-27 20:22:54 +02:00
Dongsu Park
89a86a1bf1
Merge pull request #1373 from flatcar-linux/docker-20.10.10-main
...
Upgrade Docker in main from 20.10.9 to 20.10.10
2021-10-27 14:45:14 +02:00
Jeremi Piotrowski
986a4f6a2a
sec-policy/selinux-base: force sequential build in src_configure
...
The build has been failing occasionally, due to some kind of race condition.
The last lines of log output look like this:
Updating policy/booleans.conf and policy/modules.conf
python3 -t -t -E -W error support/sedoctool.py -b policy/booleans.conf -m policy/modules.conf -x doc/policy.xml
support/sedoctool.py exiting for: Error while parsing xml
make: *** [Makefile:415: conf.intermediate] Error 1
* ERROR: sec-policy/selinux-base-2.20200818-r2::coreos failed (configure phase):
* emake failed
Try to fix this by forcing a sequential build.
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
2021-10-27 10:54:00 +02:00
Dongsu Park
05054d5bb3
Merge pull request #1371 from flatcar-linux/rust-1.56.0-main
...
Upgrade dev-lang/rust in main from 1.55.0 to 1.56.0
2021-10-27 09:52:15 +02:00
Flatcar Buildbot
d95a5d9826
app-emulation: Upgrade Docker 20.10.9 to 20.10.10
2021-10-27 07:47:22 +00:00
Dongsu Park
37b3325d0b
dev-lang/rust: adjust ebuild for Rust 1.56.0
...
To fix build failures, adjust ebuild file for Rust 1.56.0,
syncing with Gentoo.
Gentoo ref: d4e208e91591026acece35da8445b27fa20d3d5f
2021-10-26 14:24:29 +02:00
Flatcar Buildbot
da6611987c
dev-lang: Upgrade dev-lang/rust 1.55.0 to 1.56.0
2021-10-26 12:07:39 +00:00
Dongsu Park
62e41a9571
Merge pull request #1369 from flatcar-linux/dongsu/github-actions-rust-keywords
...
.github: update accept_keywords also for virtual/rust
2021-10-26 13:43:21 +02:00
Dongsu Park
4aa1a282d9
.github: update accept_keywords also for virtual/rust
...
PR https://github.com/flatcar-linux/coreos-overlay/pull/432 started
to replace `dev-lang/rust` in accept_keywords with its new version.
However, its corresponding `virtual/rust` has never been updated.
That issue had been hidden until
4463efcfd4
started adding `virtual/rust` to accept_keywords.
Unlike `dev-lang/rust`, keywords for `virtual/rust` stayed with old
versions. As a result, subsequent Github Actions PRs for rust become
all invalid, so build failures.
Fix the issue by replacing versions of `virtual/rust` with new versions.
Also try to match with version specifiers, not only `=` but also `>=`,
'<=', '~'.
2021-10-26 11:53:08 +02:00
Dongsu Park
739e98dc59
Merge pull request #1366 from aniruddha2000/aniruddha/remove-nmap-accept-keywords
...
Remove nmap keyword from arm64/package.accept_keywords
2021-10-25 17:27:00 +02:00
Dongsu Park
666787c9ee
Merge pull request #1367 from aniruddha2000/aniruddha/update-cryptsetup-accept-keywords
...
Update accept keyword for cryptsetup 2.4.1
2021-10-25 17:26:44 +02:00
Aniruddha Basak
ec9c9714c0
Update accept keyword for cryptsetup 2.4.1
2021-10-25 07:06:19 +00:00
Sayan Chowdhury
5d0669763a
Merge pull request #1363 from flatcar-linux/linux-5.10.75-main
...
Upgrade Linux Kernel in main from 5.10.74 to 5.10.75
2021-10-23 09:55:10 +05:30
Aniruddha Basak
da44b7c24d
Remove nmap keyword from arm64/package.accept_keywords
2021-10-22 14:44:44 +00:00
Sayan Chowdhury
59a8112b65
Merge pull request #1365 from flatcar-linux/sayan/skip-tcsd-for-tpm2-v249
...
app-crypt/trousers: Skip tscd.service for TPM2 devices (using ConditionSecurity)
2021-10-22 16:26:24 +05:30
Sayan Chowdhury
33107d2047
Merge pull request #1364 from flatcar-linux/sayan/skip-tcsd-for-tpm2
...
app-crypt/trousers: Skip tscd.service for TPM2 devices
2021-10-22 16:21:14 +05:30
Sayan Chowdhury
0f2fde9beb
app-crypt/trousers: Skip tscd.service for TPM2 devices
...
trousers supports TPM 1.2, and fails for TPM 2. This commits
skips the tcsd service if TPM 2 is detected.
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
2021-10-22 12:28:24 +05:30
Mathieu Tortuyaux
34a256a96f
Merge pull request #1305 from flatcar-linux/tormath1/openssl-3
...
`dev-libs/openssl`: upgrade to v3
2021-10-22 07:52:47 +02:00
Mathieu Tortuyaux
6adcc5ab44
coreos-base/update_engine: remove -Werror
flag
...
with the OpenSSLv3 upgrade, `update_engine` is not fully compatible yet.
See the associated issue for more details.
Let's keep the deprecated SHA functions in the meantime to run the
build.
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
2021-10-22 07:51:26 +02:00
Mathieu Tortuyaux
1d608a8560
app-crypt/sbsigntools: add patch to support opensslv3
...
See also: https://groups.io/g/sbsigntools/topic/patch_fix_openssl_3_0_issue/85903418?p=,,,20,0,0,0::recentpostdate/sticky,,,20,2,0,85903418,previd=1632756467394580924,nextid=1591489833755102589&previd=1632756467394580924&nextid=1591489833755102589
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
2021-10-22 07:51:26 +02:00
Mathieu Tortuyaux
a6ad4cfba8
profiles/base: disable bindist
useflag for openssh
...
there is an ongoing conversation about bindist patches for openssl:
https://marc.info/?l=gentoo-dev&m=163216172229772&w=2
Let's keep an eye on it.
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
2021-10-22 07:51:26 +02:00
Mathieu Tortuyaux
33d129daf9
profiles/coreos/base: add dev-libs/openssl-3.0.0
...
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
2021-10-22 07:51:26 +02:00
Mathieu Tortuyaux
c83934f12e
dev-libs/openssl: apply flatcar changes
...
- drop `pkg_postint`
- create `/etc/ssl` with systemd-tmpfiles
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
2021-10-22 07:51:26 +02:00
Mathieu Tortuyaux
9e2cb8ebaa
dev-libs/openssl: sync with ::gentoo
...
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
2021-10-22 07:51:26 +02:00
Sayan Chowdhury
b857e562b5
app-crypt/trousers: Skip tscd.service for TPM2 devices
...
trousers supports TPM 1.2, and fails for TPM 2. This commits
skips the tcsd service if TPM 2 is detected.
Uses ConditionSecurity introduced in systemd v248
Fixes flatcar-linux/Flatcar#208
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
2021-10-22 00:03:37 +05:30
Kai Lüke
f072be4764
Merge pull request #1358 from guillomep/update_ca_certificate_nss_3_70
...
ca-certificates: update to NSS 3.70
2021-10-21 14:10:18 +02:00
Flatcar Buildbot
6da9c72dd8
sys-kernel: Upgrade Kernel 5.10.74 to 5.10.75
2021-10-21 07:23:01 +00:00
Guillaume Perrin
6bb6fc209e
ca-certificates: update to NSS 3.70
...
For HTTPS to work and also for it to deliver the security promises we
need to ship the latest certificate database.
Update the package version symlink in oder to fetch the database from
the newest NSS release under
https://ftp.mozilla.org/pub/security/nss/releases/
and do a "ebuild ca-certificates-3.70.ebuild manifest" run.
Signed-off-by: Guillaume Perrin <guillaume28.perrin@gmail.com>
2021-10-20 15:48:20 +02:00