package/docker-engine: security bump to 19.03.5
Fixes the following security vulnerabilities: - CVE-2019-14271: In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container Signed-off-by: Christian Stewart <christian@paral.in> [Peter: mention security impact] Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Christian Stewart
Peter Korsgaard
parent
f40f2bae81
commit
0161899ae5
@ -1,45 +0,0 @@
|
||||
From 324e7be4b252c13002bca6a9d82e7b2e43664634 Mon Sep 17 00:00:00 2001
|
||||
From: Christian Stewart <christian@paral.in>
|
||||
Date: Mon, 26 Nov 2018 22:59:32 -0800
|
||||
Subject: [PATCH] Fix faulty runc version commit scrape
|
||||
|
||||
This commit replaces faulty logic to determine the runc version commit hash.
|
||||
|
||||
The original logic takes the second line of the output of "runc --version" and
|
||||
does not work if there are a different number of lines printed from the command
|
||||
than expected. The buildroot version of runc outputs two lines instead of the
|
||||
expected three, causing the error:
|
||||
|
||||
unknown output format: runc version commit: ...
|
||||
|
||||
This patch replaces this logic with a simple scan of the "runc --version"
|
||||
output, searching for the "runc version commit" prefixed line.
|
||||
|
||||
Signed-off-by: Christian Stewart <christian@paral.in>
|
||||
---
|
||||
daemon/info_unix.go | 9 +++++----
|
||||
1 file changed, 5 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/daemon/info_unix.go b/daemon/info_unix.go
|
||||
index 60b2f99870..688a510796 100644
|
||||
--- a/daemon/info_unix.go
|
||||
+++ b/daemon/info_unix.go
|
||||
@@ -32,10 +32,11 @@ func (daemon *Daemon) fillPlatformInfo(v *types.Info, sysInfo *sysinfo.SysInfo)
|
||||
defaultRuntimeBinary := daemon.configStore.GetRuntime(v.DefaultRuntime).Path
|
||||
if rv, err := exec.Command(defaultRuntimeBinary, "--version").Output(); err == nil {
|
||||
parts := strings.Split(strings.TrimSpace(string(rv)), "\n")
|
||||
- if len(parts) == 3 {
|
||||
- parts = strings.Split(parts[1], ": ")
|
||||
- if len(parts) == 2 {
|
||||
- v.RuncCommit.ID = strings.TrimSpace(parts[1])
|
||||
+ for _, pt := range parts {
|
||||
+ ptKv := strings.Split(pt, ":")
|
||||
+ if strings.HasSuffix(strings.TrimSpace(ptKv[0]), "commit") {
|
||||
+ v.RuncCommit.ID = strings.TrimSpace(ptKv[1])
|
||||
+ break
|
||||
}
|
||||
}
|
||||
|
||||
--
|
||||
2.18.1
|
||||
|
||||
@ -1,3 +1,3 @@
|
||||
# Locally calculated
|
||||
sha256 fa3a9e998627418d648495d06d168c4d26ed07859c9370d5fddbfd29c26d8592 docker-engine-18.09.9.tar.gz
|
||||
sha256 bc5d1ac503e44593be8003ed0ad9c75bf0da535db19837a9338429c438bd4637 docker-engine-19.03.5.tar.gz
|
||||
sha256 2d81ea060825006fc8f3fe28aa5dc0ffeb80faf325b612c955229157b8c10dc0 LICENSE
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
#
|
||||
################################################################################
|
||||
|
||||
DOCKER_ENGINE_VERSION = 18.09.9
|
||||
DOCKER_ENGINE_VERSION = 19.03.5
|
||||
DOCKER_ENGINE_SITE = $(call github,docker,engine,v$(DOCKER_ENGINE_VERSION))
|
||||
|
||||
DOCKER_ENGINE_LICENSE = Apache-2.0
|
||||
|
||||
Loading…
Reference in New Issue
Block a user