aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGravatar Christian Stewart <christian@paral.in>2019-12-02 20:50:02 -0800
committerGravatar Peter Korsgaard <peter@korsgaard.com>2020-01-10 21:04:26 +0100
commit434e873fde9b6c8c9195117c5ed24c6bafed187a (patch)
treeae4eeae38523386433d2d96a2970ce0a1fb48ac7
parent1e12bf308cc2d4e6f21c98a6e06e8257ee6be449 (diff)
downloadbuildroot-434e873fde9b6c8c9195117c5ed24c6bafed187a.tar.gz
buildroot-434e873fde9b6c8c9195117c5ed24c6bafed187a.tar.bz2
package/docker-engine: security bump to 19.03.5
Fixes the following security vulnerabilities: - CVE-2019-14271: In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container Signed-off-by: Christian Stewart <christian@paral.in> [Peter: mention security impact] Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 0161899ae56d2c886df890ae352665bb07c88869) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
-rw-r--r--package/docker-engine/0001-Fix-faulty-runc-version-commit-scrape.patch45
-rw-r--r--package/docker-engine/docker-engine.hash2
-rw-r--r--package/docker-engine/docker-engine.mk2
3 files changed, 2 insertions, 47 deletions
diff --git a/package/docker-engine/0001-Fix-faulty-runc-version-commit-scrape.patch b/package/docker-engine/0001-Fix-faulty-runc-version-commit-scrape.patch
deleted file mode 100644
index dc47a8f9ef..0000000000
--- a/package/docker-engine/0001-Fix-faulty-runc-version-commit-scrape.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From 324e7be4b252c13002bca6a9d82e7b2e43664634 Mon Sep 17 00:00:00 2001
-From: Christian Stewart <christian@paral.in>
-Date: Mon, 26 Nov 2018 22:59:32 -0800
-Subject: [PATCH] Fix faulty runc version commit scrape
-
-This commit replaces faulty logic to determine the runc version commit hash.
-
-The original logic takes the second line of the output of "runc --version" and
-does not work if there are a different number of lines printed from the command
-than expected. The buildroot version of runc outputs two lines instead of the
-expected three, causing the error:
-
-unknown output format: runc version commit: ...
-
-This patch replaces this logic with a simple scan of the "runc --version"
-output, searching for the "runc version commit" prefixed line.
-
-Signed-off-by: Christian Stewart <christian@paral.in>
----
- daemon/info_unix.go | 9 +++++----
- 1 file changed, 5 insertions(+), 4 deletions(-)
-
-diff --git a/daemon/info_unix.go b/daemon/info_unix.go
-index 60b2f99870..688a510796 100644
---- a/daemon/info_unix.go
-+++ b/daemon/info_unix.go
-@@ -32,10 +32,11 @@ func (daemon *Daemon) fillPlatformInfo(v *types.Info, sysInfo *sysinfo.SysInfo)
- defaultRuntimeBinary := daemon.configStore.GetRuntime(v.DefaultRuntime).Path
- if rv, err := exec.Command(defaultRuntimeBinary, "--version").Output(); err == nil {
- parts := strings.Split(strings.TrimSpace(string(rv)), "\n")
-- if len(parts) == 3 {
-- parts = strings.Split(parts[1], ": ")
-- if len(parts) == 2 {
-- v.RuncCommit.ID = strings.TrimSpace(parts[1])
-+ for _, pt := range parts {
-+ ptKv := strings.Split(pt, ":")
-+ if strings.HasSuffix(strings.TrimSpace(ptKv[0]), "commit") {
-+ v.RuncCommit.ID = strings.TrimSpace(ptKv[1])
-+ break
- }
- }
-
---
-2.18.1
-
diff --git a/package/docker-engine/docker-engine.hash b/package/docker-engine/docker-engine.hash
index b89310f993..59c9204285 100644
--- a/package/docker-engine/docker-engine.hash
+++ b/package/docker-engine/docker-engine.hash
@@ -1,3 +1,3 @@
# Locally calculated
-sha256 fa3a9e998627418d648495d06d168c4d26ed07859c9370d5fddbfd29c26d8592 docker-engine-18.09.9.tar.gz
+sha256 bc5d1ac503e44593be8003ed0ad9c75bf0da535db19837a9338429c438bd4637 docker-engine-19.03.5.tar.gz
sha256 2d81ea060825006fc8f3fe28aa5dc0ffeb80faf325b612c955229157b8c10dc0 LICENSE
diff --git a/package/docker-engine/docker-engine.mk b/package/docker-engine/docker-engine.mk
index 6a225ee5f0..24022f7107 100644
--- a/package/docker-engine/docker-engine.mk
+++ b/package/docker-engine/docker-engine.mk
@@ -4,7 +4,7 @@
#
################################################################################
-DOCKER_ENGINE_VERSION = 18.09.9
+DOCKER_ENGINE_VERSION = 19.03.5
DOCKER_ENGINE_SITE = $(call github,docker,engine,v$(DOCKER_ENGINE_VERSION))
DOCKER_ENGINE_LICENSE = Apache-2.0