From patchwork Wed Feb 10 23:52:02 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christian Stewart X-Patchwork-Id: 1439273 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net (client-ip=140.211.166.138; helo=whitealder.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4Dbc4f1q6tz9s1l for ; Thu, 11 Feb 2021 10:52:18 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 096B687222; Wed, 10 Feb 2021 23:52:14 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SR8JWgms782N; Wed, 10 Feb 2021 23:52:10 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by whitealder.osuosl.org (Postfix) with ESMTP id B9F8A87221; Wed, 10 Feb 2021 23:52:10 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by ash.osuosl.org (Postfix) with ESMTP id 07DF61BF37B for ; Wed, 10 Feb 2021 23:52:09 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 04D6687514 for ; Wed, 10 Feb 2021 23:52:09 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p-0hRBjsrOlS for ; Wed, 10 Feb 2021 23:52:08 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail-pf1-f174.google.com (mail-pf1-f174.google.com [209.85.210.174]) by hemlock.osuosl.org (Postfix) with ESMTPS id 7B5E287462 for ; Wed, 10 Feb 2021 23:52:08 +0000 (UTC) Received: by mail-pf1-f174.google.com with SMTP id 18so2410062pfz.3 for ; Wed, 10 Feb 2021 15:52:08 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=6LBos3MwaoycMW4e3hPM8A6f4p9jPdsn2///oY3D9GQ=; b=tung5KVEK8tTmpOG3hmWybxWI8/DGvUzP3OSndcpXwLZuylvE88TlKDRchpl5a1xg5 mVm7oWbuDTcuWTSjoFO7Ak7JeIz9wN6kYkghZTBHz8xAB2k6l045dwfhgImu5jQ+8tMF uoTyRk83szTdWvYBUSkhY4ZT8OZ6UWBA7jm1sbb9ULa2REH3nykEJSTeVWO0r9InIpxk 2w4rib7x/OCpTPUqRwu5AKdrsrTf2z2jIxDFPB7evaNyc7WKmwWeZen4RifvjnrYlk+r zDi4Xd1hGa0PTZxu0wPfnNyI/YRIJEseipHAxKFE3KOA5owcYxQ5YIq9FLnpiSQRRHKB 5OSw== X-Gm-Message-State: AOAM531UKjy5NyPVJVW1SWde9WqFrewX6nag+iJbArcP/kcVNfbg949I 4ubH9o45ewcZX7z0XIszg3crbEE/wYoSnw== X-Google-Smtp-Source: ABdhPJyDM4JoyD1ddgCsAKzgbY6uusSnL+fEUTE+jA1odYyQpWnZOBS969Pq3ANaxSpGgUlz2E6FUA== X-Received: by 2002:a63:fe13:: with SMTP id p19mr5442386pgh.119.1613001127867; Wed, 10 Feb 2021 15:52:07 -0800 (PST) Received: from localhost.localdomain (ip70-191-80-27.sb.sd.cox.net. [70.191.80.27]) by smtp.gmail.com with ESMTPSA id q196sm3536754pfc.162.2021.02.10.15.52.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 10 Feb 2021 15:52:07 -0800 (PST) From: Christian Stewart To: buildroot@buildroot.org Date: Wed, 10 Feb 2021 15:52:02 -0800 Message-Id: <20210210235203.2819535-2-christian@paral.in> X-Mailer: git-send-email 2.30.0 In-Reply-To: <20210210235203.2819535-1-christian@paral.in> References: <20210210235203.2819535-1-christian@paral.in> MIME-Version: 1.0 Subject: [Buildroot] [PATCH v1 2/3] package/docker-engine: security bump to version 20.10.3 X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Michael Baudino , Christian Stewart , Anisse Astier , Thomas Petazzoni Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" Security fixes: - CVE-2021-21285 Prevent an invalid image from crashing docker daemon - CVE-2021-21284 Lock down file permissions to prevent remapped root from accessing docker state - Ensure AppArmor and SELinux profiles are applied when building with BuildKit Signed-off-by: Christian Stewart --- package/docker-engine/docker-engine.hash | 2 +- package/docker-engine/docker-engine.mk | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/package/docker-engine/docker-engine.hash b/package/docker-engine/docker-engine.hash index 2519ddaecd..69ebd113ea 100644 --- a/package/docker-engine/docker-engine.hash +++ b/package/docker-engine/docker-engine.hash @@ -1,3 +1,3 @@ # Locally calculated -sha256 f0fda46a82bf8f624eb349370358891d3bc65ef3e320675226f17dba8f62566d docker-engine-20.10.1.tar.gz +sha256 62bb03f197b8a064da568e62639f6834f91c8cfc9273126a978847becc214c31 docker-engine-20.10.3.tar.gz sha256 7c87873291f289713ac5df48b1f2010eb6963752bbd6b530416ab99fc37914a8 LICENSE diff --git a/package/docker-engine/docker-engine.mk b/package/docker-engine/docker-engine.mk index 058960119a..bbc97af8b5 100644 --- a/package/docker-engine/docker-engine.mk +++ b/package/docker-engine/docker-engine.mk @@ -4,7 +4,7 @@ # ################################################################################ -DOCKER_ENGINE_VERSION = 20.10.1 +DOCKER_ENGINE_VERSION = 20.10.3 DOCKER_ENGINE_SITE = $(call github,moby,moby,v$(DOCKER_ENGINE_VERSION)) DOCKER_ENGINE_LICENSE = Apache-2.0