[Buildroot] [PATCH 1/3] package/docker-engine: security bump to version 18.09.7

All of lore.kernel.org
 help / color / mirror / Atom feed

* [Buildroot] [PATCH 1/3] package/docker-engine: security bump to version 18.09.7
@ 2019-09-20  6:09 Peter Korsgaard
  2019-09-20  6:09 ` [Buildroot] [PATCH 2/3] package/docker-cli: bump version to 18.09.7 Peter Korsgaard
                   ` (3 more replies)
  0 siblings, 4 replies; 8+ messages in thread
From: Peter Korsgaard @ 2019-09-20  6:09 UTC (permalink / raw)
  To: buildroot

Fixes the following security vulnerability:

CVE-2019-13509: Docker Engine in debug mode may sometimes add secrets to the
debug log.  This applies to a scenario where docker stack deploy is run to
redeploy a stack that includes (non external) secrets.  It potentially
applies to other API users of the stack API if they resend the secret.

And a number of other non-security issues.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
 package/docker-engine/docker-engine.hash | 2 +-
 package/docker-engine/docker-engine.mk   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/package/docker-engine/docker-engine.hash b/package/docker-engine/docker-engine.hash
index 4ef6905b5d..b89310f993 100644
--- a/package/docker-engine/docker-engine.hash
+++ b/package/docker-engine/docker-engine.hash
@@ -1,3 +1,3 @@
 # Locally calculated
-sha256	b4f55831f5e7c5a92cd91f77aad1541ccd572eb18df2f44a01c372bceb3f9b6b  docker-engine-18.09.7.tar.gz
+sha256	fa3a9e998627418d648495d06d168c4d26ed07859c9370d5fddbfd29c26d8592  docker-engine-18.09.9.tar.gz
 sha256	2d81ea060825006fc8f3fe28aa5dc0ffeb80faf325b612c955229157b8c10dc0  LICENSE
diff --git a/package/docker-engine/docker-engine.mk b/package/docker-engine/docker-engine.mk
index 99e3088f65..6a225ee5f0 100644
--- a/package/docker-engine/docker-engine.mk
+++ b/package/docker-engine/docker-engine.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-DOCKER_ENGINE_VERSION = 18.09.7
+DOCKER_ENGINE_VERSION = 18.09.9
 DOCKER_ENGINE_SITE = $(call github,docker,engine,v$(DOCKER_ENGINE_VERSION))
 
 DOCKER_ENGINE_LICENSE = Apache-2.0
-- 
2.20.1

^ permalink raw reply related	[flat|nested] 8+ messages in thread

* [Buildroot] [PATCH 2/3] package/docker-cli: bump version to 18.09.7
  2019-09-20  6:09 [Buildroot] [PATCH 1/3] package/docker-engine: security bump to version 18.09.7 Peter Korsgaard
@ 2019-09-20  6:09 ` Peter Korsgaard
  2019-09-30 13:47   ` Peter Korsgaard
  2019-09-20  6:09 ` [Buildroot] [PATCH 3/3] package/docker-proxy: bump version to 55685ba49593 Peter Korsgaard
                   ` (2 subsequent siblings)
  3 siblings, 1 reply; 8+ messages in thread
From: Peter Korsgaard @ 2019-09-20  6:09 UTC (permalink / raw)
  To: buildroot

Includes a number of post-18.09.7 bugfixes and to keep in sync with the
docker-engine version.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
 package/docker-cli/docker-cli.hash | 2 +-
 package/docker-cli/docker-cli.mk   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/package/docker-cli/docker-cli.hash b/package/docker-cli/docker-cli.hash
index 27bf3322c4..061e611735 100644
--- a/package/docker-cli/docker-cli.hash
+++ b/package/docker-cli/docker-cli.hash
@@ -1,3 +1,3 @@
 # Locally calculated
-sha256  62e25a0935bee75f999fb95b224ad982054fc1adc4351ce98d704ec00114ce57  docker-cli-18.09.7.tar.gz
+sha256  cef3f9e8615cde906619f7ab021655a8b974d1b497ce0e5787b1afccbeabb08d  docker-cli-18.09.9.tar.gz
 sha256	2d81ea060825006fc8f3fe28aa5dc0ffeb80faf325b612c955229157b8c10dc0  LICENSE
diff --git a/package/docker-cli/docker-cli.mk b/package/docker-cli/docker-cli.mk
index 0cff46abbd..201d782e1d 100644
--- a/package/docker-cli/docker-cli.mk
+++ b/package/docker-cli/docker-cli.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-DOCKER_CLI_VERSION = 18.09.7
+DOCKER_CLI_VERSION = 18.09.9
 DOCKER_CLI_SITE = $(call github,docker,cli,v$(DOCKER_CLI_VERSION))
 DOCKER_CLI_WORKSPACE = gopath
 
-- 
2.20.1

^ permalink raw reply related	[flat|nested] 8+ messages in thread

* [Buildroot] [PATCH 3/3] package/docker-proxy: bump version to 55685ba49593
  2019-09-20  6:09 [Buildroot] [PATCH 1/3] package/docker-engine: security bump to version 18.09.7 Peter Korsgaard
  2019-09-20  6:09 ` [Buildroot] [PATCH 2/3] package/docker-cli: bump version to 18.09.7 Peter Korsgaard
@ 2019-09-20  6:09 ` Peter Korsgaard
  2019-09-30 13:47   ` Peter Korsgaard
  2019-09-21 13:47 ` [Buildroot] [PATCH 1/3] package/docker-engine: security bump to version 18.09.7 Arnout Vandecappelle
  2019-09-30 13:47 ` Peter Korsgaard
  3 siblings, 1 reply; 8+ messages in thread
From: Peter Korsgaard @ 2019-09-20  6:09 UTC (permalink / raw)
  To: buildroot

Which is the version used by docker 18.09.9:

https://github.com/docker/engine/commit/0a3767c7e9803f0a595a07b0548e99d60e861062

Also add a hash for the license file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
 package/docker-proxy/docker-proxy.hash | 3 ++-
 package/docker-proxy/docker-proxy.mk   | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/package/docker-proxy/docker-proxy.hash b/package/docker-proxy/docker-proxy.hash
index 3ec184f54f..58de697929 100644
--- a/package/docker-proxy/docker-proxy.hash
+++ b/package/docker-proxy/docker-proxy.hash
@@ -1,2 +1,3 @@
 # Locally calculated
-sha256	2eee331b6ded567a36e7db708405b34032b93938682cf049025f48b96d755bf6	docker-proxy-7b2b1feb1de4817d522cc372af149ff48d25028e.tar.gz
+sha256	866c8d196b9396a383b437b0d775476459ed7c11f527c4f6bbf1fd08524b461d	docker-proxy-55685ba49593e67f5e1c8180539379b16736c25e.tar.gz
+sha256  cb5e8e7e5f4a3988e1063c142c60dc2df75605f4c46515e776e3aca6df976e14	LICENSE
diff --git a/package/docker-proxy/docker-proxy.mk b/package/docker-proxy/docker-proxy.mk
index dfa9d4347d..8843266c30 100644
--- a/package/docker-proxy/docker-proxy.mk
+++ b/package/docker-proxy/docker-proxy.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-DOCKER_PROXY_VERSION = 7b2b1feb1de4817d522cc372af149ff48d25028e
+DOCKER_PROXY_VERSION = 55685ba49593e67f5e1c8180539379b16736c25e
 DOCKER_PROXY_SITE = $(call github,docker,libnetwork,$(DOCKER_PROXY_VERSION))
 
 DOCKER_PROXY_LICENSE = Apache-2.0
-- 
2.20.1

^ permalink raw reply related	[flat|nested] 8+ messages in thread

* [Buildroot] [PATCH 1/3] package/docker-engine: security bump to version 18.09.7
  2019-09-20  6:09 [Buildroot] [PATCH 1/3] package/docker-engine: security bump to version 18.09.7 Peter Korsgaard
  2019-09-20  6:09 ` [Buildroot] [PATCH 2/3] package/docker-cli: bump version to 18.09.7 Peter Korsgaard
  2019-09-20  6:09 ` [Buildroot] [PATCH 3/3] package/docker-proxy: bump version to 55685ba49593 Peter Korsgaard
@ 2019-09-21 13:47 ` Arnout Vandecappelle
  2019-09-21 16:49   ` Peter Korsgaard
  2019-09-30 13:47 ` Peter Korsgaard
  3 siblings, 1 reply; 8+ messages in thread
From: Arnout Vandecappelle @ 2019-09-21 13:47 UTC (permalink / raw)
  To: buildroot

 Typo in the subject line: you're bumping to 18.09.9, not .7.

 Fixed that and applied all three to master, thanks.

 Regards,
 Arnout

On 20/09/2019 08:09, Peter Korsgaard wrote:
> Fixes the following security vulnerability:
> 
> CVE-2019-13509: Docker Engine in debug mode may sometimes add secrets to the
> debug log.  This applies to a scenario where docker stack deploy is run to
> redeploy a stack that includes (non external) secrets.  It potentially
> applies to other API users of the stack API if they resend the secret.
> 
> And a number of other non-security issues.
> 
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
> ---
>  package/docker-engine/docker-engine.hash | 2 +-
>  package/docker-engine/docker-engine.mk   | 2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/package/docker-engine/docker-engine.hash b/package/docker-engine/docker-engine.hash
> index 4ef6905b5d..b89310f993 100644
> --- a/package/docker-engine/docker-engine.hash
> +++ b/package/docker-engine/docker-engine.hash
> @@ -1,3 +1,3 @@
>  # Locally calculated
> -sha256	b4f55831f5e7c5a92cd91f77aad1541ccd572eb18df2f44a01c372bceb3f9b6b  docker-engine-18.09.7.tar.gz
> +sha256	fa3a9e998627418d648495d06d168c4d26ed07859c9370d5fddbfd29c26d8592  docker-engine-18.09.9.tar.gz
>  sha256	2d81ea060825006fc8f3fe28aa5dc0ffeb80faf325b612c955229157b8c10dc0  LICENSE
> diff --git a/package/docker-engine/docker-engine.mk b/package/docker-engine/docker-engine.mk
> index 99e3088f65..6a225ee5f0 100644
> --- a/package/docker-engine/docker-engine.mk
> +++ b/package/docker-engine/docker-engine.mk
> @@ -4,7 +4,7 @@
>  #
>  ################################################################################
>  
> -DOCKER_ENGINE_VERSION = 18.09.7
> +DOCKER_ENGINE_VERSION = 18.09.9
>  DOCKER_ENGINE_SITE = $(call github,docker,engine,v$(DOCKER_ENGINE_VERSION))
>  
>  DOCKER_ENGINE_LICENSE = Apache-2.0
> 

^ permalink raw reply	[flat|nested] 8+ messages in thread

* [Buildroot] [PATCH 1/3] package/docker-engine: security bump to version 18.09.7
  2019-09-21 13:47 ` [Buildroot] [PATCH 1/3] package/docker-engine: security bump to version 18.09.7 Arnout Vandecappelle
@ 2019-09-21 16:49   ` Peter Korsgaard
  0 siblings, 0 replies; 8+ messages in thread
From: Peter Korsgaard @ 2019-09-21 16:49 UTC (permalink / raw)
  To: buildroot

>>>>> "Arnout" == Arnout Vandecappelle <arnout@mind.be> writes:

 >  Typo in the subject line: you're bumping to 18.09.9, not .7.

Ehh, indeed - Sorry about that ;)

 >  Fixed that and applied all three to master, thanks.

Thanks!

-- 
Bye, Peter Korsgaard

^ permalink raw reply	[flat|nested] 8+ messages in thread

* [Buildroot] [PATCH 1/3] package/docker-engine: security bump to version 18.09.7
  2019-09-20  6:09 [Buildroot] [PATCH 1/3] package/docker-engine: security bump to version 18.09.7 Peter Korsgaard
                   ` (2 preceding siblings ...)
  2019-09-21 13:47 ` [Buildroot] [PATCH 1/3] package/docker-engine: security bump to version 18.09.7 Arnout Vandecappelle
@ 2019-09-30 13:47 ` Peter Korsgaard
  3 siblings, 0 replies; 8+ messages in thread
From: Peter Korsgaard @ 2019-09-30 13:47 UTC (permalink / raw)
  To: buildroot

>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:

 > Fixes the following security vulnerability:
 > CVE-2019-13509: Docker Engine in debug mode may sometimes add secrets to the
 > debug log.  This applies to a scenario where docker stack deploy is run to
 > redeploy a stack that includes (non external) secrets.  It potentially
 > applies to other API users of the stack API if they resend the secret.

 > And a number of other non-security issues.

 > Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

Committed to 2019.02.x, 2019.05.x and 2019.08.x, thanks.

-- 
Bye, Peter Korsgaard

^ permalink raw reply	[flat|nested] 8+ messages in thread

* [Buildroot] [PATCH 2/3] package/docker-cli: bump version to 18.09.7
  2019-09-20  6:09 ` [Buildroot] [PATCH 2/3] package/docker-cli: bump version to 18.09.7 Peter Korsgaard
@ 2019-09-30 13:47   ` Peter Korsgaard
  0 siblings, 0 replies; 8+ messages in thread
From: Peter Korsgaard @ 2019-09-30 13:47 UTC (permalink / raw)
  To: buildroot

>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:

 > Includes a number of post-18.09.7 bugfixes and to keep in sync with the
 > docker-engine version.

 > Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

Committed to 2019.02.x, 2019.05.x and 2019.08.x, thanks.

-- 
Bye, Peter Korsgaard

^ permalink raw reply	[flat|nested] 8+ messages in thread

* [Buildroot] [PATCH 3/3] package/docker-proxy: bump version to 55685ba49593
  2019-09-20  6:09 ` [Buildroot] [PATCH 3/3] package/docker-proxy: bump version to 55685ba49593 Peter Korsgaard
@ 2019-09-30 13:47   ` Peter Korsgaard
  0 siblings, 0 replies; 8+ messages in thread
From: Peter Korsgaard @ 2019-09-30 13:47 UTC (permalink / raw)
  To: buildroot

>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:

 > Which is the version used by docker 18.09.9:
 > https://github.com/docker/engine/commit/0a3767c7e9803f0a595a07b0548e99d60e861062

 > Also add a hash for the license file.

 > Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

Committed to 2019.02.x, 2019.05.x and 2019.08.x, thanks.

-- 
Bye, Peter Korsgaard

^ permalink raw reply	[flat|nested] 8+ messages in thread

end of thread, other threads:[~2019-09-30 13:47 UTC | newest]

Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-09-20  6:09 [Buildroot] [PATCH 1/3] package/docker-engine: security bump to version 18.09.7 Peter Korsgaard
2019-09-20  6:09 ` [Buildroot] [PATCH 2/3] package/docker-cli: bump version to 18.09.7 Peter Korsgaard
2019-09-30 13:47   ` Peter Korsgaard
2019-09-20  6:09 ` [Buildroot] [PATCH 3/3] package/docker-proxy: bump version to 55685ba49593 Peter Korsgaard
2019-09-30 13:47   ` Peter Korsgaard
2019-09-21 13:47 ` [Buildroot] [PATCH 1/3] package/docker-engine: security bump to version 18.09.7 Arnout Vandecappelle
2019-09-21 16:49   ` Peter Korsgaard
2019-09-30 13:47 ` Peter Korsgaard

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.