All of lore.kernel.org
 help / color / mirror / Atom feed
* [Buildroot] [PATCH 1/2] package/docker-cli: security bump to version 20.10.9
@ 2021-10-15 12:59 Peter Korsgaard
  2021-10-15 12:59 ` [Buildroot] [PATCH 2/2] package/docker-engine: " Peter Korsgaard
                   ` (2 more replies)
  0 siblings, 3 replies; 7+ messages in thread
From: Peter Korsgaard @ 2021-10-15 12:59 UTC (permalink / raw)
  To: buildroot

Fixes the following security issue:

- CVE-2021-41092: Ensure default auth config has address field set, to
  prevent credentials being sent to the default registry.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
 package/docker-cli/docker-cli.hash | 2 +-
 package/docker-cli/docker-cli.mk   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/package/docker-cli/docker-cli.hash b/package/docker-cli/docker-cli.hash
index 9021362c98..6eb9413a11 100644
--- a/package/docker-cli/docker-cli.hash
+++ b/package/docker-cli/docker-cli.hash
@@ -1,3 +1,3 @@
 # Locally calculated
-sha256  cde34bbefd70fa27b44dfa904c40db84b89abf237e5267dcd08603b459a89253  docker-cli-20.10.8.tar.gz
+sha256  d91010813824070dd2380013c8f343e61e6dda170f7853f024bda39b432b64ba  docker-cli-20.10.9.tar.gz
 sha256  2d81ea060825006fc8f3fe28aa5dc0ffeb80faf325b612c955229157b8c10dc0  LICENSE
diff --git a/package/docker-cli/docker-cli.mk b/package/docker-cli/docker-cli.mk
index 10776a4e1e..3a344bca36 100644
--- a/package/docker-cli/docker-cli.mk
+++ b/package/docker-cli/docker-cli.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-DOCKER_CLI_VERSION = 20.10.8
+DOCKER_CLI_VERSION = 20.10.9
 DOCKER_CLI_SITE = $(call github,docker,cli,v$(DOCKER_CLI_VERSION))
 
 DOCKER_CLI_LICENSE = Apache-2.0
-- 
2.20.1

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply related	[flat|nested] 7+ messages in thread

* [Buildroot] [PATCH 2/2] package/docker-engine: security bump to version 20.10.9
  2021-10-15 12:59 [Buildroot] [PATCH 1/2] package/docker-cli: security bump to version 20.10.9 Peter Korsgaard
@ 2021-10-15 12:59 ` Peter Korsgaard
  2021-10-18  4:29   ` Christian Stewart via buildroot
  2021-10-25 11:43   ` Peter Korsgaard
  2021-10-18  4:28 ` [Buildroot] [PATCH 1/2] package/docker-cli: " Christian Stewart via buildroot
  2021-10-18 19:55 ` Thomas Petazzoni
  2 siblings, 2 replies; 7+ messages in thread
From: Peter Korsgaard @ 2021-10-15 12:59 UTC (permalink / raw)
  To: buildroot

Fixes the following security issues:

- CVE-2021-41089:  Create parent directories inside a chroot during docker
  cp to prevent a specially crafted container from changing permissions of
  existing files in the host’s filesystem.

- CVE-2021-41091: Lock down file permissions to prevent unprivileged users
  from discovering and executing programs in /var/lib/docker.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
 package/docker-engine/docker-engine.hash | 2 +-
 package/docker-engine/docker-engine.mk   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/package/docker-engine/docker-engine.hash b/package/docker-engine/docker-engine.hash
index 07acb87864..5e15842859 100644
--- a/package/docker-engine/docker-engine.hash
+++ b/package/docker-engine/docker-engine.hash
@@ -1,3 +1,3 @@
 # Locally calculated
-sha256  2505d00032f5d40ead5ac779c2840303dcead04713c93ba974be4c19b3ab8d0a  docker-engine-20.10.8.tar.gz
+sha256  359e8854d0d51bc884d434f182f64ca62f25fbbe7b9c6a336eb09f212fe8cc9a  docker-engine-20.10.9.tar.gz
 sha256  7c87873291f289713ac5df48b1f2010eb6963752bbd6b530416ab99fc37914a8  LICENSE
diff --git a/package/docker-engine/docker-engine.mk b/package/docker-engine/docker-engine.mk
index 7d338a5c0c..84366d9334 100644
--- a/package/docker-engine/docker-engine.mk
+++ b/package/docker-engine/docker-engine.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-DOCKER_ENGINE_VERSION = 20.10.8
+DOCKER_ENGINE_VERSION = 20.10.9
 DOCKER_ENGINE_SITE = $(call github,moby,moby,v$(DOCKER_ENGINE_VERSION))
 
 DOCKER_ENGINE_LICENSE = Apache-2.0
-- 
2.20.1

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply related	[flat|nested] 7+ messages in thread

* Re: [Buildroot] [PATCH 1/2] package/docker-cli: security bump to version 20.10.9
  2021-10-15 12:59 [Buildroot] [PATCH 1/2] package/docker-cli: security bump to version 20.10.9 Peter Korsgaard
  2021-10-15 12:59 ` [Buildroot] [PATCH 2/2] package/docker-engine: " Peter Korsgaard
@ 2021-10-18  4:28 ` Christian Stewart via buildroot
  2021-10-25 11:43   ` Peter Korsgaard
  2021-10-18 19:55 ` Thomas Petazzoni
  2 siblings, 1 reply; 7+ messages in thread
From: Christian Stewart via buildroot @ 2021-10-18  4:28 UTC (permalink / raw)
  To: Peter Korsgaard; +Cc: Christian Stewart, Buildroot Mailing List

Reviewed-by: Christian Stewart <christian@paral.in>

On Fri, Oct 15, 2021 at 5:59 AM Peter Korsgaard <peter@korsgaard.com> wrote:
>
> Fixes the following security issue:
>
> - CVE-2021-41092: Ensure default auth config has address field set, to
>   prevent credentials being sent to the default registry.
>
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

Thanks,
Christian

> +++ b/package/docker-cli/docker-cli.hash
> @@ -1,3 +1,3 @@
>  # Locally calculated
> -sha256  cde34bbefd70fa27b44dfa904c40db84b89abf237e5267dcd08603b459a89253  docker-cli-20.10.8.tar.gz
> +sha256  d91010813824070dd2380013c8f343e61e6dda170f7853f024bda39b432b64ba  docker-cli-20.10.9.tar.gz
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [Buildroot] [PATCH 2/2] package/docker-engine: security bump to version 20.10.9
  2021-10-15 12:59 ` [Buildroot] [PATCH 2/2] package/docker-engine: " Peter Korsgaard
@ 2021-10-18  4:29   ` Christian Stewart via buildroot
  2021-10-25 11:43   ` Peter Korsgaard
  1 sibling, 0 replies; 7+ messages in thread
From: Christian Stewart via buildroot @ 2021-10-18  4:29 UTC (permalink / raw)
  To: Peter Korsgaard; +Cc: Christian Stewart, Buildroot Mailing List

Reviewed-by: Christian Stewart <christian@paral.in>

On Fri, Oct 15, 2021 at 5:59 AM Peter Korsgaard <peter@korsgaard.com> wrote:
>
> Fixes the following security issues:
>
> - CVE-2021-41089:  Create parent directories inside a chroot during docker
>   cp to prevent a specially crafted container from changing permissions of
>   existing files in the host’s filesystem.
>
> - CVE-2021-41091: Lock down file permissions to prevent unprivileged users
>   from discovering and executing programs in /var/lib/docker.
>
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
> ---
>  package/docker-engine/docker-engine.hash | 2 +-
>  package/docker-engine/docker-engine.mk   | 2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/package/docker-engine/docker-engine.hash b/package/docker-engine/docker-engine.hash
> index 07acb87864..5e15842859 100644
> --- a/package/docker-engine/docker-engine.hash
> +++ b/package/docker-engine/docker-engine.hash
> @@ -1,3 +1,3 @@
>  # Locally calculated
> -sha256  2505d00032f5d40ead5ac779c2840303dcead04713c93ba974be4c19b3ab8d0a  docker-engine-20.10.8.tar.gz
> +sha256  359e8854d0d51bc884d434f182f64ca62f25fbbe7b9c6a336eb09f212fe8cc9a  docker-engine-20.10.9.tar.gz
>  sha256  7c87873291f289713ac5df48b1f2010eb6963752bbd6b530416ab99fc37914a8  LICENSE

Thanks,
Christian
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [Buildroot] [PATCH 1/2] package/docker-cli: security bump to version 20.10.9
  2021-10-15 12:59 [Buildroot] [PATCH 1/2] package/docker-cli: security bump to version 20.10.9 Peter Korsgaard
  2021-10-15 12:59 ` [Buildroot] [PATCH 2/2] package/docker-engine: " Peter Korsgaard
  2021-10-18  4:28 ` [Buildroot] [PATCH 1/2] package/docker-cli: " Christian Stewart via buildroot
@ 2021-10-18 19:55 ` Thomas Petazzoni
  2 siblings, 0 replies; 7+ messages in thread
From: Thomas Petazzoni @ 2021-10-18 19:55 UTC (permalink / raw)
  To: Peter Korsgaard; +Cc: buildroot

On Fri, 15 Oct 2021 14:59:42 +0200
Peter Korsgaard <peter@korsgaard.com> wrote:

> Fixes the following security issue:
> 
> - CVE-2021-41092: Ensure default auth config has address field set, to
>   prevent credentials being sent to the default registry.
> 
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
> ---
>  package/docker-cli/docker-cli.hash | 2 +-
>  package/docker-cli/docker-cli.mk   | 2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)

Both applied, thanks!

Thomas
-- 
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [Buildroot] [PATCH 2/2] package/docker-engine: security bump to version 20.10.9
  2021-10-15 12:59 ` [Buildroot] [PATCH 2/2] package/docker-engine: " Peter Korsgaard
  2021-10-18  4:29   ` Christian Stewart via buildroot
@ 2021-10-25 11:43   ` Peter Korsgaard
  1 sibling, 0 replies; 7+ messages in thread
From: Peter Korsgaard @ 2021-10-25 11:43 UTC (permalink / raw)
  To: buildroot

>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:

 > Fixes the following security issues:
 > - CVE-2021-41089:  Create parent directories inside a chroot during docker
 >   cp to prevent a specially crafted container from changing permissions of
 >   existing files in the host’s filesystem.

 > - CVE-2021-41091: Lock down file permissions to prevent unprivileged users
 >   from discovering and executing programs in /var/lib/docker.

 > Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

Committed to 2021.02.x and 2021.08.x, thanks.

-- 
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [Buildroot] [PATCH 1/2] package/docker-cli: security bump to version 20.10.9
  2021-10-18  4:28 ` [Buildroot] [PATCH 1/2] package/docker-cli: " Christian Stewart via buildroot
@ 2021-10-25 11:43   ` Peter Korsgaard
  0 siblings, 0 replies; 7+ messages in thread
From: Peter Korsgaard @ 2021-10-25 11:43 UTC (permalink / raw)
  To: Christian Stewart; +Cc: Buildroot Mailing List

>>>>> "Christian" == Christian Stewart <christian@paral.in> writes:


 > Reviewed-by: Christian Stewart <christian@paral.in>
 > On Fri, Oct 15, 2021 at 5:59 AM Peter Korsgaard <peter@korsgaard.com> wrote:
 >> 
 >> Fixes the following security issue:
 >> 
 >> - CVE-2021-41092: Ensure default auth config has address field set, to
 >> prevent credentials being sent to the default registry.
 >> 
 >> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

Committed to 2021.02.x and 2021.08.x, thanks.

-- 
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2021-10-25 11:43 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-10-15 12:59 [Buildroot] [PATCH 1/2] package/docker-cli: security bump to version 20.10.9 Peter Korsgaard
2021-10-15 12:59 ` [Buildroot] [PATCH 2/2] package/docker-engine: " Peter Korsgaard
2021-10-18  4:29   ` Christian Stewart via buildroot
2021-10-25 11:43   ` Peter Korsgaard
2021-10-18  4:28 ` [Buildroot] [PATCH 1/2] package/docker-cli: " Christian Stewart via buildroot
2021-10-25 11:43   ` Peter Korsgaard
2021-10-18 19:55 ` Thomas Petazzoni

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.