All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH v2] runc: address CVE-2019-5736
@ 2019-02-15 16:32 Stefan Agner
  2019-02-15 20:13 ` Bruce Ashfield
  0 siblings, 1 reply; 2+ messages in thread
From: Stefan Agner @ 2019-02-15 16:32 UTC (permalink / raw)
  To: bruce.ashfield, meta-virtualization; +Cc: Stefan Agner

From: Stefan Agner <stefan.agner@toradex.com>

Use git hash which addresses CVE-2019-5736. Use the same git hash
used in top of Docker 18.09 branch.

Changes in runc since
  6635b4f0 merge branch 'cve-2019-5736'
  0a8e4117 nsenter: clone /proc/self/exe to avoid exposing host binary to container
  dd023c45 merge branch 'pr-1972'

Fixes: CVE-2019-5736
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
---
 recipes-containers/runc/runc-docker_git.bb         | 2 +-
 recipes-containers/runc/runc-opencontainers_git.bb | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/recipes-containers/runc/runc-docker_git.bb b/recipes-containers/runc/runc-docker_git.bb
index 41c82f7..4eb2d07 100644
--- a/recipes-containers/runc/runc-docker_git.bb
+++ b/recipes-containers/runc/runc-docker_git.bb
@@ -4,7 +4,7 @@ RRECOMMENDS_${PN} = "lxc docker"
 
 # Note: this rev is before the required protocol field, update when all components
 #       have been updated to match.
-SRCREV_runc-docker = "4a600c04ed480084b2351b3e32c26cb4a2d5d533"
+SRCREV_runc-docker = "6635b4f0c6af3810594d2770f662f34ddc15b40d"
 SRC_URI = "git://github.com/opencontainers/runc;nobranch=1;name=runc-docker \
            file://0001-runc-Add-console-socket-dev-null.patch \
            file://0001-build-drop-recvtty-and-use-GOBUILDFLAGS.patch \
diff --git a/recipes-containers/runc/runc-opencontainers_git.bb b/recipes-containers/runc/runc-opencontainers_git.bb
index 27c5f23..5f65940 100644
--- a/recipes-containers/runc/runc-opencontainers_git.bb
+++ b/recipes-containers/runc/runc-opencontainers_git.bb
@@ -1,6 +1,6 @@
 include runc.inc
 
-SRCREV = "4a600c04ed480084b2351b3e32c26cb4a2d5d533"
+SRCREV = "6635b4f0c6af3810594d2770f662f34ddc15b40d"
 SRC_URI = " \
     git://github.com/opencontainers/runc;branch=master \
     "
-- 
2.13.6



^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [PATCH v2] runc: address CVE-2019-5736
  2019-02-15 16:32 [PATCH v2] runc: address CVE-2019-5736 Stefan Agner
@ 2019-02-15 20:13 ` Bruce Ashfield
  0 siblings, 0 replies; 2+ messages in thread
From: Bruce Ashfield @ 2019-02-15 20:13 UTC (permalink / raw)
  To: Stefan Agner; +Cc: meta-virtualization, Stefan Agner

v2 is merged.

Bruce

On Fri, Feb 15, 2019 at 11:32 AM Stefan Agner <stefan@agner.ch> wrote:
>
> From: Stefan Agner <stefan.agner@toradex.com>
>
> Use git hash which addresses CVE-2019-5736. Use the same git hash
> used in top of Docker 18.09 branch.
>
> Changes in runc since
>   6635b4f0 merge branch 'cve-2019-5736'
>   0a8e4117 nsenter: clone /proc/self/exe to avoid exposing host binary to container
>   dd023c45 merge branch 'pr-1972'
>
> Fixes: CVE-2019-5736
> Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
> ---
>  recipes-containers/runc/runc-docker_git.bb         | 2 +-
>  recipes-containers/runc/runc-opencontainers_git.bb | 2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/recipes-containers/runc/runc-docker_git.bb b/recipes-containers/runc/runc-docker_git.bb
> index 41c82f7..4eb2d07 100644
> --- a/recipes-containers/runc/runc-docker_git.bb
> +++ b/recipes-containers/runc/runc-docker_git.bb
> @@ -4,7 +4,7 @@ RRECOMMENDS_${PN} = "lxc docker"
>
>  # Note: this rev is before the required protocol field, update when all components
>  #       have been updated to match.
> -SRCREV_runc-docker = "4a600c04ed480084b2351b3e32c26cb4a2d5d533"
> +SRCREV_runc-docker = "6635b4f0c6af3810594d2770f662f34ddc15b40d"
>  SRC_URI = "git://github.com/opencontainers/runc;nobranch=1;name=runc-docker \
>             file://0001-runc-Add-console-socket-dev-null.patch \
>             file://0001-build-drop-recvtty-and-use-GOBUILDFLAGS.patch \
> diff --git a/recipes-containers/runc/runc-opencontainers_git.bb b/recipes-containers/runc/runc-opencontainers_git.bb
> index 27c5f23..5f65940 100644
> --- a/recipes-containers/runc/runc-opencontainers_git.bb
> +++ b/recipes-containers/runc/runc-opencontainers_git.bb
> @@ -1,6 +1,6 @@
>  include runc.inc
>
> -SRCREV = "4a600c04ed480084b2351b3e32c26cb4a2d5d533"
> +SRCREV = "6635b4f0c6af3810594d2770f662f34ddc15b40d"
>  SRC_URI = " \
>      git://github.com/opencontainers/runc;branch=master \
>      "
> --
> 2.13.6
>


-- 
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II


^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-02-15 20:13 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-02-15 16:32 [PATCH v2] runc: address CVE-2019-5736 Stefan Agner
2019-02-15 20:13 ` Bruce Ashfield

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.