* [PATCH v2] runc: address CVE-2019-5736
@ 2019-02-15 16:32 Stefan Agner
2019-02-15 20:13 ` Bruce Ashfield
0 siblings, 1 reply; 2+ messages in thread
From: Stefan Agner @ 2019-02-15 16:32 UTC (permalink / raw)
To: bruce.ashfield, meta-virtualization; +Cc: Stefan Agner
From: Stefan Agner <stefan.agner@toradex.com>
Use git hash which addresses CVE-2019-5736. Use the same git hash
used in top of Docker 18.09 branch.
Changes in runc since
6635b4f0 merge branch 'cve-2019-5736'
0a8e4117 nsenter: clone /proc/self/exe to avoid exposing host binary to container
dd023c45 merge branch 'pr-1972'
Fixes: CVE-2019-5736
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
---
recipes-containers/runc/runc-docker_git.bb | 2 +-
recipes-containers/runc/runc-opencontainers_git.bb | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/recipes-containers/runc/runc-docker_git.bb b/recipes-containers/runc/runc-docker_git.bb
index 41c82f7..4eb2d07 100644
--- a/recipes-containers/runc/runc-docker_git.bb
+++ b/recipes-containers/runc/runc-docker_git.bb
@@ -4,7 +4,7 @@ RRECOMMENDS_${PN} = "lxc docker"
# Note: this rev is before the required protocol field, update when all components
# have been updated to match.
-SRCREV_runc-docker = "4a600c04ed480084b2351b3e32c26cb4a2d5d533"
+SRCREV_runc-docker = "6635b4f0c6af3810594d2770f662f34ddc15b40d"
SRC_URI = "git://github.com/opencontainers/runc;nobranch=1;name=runc-docker \
file://0001-runc-Add-console-socket-dev-null.patch \
file://0001-build-drop-recvtty-and-use-GOBUILDFLAGS.patch \
diff --git a/recipes-containers/runc/runc-opencontainers_git.bb b/recipes-containers/runc/runc-opencontainers_git.bb
index 27c5f23..5f65940 100644
--- a/recipes-containers/runc/runc-opencontainers_git.bb
+++ b/recipes-containers/runc/runc-opencontainers_git.bb
@@ -1,6 +1,6 @@
include runc.inc
-SRCREV = "4a600c04ed480084b2351b3e32c26cb4a2d5d533"
+SRCREV = "6635b4f0c6af3810594d2770f662f34ddc15b40d"
SRC_URI = " \
git://github.com/opencontainers/runc;branch=master \
"
--
2.13.6
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH v2] runc: address CVE-2019-5736
2019-02-15 16:32 [PATCH v2] runc: address CVE-2019-5736 Stefan Agner
@ 2019-02-15 20:13 ` Bruce Ashfield
0 siblings, 0 replies; 2+ messages in thread
From: Bruce Ashfield @ 2019-02-15 20:13 UTC (permalink / raw)
To: Stefan Agner; +Cc: meta-virtualization, Stefan Agner
v2 is merged.
Bruce
On Fri, Feb 15, 2019 at 11:32 AM Stefan Agner <stefan@agner.ch> wrote:
>
> From: Stefan Agner <stefan.agner@toradex.com>
>
> Use git hash which addresses CVE-2019-5736. Use the same git hash
> used in top of Docker 18.09 branch.
>
> Changes in runc since
> 6635b4f0 merge branch 'cve-2019-5736'
> 0a8e4117 nsenter: clone /proc/self/exe to avoid exposing host binary to container
> dd023c45 merge branch 'pr-1972'
>
> Fixes: CVE-2019-5736
> Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
> ---
> recipes-containers/runc/runc-docker_git.bb | 2 +-
> recipes-containers/runc/runc-opencontainers_git.bb | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/recipes-containers/runc/runc-docker_git.bb b/recipes-containers/runc/runc-docker_git.bb
> index 41c82f7..4eb2d07 100644
> --- a/recipes-containers/runc/runc-docker_git.bb
> +++ b/recipes-containers/runc/runc-docker_git.bb
> @@ -4,7 +4,7 @@ RRECOMMENDS_${PN} = "lxc docker"
>
> # Note: this rev is before the required protocol field, update when all components
> # have been updated to match.
> -SRCREV_runc-docker = "4a600c04ed480084b2351b3e32c26cb4a2d5d533"
> +SRCREV_runc-docker = "6635b4f0c6af3810594d2770f662f34ddc15b40d"
> SRC_URI = "git://github.com/opencontainers/runc;nobranch=1;name=runc-docker \
> file://0001-runc-Add-console-socket-dev-null.patch \
> file://0001-build-drop-recvtty-and-use-GOBUILDFLAGS.patch \
> diff --git a/recipes-containers/runc/runc-opencontainers_git.bb b/recipes-containers/runc/runc-opencontainers_git.bb
> index 27c5f23..5f65940 100644
> --- a/recipes-containers/runc/runc-opencontainers_git.bb
> +++ b/recipes-containers/runc/runc-opencontainers_git.bb
> @@ -1,6 +1,6 @@
> include runc.inc
>
> -SRCREV = "4a600c04ed480084b2351b3e32c26cb4a2d5d533"
> +SRCREV = "6635b4f0c6af3810594d2770f662f34ddc15b40d"
> SRC_URI = " \
> git://github.com/opencontainers/runc;branch=master \
> "
> --
> 2.13.6
>
--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-02-15 20:13 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-02-15 16:32 [PATCH v2] runc: address CVE-2019-5736 Stefan Agner
2019-02-15 20:13 ` Bruce Ashfield
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.