From da75d2a91a1547326084d03e52e35f38f1442bd9 Mon Sep 17 00:00:00 2001 From: Stefan Agner Date: Fri, 15 Feb 2019 17:32:38 +0100 Subject: runc: address CVE-2019-5736 Use git hash which addresses CVE-2019-5736. Use the same git hash used in top of Docker 18.09 branch. Changes in runc since 6635b4f0 merge branch 'cve-2019-5736' 0a8e4117 nsenter: clone /proc/self/exe to avoid exposing host binary to container dd023c45 merge branch 'pr-1972' Fixes: CVE-2019-5736 Signed-off-by: Stefan Agner Signed-off-by: Bruce Ashfield --- recipes-containers/runc/runc-docker_git.bb | 2 +- recipes-containers/runc/runc-opencontainers_git.bb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'recipes-containers') diff --git a/recipes-containers/runc/runc-docker_git.bb b/recipes-containers/runc/runc-docker_git.bb index 41c82f7e..4eb2d078 100644 --- a/recipes-containers/runc/runc-docker_git.bb +++ b/recipes-containers/runc/runc-docker_git.bb @@ -4,7 +4,7 @@ RRECOMMENDS_${PN} = "lxc docker" # Note: this rev is before the required protocol field, update when all components # have been updated to match. -SRCREV_runc-docker = "4a600c04ed480084b2351b3e32c26cb4a2d5d533" +SRCREV_runc-docker = "6635b4f0c6af3810594d2770f662f34ddc15b40d" SRC_URI = "git://github.com/opencontainers/runc;nobranch=1;name=runc-docker \ file://0001-runc-Add-console-socket-dev-null.patch \ file://0001-build-drop-recvtty-and-use-GOBUILDFLAGS.patch \ diff --git a/recipes-containers/runc/runc-opencontainers_git.bb b/recipes-containers/runc/runc-opencontainers_git.bb index 27c5f23b..5f65940f 100644 --- a/recipes-containers/runc/runc-opencontainers_git.bb +++ b/recipes-containers/runc/runc-opencontainers_git.bb @@ -1,6 +1,6 @@ include runc.inc -SRCREV = "4a600c04ed480084b2351b3e32c26cb4a2d5d533" +SRCREV = "6635b4f0c6af3810594d2770f662f34ddc15b40d" SRC_URI = " \ git://github.com/opencontainers/runc;branch=master \ " -- cgit v1.2.3-54-g00ecf