From 97af8b7fe5b17259721f1051b50ec72110a7c7a8 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Feb 12 2019 16:52:55 +0000 Subject: docker-2:1.13.1-65.git1185cfd - Resolves: #1664908, #1674491 - Security fix for CVE-2019-5736 - use setup instead of autosetup to add runc cve patch Signed-off-by: Lokesh Mandvekar --- diff --git a/docker.spec b/docker.spec index f0d8ac9..89802df 100644 --- a/docker.spec +++ b/docker.spec @@ -93,7 +93,7 @@ Name: %{repo} Epoch: 2 %endif Version: 1.13.1 -Release: 63.git%{shortcommit_docker}%{?dist} +Release: 65.git%{shortcommit_docker}%{?dist} Summary: Automates deployment of containerized applications License: ASL 2.0 URL: https://%{provider}.%{provider_tld}/projectatomic/%{repo} @@ -127,6 +127,7 @@ Source20: %{repo}.service.centos Source21: %{repo}-containerd.service.centos Source22: %{git_libnetwork}/archive/%{commit_libnetwork}/libnetwork-%{shortcommit_libnetwork}.tar.gz Source23: %{git_tini}/archive/%{commit_tini}/tini-%{shortcommit_tini}.tar.gz +Patch0: 0001-nsenter-clone-proc-self-exe-to-avoid-exposing-host-b.patch %if 0%{?with_debug} # Build with debug @@ -134,10 +135,8 @@ Source23: %{git_tini}/archive/%{commit_tini}/tini-%{shortcommit_tini}.tar.gz %endif BuildRequires: sed -BuildRequires: git BuildRequires: cmake BuildRequires: glibc-static -BuildRequires: git BuildRequires: gpgme-devel BuildRequires: libassuan-devel BuildRequires: %{?go_compiler:compiler(go-compiler)}%{!?go_compiler:golang >= 1.6.2} @@ -508,7 +507,7 @@ This plugin can be used to create lvm volumes of specified size, which can then be bind mounted into the container using `docker run` command. %prep -%autosetup -Sgit -n %{repo}-%{commit_docker} +%setup -q -n %{repo}-%{commit_docker} # here keep the new line above otherwise autosetup fails when applying patch cp %{SOURCE9} . @@ -526,6 +525,9 @@ tar zxf %{SOURCE11} # untar docker-runc tar zxf %{SOURCE12} +pushd runc-%{commit_runc} +%patch0 -p1 +popd # untar docker-containerd tar zxf %{SOURCE13} @@ -944,6 +946,10 @@ exit 0 %{_unitdir}/%{repo}-lvm-plugin.* %changelog +* Tue Feb 12 2019 Lokesh Mandvekar - 2:1.13.1-65.git1185cfd +- Resolves: #1664908, #1674491 - Security fix for CVE-2019-5736 +- use setup instead of autosetup to add runc cve patch + * Sat Jan 19 2019 Lokesh Mandvekar - 2:1.13.1-63.git1185cfd - Resolves: #1666565, #1666566 - CVE-2018-20699 - Resolves: #1663068, #1667622 - umount all procfs and sysfs with --no-pivot