package/docker-engine: security bump to 19.03.5

Fixes the following security vulnerabilities:

- CVE-2019-14271: In Docker 19.03.x before 19.03.1 linked against the GNU C
  Library (aka glibc), code injection can occur when the nsswitch facility
  dynamically loads a library inside a chroot that contains the contents of
  the container

Signed-off-by: Christian Stewart <christian@paral.in>
[Peter: mention security impact]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

diff --git a/package/docker-engine/0001-Fix-faulty-runc-version-commit-scrape.patch b/package/docker-engine/0001-Fix-faulty-runc-version-commit-scrape.patch
deleted file mode 100644 (file)
index dc47a8f..0000000
--- a/package/docker-engine/0001-Fix-faulty-runc-version-commit-scrape.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From 324e7be4b252c13002bca6a9d82e7b2e43664634 Mon Sep 17 00:00:00 2001
-From: Christian Stewart <christian@paral.in>
-Date: Mon, 26 Nov 2018 22:59:32 -0800
-Subject: [PATCH] Fix faulty runc version commit scrape
-
-This commit replaces faulty logic to determine the runc version commit hash.
-
-The original logic takes the second line of the output of "runc --version" and
-does not work if there are a different number of lines printed from the command
-than expected. The buildroot version of runc outputs two lines instead of the
-expected three, causing the error:
-
-unknown output format: runc version commit: ...
-
-This patch replaces this logic with a simple scan of the "runc --version"
-output, searching for the "runc version commit" prefixed line.
-
-Signed-off-by: Christian Stewart <christian@paral.in>
----
- daemon/info_unix.go | 9 +++++----
- 1 file changed, 5 insertions(+), 4 deletions(-)
-
-diff --git a/daemon/info_unix.go b/daemon/info_unix.go
-index 60b2f99870..688a510796 100644
---- a/daemon/info_unix.go
-+++ b/daemon/info_unix.go
-@@ -32,10 +32,11 @@ func (daemon *Daemon) fillPlatformInfo(v *types.Info, sysInfo *sysinfo.SysInfo)
-       defaultRuntimeBinary := daemon.configStore.GetRuntime(v.DefaultRuntime).Path
-       if rv, err := exec.Command(defaultRuntimeBinary, "--version").Output(); err == nil {
-               parts := strings.Split(strings.TrimSpace(string(rv)), "\n")
--              if len(parts) == 3 {
--                      parts = strings.Split(parts[1], ": ")
--                      if len(parts) == 2 {
--                              v.RuncCommit.ID = strings.TrimSpace(parts[1])
-+              for _, pt := range parts {
-+                      ptKv := strings.Split(pt, ":")
-+                      if strings.HasSuffix(strings.TrimSpace(ptKv[0]), "commit") {
-+                              v.RuncCommit.ID = strings.TrimSpace(ptKv[1])
-+                              break
-                       }
-               }
- 
--- 
-2.18.1
-

diff --git a/package/docker-engine/docker-engine.hash b/package/docker-engine/docker-engine.hash
index b89310f99354f1a06851a7fb0b6143a0b73ddeed..59c92042852691adb1b3017700ecdb172ac82946 100644 (file)
--- a/package/docker-engine/docker-engine.hash
+++ b/package/docker-engine/docker-engine.hash
@@ -1,3 +1,3 @@
 # Locally calculated
-sha256 fa3a9e998627418d648495d06d168c4d26ed07859c9370d5fddbfd29c26d8592  docker-engine-18.09.9.tar.gz
+sha256 bc5d1ac503e44593be8003ed0ad9c75bf0da535db19837a9338429c438bd4637  docker-engine-19.03.5.tar.gz
 sha256 2d81ea060825006fc8f3fe28aa5dc0ffeb80faf325b612c955229157b8c10dc0  LICENSE

diff --git a/package/docker-engine/docker-engine.mk b/package/docker-engine/docker-engine.mk
index c6a0442570b1b2bd41c62419c567fa1eb87cc969..eb3a7fd29f45d5e529b6813284d1027e29072e3f 100644 (file)
--- a/package/docker-engine/docker-engine.mk
+++ b/package/docker-engine/docker-engine.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-DOCKER_ENGINE_VERSION = 18.09.9
+DOCKER_ENGINE_VERSION = 19.03.5
 DOCKER_ENGINE_SITE = $(call github,docker,engine,v$(DOCKER_ENGINE_VERSION))
 
 DOCKER_ENGINE_LICENSE = Apache-2.0