guix-patches
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#34446] [PATCH 1/2] gnu: runc: Update to 1.0.0-rc6 [fixes CVE-2019-5

From: Danny Milosavljevic
Subject: [bug#34446] [PATCH 1/2] gnu: runc: Update to 1.0.0-rc6 [fixes CVE-2019-5736].
Date: Tue, 12 Feb 2019 01:45:01 +0100 
On Mon, 11 Feb 2019 19:27:35 -0500
Leo Famulari <address@hidden> wrote:

>  (define-public runc
>    (package
>      (name "runc")
> -    (version "1.0.0-rc5")
> +    (version "1.0.0-rc6")
>      (source (origin
>                (method url-fetch)
>                (uri (string-append
>                      "https://github.com/opencontainers/runc/releases/";
>                      "download/v" version "/runc.tar.xz"))
> +              (file-name (string-append name "-" version ".tar.xz"))
> +              (patches (search-patches "runc-CVE-2019-5736.patch"))
>                (sha256
>                 (base32
> -                "081avdzwnqpk368wbaihlzsypaxpj42d7699h7jgp0fks14x4103"))))
> +                "1c7832dq70slkjh8qp2civ1wxhhdd2hrx84pq7db1mmqc9fdr3cc"))))
>      (build-system go-build-system)
>      (arguments
>       '(#:import-path "github.com/opencontainers/runc"

Docker still contains some vendored dependencies, among those 
github.com/opencontainers/runc,
in directory "vendor", and so does containerd.  It might make sense to also 
remove them now.

Attachment: pgp7v_OwH6VAP.pgp
Description: OpenPGP digital signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]