Fix additional library CVEs in sdc-docker-base
Fix CVEs around the following packages:
binutils
jq
libtasn1
libpng
curl libcurl
Change-Id: Ib9b8419e3f35072a43bdc88a92255ee6f8968943
Issue-ID: SDC-1310
Signed-off-by: Gary Wu <gary.i.wu@huawei.com>
diff --git a/base_sdc-cqlsh/Dockerfile b/base_sdc-cqlsh/Dockerfile
index 59e84eb..3876ba9 100644
--- a/base_sdc-cqlsh/Dockerfile
+++ b/base_sdc-cqlsh/Dockerfile
@@ -4,4 +4,7 @@
pip install cqlsh==4.0.1 && \
set -ex && \
apk add --no-cache bash=4.4.19-r1 build-base=0.5-r0 ruby=2.4.4-r0 ruby-dev=2.4.4-r0 libffi-dev=3.2.1-r4 libxml2-dev=2.9.7-r0 && \
- gem install chef:13.8.5 berkshelf:6.3.1 io-console:0.4.6 --no-document
+ gem install chef:13.8.5 berkshelf:6.3.1 io-console:0.4.6 --no-document && \
+ echo "http://nl.alpinelinux.org/alpine/edge/main" >> /etc/apk/repositories && \
+ apk update && \
+ apk add binutils=2.30-r1 libtasn1=4.13-r0
diff --git a/base_sdc-elasticsearch/Dockerfile b/base_sdc-elasticsearch/Dockerfile
index 8cbfeb2..045cc4c 100644
--- a/base_sdc-elasticsearch/Dockerfile
+++ b/base_sdc-elasticsearch/Dockerfile
@@ -5,4 +5,7 @@
# Install Chef
RUN set -ex && \
apk add --no-cache curl vim bash=4.4.12-r2 build-base=0.5-r0 ruby=2.4.4-r0 ruby-dev=2.4.4-r0 libffi-dev=3.2.1-r4 libxml2-dev=2.9.7-r0 && \
- gem install chef:13.8.5 berkshelf:6.3.1 io-console:0.4.6 --no-document
+ gem install chef:13.8.5 berkshelf:6.3.1 io-console:0.4.6 --no-document && \
+ echo "http://nl.alpinelinux.org/alpine/edge/main" >> /etc/apk/repositories && \
+ apk update && \
+ apk add binutils=2.30-r1 curl=7.59.0-r1 libcurl=7.59.0-r1 libtasn1=4.13-r0
diff --git a/base_sdc-jetty/Dockerfile b/base_sdc-jetty/Dockerfile
index 84d9ee1..d7be282 100644
--- a/base_sdc-jetty/Dockerfile
+++ b/base_sdc-jetty/Dockerfile
@@ -21,7 +21,10 @@
chef:13.8.5 \
berkshelf:6.3.1 \
io-console:0.4.6 \
- --no-document
+ --no-document && \
+ echo "http://nl.alpinelinux.org/alpine/edge/main" >> /etc/apk/repositories && \
+ apk update && \
+ apk add binutils=2.30-r1 jq=1.6_rc1-r1 libtasn1=4.13-r0
# Replace Jetty user ID
COPY set_jetty_user.sh /tmp/set_jetty_user.sh
diff --git a/base_sdc-python/Dockerfile b/base_sdc-python/Dockerfile
index f572933..7f6a8c4 100644
--- a/base_sdc-python/Dockerfile
+++ b/base_sdc-python/Dockerfile
@@ -11,4 +11,7 @@
RUN pip install 'influxdb==5.0.0' 'pycurl== 7.43.0.1' 'requests==2.18.4' && \
set -ex && \
apk add --no-cache bash=4.3.42-r5 ruby=2.3.7-r0 ruby-dev=2.3.7-r0 libffi-dev=3.2.1-r2 libxml2-dev=2.9.5-r0 && \
- gem install chef:13.8.5 berkshelf:6.3.1 io-console:0.4.6 --no-document
+ gem install chef:13.8.5 berkshelf:6.3.1 io-console:0.4.6 --no-document && \
+ echo "http://nl.alpinelinux.org/alpine/edge/main" >> /etc/apk/repositories && \
+ apk update && \
+ apk add binutils=2.30-r1 jq=1.6_rc1-r1 libpng=1.6.34-r1
diff --git a/base_sdc-sanity/Dockerfile b/base_sdc-sanity/Dockerfile
index ce53b20..6eac58d 100644
--- a/base_sdc-sanity/Dockerfile
+++ b/base_sdc-sanity/Dockerfile
@@ -3,4 +3,7 @@
# Install Chef
RUN set -ex && \
apk add --no-cache curl vim bash=4.4.19-r1 build-base=0.5-r0 ruby=2.4.4-r0 ruby-dev=2.4.4-r0 libffi-dev=3.2.1-r4 libxml2-dev=2.9.7-r0 && \
- gem install chef:13.8.5 berkshelf:6.3.1 io-console:0.4.6 --no-document
+ gem install chef:13.8.5 berkshelf:6.3.1 io-console:0.4.6 --no-document && \
+ echo "http://nl.alpinelinux.org/alpine/edge/main" >> /etc/apk/repositories && \
+ apk update && \
+ apk add binutils=2.30-r1 curl=7.59.0-r1 libcurl=7.59.0-r1 libtasn1=4.13-r0