[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#34446] [PATCH 1/2] gnu: runc: Update to 1.0.0-rc6 [fixes CVE-2019-5
From: |
Danny Milosavljevic |
Subject: |
[bug#34446] [PATCH 1/2] gnu: runc: Update to 1.0.0-rc6 [fixes CVE-2019-5736]. |
Date: |
Tue, 12 Feb 2019 01:45:01 +0100 |
On Mon, 11 Feb 2019 19:27:35 -0500
Leo Famulari <address@hidden> wrote:
> (define-public runc
> (package
> (name "runc")
> - (version "1.0.0-rc5")
> + (version "1.0.0-rc6")
> (source (origin
> (method url-fetch)
> (uri (string-append
> "https://github.com/opencontainers/runc/releases/"
> "download/v" version "/runc.tar.xz"))
> + (file-name (string-append name "-" version ".tar.xz"))
> + (patches (search-patches "runc-CVE-2019-5736.patch"))
> (sha256
> (base32
> - "081avdzwnqpk368wbaihlzsypaxpj42d7699h7jgp0fks14x4103"))))
> + "1c7832dq70slkjh8qp2civ1wxhhdd2hrx84pq7db1mmqc9fdr3cc"))))
> (build-system go-build-system)
> (arguments
> '(#:import-path "github.com/opencontainers/runc"
Docker still contains some vendored dependencies, among those
github.com/opencontainers/runc,
in directory "vendor", and so does containerd. It might make sense to also
remove them now.
pgp7v_OwH6VAP.pgp
Description: OpenPGP digital signature