From patchwork Tue Feb 12 00:27:35 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Leo Famulari X-Patchwork-Id: 1028 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 3203216B48; Tue, 12 Feb 2019 00:28:18 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,T_DKIM_INVALID, URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTP id 7C1A116B31 for ; Tue, 12 Feb 2019 00:28:17 +0000 (GMT) Received: from localhost ([127.0.0.1]:58699 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gtLvt-0005W0-1A for patchwork@mira.cbaines.net; Mon, 11 Feb 2019 19:28:17 -0500 Received: from eggs.gnu.org ([209.51.188.92]:38066) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gtLvh-0005SR-3y for guix-patches@gnu.org; Mon, 11 Feb 2019 19:28:07 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gtLve-0007u5-H3 for guix-patches@gnu.org; Mon, 11 Feb 2019 19:28:05 -0500 Received: from debbugs.gnu.org ([209.51.188.43]:44977) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1gtLve-0007tX-9F for guix-patches@gnu.org; Mon, 11 Feb 2019 19:28:02 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1gtLve-0002OH-3T for guix-patches@gnu.org; Mon, 11 Feb 2019 19:28:02 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#34446] [PATCH 1/2] gnu: runc: Update to 1.0.0-rc6 [fixes CVE-2019-5736]. References: <20190211233708.GA2509@jasmine.lan> In-Reply-To: <20190211233708.GA2509@jasmine.lan> Resent-From: Leo Famulari Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 12 Feb 2019 00:28:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 34446 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: To: 34446@debbugs.gnu.org Received: via spool by 34446-submit@debbugs.gnu.org id=B34446.15499312799174 (code B ref 34446); Tue, 12 Feb 2019 00:28:02 +0000 Received: (at 34446) by debbugs.gnu.org; 12 Feb 2019 00:27:59 +0000 Received: from localhost ([127.0.0.1]:44257 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gtLvU-0002Nm-Lr for submit@debbugs.gnu.org; Mon, 11 Feb 2019 19:27:59 -0500 Received: from out2-smtp.messagingengine.com ([66.111.4.26]:57493) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gtLvQ-0002NK-Ak for 34446@debbugs.gnu.org; Mon, 11 Feb 2019 19:27:49 -0500 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id D050C23221; Mon, 11 Feb 2019 19:27:42 -0500 (EST) Received: from mailfrontend1 ([10.202.2.162]) by compute4.internal (MEProxy); Mon, 11 Feb 2019 19:27:42 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=from:to:subject:date:message-id:mime-version :content-transfer-encoding; s=mesmtp; bh=Qq5xgdv+EsPmvKwvUPszssf 7/IjgPfCdKxzA7NtcDzA=; b=f/0MMt+okH9RavGMPkitN9MhEAZgBiUcHHf3QKx uEtWydzfj9iNSPu0ef994KMkg9GPrITcNkVPLJ87lio6jEnJd3hG4zSsMJ7+11Dl bZ8yUfiitd8l0+AKuN5s/ah3TP49hGY5Kjh3NWXblvmQClaGDMUHfhRJzYKZeQPI 1tRE= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:date:from :message-id:mime-version:subject:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=Qq5xgdv+EsPmvKwvU Pszssf7/IjgPfCdKxzA7NtcDzA=; b=y5IIs3MfzD+xVpBIpyV10YGyn6yemFGQl jIAbuu6soFAEk6iONsfj56vLY3xOYC0lmzqDrXQbme5zaigiHiDuLtGVWfWgqu+j TMyyTkoI6ZesA+Xv9YlYVRASfVXV+/K1Lm9FJ9KQ7tZ9TeyHRWH+kszraRDbmojq N1r9R2Wb0LbZ36wWRI7VQU7nUBvJCWxrEoFrmS/+QQQMPVdaswD+w+61HPt2aDjt gDqIXkcdbx8SqwjTbxA8q0UE30kg6eb0AreCRFpcQRlNYd2OJzPPSEEXZFvg5KM8 9VzLcZG0uvNdECYJGN45IdE8OfChFBUAE7NtdIZ9XVQmhw9Zr9KFA== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedtledruddttddgvddvucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfquhhtnecuuegrihhlohhuthemucef tddtnecunecujfgurhephffvufffkffoggfgsedtkeertdertddtnecuhfhrohhmpefnvg houcfhrghmuhhlrghrihcuoehlvghosehfrghmuhhlrghrihdrnhgrmhgvqeenucffohhm rghinhepshgvtghlihhsthhsrdhorhhgpdhmihhtrhgvrdhorhhgpdgrphgrtghhvgdroh hrghdpghhithhhuhgsrdgtohhmnecukfhppeejiedruddvgedrvddtvddrudefjeenucfr rghrrghmpehmrghilhhfrhhomheplhgvohesfhgrmhhulhgrrhhirdhnrghmvgenucevlh hushhtvghrufhiiigvpedt X-ME-Proxy: Received: from jasmine.lan (c-76-124-202-137.hsd1.pa.comcast.net [76.124.202.137]) by mail.messagingengine.com (Postfix) with ESMTPA id 490CBE4364 for <34446@debbugs.gnu.org>; Mon, 11 Feb 2019 19:27:42 -0500 (EST) From: Leo Famulari Date: Mon, 11 Feb 2019 19:27:35 -0500 Message-Id: <61ed83d852124caae74fd8cd53a9c375ee3ac80d.1549931256.git.leo@famulari.name> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.51.188.43 X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" X-getmail-retrieved-from-mailbox: Patches * gnu/packages/virtualization.scm (runc): Update to 1.0.0-rc6. [source]: Use a descriptive file-name. Add 'runc-CVE-2019-5736.patch' * gnu/packages/patches/runc-CVE-2019-5736.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. --- gnu/local.mk | 1 + gnu/packages/patches/runc-CVE-2019-5736.patch | 343 ++++++++++++++++++ gnu/packages/virtualization.scm | 6 +- 3 files changed, 348 insertions(+), 2 deletions(-) create mode 100644 gnu/packages/patches/runc-CVE-2019-5736.patch diff --git a/gnu/local.mk b/gnu/local.mk index 3bb60d3ade..5fbd02e120 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1205,6 +1205,7 @@ dist_patch_DATA = \ %D%/packages/patches/ruby-concurrent-test-arm.patch \ %D%/packages/patches/ruby-rack-ignore-failing-test.patch \ %D%/packages/patches/ruby-tzinfo-data-ignore-broken-test.patch\ + %D%/packages/patches/runc-CVE-2019-5736.patch \ %D%/packages/patches/rust-1.19-mrustc.patch \ %D%/packages/patches/rust-1.25-accept-more-detailed-gdb-lines.patch \ %D%/packages/patches/rust-bootstrap-stage0-test.patch \ diff --git a/gnu/packages/patches/runc-CVE-2019-5736.patch b/gnu/packages/patches/runc-CVE-2019-5736.patch new file mode 100644 index 0000000000..f629fcbfb4 --- /dev/null +++ b/gnu/packages/patches/runc-CVE-2019-5736.patch @@ -0,0 +1,343 @@ +Fix CVE-2019-5736: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5736 +https://seclists.org/oss-sec/2019/q1/119 + +Patch copied from upstream source repository: + +https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558b + +From 0a8e4117e7f715d5fbeef398405813ce8e88558b Mon Sep 17 00:00:00 2001 +From: Aleksa Sarai +Date: Wed, 9 Jan 2019 13:40:01 +1100 +Subject: [PATCH] nsenter: clone /proc/self/exe to avoid exposing host binary + to container + +There are quite a few circumstances where /proc/self/exe pointing to a +pretty important container binary is a _bad_ thing, so to avoid this we +have to make a copy (preferably doing self-clean-up and not being +writeable). + +We require memfd_create(2) -- though there is an O_TMPFILE fallback -- +but we can always extend this to use a scratch MNT_DETACH overlayfs or +tmpfs. The main downside to this approach is no page-cache sharing for +the runc binary (which overlayfs would give us) but this is far less +complicated. + +This is only done during nsenter so that it happens transparently to the +Go code, and any libcontainer users benefit from it. This also makes +ExtraFiles and --preserve-fds handling trivial (because we don't need to +worry about it). + +Fixes: CVE-2019-5736 +Co-developed-by: Christian Brauner +Signed-off-by: Aleksa Sarai +--- + libcontainer/nsenter/cloned_binary.c | 268 +++++++++++++++++++++++++++ + libcontainer/nsenter/nsexec.c | 11 ++ + 2 files changed, 279 insertions(+) + create mode 100644 libcontainer/nsenter/cloned_binary.c + +diff --git a/libcontainer/nsenter/cloned_binary.c b/libcontainer/nsenter/cloned_binary.c +new file mode 100644 +index 000000000..c8a42c23f +--- /dev/null ++++ b/libcontainer/nsenter/cloned_binary.c +@@ -0,0 +1,268 @@ ++/* ++ * Copyright (C) 2019 Aleksa Sarai ++ * Copyright (C) 2019 SUSE LLC ++ * ++ * Licensed under the Apache License, Version 2.0 (the "License"); ++ * you may not use this file except in compliance with the License. ++ * You may obtain a copy of the License at ++ * ++ * http://www.apache.org/licenses/LICENSE-2.0 ++ * ++ * Unless required by applicable law or agreed to in writing, software ++ * distributed under the License is distributed on an "AS IS" BASIS, ++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ++ * See the License for the specific language governing permissions and ++ * limitations under the License. ++ */ ++ ++#define _GNU_SOURCE ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#include ++#include ++#include ++#include ++#include ++#include ++ ++/* Use our own wrapper for memfd_create. */ ++#if !defined(SYS_memfd_create) && defined(__NR_memfd_create) ++# define SYS_memfd_create __NR_memfd_create ++#endif ++#ifdef SYS_memfd_create ++# define HAVE_MEMFD_CREATE ++/* memfd_create(2) flags -- copied from . */ ++# ifndef MFD_CLOEXEC ++# define MFD_CLOEXEC 0x0001U ++# define MFD_ALLOW_SEALING 0x0002U ++# endif ++int memfd_create(const char *name, unsigned int flags) ++{ ++ return syscall(SYS_memfd_create, name, flags); ++} ++#endif ++ ++/* This comes directly from . */ ++#ifndef F_LINUX_SPECIFIC_BASE ++# define F_LINUX_SPECIFIC_BASE 1024 ++#endif ++#ifndef F_ADD_SEALS ++# define F_ADD_SEALS (F_LINUX_SPECIFIC_BASE + 9) ++# define F_GET_SEALS (F_LINUX_SPECIFIC_BASE + 10) ++#endif ++#ifndef F_SEAL_SEAL ++# define F_SEAL_SEAL 0x0001 /* prevent further seals from being set */ ++# define F_SEAL_SHRINK 0x0002 /* prevent file from shrinking */ ++# define F_SEAL_GROW 0x0004 /* prevent file from growing */ ++# define F_SEAL_WRITE 0x0008 /* prevent writes */ ++#endif ++ ++#define RUNC_SENDFILE_MAX 0x7FFFF000 /* sendfile(2) is limited to 2GB. */ ++#ifdef HAVE_MEMFD_CREATE ++# define RUNC_MEMFD_COMMENT "runc_cloned:/proc/self/exe" ++# define RUNC_MEMFD_SEALS \ ++ (F_SEAL_SEAL | F_SEAL_SHRINK | F_SEAL_GROW | F_SEAL_WRITE) ++#endif ++ ++static void *must_realloc(void *ptr, size_t size) ++{ ++ void *old = ptr; ++ do { ++ ptr = realloc(old, size); ++ } while(!ptr); ++ return ptr; ++} ++ ++/* ++ * Verify whether we are currently in a self-cloned program (namely, is ++ * /proc/self/exe a memfd). F_GET_SEALS will only succeed for memfds (or rather ++ * for shmem files), and we want to be sure it's actually sealed. ++ */ ++static int is_self_cloned(void) ++{ ++ int fd, ret, is_cloned = 0; ++ ++ fd = open("/proc/self/exe", O_RDONLY|O_CLOEXEC); ++ if (fd < 0) ++ return -ENOTRECOVERABLE; ++ ++#ifdef HAVE_MEMFD_CREATE ++ ret = fcntl(fd, F_GET_SEALS); ++ is_cloned = (ret == RUNC_MEMFD_SEALS); ++#else ++ struct stat statbuf = {0}; ++ ret = fstat(fd, &statbuf); ++ if (ret >= 0) ++ is_cloned = (statbuf.st_nlink == 0); ++#endif ++ close(fd); ++ return is_cloned; ++} ++ ++/* ++ * Basic wrapper around mmap(2) that gives you the file length so you can ++ * safely treat it as an ordinary buffer. Only gives you read access. ++ */ ++static char *read_file(char *path, size_t *length) ++{ ++ int fd; ++ char buf[4096], *copy = NULL; ++ ++ if (!length) ++ return NULL; ++ ++ fd = open(path, O_RDONLY | O_CLOEXEC); ++ if (fd < 0) ++ return NULL; ++ ++ *length = 0; ++ for (;;) { ++ int n; ++ ++ n = read(fd, buf, sizeof(buf)); ++ if (n < 0) ++ goto error; ++ if (!n) ++ break; ++ ++ copy = must_realloc(copy, (*length + n) * sizeof(*copy)); ++ memcpy(copy + *length, buf, n); ++ *length += n; ++ } ++ close(fd); ++ return copy; ++ ++error: ++ close(fd); ++ free(copy); ++ return NULL; ++} ++ ++/* ++ * A poor-man's version of "xargs -0". Basically parses a given block of ++ * NUL-delimited data, within the given length and adds a pointer to each entry ++ * to the array of pointers. ++ */ ++static int parse_xargs(char *data, int data_length, char ***output) ++{ ++ int num = 0; ++ char *cur = data; ++ ++ if (!data || *output != NULL) ++ return -1; ++ ++ while (cur < data + data_length) { ++ num++; ++ *output = must_realloc(*output, (num + 1) * sizeof(**output)); ++ (*output)[num - 1] = cur; ++ cur += strlen(cur) + 1; ++ } ++ (*output)[num] = NULL; ++ return num; ++} ++ ++/* ++ * "Parse" out argv and envp from /proc/self/cmdline and /proc/self/environ. ++ * This is necessary because we are running in a context where we don't have a ++ * main() that we can just get the arguments from. ++ */ ++static int fetchve(char ***argv, char ***envp) ++{ ++ char *cmdline = NULL, *environ = NULL; ++ size_t cmdline_size, environ_size; ++ ++ cmdline = read_file("/proc/self/cmdline", &cmdline_size); ++ if (!cmdline) ++ goto error; ++ environ = read_file("/proc/self/environ", &environ_size); ++ if (!environ) ++ goto error; ++ ++ if (parse_xargs(cmdline, cmdline_size, argv) <= 0) ++ goto error; ++ if (parse_xargs(environ, environ_size, envp) <= 0) ++ goto error; ++ ++ return 0; ++ ++error: ++ free(environ); ++ free(cmdline); ++ return -EINVAL; ++} ++ ++static int clone_binary(void) ++{ ++ int binfd, memfd; ++ ssize_t sent = 0; ++ ++#ifdef HAVE_MEMFD_CREATE ++ memfd = memfd_create(RUNC_MEMFD_COMMENT, MFD_CLOEXEC | MFD_ALLOW_SEALING); ++#else ++ memfd = open("/tmp", O_TMPFILE | O_EXCL | O_RDWR | O_CLOEXEC, 0711); ++#endif ++ if (memfd < 0) ++ return -ENOTRECOVERABLE; ++ ++ binfd = open("/proc/self/exe", O_RDONLY | O_CLOEXEC); ++ if (binfd < 0) ++ goto error; ++ ++ sent = sendfile(memfd, binfd, NULL, RUNC_SENDFILE_MAX); ++ close(binfd); ++ if (sent < 0) ++ goto error; ++ ++#ifdef HAVE_MEMFD_CREATE ++ int err = fcntl(memfd, F_ADD_SEALS, RUNC_MEMFD_SEALS); ++ if (err < 0) ++ goto error; ++#else ++ /* Need to re-open "memfd" as read-only to avoid execve(2) giving -EXTBUSY. */ ++ int newfd; ++ char *fdpath = NULL; ++ ++ if (asprintf(&fdpath, "/proc/self/fd/%d", memfd) < 0) ++ goto error; ++ newfd = open(fdpath, O_RDONLY | O_CLOEXEC); ++ free(fdpath); ++ if (newfd < 0) ++ goto error; ++ ++ close(memfd); ++ memfd = newfd; ++#endif ++ return memfd; ++ ++error: ++ close(memfd); ++ return -EIO; ++} ++ ++int ensure_cloned_binary(void) ++{ ++ int execfd; ++ char **argv = NULL, **envp = NULL; ++ ++ /* Check that we're not self-cloned, and if we are then bail. */ ++ int cloned = is_self_cloned(); ++ if (cloned > 0 || cloned == -ENOTRECOVERABLE) ++ return cloned; ++ ++ if (fetchve(&argv, &envp) < 0) ++ return -EINVAL; ++ ++ execfd = clone_binary(); ++ if (execfd < 0) ++ return -EIO; ++ ++ fexecve(execfd, argv, envp); ++ return -ENOEXEC; ++} +diff --git a/libcontainer/nsenter/nsexec.c b/libcontainer/nsenter/nsexec.c +index 28269dfc0..7750af35e 100644 +--- a/libcontainer/nsenter/nsexec.c ++++ b/libcontainer/nsenter/nsexec.c +@@ -534,6 +534,9 @@ void join_namespaces(char *nslist) + free(namespaces); + } + ++/* Defined in cloned_binary.c. */ ++extern int ensure_cloned_binary(void); ++ + void nsexec(void) + { + int pipenum; +@@ -549,6 +552,14 @@ void nsexec(void) + if (pipenum == -1) + return; + ++ /* ++ * We need to re-exec if we are not in a cloned binary. This is necessary ++ * to ensure that containers won't be able to access the host binary ++ * through /proc/self/exe. See CVE-2019-5736. ++ */ ++ if (ensure_cloned_binary() < 0) ++ bail("could not ensure we are a cloned binary"); ++ + /* Parse all of the netlink configuration. */ + nl_parse(pipenum, &config); + diff --git a/gnu/packages/virtualization.scm b/gnu/packages/virtualization.scm index f5e4540329..8a5af2e8ea 100644 --- a/gnu/packages/virtualization.scm +++ b/gnu/packages/virtualization.scm @@ -847,15 +847,17 @@ monitor/GPU.") (define-public runc (package (name "runc") - (version "1.0.0-rc5") + (version "1.0.0-rc6") (source (origin (method url-fetch) (uri (string-append "https://github.com/opencontainers/runc/releases/" "download/v" version "/runc.tar.xz")) + (file-name (string-append name "-" version ".tar.xz")) + (patches (search-patches "runc-CVE-2019-5736.patch")) (sha256 (base32 - "081avdzwnqpk368wbaihlzsypaxpj42d7699h7jgp0fks14x4103")))) + "1c7832dq70slkjh8qp2civ1wxhhdd2hrx84pq7db1mmqc9fdr3cc")))) (build-system go-build-system) (arguments '(#:import-path "github.com/opencontainers/runc" From patchwork Tue Feb 12 00:27:36 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Leo Famulari X-Patchwork-Id: 1029 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 7997516B48; Tue, 12 Feb 2019 00:30:49 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,T_DKIM_INVALID, URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTP id 2C90316B31 for ; Tue, 12 Feb 2019 00:30:49 +0000 (GMT) Received: from localhost ([127.0.0.1]:58790 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gtLyK-0007kz-Nr for patchwork@mira.cbaines.net; Mon, 11 Feb 2019 19:30:48 -0500 Received: from eggs.gnu.org ([209.51.188.92]:37975) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gtLvf-0005Qu-Ev for guix-patches@gnu.org; Mon, 11 Feb 2019 19:28:04 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gtLve-0007tu-Dy for guix-patches@gnu.org; Mon, 11 Feb 2019 19:28:03 -0500 Received: from debbugs.gnu.org ([209.51.188.43]:44976) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1gtLve-0007sl-3R for guix-patches@gnu.org; Mon, 11 Feb 2019 19:28:02 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1gtLvd-0002O9-Kt for guix-patches@gnu.org; Mon, 11 Feb 2019 19:28:01 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#34446] [PATCH 2/2] gnu: Docker: Update to 18.09.2. Resent-From: Leo Famulari Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 12 Feb 2019 00:28:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 34446 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: To: 34446@debbugs.gnu.org Received: via spool by 34446-submit@debbugs.gnu.org id=B34446.15499312709158 (code B ref 34446); Tue, 12 Feb 2019 00:28:01 +0000 Received: (at 34446) by debbugs.gnu.org; 12 Feb 2019 00:27:50 +0000 Received: from localhost ([127.0.0.1]:44255 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gtLvS-0002Nd-C7 for submit@debbugs.gnu.org; Mon, 11 Feb 2019 19:27:50 -0500 Received: from out2-smtp.messagingengine.com ([66.111.4.26]:58987) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gtLvQ-0002NL-Am for 34446@debbugs.gnu.org; Mon, 11 Feb 2019 19:27:49 -0500 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id D807D232C5; Mon, 11 Feb 2019 19:27:42 -0500 (EST) Received: from mailfrontend1 ([10.202.2.162]) by compute4.internal (MEProxy); Mon, 11 Feb 2019 19:27:42 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=from:to:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; s=mesmtp; bh=buy/FuU5qB vuXaH/pDiSIYe5uUfUHhMvkS/B3UxAm1c=; b=Hjg1/fDXjv6upv+voCBDc4OIK2 lYJ4E2eV3fqwMPC5VnRsama1bJwz5J8dZLM4N9X59WDGuz2YokC7bk+KsGMX48tg hkoLK8pfS60YDQKsQ0uZJO0ZTgLXJZPFxk/VVlZ4wvdToc0lzw0bQxQYp6R/XoyB nFT7h2ZEUDxA7949M= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:date:from :in-reply-to:message-id:mime-version:references:subject:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm2; bh=buy/FuU5qBvuXaH/pDiSIYe5uUfUHhMvkS/B3UxAm1c=; b=20u7kLoY ADag4ZPs3U/7pCaMlMKGvDcM2FwCyb/LNcXi21TBz93vbbjhlF7Kkmm7gtGEMnqE hN4Vh85glV6rGXk+IfWKIwOd6gRj43lXwQfAZlq4CicurQG+5OT9BYyroMre3W2T zyZvV2srNu5DjEqWXBKXeWN1p3IGDBkev5myp5O8qrl3FidZdfDhOsCbpodDzLUb Z39TpJZtQOLhH4CYNWxP1wuwDmHpwZHUQ9cWZxcavZQ7tyZUo7fxmsrE+Wjn1kO4 aU/PM5M4P3pDELafT5Bu3TuoDks/+t8GjfDUAZZHsltnnpVxaCGbND+TuKDmksAR YJRq3ssz/KQquw== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedtledruddttddgvddvucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfquhhtnecuuegrihhlohhuthemucef tddtnecunecujfgurhephffvufffkffojghfggfgsedtkeertdertddtnecuhfhrohhmpe fnvghoucfhrghmuhhlrghrihcuoehlvghosehfrghmuhhlrghrihdrnhgrmhgvqeenucff ohhmrghinhepghhithhhuhgsrdgtohhmnecukfhppeejiedruddvgedrvddtvddrudefje enucfrrghrrghmpehmrghilhhfrhhomheplhgvohesfhgrmhhulhgrrhhirdhnrghmvgen ucevlhhushhtvghrufhiiigvpedt X-ME-Proxy: Received: from jasmine.lan (c-76-124-202-137.hsd1.pa.comcast.net [76.124.202.137]) by mail.messagingengine.com (Postfix) with ESMTPA id 75A13E412B for <34446@debbugs.gnu.org>; Mon, 11 Feb 2019 19:27:42 -0500 (EST) From: Leo Famulari Date: Mon, 11 Feb 2019 19:27:36 -0500 Message-Id: X-Mailer: git-send-email 2.20.1 In-Reply-To: <61ed83d852124caae74fd8cd53a9c375ee3ac80d.1549931256.git.leo@famulari.name> References: <61ed83d852124caae74fd8cd53a9c375ee3ac80d.1549931256.git.leo@famulari.name> MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.51.188.43 X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" X-getmail-retrieved-from-mailbox: Patches * gnu/packages/docker.scm (%docker-version): Update to 18.09.2. (docker, docker-cli): Adjust accordingly. --- gnu/packages/docker.scm | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/gnu/packages/docker.scm b/gnu/packages/docker.scm index 992eb0dcc1..5a400e6490 100644 --- a/gnu/packages/docker.scm +++ b/gnu/packages/docker.scm @@ -43,7 +43,7 @@ #:use-module (gnu packages version-control) #:use-module (gnu packages virtualization)) -(define %docker-version "18.09.0") +(define %docker-version "18.09.2") (define-public python-docker-py (package @@ -241,7 +241,7 @@ network attachments.") (file-name (git-file-name name version)) (sha256 (base32 - "1liqbx58grqih6m8hz9y20y5waflv19pv15l3wl64skap2bsn21c")) + "1zfpk2n8j6gnwbrxrh6d6pj24y60dhbanpf55shrm2yxz54ka36c")) (patches (search-patches "docker-engine-test-noinstall.patch" "docker-fix-tests.patch")))) @@ -483,7 +483,7 @@ provisioning etc.") (file-name (git-file-name name version)) (sha256 (base32 - "1ivisys20kphvbqlazc3bsg7pk0ykj9gjx5d4yg439x4n13jxwvb")))) + "0jzcqh1kqbfyj6ax7z67gihaqgjiz6ddz6rq6k458l68v7zn77r8")))) (build-system go-build-system) (arguments `(#:import-path "github.com/docker/cli"