2020-01-26 patch updates

build/patch/2021-01-26/Dockerfile

@@ -0,0 +1,42 @@
+#-------------------------------------------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See https://go.microsoft.com/fwlink/?linkid=2090316 for license information.
+#-------------------------------------------------------------------------------------------------------------
+
+ARG ORIGINAL_IMAGE=mcr.microsoft.com/vscode/devcontainers/universal@sha256:450ad0ff434cb48c812d5ef0dfb50b35bdbbda78d64c785d5bc01cf331916948
+FROM ${ORIGINAL_IMAGE}
+
+ARG PACKAGE_LIST="\
+libcurl3-gnutls \
+libcairo-gobject2 \
+libcairo2 \
+openjdk-8-jdk \
+openjdk-8-jdk-headless \
+openjdk-8-jre \
+openjdk-8-jre-headless \
+libflac8 \
+libssl1.1 \
+libp11-kit0 \
+libp11-kit-dev \
+apt-transport-https \
+libapt-inst2.0 \
+libapt-pkg5.0 \
+firefox-esr \
+libproxy1v5 \
+"
+
+ARG PATCH_SCRIPT="\
+    export DEBIAN_FRONTEND=noninteractive \
+    && apt-get update \
+    && echo \"${PACKAGE_LIST}\" | tr ' ' '\n' | while read PKG; do \
+        echo \"Checking \$PKG...\" \
+        && if [ \"\$PKG\" != '' ] && dpkg -s \$PKG >/dev/null 2>&1; then apt-get install -yq --only-upgrade \$PKG; fi; \
+    done \
+    && apt-get autoremove -y && apt-get clean -y && rm -rf /var/lib/apt/lists/*"
+
+RUN echo "${PATCH_SCRIPT}" \
+    && if [ "$(id -u)" -ne 0 ]; then \
+        sudo bash -c "${PATCH_SCRIPT}"; \
+    else \
+        bash -c "${PATCH_SCRIPT}"; \
+    fi

build/patch/2021-01-26/README.md

@@ -0,0 +1,16 @@
+Updates older image versions to resolve the following
+
+Debian/Ubuntu packages:
+- libcurl3-gnutls https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html
+- libcairo-gobject2, libcairo2 https://lists.debian.org/debian-lts-announce/2021/01/msg00006.html
+- https://lists.debian.org/debian-lts-announce/2020/12/msg00033.html
+- openjdk-8-jdk, openjdk-8-jdk-headless, openjdk-8-jre, openjdk-8-jre-headless https://lists.debian.org/debian-lts-announce/2020/12/msg00033.html
+- libflac8 https://lists.debian.org/debian-lts-announce/2021/01/msg00002.htm
+- libssl1.1 https://lists.debian.org/debian-security-announce/2020/msg00214.html
+- libp11-kit0, libp11-kit-dev https://lists.debian.org/debian-security-announce/2021/msg00000.html
+- apt-transport-https, libapt-inst2.0, libapt-pkg5.0 https://lists.debian.org/debian-security-announce/2020/msg00215.html
+- firefox-esr https://lists.debian.org/debian-security-announce/2020/msg00006.html
+- libproxy1v5 https://lists.ubuntu.com/archives/ubuntu-security-announce/2021-January/005813.html
+
+Excluded due to false positive or marked as low risk / unimportant / ignored w/no fix available:
+- docker-engine http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13401 (False positive, only CLI present, and already patched in 3.0.12+azure and up)

build/patch/2021-01-26/patch.json

@@ -0,0 +1,66 @@
+{
+	"dockerFile": "Dockerfile",
+	"bumpVersion": false,
+	"deleteUntaggedImages": true,
+	"imageIds": [
+		"sha256:450ad0ff434cb48c812d5ef0dfb50b35bdbbda78d64c785d5bc01cf331916948",
+		"sha256:468ffdf0ccce5efe1dfeecd40fc16825b834c291c9231fa4bbe7d02adea681d3",
+		"sha256:a5cd910a0c3b91adfd5617b1fcc89ea67ea6444f1c5983b225e6102098841d63",
+		"sha256:214fed7fe6f55d17688c924e6ac90094702898f38aec8974ff7c6f4fddc32ce8",
+		"sha256:0530526c4fa1f819f3ac8c95a45eaecdbf655c0f7ab820a8e6bb01aad0452c0d",
+		"sha256:73ba3f98cb9e75f62fd8060be5eb0d37b73c93911a03d1c55cc60163b7f57de7",
+		"sha256:d8f322d7b9591f92f185ed60da4a19b40946d0db7fc59e4efb7eeeec206958f6",
+		"sha256:32c40c4132142a5543a852177d0335f6e4e54bc6542eb15bc7ec26b3bff6c017",
+		"sha256:8dce00ec4465edb90572d0c1d06ef51e98df43a65d5ce1431109737736fe0395",
+		"sha256:25b7726b6a891e4c7e9f19b54cd08b7eadc4d18696f496fcc69dfdf94b4c7eec",
+		"sha256:2e37850c44d1e3a40c58ab01a7b439640e883364d8f5308f8f7bcba58a673663",
+		"sha256:38bdea4fd838d6b29f85cb63b10c1407260dddcffc22fc82d686140205a895c0",
+		"sha256:8f7a6d6950455dc878b62984d7fc0c745899ea6dad685ec686a73e40fa0aac3d",
+		"sha256:52bb7e8b7d69c7c75e06b3c303e14be88efde43c058d0d29e06be90b3b555bc3",
+		"sha256:07f0429764adc5c4888ee9a0e7a8867b55ad9d34cf020440a8b6375ba21eaa7a",
+		"sha256:0268ca3a7edf0941a1a859dcad529c4a9931f7ea5207d1404941007c140dc51d",
+		"sha256:d962e9ae1f2d078a0720bbf552f6c4ccca3983b57f6d5acd7796660d7c09801f",
+		"sha256:89cddbd3e03a453a0437ccefcabbb4fa011c0579ff990ea9fa73a90da46afd01",
+		"sha256:3523d8d166b68a2b4b1f3fcf04f40a5425bab70510dce27009cbf7378eee2e01",
+		"sha256:8cbc59f82443b12e67c2ef7cfc4029f5abbb8158eef89d7c1978b5464128942b",
+		"sha256:6ffd896ba8c228abd112d2337c93a0d14c93199bcd92abc9025ddcb2728d5395",
+		"sha256:004474d2a053d0212127c828b16d9301e7173b4a48031f4cc2f2fb5e003f9fe6",
+		"sha256:3d2567e0d38410a254746e6b4267cfabd01cfe563a38863a08231f216837f7f9",
+		"sha256:2a46291dbc37c969ae9b0b7cf25c5320e751cc9122e3ec4ea63aaaa60c10f3f9",
+		"sha256:3ace1fe0dc0fbcd78f3c7307c34e950683904f4148c34c19fd7e1053487f4027",
+		"sha256:dd30709c16505706fd451ea504b2c035a4a233513caff195df75b47a52b57763",
+		"sha256:41951089ab817aa1021b924ad60a55f10f43e7e177f4ae52a3b64661b0d8ce21",
+		"sha256:f4abcdda9093e2759a62cc2f8ce9f4ba098780b6bbf42764d774c5dbbadd6159",
+		"sha256:1df2b133efe7e9b93f0faec8e52175bc21d40afd4d9f7c0ffddae49722e13fb6",
+		"sha256:a59045897e3978e66dcd80fdaeb9517d567edd8502855da1077ac6f13d0807b5",
+		"sha256:5eeb2e3f71c0ac10c99831ea848e4f9f82cca67bf09e43474859f2ea31101b02",
+		"sha256:ed397031d148f625ebad8aa54d6c1b71bf78dfc3a599064870e63b1e70a47531",
+		"sha256:0d14e3a2334029ad8f798e153a55dae9fec5929737cfa08e40e88be405c10bb8",
+		"sha256:650906938b52c14f0288711a3d8c3a760a167a8b5513b664d686df2f36b3acf8",
+		"sha256:57ab004750d894f06400f7f4625791ec5a08ea6ee86fff85152b91cbdf2ced6f",
+		"sha256:7e7dbcd353ebdc020216862962a5fa9c6274b655a8ec8804d075ae23083dc55a",
+		"sha256:6c73c8bc3ca4bdfa073e0acc886e71fd4ea97b4eca1d855f78e3dc228bc97ae3",
+		"sha256:a0b43fcdfe88d57ba6a6ebb79a151a7eecee8fdc428af62e0501997e5e53fd63",
+		"sha256:ac769a8ba002f5b0d80fc8a6af81ee1114149eceb9494749f0a050f06e78eaa9",
+		"sha256:a2b797ac9f8830b96990e04794c64a18d9b12ebd8d00e438bcb155002a330b6c",
+		"sha256:0670ae38389aba03cad16f52a4e74fa7d25714adaec3e9c5dd4e50cc7e6f30cd",
+		"sha256:04a90d75cf468d40406278fbf1ca5d47660a8ede29dd8a8f51f6e452279410a0",
+		"sha256:23cafa6a28ad303d8335b77045c1d97e9bdd5f72f17af341c7cf6e51e9372e6b",
+		"sha256:490435dba6fabe78f239f15d0a2db6764f7f3c62862902c91eb767bffc290e92",
+		"sha256:fe36bb8fa3a9d0f802f5abfc5996779fab3e1db7cc59176e4989355e42bbe2d1",
+		"sha256:38309ec25dcc4943a9c81617504ddda614dc41c802f975893562679933937389",
+		"sha256:763b0981db526f1dda9ef9822ebe194a027523a1fe98f0bff9cd485aa14103fe",
+		"sha256:cb9ca357b425e47ad98715062ebbd116d94acd9b2f0f515568350735a7cf435d",
+		"sha256:242c3c5e06cb76d8e6c2100b518d4dcbfa4855b0940041a40788fcefc4311d80",
+		"sha256:cc0afb7580b0a191c6003cb8e7dd5165e5e3c20e9aa2a9d186dfaf67044bbed3",
+		"sha256:f6617e549c0681c5e2df0db612c4f292d9b18895bd25f64f94b593c25fae2d6a",
+		"sha256:f6d7b14a3813cb776478b5aa5e4cc08163f4e0797abc57a0b9ffdcda2a17cd54",
+		"sha256:a563ea64611ddf2ca94163959fb9de33be4b64282d4c74975a6de1413aff98c1",
+		"sha256:b36fce4051313c97e38e7e9598e23374416c9c51465c6718d8b554c5132db5fd",
+		"sha256:502cd0dfed76a6f2d81af099b597cc06cdf735e7b507a43692188373fdf7589b",
+		"sha256:5c83e9dbf716d2a67e09b485bef38eded8bc998dcdb9f84f0c849e77b49d7b19",
+		"sha256:1c2eca8e51acdaaee052491d75a5f551b0d85693a3d95619411ffc5a79e9c63d",
+		"sha256:7b8ff5415183c291654f95bdecc4283c4ad9c85a45990e461ba5f0aa34fc7789",
+		"sha256:b9455630ddea8043bb09e38d077d8e92aede41efd30ecf84705addf57cecbce2"
+	]
+}