diff --git a/build/patch/2021-01-26/Dockerfile b/build/patch/2021-01-26/Dockerfile new file mode 100644 index 00000000..c254fd85 --- /dev/null +++ b/build/patch/2021-01-26/Dockerfile @@ -0,0 +1,42 @@ +#------------------------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See https://go.microsoft.com/fwlink/?linkid=2090316 for license information. +#------------------------------------------------------------------------------------------------------------- + +ARG ORIGINAL_IMAGE=mcr.microsoft.com/vscode/devcontainers/universal@sha256:450ad0ff434cb48c812d5ef0dfb50b35bdbbda78d64c785d5bc01cf331916948 +FROM ${ORIGINAL_IMAGE} + +ARG PACKAGE_LIST="\ +libcurl3-gnutls \ +libcairo-gobject2 \ +libcairo2 \ +openjdk-8-jdk \ +openjdk-8-jdk-headless \ +openjdk-8-jre \ +openjdk-8-jre-headless \ +libflac8 \ +libssl1.1 \ +libp11-kit0 \ +libp11-kit-dev \ +apt-transport-https \ +libapt-inst2.0 \ +libapt-pkg5.0 \ +firefox-esr \ +libproxy1v5 \ +" + +ARG PATCH_SCRIPT="\ + export DEBIAN_FRONTEND=noninteractive \ + && apt-get update \ + && echo \"${PACKAGE_LIST}\" | tr ' ' '\n' | while read PKG; do \ + echo \"Checking \$PKG...\" \ + && if [ \"\$PKG\" != '' ] && dpkg -s \$PKG >/dev/null 2>&1; then apt-get install -yq --only-upgrade \$PKG; fi; \ + done \ + && apt-get autoremove -y && apt-get clean -y && rm -rf /var/lib/apt/lists/*" + +RUN echo "${PATCH_SCRIPT}" \ + && if [ "$(id -u)" -ne 0 ]; then \ + sudo bash -c "${PATCH_SCRIPT}"; \ + else \ + bash -c "${PATCH_SCRIPT}"; \ + fi diff --git a/build/patch/2021-01-26/README.md b/build/patch/2021-01-26/README.md new file mode 100644 index 00000000..3ecf2abe --- /dev/null +++ b/build/patch/2021-01-26/README.md @@ -0,0 +1,16 @@ +Updates older image versions to resolve the following + +Debian/Ubuntu packages: +- libcurl3-gnutls https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html +- libcairo-gobject2, libcairo2 https://lists.debian.org/debian-lts-announce/2021/01/msg00006.html +- https://lists.debian.org/debian-lts-announce/2020/12/msg00033.html +- openjdk-8-jdk, openjdk-8-jdk-headless, openjdk-8-jre, openjdk-8-jre-headless https://lists.debian.org/debian-lts-announce/2020/12/msg00033.html +- libflac8 https://lists.debian.org/debian-lts-announce/2021/01/msg00002.htm +- libssl1.1 https://lists.debian.org/debian-security-announce/2020/msg00214.html +- libp11-kit0, libp11-kit-dev https://lists.debian.org/debian-security-announce/2021/msg00000.html +- apt-transport-https, libapt-inst2.0, libapt-pkg5.0 https://lists.debian.org/debian-security-announce/2020/msg00215.html +- firefox-esr https://lists.debian.org/debian-security-announce/2020/msg00006.html +- libproxy1v5 https://lists.ubuntu.com/archives/ubuntu-security-announce/2021-January/005813.html + +Excluded due to false positive or marked as low risk / unimportant / ignored w/no fix available: +- docker-engine http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13401 (False positive, only CLI present, and already patched in 3.0.12+azure and up) diff --git a/build/patch/2021-01-26/patch.json b/build/patch/2021-01-26/patch.json new file mode 100644 index 00000000..712e622f --- /dev/null +++ b/build/patch/2021-01-26/patch.json @@ -0,0 +1,66 @@ +{ + "dockerFile": "Dockerfile", + "bumpVersion": false, + "deleteUntaggedImages": true, + "imageIds": [ + "sha256:450ad0ff434cb48c812d5ef0dfb50b35bdbbda78d64c785d5bc01cf331916948", + "sha256:468ffdf0ccce5efe1dfeecd40fc16825b834c291c9231fa4bbe7d02adea681d3", + "sha256:a5cd910a0c3b91adfd5617b1fcc89ea67ea6444f1c5983b225e6102098841d63", + "sha256:214fed7fe6f55d17688c924e6ac90094702898f38aec8974ff7c6f4fddc32ce8", + "sha256:0530526c4fa1f819f3ac8c95a45eaecdbf655c0f7ab820a8e6bb01aad0452c0d", + "sha256:73ba3f98cb9e75f62fd8060be5eb0d37b73c93911a03d1c55cc60163b7f57de7", + "sha256:d8f322d7b9591f92f185ed60da4a19b40946d0db7fc59e4efb7eeeec206958f6", + "sha256:32c40c4132142a5543a852177d0335f6e4e54bc6542eb15bc7ec26b3bff6c017", + "sha256:8dce00ec4465edb90572d0c1d06ef51e98df43a65d5ce1431109737736fe0395", + "sha256:25b7726b6a891e4c7e9f19b54cd08b7eadc4d18696f496fcc69dfdf94b4c7eec", + "sha256:2e37850c44d1e3a40c58ab01a7b439640e883364d8f5308f8f7bcba58a673663", + "sha256:38bdea4fd838d6b29f85cb63b10c1407260dddcffc22fc82d686140205a895c0", + "sha256:8f7a6d6950455dc878b62984d7fc0c745899ea6dad685ec686a73e40fa0aac3d", + "sha256:52bb7e8b7d69c7c75e06b3c303e14be88efde43c058d0d29e06be90b3b555bc3", + "sha256:07f0429764adc5c4888ee9a0e7a8867b55ad9d34cf020440a8b6375ba21eaa7a", + "sha256:0268ca3a7edf0941a1a859dcad529c4a9931f7ea5207d1404941007c140dc51d", + "sha256:d962e9ae1f2d078a0720bbf552f6c4ccca3983b57f6d5acd7796660d7c09801f", + "sha256:89cddbd3e03a453a0437ccefcabbb4fa011c0579ff990ea9fa73a90da46afd01", + "sha256:3523d8d166b68a2b4b1f3fcf04f40a5425bab70510dce27009cbf7378eee2e01", + "sha256:8cbc59f82443b12e67c2ef7cfc4029f5abbb8158eef89d7c1978b5464128942b", + "sha256:6ffd896ba8c228abd112d2337c93a0d14c93199bcd92abc9025ddcb2728d5395", + "sha256:004474d2a053d0212127c828b16d9301e7173b4a48031f4cc2f2fb5e003f9fe6", + "sha256:3d2567e0d38410a254746e6b4267cfabd01cfe563a38863a08231f216837f7f9", + "sha256:2a46291dbc37c969ae9b0b7cf25c5320e751cc9122e3ec4ea63aaaa60c10f3f9", + "sha256:3ace1fe0dc0fbcd78f3c7307c34e950683904f4148c34c19fd7e1053487f4027", + "sha256:dd30709c16505706fd451ea504b2c035a4a233513caff195df75b47a52b57763", + "sha256:41951089ab817aa1021b924ad60a55f10f43e7e177f4ae52a3b64661b0d8ce21", + "sha256:f4abcdda9093e2759a62cc2f8ce9f4ba098780b6bbf42764d774c5dbbadd6159", + "sha256:1df2b133efe7e9b93f0faec8e52175bc21d40afd4d9f7c0ffddae49722e13fb6", + "sha256:a59045897e3978e66dcd80fdaeb9517d567edd8502855da1077ac6f13d0807b5", + "sha256:5eeb2e3f71c0ac10c99831ea848e4f9f82cca67bf09e43474859f2ea31101b02", + "sha256:ed397031d148f625ebad8aa54d6c1b71bf78dfc3a599064870e63b1e70a47531", + "sha256:0d14e3a2334029ad8f798e153a55dae9fec5929737cfa08e40e88be405c10bb8", + "sha256:650906938b52c14f0288711a3d8c3a760a167a8b5513b664d686df2f36b3acf8", + "sha256:57ab004750d894f06400f7f4625791ec5a08ea6ee86fff85152b91cbdf2ced6f", + "sha256:7e7dbcd353ebdc020216862962a5fa9c6274b655a8ec8804d075ae23083dc55a", + "sha256:6c73c8bc3ca4bdfa073e0acc886e71fd4ea97b4eca1d855f78e3dc228bc97ae3", + "sha256:a0b43fcdfe88d57ba6a6ebb79a151a7eecee8fdc428af62e0501997e5e53fd63", + "sha256:ac769a8ba002f5b0d80fc8a6af81ee1114149eceb9494749f0a050f06e78eaa9", + "sha256:a2b797ac9f8830b96990e04794c64a18d9b12ebd8d00e438bcb155002a330b6c", + "sha256:0670ae38389aba03cad16f52a4e74fa7d25714adaec3e9c5dd4e50cc7e6f30cd", + "sha256:04a90d75cf468d40406278fbf1ca5d47660a8ede29dd8a8f51f6e452279410a0", + "sha256:23cafa6a28ad303d8335b77045c1d97e9bdd5f72f17af341c7cf6e51e9372e6b", + "sha256:490435dba6fabe78f239f15d0a2db6764f7f3c62862902c91eb767bffc290e92", + "sha256:fe36bb8fa3a9d0f802f5abfc5996779fab3e1db7cc59176e4989355e42bbe2d1", + "sha256:38309ec25dcc4943a9c81617504ddda614dc41c802f975893562679933937389", + "sha256:763b0981db526f1dda9ef9822ebe194a027523a1fe98f0bff9cd485aa14103fe", + "sha256:cb9ca357b425e47ad98715062ebbd116d94acd9b2f0f515568350735a7cf435d", + "sha256:242c3c5e06cb76d8e6c2100b518d4dcbfa4855b0940041a40788fcefc4311d80", + "sha256:cc0afb7580b0a191c6003cb8e7dd5165e5e3c20e9aa2a9d186dfaf67044bbed3", + "sha256:f6617e549c0681c5e2df0db612c4f292d9b18895bd25f64f94b593c25fae2d6a", + "sha256:f6d7b14a3813cb776478b5aa5e4cc08163f4e0797abc57a0b9ffdcda2a17cd54", + "sha256:a563ea64611ddf2ca94163959fb9de33be4b64282d4c74975a6de1413aff98c1", + "sha256:b36fce4051313c97e38e7e9598e23374416c9c51465c6718d8b554c5132db5fd", + "sha256:502cd0dfed76a6f2d81af099b597cc06cdf735e7b507a43692188373fdf7589b", + "sha256:5c83e9dbf716d2a67e09b485bef38eded8bc998dcdb9f84f0c849e77b49d7b19", + "sha256:1c2eca8e51acdaaee052491d75a5f551b0d85693a3d95619411ffc5a79e9c63d", + "sha256:7b8ff5415183c291654f95bdecc4283c4ad9c85a45990e461ba5f0aa34fc7789", + "sha256:b9455630ddea8043bb09e38d077d8e92aede41efd30ecf84705addf57cecbce2" + ] +}