ce668d6c1e
go1.17.3 (released 2021-11-04) includes security fixes to the archive/zip and debug/macho packages, as well as bug fixes to the compiler, linker, runtime, the go command, the misc/wasm directory, and to the net/http and syscall packages. See the Go 1.17.3 milestone on our issue tracker for details. From the announcement e-mail: [security] Go 1.17.3 and Go 1.16.10 are released We have just released Go versions 1.17.3 and 1.16.10, minor point releases. These minor releases include two security fixes following the security policy: - archive/zip: don't panic on (*Reader).Open Reader.Open (the API implementing io/fs.FS introduced in Go 1.16) can be made to panic by an attacker providing either a crafted ZIP archive containing completely invalid names or an empty filename argument. Thank you to Colin Arnott, SiteHost and Noah Santschi-Cooney, Sourcegraph Code Intelligence Team for reporting this issue. This is CVE-2021-41772 and Go issue golang.org/issue/48085. - debug/macho: invalid dynamic symbol table command can cause panic Malformed binaries parsed using Open or OpenFat can cause a panic when calling ImportedSymbols, due to an out-of-bounds slice operation. Thanks to Burak Çarıkçı - Yunus Yıldırım (CT-Zer0 Crypttech) for reporting this issue. This is CVE-2021-41771 and Go issue golang.org/issue/48990. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
55 lines
1.6 KiB
Text
55 lines
1.6 KiB
Text
# docker build -t docker:simple -f Dockerfile.simple .
|
|
# docker run --rm docker:simple hack/make.sh dynbinary
|
|
# docker run --rm --privileged docker:simple hack/dind hack/make.sh test-unit
|
|
# docker run --rm --privileged -v /var/lib/docker docker:simple hack/dind hack/make.sh dynbinary test-integration
|
|
|
|
# This represents the bare minimum required to build and test Docker.
|
|
|
|
ARG GO_VERSION=1.17.3
|
|
|
|
ARG BASE_DEBIAN_DISTRO="bullseye"
|
|
ARG GOLANG_IMAGE="golang:${GO_VERSION}-${BASE_DEBIAN_DISTRO}"
|
|
|
|
FROM ${GOLANG_IMAGE}
|
|
ENV GO111MODULE=off
|
|
|
|
# allow replacing httpredir or deb mirror
|
|
ARG APT_MIRROR=deb.debian.org
|
|
RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list
|
|
|
|
# Compile and runtime deps
|
|
# https://github.com/docker/docker/blob/master/project/PACKAGERS.md#build-dependencies
|
|
# https://github.com/docker/docker/blob/master/project/PACKAGERS.md#runtime-dependencies
|
|
RUN apt-get update && apt-get install -y --no-install-recommends \
|
|
build-essential \
|
|
curl \
|
|
cmake \
|
|
gcc \
|
|
git \
|
|
libapparmor-dev \
|
|
libbtrfs-dev \
|
|
libdevmapper-dev \
|
|
libseccomp-dev \
|
|
ca-certificates \
|
|
e2fsprogs \
|
|
iptables \
|
|
pkg-config \
|
|
pigz \
|
|
procps \
|
|
xfsprogs \
|
|
xz-utils \
|
|
\
|
|
vim-common \
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
# Install runc, containerd, tini and docker-proxy
|
|
# Please edit hack/dockerfile/install/<name>.installer to update them.
|
|
COPY hack/dockerfile/install hack/dockerfile/install
|
|
RUN for i in runc containerd tini proxy dockercli; \
|
|
do hack/dockerfile/install/install.sh $i; \
|
|
done
|
|
ENV PATH=/usr/local/cli:$PATH
|
|
|
|
ENV AUTO_GOPATH 1
|
|
WORKDIR /usr/src/docker
|
|
COPY . /usr/src/docker
|