Fix additional library CVEs in sdc-docker-base

Fix CVEs around the following packages:
  binutils
  jq
  libtasn1
  libpng
  curl libcurl

Change-Id: Ib9b8419e3f35072a43bdc88a92255ee6f8968943
Issue-ID: SDC-1310
Signed-off-by: Gary Wu <gary.i.wu@huawei.com>

diff --git a/base_sdc-cqlsh/Dockerfile b/base_sdc-cqlsh/Dockerfile
index 59e84eb..3876ba9 100644 (file)
--- a/base_sdc-cqlsh/Dockerfile
+++ b/base_sdc-cqlsh/Dockerfile
@@ -4,4 +4,7 @@ RUN apk add --no-cache py-pip && \
     pip install cqlsh==4.0.1 && \
     set -ex && \
     apk add --no-cache bash=4.4.19-r1 build-base=0.5-r0 ruby=2.4.4-r0 ruby-dev=2.4.4-r0 libffi-dev=3.2.1-r4 libxml2-dev=2.9.7-r0 && \
-    gem install chef:13.8.5 berkshelf:6.3.1 io-console:0.4.6 --no-document
+    gem install chef:13.8.5 berkshelf:6.3.1 io-console:0.4.6 --no-document && \
+    echo "http://nl.alpinelinux.org/alpine/edge/main" >> /etc/apk/repositories && \
+    apk update && \
+    apk add binutils=2.30-r1 libtasn1=4.13-r0

diff --git a/base_sdc-elasticsearch/Dockerfile b/base_sdc-elasticsearch/Dockerfile
index 8cbfeb2..045cc4c 100644 (file)
--- a/base_sdc-elasticsearch/Dockerfile
+++ b/base_sdc-elasticsearch/Dockerfile
@@ -5,4 +5,7 @@ RUN mkdir -p /var/chef/nodes
 # Install Chef
 RUN set -ex && \
     apk add --no-cache curl vim bash=4.4.12-r2 build-base=0.5-r0 ruby=2.4.4-r0 ruby-dev=2.4.4-r0 libffi-dev=3.2.1-r4 libxml2-dev=2.9.7-r0 && \
-    gem install chef:13.8.5 berkshelf:6.3.1 io-console:0.4.6 --no-document
+    gem install chef:13.8.5 berkshelf:6.3.1 io-console:0.4.6 --no-document && \
+    echo "http://nl.alpinelinux.org/alpine/edge/main" >> /etc/apk/repositories && \
+    apk update && \
+    apk add binutils=2.30-r1 curl=7.59.0-r1 libcurl=7.59.0-r1 libtasn1=4.13-r0

diff --git a/base_sdc-jetty/Dockerfile b/base_sdc-jetty/Dockerfile
index 84d9ee1..d7be282 100644 (file)
--- a/base_sdc-jetty/Dockerfile
+++ b/base_sdc-jetty/Dockerfile
@@ -21,7 +21,10 @@ RUN set -ex && \
         chef:13.8.5 \
         berkshelf:6.3.1 \
         io-console:0.4.6 \
-        --no-document
+        --no-document && \
+    echo "http://nl.alpinelinux.org/alpine/edge/main" >> /etc/apk/repositories && \
+    apk update && \
+    apk add binutils=2.30-r1 jq=1.6_rc1-r1 libtasn1=4.13-r0
 
 # Replace Jetty user ID
 COPY set_jetty_user.sh /tmp/set_jetty_user.sh

diff --git a/base_sdc-python/Dockerfile b/base_sdc-python/Dockerfile
index f572933..7f6a8c4 100644 (file)
--- a/base_sdc-python/Dockerfile
+++ b/base_sdc-python/Dockerfile
@@ -11,4 +11,7 @@ ENV PYCURL_SSL_LIBRARY=openssl
 RUN pip install 'influxdb==5.0.0' 'pycurl== 7.43.0.1' 'requests==2.18.4' &&  \
     set -ex && \
     apk add --no-cache bash=4.3.42-r5 ruby=2.3.7-r0 ruby-dev=2.3.7-r0 libffi-dev=3.2.1-r2 libxml2-dev=2.9.5-r0 && \
-    gem install chef:13.8.5 berkshelf:6.3.1 io-console:0.4.6 --no-document
+    gem install chef:13.8.5 berkshelf:6.3.1 io-console:0.4.6 --no-document && \
+    echo "http://nl.alpinelinux.org/alpine/edge/main" >> /etc/apk/repositories && \
+    apk update && \
+    apk add binutils=2.30-r1 jq=1.6_rc1-r1 libpng=1.6.34-r1

diff --git a/base_sdc-sanity/Dockerfile b/base_sdc-sanity/Dockerfile
index ce53b20..6eac58d 100644 (file)
--- a/base_sdc-sanity/Dockerfile
+++ b/base_sdc-sanity/Dockerfile
@@ -3,4 +3,7 @@ FROM openjdk:8-jdk-alpine
 # Install Chef
 RUN set -ex && \
     apk add --no-cache curl vim bash=4.4.19-r1 build-base=0.5-r0 ruby=2.4.4-r0 ruby-dev=2.4.4-r0 libffi-dev=3.2.1-r4 libxml2-dev=2.9.7-r0 && \
-    gem install chef:13.8.5 berkshelf:6.3.1 io-console:0.4.6 --no-document
+    gem install chef:13.8.5 berkshelf:6.3.1 io-console:0.4.6 --no-document && \
+    echo "http://nl.alpinelinux.org/alpine/edge/main" >> /etc/apk/repositories && \
+    apk update && \
+    apk add binutils=2.30-r1 curl=7.59.0-r1 libcurl=7.59.0-r1 libtasn1=4.13-r0