Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security releases: 6.15.0, 8.14.0, 10.14.0, 11.3.0 #938

Merged
merged 2 commits into from
Nov 28, 2018
Merged

Security releases: 6.15.0, 8.14.0, 10.14.0, 11.3.0 #938

merged 2 commits into from
Nov 28, 2018

Conversation

rvagg
Copy link
Member

@rvagg rvagg commented Nov 28, 2018

Ref: https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/

I backed out this which came with update.sh:

diff --git a/chakracore/8/Dockerfile b/chakracore/8/Dockerfile
index b268bee..eab52f0 100644
--- a/chakracore/8/Dockerfile
+++ b/chakracore/8/Dockerfile
@@ -1,4 +1,4 @@
-FROM buildpack-deps:jessie
+FROM buildpack-deps:stretch

I don't want to be responsible for that change when chakracore/8 isn't touched by this yet.

@rvagg rvagg requested review from PeterDaveHello, LaurentGoderre and chorrell and removed request for PeterDaveHello and LaurentGoderre November 28, 2018 01:33
@tianon tianon mentioned this pull request Nov 28, 2018
Closed
nschonni
nschonni reviewed Nov 28, 2018
View reviewed changes
@rvagg rvagg merged commit 0aae692 into master Nov 28, 2018
@rvagg rvagg deleted the rvagg/nov-2018-sec branch November 28, 2018 02:19
@tianon
Copy link
Contributor

tianon commented Nov 28, 2018

Uh, this is definitely way more than it was supposed to be. This should be reverted and re-made with just the minimal changes (which I was working on a simplified version of when this merged).

@tianon
Copy link
Contributor

tianon commented Nov 28, 2018

This is what I expected for this PR to be:

diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile
index df71708..8921b4f 100644
--- a/10/alpine/Dockerfile
+++ b/10/alpine/Dockerfile
@@ -1,6 +1,6 @@
 FROM alpine:3.8
 
-ENV NODE_VERSION 10.13.0
+ENV NODE_VERSION 10.14.0
 
 RUN addgroup -g 1000 node \
     && adduser -u 1000 -G node -s /bin/sh -D node \
diff --git a/10/jessie/Dockerfile b/10/jessie/Dockerfile
index 136020c..906d3bf 100644
--- a/10/jessie/Dockerfile
+++ b/10/jessie/Dockerfile
@@ -21,7 +21,7 @@ RUN set -ex \
     gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \
   done
 
-ENV NODE_VERSION 10.13.0
+ENV NODE_VERSION 10.14.0
 
 RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
   && case "${dpkgArch##*-}" in \
diff --git a/10/slim/Dockerfile b/10/slim/Dockerfile
index a40442e..b509d27 100644
--- a/10/slim/Dockerfile
+++ b/10/slim/Dockerfile
@@ -21,7 +21,7 @@ RUN set -ex \
     gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \
   done
 
-ENV NODE_VERSION 10.13.0
+ENV NODE_VERSION 10.14.0
 
 RUN buildDeps='xz-utils' \
     && ARCH= && dpkgArch="$(dpkg --print-architecture)" \
diff --git a/10/stretch/Dockerfile b/10/stretch/Dockerfile
index f1519c4..8ecd535 100644
--- a/10/stretch/Dockerfile
+++ b/10/stretch/Dockerfile
@@ -21,7 +21,7 @@ RUN set -ex \
     gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \
   done
 
-ENV NODE_VERSION 10.13.0
+ENV NODE_VERSION 10.14.0
 
 RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
   && case "${dpkgArch##*-}" in \
diff --git a/11/alpine/Dockerfile b/11/alpine/Dockerfile
index b3ba9da..bb612d2 100644
--- a/11/alpine/Dockerfile
+++ b/11/alpine/Dockerfile
@@ -1,6 +1,6 @@
 FROM alpine:3.8
 
-ENV NODE_VERSION 11.2.0
+ENV NODE_VERSION 11.3.0
 
 RUN addgroup -g 1000 node \
     && adduser -u 1000 -G node -s /bin/sh -D node \
diff --git a/11/slim/Dockerfile b/11/slim/Dockerfile
index 05f8464..1c72a09 100644
--- a/11/slim/Dockerfile
+++ b/11/slim/Dockerfile
@@ -3,7 +3,7 @@ FROM debian:stretch-slim
 RUN groupadd --gid 1000 node \
   && useradd --uid 1000 --gid node --shell /bin/bash --create-home node
 
-ENV NODE_VERSION 11.2.0
+ENV NODE_VERSION 11.3.0
 
 RUN buildDeps='xz-utils' \
     && ARCH= && dpkgArch="$(dpkg --print-architecture)" \
diff --git a/11/stretch/Dockerfile b/11/stretch/Dockerfile
index 699ea2b..b51672a 100644
--- a/11/stretch/Dockerfile
+++ b/11/stretch/Dockerfile
@@ -3,7 +3,7 @@ FROM buildpack-deps:stretch
 RUN groupadd --gid 1000 node \
   && useradd --uid 1000 --gid node --shell /bin/bash --create-home node
 
-ENV NODE_VERSION 11.2.0
+ENV NODE_VERSION 11.3.0
 
 RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
   && case "${dpkgArch##*-}" in \
diff --git a/6/alpine/Dockerfile b/6/alpine/Dockerfile
index 319aa99..dca3ebd 100644
--- a/6/alpine/Dockerfile
+++ b/6/alpine/Dockerfile
@@ -1,6 +1,6 @@
 FROM alpine:3.4
 
-ENV NODE_VERSION 6.14.4
+ENV NODE_VERSION 6.15.0
 
 RUN addgroup -g 1000 node \
     && adduser -u 1000 -G node -s /bin/sh -D node \
diff --git a/6/jessie/Dockerfile b/6/jessie/Dockerfile
index 88aa054..905eef5 100644
--- a/6/jessie/Dockerfile
+++ b/6/jessie/Dockerfile
@@ -21,7 +21,7 @@ RUN set -ex \
     gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \
   done
 
-ENV NODE_VERSION 6.14.4
+ENV NODE_VERSION 6.15.0
 
 RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
   && case "${dpkgArch##*-}" in \
diff --git a/6/onbuild/Dockerfile b/6/onbuild/Dockerfile
index 870322a..cc0b0cf 100644
--- a/6/onbuild/Dockerfile
+++ b/6/onbuild/Dockerfile
@@ -1,4 +1,4 @@
-FROM node:6.14.4-jessie
+FROM node:6.15.0-jessie
 
 RUN mkdir -p /usr/src/app
 WORKDIR /usr/src/app
diff --git a/6/slim/Dockerfile b/6/slim/Dockerfile
index 10a8e81..0ce6682 100644
--- a/6/slim/Dockerfile
+++ b/6/slim/Dockerfile
@@ -21,7 +21,7 @@ RUN set -ex \
     gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \
   done
 
-ENV NODE_VERSION 6.14.4
+ENV NODE_VERSION 6.15.0
 
 RUN buildDeps='xz-utils' \
     && ARCH= && dpkgArch="$(dpkg --print-architecture)" \
diff --git a/6/stretch/Dockerfile b/6/stretch/Dockerfile
index b86bf27..da636cc 100644
--- a/6/stretch/Dockerfile
+++ b/6/stretch/Dockerfile
@@ -21,7 +21,7 @@ RUN set -ex \
     gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \
   done
 
-ENV NODE_VERSION 6.14.4
+ENV NODE_VERSION 6.15.0
 
 RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
   && case "${dpkgArch##*-}" in \
diff --git a/8/alpine/Dockerfile b/8/alpine/Dockerfile
index 5b8de8d..ce0d274 100644
--- a/8/alpine/Dockerfile
+++ b/8/alpine/Dockerfile
@@ -1,6 +1,6 @@
 FROM alpine:3.8
 
-ENV NODE_VERSION 8.13.0
+ENV NODE_VERSION 8.14.0
 
 RUN addgroup -g 1000 node \
     && adduser -u 1000 -G node -s /bin/sh -D node \
diff --git a/8/jessie/Dockerfile b/8/jessie/Dockerfile
index ae8b16a..192d64b 100644
--- a/8/jessie/Dockerfile
+++ b/8/jessie/Dockerfile
@@ -3,7 +3,7 @@ FROM buildpack-deps:jessie
 RUN groupadd --gid 1000 node \
   && useradd --uid 1000 --gid node --shell /bin/bash --create-home node
 
-ENV NODE_VERSION 8.13.0
+ENV NODE_VERSION 8.14.0
 
 RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
   && case "${dpkgArch##*-}" in \
diff --git a/8/onbuild/Dockerfile b/8/onbuild/Dockerfile
index 37fbfc7..2e18ece 100644
--- a/8/onbuild/Dockerfile
+++ b/8/onbuild/Dockerfile
@@ -1,4 +1,4 @@
-FROM node:8.13.0-stretch
+FROM node:8.14.0-stretch
 
 RUN mkdir -p /usr/src/app
 WORKDIR /usr/src/app
diff --git a/8/slim/Dockerfile b/8/slim/Dockerfile
index 8f3fc75..d30c786 100644
--- a/8/slim/Dockerfile
+++ b/8/slim/Dockerfile
@@ -3,7 +3,7 @@ FROM debian:stretch-slim
 RUN groupadd --gid 1000 node \
   && useradd --uid 1000 --gid node --shell /bin/bash --create-home node
 
-ENV NODE_VERSION 8.13.0
+ENV NODE_VERSION 8.14.0
 
 RUN buildDeps='xz-utils' \
     && ARCH= && dpkgArch="$(dpkg --print-architecture)" \
diff --git a/8/stretch/Dockerfile b/8/stretch/Dockerfile
index 85d7e5a..e15dfc3 100644
--- a/8/stretch/Dockerfile
+++ b/8/stretch/Dockerfile
@@ -3,7 +3,7 @@ FROM buildpack-deps:stretch
 RUN groupadd --gid 1000 node \
   && useradd --uid 1000 --gid node --shell /bin/bash --create-home node
 
-ENV NODE_VERSION 8.13.0
+ENV NODE_VERSION 8.14.0
 
 RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
   && case "${dpkgArch##*-}" in \

tianon added a commit to tianon/docker-node that referenced this pull request Nov 28, 2018
@tianon
Revert "Security releases: 6.15.0, 8.14.0, 10.14.0, 11.3.0 (nodejs#938)"
d2cab2e 
This reverts commit 0aae692.
@tianon tianon mentioned this pull request Nov 28, 2018
Merged
@rvagg
Copy link
Member Author

rvagg commented Nov 28, 2018

@nodejs/docker what did I get wrong here? I ran ./update.sh -s as per https://github.com/nodejs/security-wg/blob/master/processes/security_release_process.md but it's pulled in a bunch of extra cruft.

SimenB pushed a commit that referenced this pull request Nov 28, 2018
@tianon @SimenB
Revert and re-apply security bump with ONLY version bumps (#939)
ed3e882 
This is the result of applying a revert of #938 (d2cab2e) followed by applying my simplified "bump-only" patch from #938 (comment) (a1ad45a).
@SimenB
Copy link
Member

SimenB commented Nov 28, 2018
edited
Loading

@rvagg I don't think you did anything wrong.

So I think the changes in this PR are actually more correct, but they are more noisy than they should be since the files were not synced with the update script before the version bump. That's on us, sorry!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yosifkit yosifkit yosifkit left review comments

@nschonni nschonni nschonni left review comments

@LaurentGoderre LaurentGoderre LaurentGoderre approved these changes

@PeterDaveHello PeterDaveHello Awaiting requested review from PeterDaveHello

@chorrell chorrell Awaiting requested review from chorrell

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@rvagg @tianon @SimenB @yosifkit @LaurentGoderre @nschonni