The Wayback Machine - https://web.archive.org/web/20251015091220/https://github.com/docker/docker-ce-packaging/pull/924
Skip to content

bump compose to v2.20.2 #924

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 19, 2023
Merged

bump compose to v2.20.2 #924

merged 1 commit into from
Jul 19, 2023

Conversation

glours
Copy link
Contributor

@glours glours commented Jul 19, 2023
edited by neersighted
Loading

...

@glours glours requested a review from a team July 19, 2023 12:58
@neersighted neersighted enabled auto-merge July 19, 2023 13:12
@neersighted
Copy link
Member

Re-opening to kick over CI.

auto-merge was automatically disabled July 19, 2023 15:59

Pull request was closed

@neersighted neersighted reopened this Jul 19, 2023
@neersighted
Copy link
Member

neersighted commented Jul 19, 2023
edited
Loading

Okay, trying to edit the PR body to see if that kicks Jenkins.

Edit: title, maybe?
Edit2: no, so I'm re-committing the change and force-pushing

@neersighted neersighted changed the title bump compose version to v2.20.2 bump compose to v2.20.2 Jul 19, 2023
@glours @neersighted
bump compose version to v2.20.2
cc74e86 
Signed-off-by: Guillaume Lours <705411+glours@users.noreply.github.com>
@neersighted neersighted force-pushed the bump-compose-2.20.2 branch from 43d9496 to cc74e86 Compare July 19, 2023 16:01
@neersighted
Copy link
Member

It looks like this is failing CI to due a regression in Jammy's curl:

curl -fsSL https://download.docker.com/
curl: (60) SSL: no alternative certificate subject name matches target host name 'download.docker.com'
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

curl (7.81.0-1ubuntu1.11) jammy-security; urgency=medium

  * SECURITY UPDATE: improper certificate validation vulnerability
    - debian/patches/CVE-2023-28321.patch: fix host name wildcard checking
      in lib/hostcheck.c, tests/data/test1397, tests/unit/unit1397.c.
    - CVE-2023-28321
  * SECURITY UPDATE: information disclosure vulnerability
    - debian/patches/CVE-2023-28322.patch: unify the upload/method handling
      in lib/curl_rtmp.c, lib/file.c, lib/ftp.c, lib/http.c, lib/imap.c,
      lib/rtsp.c, lib/setopt.c, lib/smb.c, lib/smtp.c, lib/tftp.c,
      lib/transfer.c, lib/urldata.h, lib/vssh/libssh.c, lib/vssh/libssh2.c,
      lib/vssh/wolfssh.c.
    - CVE-2023-28322

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Mon, 17 Jul 2023 10:25:41 -0400

(from https://changelogs.ubuntu.com/changelogs/pool/main/c/curl/curl_7.81.0-1ubuntu1.11/changelog)

@thaJeztah
Copy link
Member

Yay. cURL is broken

curl -fsSL https://download.docker.com
curl: (60) SSL: no alternative certificate subject name matches target host name 'download.docker.com'
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

Works with wget

wget -O- -q https://download.docker.com
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Index of /</title>
</head>
<body>
<h1>Index of /</h1>
<hr>
<pre>
<a href="linux">linux/</a>
<a href="mac">mac/</a>
<a href="win">win/</a>
</pre><hr></body></html>

Likely suspect https://changelogs.ubuntu.com/changelogs/pool/main/c/curl/curl_7.81.0-1ubuntu1.11/changelog

curl (7.81.0-1ubuntu1.11) jammy-security; urgency=medium

  * SECURITY UPDATE: improper certificate validation vulnerability
    - debian/patches/CVE-2023-28321.patch: fix host name wildcard checking
      in lib/hostcheck.c, tests/data/test1397, tests/unit/unit1397.c.
    - CVE-2023-28321
  * SECURITY UPDATE: information disclosure vulnerability
    - debian/patches/CVE-2023-28322.patch: unify the upload/method handling
      in lib/curl_rtmp.c, lib/file.c, lib/ftp.c, lib/http.c, lib/imap.c,
      lib/rtsp.c, lib/setopt.c, lib/smb.c, lib/smtp.c, lib/tftp.c,
      lib/transfer.c, lib/urldata.h, lib/vssh/libssh.c, lib/vssh/libssh2.c,
      lib/vssh/wolfssh.c.
    - CVE-2023-28322

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Mon, 17 Jul 2023 10:25:41 -0400

@thaJeztah
Copy link
Member

Ah, race condition 😂

@neersighted
Copy link
Member

Upstream bug is tracked at https://bugs.launchpad.net/ubuntu/+source/curl/+bug/2028188

@neersighted
Copy link
Member

Force merging as the cause of the Jammy failure is well understood (though this will still block the overall releng pipeline).

@neersighted neersighted merged commit fc2bbac into docker:master Jul 19, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@neersighted neersighted neersighted approved these changes

+1 more reviewer

@laurazard laurazard laurazard approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@glours @neersighted @thaJeztah @laurazard