fix CVE-2020-1971 again
This commit is contained in:
parent
9a4f96ad18
commit
c5b32dfc4c
|
@ -23,7 +23,7 @@ COPY prepare.sh /tmp/prepare.sh
|
|||
RUN chmod +x /tmp/prepare.sh && /tmp/prepare.sh && rm -f /tmp/prepare.sh
|
||||
|
||||
# Fix CVE-2020-28928, CVE-2020-8231 & CVE-2020-1971
|
||||
RUN apk --no-cache add "musl-utils>1.1.24-r2" "curl>7.67.0-r1" "libcrypto1.1>1.1.1g-r0"
|
||||
RUN apk --no-cache add "musl-utils>1.1.24-r2" "curl>7.67.0-r1" "libcrypto1.1>1.1.1g-r0" "libssl1.1>1.1.1g-r0"
|
||||
|
||||
VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs /cache
|
||||
|
||||
|
|
|
@ -23,7 +23,7 @@ COPY prepare.sh /tmp/prepare.sh
|
|||
RUN chmod +x /tmp/prepare.sh && /tmp/prepare.sh && rm -f /tmp/prepare.sh
|
||||
|
||||
# Fix CVE-2020-28928, CVE-2020-8231 & CVE-2020-1971
|
||||
RUN apk --no-cache add "musl-utils>1.1.24-r2" "curl>7.67.0-r1" "libcrypto1.1>1.1.1g-r0"
|
||||
RUN apk --no-cache add "musl-utils>1.1.24-r2" "curl>7.67.0-r1" "libcrypto1.1>1.1.1g-r0" "libssl1.1>1.1.1g-r0"
|
||||
|
||||
VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs /cache
|
||||
|
||||
|
|
|
@ -30,7 +30,7 @@ COPY prepare.sh /tmp/prepare.sh
|
|||
RUN chmod +x /tmp/prepare.sh && /tmp/prepare.sh && rm -f /tmp/prepare.sh
|
||||
|
||||
# Fix CVE-2020-28928, CVE-2020-8231 & CVE-2020-1971
|
||||
RUN apk --no-cache add "musl-utils>1.1.24-r2" "curl>7.67.0-r1" "libcrypto1.1>1.1.1g-r0"
|
||||
RUN apk --no-cache add "musl-utils>1.1.24-r2" "curl>7.67.0-r1" "libcrypto1.1>1.1.1g-r0" "libssl1.1>1.1.1g-r0"
|
||||
|
||||
VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs /cache
|
||||
|
||||
|
|
|
@ -30,7 +30,7 @@ COPY prepare.sh /tmp/prepare.sh
|
|||
RUN chmod +x /tmp/prepare.sh && /tmp/prepare.sh && rm -f /tmp/prepare.sh
|
||||
|
||||
# Fix CVE-2020-28928, CVE-2020-8231 & CVE-2020-1971
|
||||
RUN apk --no-cache add "musl-utils>1.1.24-r2" "curl>7.67.0-r1" "libcrypto1.1>1.1.1g-r0"
|
||||
RUN apk --no-cache add "musl-utils>1.1.24-r2" "curl>7.67.0-r1" "libcrypto1.1>1.1.1g-r0" "libssl1.1>1.1.1g-r0"
|
||||
|
||||
VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs /cache
|
||||
|
||||
|
|
|
@ -23,7 +23,7 @@ COPY prepare.sh /tmp/prepare.sh
|
|||
RUN chmod +x /tmp/prepare.sh && /tmp/prepare.sh && rm -f /tmp/prepare.sh
|
||||
|
||||
# Fix CVE-2020-28928, CVE-2020-8231 & CVE-2020-1971
|
||||
RUN apk --no-cache add "musl-utils>1.1.24-r2" "curl>7.67.0-r1" "libcrypto1.1>1.1.1g-r0"
|
||||
RUN apk --no-cache add "musl-utils>1.1.24-r2" "curl>7.67.0-r1" "libcrypto1.1>1.1.1g-r0" "libssl1.1>1.1.1g-r0"
|
||||
|
||||
VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs /cache
|
||||
|
||||
|
|
|
@ -11,7 +11,7 @@ COPY autoconf/* /opt/entrypoint/
|
|||
RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh
|
||||
|
||||
# Fix CVE-2020-1971
|
||||
RUN apk add "libcrypto1.1>1.1.1g-r0"
|
||||
RUN apk add "libcrypto1.1>1.1.1g-r0" "libssl1.1>1.1.1g-r0"
|
||||
|
||||
VOLUME /etc/nginx
|
||||
|
||||
|
|
|
@ -11,7 +11,7 @@ COPY autoconf/* /opt/entrypoint/
|
|||
RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh
|
||||
|
||||
# Fix CVE-2020-1971
|
||||
RUN apk add "libcrypto1.1>1.1.1g-r0"
|
||||
RUN apk add "libcrypto1.1>1.1.1g-r0" "libssl1.1>1.1.1g-r0"
|
||||
|
||||
VOLUME /etc/nginx
|
||||
|
||||
|
|
|
@ -18,7 +18,7 @@ COPY autoconf/* /opt/entrypoint/
|
|||
RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh
|
||||
|
||||
# Fix CVE-2020-1971
|
||||
RUN apk add "libcrypto1.1>1.1.1g-r0"
|
||||
RUN apk add "libcrypto1.1>1.1.1g-r0" "libssl1.1>1.1.1g-r0"
|
||||
|
||||
VOLUME /etc/nginx
|
||||
|
||||
|
|
|
@ -18,7 +18,7 @@ COPY autoconf/* /opt/entrypoint/
|
|||
RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh
|
||||
|
||||
# Fix CVE-2020-1971
|
||||
RUN apk add "libcrypto1.1>1.1.1g-r0"
|
||||
RUN apk add "libcrypto1.1>1.1.1g-r0" "libssl1.1>1.1.1g-r0"
|
||||
|
||||
VOLUME /etc/nginx
|
||||
|
||||
|
|
|
@ -11,7 +11,7 @@ COPY autoconf/* /opt/entrypoint/
|
|||
RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh
|
||||
|
||||
# Fix CVE-2020-1971
|
||||
RUN apk add "libcrypto1.1>1.1.1g-r0"
|
||||
RUN apk add "libcrypto1.1>1.1.1g-r0" "libssl1.1>1.1.1g-r0"
|
||||
|
||||
VOLUME /etc/nginx
|
||||
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
#!/bin/sh
|
||||
|
||||
# load some functions
|
||||
. /opt/scripts/utils.sh
|
||||
|
||||
job_log "[CERTBOT] certificates have been renewed"
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
#!/bin/sh
|
||||
|
||||
# load some functions
|
||||
. /opt/scripts/utils.sh
|
||||
|
||||
# ask new certificates if needed
|
||||
|
@ -10,13 +11,3 @@ if [ "$?" -eq 0 ] ; then
|
|||
else
|
||||
job_log "[CERTBOT] renew operation failed"
|
||||
fi
|
||||
|
||||
# fix rights
|
||||
chown -R root:nginx /etc/letsencrypt
|
||||
chmod -R 740 /etc/letsencrypt
|
||||
find /etc/letsencrypt -type d -exec chmod 750 {} \;
|
||||
|
||||
# reload nginx
|
||||
if [ -f /tmp/nginx.pid ] ; then
|
||||
/usr/sbin/nginx -s reload > /dev/null 2>&1
|
||||
fi
|
||||
|
|
|
@ -38,7 +38,6 @@ if [ "$lines" -gt 1 ] ; then
|
|||
fi
|
||||
else
|
||||
job_log "[BLACKLIST] can't update referrers list"
|
||||
|
||||
fi
|
||||
|
||||
rm -f /tmp/map-referrer.conf 2> /dev/null
|
||||
|
|
|
@ -40,7 +40,6 @@ if [ "$lines" -gt 1 ] ; then
|
|||
fi
|
||||
else
|
||||
job_log "[BLACKLIST] can't update user-agent list"
|
||||
|
||||
fi
|
||||
|
||||
rm -f /tmp/map-user-agent.conf 2> /dev/null
|
||||
|
|
|
@ -11,7 +11,7 @@ COPY ui/ /opt/entrypoint/
|
|||
RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh
|
||||
|
||||
# Fix CVE-2020-1971
|
||||
RUN apk add "libcrypto1.1>1.1.1g-r0"
|
||||
RUN apk add "libcrypto1.1>1.1.1g-r0" "libssl1.1>1.1.1g-r0"
|
||||
|
||||
VOLUME /etc/nginx
|
||||
|
||||
|
|
|
@ -11,7 +11,7 @@ COPY ui/ /opt/entrypoint/
|
|||
RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh
|
||||
|
||||
# Fix CVE-2020-1971
|
||||
RUN apk add "libcrypto1.1>1.1.1g-r0"
|
||||
RUN apk add "libcrypto1.1>1.1.1g-r0" "libssl1.1>1.1.1g-r0"
|
||||
|
||||
VOLUME /etc/nginx
|
||||
|
||||
|
|
|
@ -18,7 +18,7 @@ COPY ui/ /opt/entrypoint/
|
|||
RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh
|
||||
|
||||
# Fix CVE-2020-1971
|
||||
RUN apk add "libcrypto1.1>1.1.1g-r0"
|
||||
RUN apk add "libcrypto1.1>1.1.1g-r0" "libssl1.1>1.1.1g-r0"
|
||||
|
||||
VOLUME /etc/nginx
|
||||
|
||||
|
|
|
@ -18,7 +18,7 @@ COPY ui/ /opt/entrypoint/
|
|||
RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh
|
||||
|
||||
# Fix CVE-2020-1971
|
||||
RUN apk add "libcrypto1.1>1.1.1g-r0"
|
||||
RUN apk add "libcrypto1.1>1.1.1g-r0" "libssl1.1>1.1.1g-r0"
|
||||
|
||||
VOLUME /etc/nginx
|
||||
|
||||
|
|
|
@ -11,7 +11,7 @@ COPY ui/ /opt/entrypoint/
|
|||
RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh
|
||||
|
||||
# Fix CVE-2020-1971
|
||||
RUN apk add "libcrypto1.1>1.1.1g-r0"
|
||||
RUN apk add "libcrypto1.1>1.1.1g-r0" "libssl1.1>1.1.1g-r0"
|
||||
|
||||
VOLUME /etc/nginx
|
||||
|
||||
|
|
Loading…
Reference in New Issue