From d7c6f672da46f7b1ed48af35d0513b931a66b0cb Mon Sep 17 00:00:00 2001 From: epiphyte Date: Fri, 30 Aug 2024 16:09:17 +0000 Subject: [PATCH 1/3] Pin Python3.11 package to 3.11.2-6+deb12u2 to avoid changes from CVE-2024-4032 --- python311/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/python311/Dockerfile b/python311/Dockerfile index dfb4702a..a8a7fdf6 100644 --- a/python311/Dockerfile +++ b/python311/Dockerfile @@ -19,8 +19,8 @@ RUN set -ex \ && apt-get clean \ && apt-get update \ && apt-get -y upgrade \ - && apt-get install -y locales curl tini nano python3.11 python3.11-distutils \ - && apt-get install -y build-essential python3.11-dev \ + && apt-get install -y locales curl tini nano "python3.11=3.11.2-6+deb12u2" "python3.11-minimal=3.11.2-6+deb12u2" "libpython3.11-stdlib=3.11.2-6+deb12u2" "libpython3.11-minimal=3.11.2-6+deb12u2" python3-disutils \ + && apt-get install -y build-essential "python3.11-dev=3.11.2-6+deb12u2" "libpython3.11-dev=3.11.2-6+deb12u2" "libpython3.11=3.11.2-6+deb12u2" \ # Setup python /pip && update-alternatives --install /usr/bin/python python /usr/bin/python3.11 1 \ && update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.11 1 \ From 13b1dd5384167ca0ec331d14a6ae30c0b1780e05 Mon Sep 17 00:00:00 2001 From: epiphyte Date: Fri, 30 Aug 2024 16:13:43 +0000 Subject: [PATCH 2/3] fix distutils --- python311/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python311/Dockerfile b/python311/Dockerfile index a8a7fdf6..39e55c68 100644 --- a/python311/Dockerfile +++ b/python311/Dockerfile @@ -19,7 +19,7 @@ RUN set -ex \ && apt-get clean \ && apt-get update \ && apt-get -y upgrade \ - && apt-get install -y locales curl tini nano "python3.11=3.11.2-6+deb12u2" "python3.11-minimal=3.11.2-6+deb12u2" "libpython3.11-stdlib=3.11.2-6+deb12u2" "libpython3.11-minimal=3.11.2-6+deb12u2" python3-disutils \ + && apt-get install -y locales curl tini nano "python3.11=3.11.2-6+deb12u2" "python3.11-minimal=3.11.2-6+deb12u2" "libpython3.11-stdlib=3.11.2-6+deb12u2" "libpython3.11-minimal=3.11.2-6+deb12u2" python3.11-disutils \ && apt-get install -y build-essential "python3.11-dev=3.11.2-6+deb12u2" "libpython3.11-dev=3.11.2-6+deb12u2" "libpython3.11=3.11.2-6+deb12u2" \ # Setup python /pip && update-alternatives --install /usr/bin/python python /usr/bin/python3.11 1 \ From 0f8f14c7c0cb411ac8b12864fc753e909b5d9f7b Mon Sep 17 00:00:00 2001 From: epiphyte Date: Fri, 30 Aug 2024 16:15:29 +0000 Subject: [PATCH 3/3] fix it again... --- python311/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python311/Dockerfile b/python311/Dockerfile index 39e55c68..a338f6d3 100644 --- a/python311/Dockerfile +++ b/python311/Dockerfile @@ -19,7 +19,7 @@ RUN set -ex \ && apt-get clean \ && apt-get update \ && apt-get -y upgrade \ - && apt-get install -y locales curl tini nano "python3.11=3.11.2-6+deb12u2" "python3.11-minimal=3.11.2-6+deb12u2" "libpython3.11-stdlib=3.11.2-6+deb12u2" "libpython3.11-minimal=3.11.2-6+deb12u2" python3.11-disutils \ + && apt-get install -y locales curl tini nano "python3.11=3.11.2-6+deb12u2" "python3.11-minimal=3.11.2-6+deb12u2" "libpython3.11-stdlib=3.11.2-6+deb12u2" "libpython3.11-minimal=3.11.2-6+deb12u2" python3.11-distutils \ && apt-get install -y build-essential "python3.11-dev=3.11.2-6+deb12u2" "libpython3.11-dev=3.11.2-6+deb12u2" "libpython3.11=3.11.2-6+deb12u2" \ # Setup python /pip && update-alternatives --install /usr/bin/python python /usr/bin/python3.11 1 \