From 9a4f96ad187ac7e3abb34aac651de557b29947cf Mon Sep 17 00:00:00 2001
From: bunkerity <contact@bunkerity.com>
Date: Wed, 16 Dec 2020 15:40:38 +0100
Subject: [PATCH] fix CVE-2020-1971

---
 Dockerfile                  | 6 +++---
 Dockerfile-amd64            | 6 +++---
 Dockerfile-arm32v7          | 6 +++---
 Dockerfile-arm64v8          | 6 +++---
 Dockerfile-i386             | 6 +++---
 autoconf/Dockerfile         | 3 +++
 autoconf/Dockerfile-amd64   | 3 +++
 autoconf/Dockerfile-arm32v7 | 3 +++
 autoconf/Dockerfile-arm64v8 | 3 +++
 autoconf/Dockerfile-i386    | 3 +++
 ui/Dockerfile               | 3 +++
 ui/Dockerfile-amd64         | 3 +++
 ui/Dockerfile-arm32v7       | 3 +++
 ui/Dockerfile-arm64v8       | 3 +++
 ui/Dockerfile-i386          | 3 +++
 15 files changed, 45 insertions(+), 15 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 6b815ca..badf48f 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -20,10 +20,10 @@ COPY lua/ /opt/lua
 COPY crowdsec/ /opt/crowdsec
 
 COPY prepare.sh /tmp/prepare.sh
-RUN chmod +x /tmp/prepares.sh && /tmp/prepare.sh && rm -f /tmp/prepare.sh
+RUN chmod +x /tmp/prepare.sh && /tmp/prepare.sh && rm -f /tmp/prepare.sh
 
-# Fix CVE-2020-28928 & CVE-2020-8231
-RUN apk --no-cache add "musl-utils>1.1.24-r2" "curl>7.67.0-r1"
+# Fix CVE-2020-28928, CVE-2020-8231 & CVE-2020-1971
+RUN apk --no-cache add "musl-utils>1.1.24-r2" "curl>7.67.0-r1" "libcrypto1.1>1.1.1g-r0"
 
 VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs /cache
 
diff --git a/Dockerfile-amd64 b/Dockerfile-amd64
index c886b2a..4a2389f 100644
--- a/Dockerfile-amd64
+++ b/Dockerfile-amd64
@@ -20,10 +20,10 @@ COPY lua/ /opt/lua
 COPY crowdsec/ /opt/crowdsec
 
 COPY prepare.sh /tmp/prepare.sh
-RUN chmod +x /tmp/prepares.sh && /tmp/prepare.sh && rm -f /tmp/prepare.sh
+RUN chmod +x /tmp/prepare.sh && /tmp/prepare.sh && rm -f /tmp/prepare.sh
 
-# Fix CVE-2020-28928 & CVE-2020-8231
-RUN apk --no-cache add "musl-utils>1.1.24-r2" "curl>7.67.0-r1"
+# Fix CVE-2020-28928, CVE-2020-8231 & CVE-2020-1971
+RUN apk --no-cache add "musl-utils>1.1.24-r2" "curl>7.67.0-r1" "libcrypto1.1>1.1.1g-r0"
 
 VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs /cache
 
diff --git a/Dockerfile-arm32v7 b/Dockerfile-arm32v7
index 0ad0cc8..021e626 100644
--- a/Dockerfile-arm32v7
+++ b/Dockerfile-arm32v7
@@ -27,10 +27,10 @@ COPY lua/ /opt/lua
 COPY crowdsec/ /opt/crowdsec
 
 COPY prepare.sh /tmp/prepare.sh
-RUN chmod +x /tmp/prepares.sh && /tmp/prepare.sh && rm -f /tmp/prepare.sh
+RUN chmod +x /tmp/prepare.sh && /tmp/prepare.sh && rm -f /tmp/prepare.sh
 
-# Fix CVE-2020-28928 & CVE-2020-8231
-RUN apk --no-cache add "musl-utils>1.1.24-r2" "curl>7.67.0-r1"
+# Fix CVE-2020-28928, CVE-2020-8231 & CVE-2020-1971
+RUN apk --no-cache add "musl-utils>1.1.24-r2" "curl>7.67.0-r1" "libcrypto1.1>1.1.1g-r0"
 
 VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs /cache
 
diff --git a/Dockerfile-arm64v8 b/Dockerfile-arm64v8
index 7d926d7..8987671 100644
--- a/Dockerfile-arm64v8
+++ b/Dockerfile-arm64v8
@@ -27,10 +27,10 @@ COPY lua/ /opt/lua
 COPY crowdsec/ /opt/crowdsec
 
 COPY prepare.sh /tmp/prepare.sh
-RUN chmod +x /tmp/prepares.sh && /tmp/prepare.sh && rm -f /tmp/prepare.sh
+RUN chmod +x /tmp/prepare.sh && /tmp/prepare.sh && rm -f /tmp/prepare.sh
 
-# Fix CVE-2020-28928 & CVE-2020-8231
-RUN apk --no-cache add "musl-utils>1.1.24-r2" "curl>7.67.0-r1"
+# Fix CVE-2020-28928, CVE-2020-8231 & CVE-2020-1971
+RUN apk --no-cache add "musl-utils>1.1.24-r2" "curl>7.67.0-r1" "libcrypto1.1>1.1.1g-r0"
 
 VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs /cache
 
diff --git a/Dockerfile-i386 b/Dockerfile-i386
index b336e59..6eb0fb8 100644
--- a/Dockerfile-i386
+++ b/Dockerfile-i386
@@ -20,10 +20,10 @@ COPY lua/ /opt/lua
 COPY crowdsec/ /opt/crowdsec
 
 COPY prepare.sh /tmp/prepare.sh
-RUN chmod +x /tmp/prepares.sh && /tmp/prepare.sh && rm -f /tmp/prepare.sh
+RUN chmod +x /tmp/prepare.sh && /tmp/prepare.sh && rm -f /tmp/prepare.sh
 
-# Fix CVE-2020-28928 & CVE-2020-8231
-RUN apk --no-cache add "musl-utils>1.1.24-r2" "curl>7.67.0-r1"
+# Fix CVE-2020-28928, CVE-2020-8231 & CVE-2020-1971
+RUN apk --no-cache add "musl-utils>1.1.24-r2" "curl>7.67.0-r1" "libcrypto1.1>1.1.1g-r0"
 
 VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs /cache
 
diff --git a/autoconf/Dockerfile b/autoconf/Dockerfile
index 479f4a3..d2eba01 100644
--- a/autoconf/Dockerfile
+++ b/autoconf/Dockerfile
@@ -10,6 +10,9 @@ COPY entrypoint/* /opt/entrypoint/
 COPY autoconf/* /opt/entrypoint/
 RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh
 
+# Fix CVE-2020-1971
+RUN apk add "libcrypto1.1>1.1.1g-r0"
+
 VOLUME /etc/nginx
 
 ENTRYPOINT ["/opt/entrypoint/entrypoint.py"]
diff --git a/autoconf/Dockerfile-amd64 b/autoconf/Dockerfile-amd64
index 5cb2449..2cf31d4 100644
--- a/autoconf/Dockerfile-amd64
+++ b/autoconf/Dockerfile-amd64
@@ -10,6 +10,9 @@ COPY entrypoint/* /opt/entrypoint/
 COPY autoconf/* /opt/entrypoint/
 RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh
 
+# Fix CVE-2020-1971
+RUN apk add "libcrypto1.1>1.1.1g-r0"
+
 VOLUME /etc/nginx
 
 ENTRYPOINT ["/opt/entrypoint/entrypoint.py"]
diff --git a/autoconf/Dockerfile-arm32v7 b/autoconf/Dockerfile-arm32v7
index e8450b8..a9a1827 100644
--- a/autoconf/Dockerfile-arm32v7
+++ b/autoconf/Dockerfile-arm32v7
@@ -17,6 +17,9 @@ COPY entrypoint/* /opt/entrypoint/
 COPY autoconf/* /opt/entrypoint/
 RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh
 
+# Fix CVE-2020-1971
+RUN apk add "libcrypto1.1>1.1.1g-r0"
+
 VOLUME /etc/nginx
 
 ENTRYPOINT ["/opt/entrypoint/entrypoint.py"]
diff --git a/autoconf/Dockerfile-arm64v8 b/autoconf/Dockerfile-arm64v8
index 227058a..ec4bc84 100644
--- a/autoconf/Dockerfile-arm64v8
+++ b/autoconf/Dockerfile-arm64v8
@@ -17,6 +17,9 @@ COPY entrypoint/* /opt/entrypoint/
 COPY autoconf/* /opt/entrypoint/
 RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh
 
+# Fix CVE-2020-1971
+RUN apk add "libcrypto1.1>1.1.1g-r0"
+
 VOLUME /etc/nginx
 
 ENTRYPOINT ["/opt/entrypoint/entrypoint.py"]
diff --git a/autoconf/Dockerfile-i386 b/autoconf/Dockerfile-i386
index 2827599..45b60b2 100644
--- a/autoconf/Dockerfile-i386
+++ b/autoconf/Dockerfile-i386
@@ -10,6 +10,9 @@ COPY entrypoint/* /opt/entrypoint/
 COPY autoconf/* /opt/entrypoint/
 RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh
 
+# Fix CVE-2020-1971
+RUN apk add "libcrypto1.1>1.1.1g-r0"
+
 VOLUME /etc/nginx
 
 ENTRYPOINT ["/opt/entrypoint/entrypoint.py"]
diff --git a/ui/Dockerfile b/ui/Dockerfile
index 8ad0c06..2d5b813 100644
--- a/ui/Dockerfile
+++ b/ui/Dockerfile
@@ -10,6 +10,9 @@ COPY entrypoint/* /opt/entrypoint/
 COPY ui/ /opt/entrypoint/
 RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh
 
+# Fix CVE-2020-1971
+RUN apk add "libcrypto1.1>1.1.1g-r0"
+
 VOLUME /etc/nginx
 
 EXPOSE 5000
diff --git a/ui/Dockerfile-amd64 b/ui/Dockerfile-amd64
index aa06df5..811b19d 100644
--- a/ui/Dockerfile-amd64
+++ b/ui/Dockerfile-amd64
@@ -10,6 +10,9 @@ COPY entrypoint/* /opt/entrypoint/
 COPY ui/ /opt/entrypoint/
 RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh
 
+# Fix CVE-2020-1971
+RUN apk add "libcrypto1.1>1.1.1g-r0"
+
 VOLUME /etc/nginx
 
 EXPOSE 5000
diff --git a/ui/Dockerfile-arm32v7 b/ui/Dockerfile-arm32v7
index 646e93c..55e072e 100644
--- a/ui/Dockerfile-arm32v7
+++ b/ui/Dockerfile-arm32v7
@@ -17,6 +17,9 @@ COPY entrypoint/* /opt/entrypoint/
 COPY ui/ /opt/entrypoint/
 RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh
 
+# Fix CVE-2020-1971
+RUN apk add "libcrypto1.1>1.1.1g-r0"
+
 VOLUME /etc/nginx
 
 EXPOSE 5000
diff --git a/ui/Dockerfile-arm64v8 b/ui/Dockerfile-arm64v8
index 859f0d0..738f3c5 100644
--- a/ui/Dockerfile-arm64v8
+++ b/ui/Dockerfile-arm64v8
@@ -17,6 +17,9 @@ COPY entrypoint/* /opt/entrypoint/
 COPY ui/ /opt/entrypoint/
 RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh
 
+# Fix CVE-2020-1971
+RUN apk add "libcrypto1.1>1.1.1g-r0"
+
 VOLUME /etc/nginx
 
 EXPOSE 5000
diff --git a/ui/Dockerfile-i386 b/ui/Dockerfile-i386
index 53471b4..adb6457 100644
--- a/ui/Dockerfile-i386
+++ b/ui/Dockerfile-i386
@@ -10,6 +10,9 @@ COPY entrypoint/* /opt/entrypoint/
 COPY ui/ /opt/entrypoint/
 RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh
 
+# Fix CVE-2020-1971
+RUN apk add "libcrypto1.1>1.1.1g-r0"
+
 VOLUME /etc/nginx
 
 EXPOSE 5000