From 416467f6ead98f82342e8a926dc6e06f36dfbd56 Mon Sep 17 00:00:00 2001
From: Sam Saffron <sam.saffron@gmail.com>
Date: Fri, 4 Oct 2019 09:59:17 +1000
Subject: [PATCH] SECURITY: base image updates

- Ruby upgraded from 2.6.4 -> 2.6.5 to address CVEs
- Image Magick from 7.0.8-61 -> 66
- NGINX 1.17.3 -> 4 (bug fixes only)
---
 image/base/Dockerfile          | 4 ++--
 image/base/install-imagemagick | 2 +-
 image/base/install-nginx       | 4 ++--
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/image/base/Dockerfile b/image/base/Dockerfile
index f62e491..507c1c6 100644
--- a/image/base/Dockerfile
+++ b/image/base/Dockerfile
@@ -70,12 +70,12 @@ RUN mkdir /jemalloc-new && cd /jemalloc-new &&\
 RUN echo 'gem: --no-document' >> /usr/local/etc/gemrc &&\
     mkdir /src && cd /src && git clone https://github.com/sstephenson/ruby-build.git &&\
     cd /src/ruby-build && ./install.sh &&\
-    cd / && rm -rf /src/ruby-build && (ruby-build 2.6.4 /usr/local)
+    cd / && rm -rf /src/ruby-build && (ruby-build 2.6.5 /usr/local)
 
 RUN gem update --system
 
 RUN gem install bundler --force &&\
-    rm -rf /usr/local/share/ri/2.6.4/system &&\
+    rm -rf /usr/local/share/ri/2.6.5/system &&\
     cd / && git clone https://github.com/discourse/pups.git
 
 ADD install-redis /tmp/install-redis
diff --git a/image/base/install-imagemagick b/image/base/install-imagemagick
index 9fa7929..31f6dcc 100755
--- a/image/base/install-imagemagick
+++ b/image/base/install-imagemagick
@@ -1,7 +1,7 @@
 #!/bin/bash
 set -o errexit
 
-IMAGE_MAGICK_VERSION="7.0.8-61"
+IMAGE_MAGICK_VERSION="7.0.8-66"
 LIBPNG_VERSION="1.6.37"
 
 PREFIX=/usr/local
diff --git a/image/base/install-nginx b/image/base/install-nginx
index 6a33475..7b91333 100755
--- a/image/base/install-nginx
+++ b/image/base/install-nginx
@@ -1,6 +1,6 @@
 #!/bin/bash
 set -e
-VERSION=1.17.3
+VERSION=1.17.4
 cd /tmp
 
 apt install -y autoconf
@@ -41,4 +41,4 @@ cd /
 rm -fr /tmp/nginx
 rm -fr /tmp/libbrotli
 rm -fr /tmp/ngx_brotli
-rm -fr /etc/nginx/modules-enabled/*
\ No newline at end of file
+rm -fr /etc/nginx/modules-enabled/*
-- 
2.25.1