From 2ba9ecc35e2637d4862f697bcd5e3f6569e60fe5 Mon Sep 17 00:00:00 2001
From: andyzhangx <xiazhang@microsoft.com>
Date: Tue, 19 Apr 2022 10:48:37 +0000
Subject: [PATCH 1/3] fix: CVE-2022-1271 in image build

fix
---
 Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 0929790a..0bdabb2c 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-FROM k8s.gcr.io/build-image/debian-base:bullseye-v1.1.0
+FROM k8s.gcr.io/build-image/debian-base:bullseye-v1.2.0
 
 ARG ARCH
 ARG binary=./bin/${ARCH}/nfsplugin
@@ -21,6 +21,6 @@ COPY ${binary} /nfsplugin
 RUN apt update && apt-mark unhold libcap2
 RUN clean-install ca-certificates mount nfs-common netbase
 # install updated packages to fix CVE issues
-RUN clean-install libgmp10 bsdutils libssl1.1 openssl libc6 libc-bin libsystemd0 libudev1 zlib1g
+RUN clean-install zlib1g gzip liblzma5
 
 ENTRYPOINT ["/nfsplugin"]

From add37497aed87e15dbfb7c351797983dea602a1e Mon Sep 17 00:00:00 2001
From: andyzhangx <xiazhang@microsoft.com>
Date: Wed, 20 Apr 2022 08:33:20 +0000
Subject: [PATCH 2/3] chore: fix comments

---
 Dockerfile | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 0bdabb2c..4df5d012 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -18,9 +18,7 @@ ARG ARCH
 ARG binary=./bin/${ARCH}/nfsplugin
 COPY ${binary} /nfsplugin
 
-RUN apt update && apt-mark unhold libcap2
+RUN apt update && apt upgrade -y && apt-mark unhold libcap2
 RUN clean-install ca-certificates mount nfs-common netbase
-# install updated packages to fix CVE issues
-RUN clean-install zlib1g gzip liblzma5
 
 ENTRYPOINT ["/nfsplugin"]

From f37e7d2d9e2738c36dfef892eac500a7171e71ab Mon Sep 17 00:00:00 2001
From: Andy Zhang <xiazhang@microsoft.com>
Date: Thu, 21 Apr 2022 14:42:04 +0800
Subject: [PATCH 3/3] Update Dockerfile

Co-authored-by: Patrick Ohly <patrick.ohly@intel.com>
---
 Dockerfile | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 4df5d012..307f1d2d 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -18,7 +18,6 @@ ARG ARCH
 ARG binary=./bin/${ARCH}/nfsplugin
 COPY ${binary} /nfsplugin
 
-RUN apt update && apt upgrade -y && apt-mark unhold libcap2
-RUN clean-install ca-certificates mount nfs-common netbase
+RUN apt update && apt upgrade -y && apt-mark unhold libcap2 && clean-install ca-certificates mount nfs-common netbase
 
 ENTRYPOINT ["/nfsplugin"]