From 7197a109a4b571d26abd2707ff6cc4f41379e930 Mon Sep 17 00:00:00 2001
From: "Dr. Christoph \"Schorsch\" Jung" <c-jung@t-systems.com>
Date: Fri, 24 Nov 2023 10:01:11 +0100
Subject: [PATCH] fix(provisioning|remoting): in the case of non-standard base
 images (RDF4JSDK/Ontop) we may cater for high vulnerabilities.

---
 provisioning/src/main/docker/Dockerfile | 5 +++++
 remoting/src/main/docker/Dockerfile     | 1 +
 2 files changed, 6 insertions(+)

diff --git a/provisioning/src/main/docker/Dockerfile b/provisioning/src/main/docker/Dockerfile
index 6fbd55c7..65eee5ae 100644
--- a/provisioning/src/main/docker/Dockerfile
+++ b/provisioning/src/main/docker/Dockerfile
@@ -56,11 +56,16 @@ RUN if [ "${HTTP_PROXY}" != ""  ]; then \
         echo "Acquire::http::Proxy \"${HTTP_PROXY}\"" >> /etc/apt/apt.conf.d/proxy.conf; \
         echo "Acquire::https::Proxy \"${HTTP_PROXY}\"" >> /etc/apt/apt.conf.d/proxy.conf; \
     fi && \
+    apt-get -y upgrade && \
+    apt-get -y update && \
+    apt-get -y install libc6=2.35-0ubuntu3.4 && \
+    apt-get -y install libc-bin=2.35-0ubuntu3.4 && \
     rm /opt/ontop/lib/guava-*.jar && \
     rm /opt/ontop/lib/tomcat-embed-*.jar && \
     rm /opt/ontop/lib/spring-*.jar && \
     mkdir -p /opt/ontop/jdbc && \
     for jdbcDriver in "$jdbcDrivers"; do wget --no-check-certificate -q -P /opt/ontop/jdbc ${jdbcDriver} ; done && \
+    apt-get -y --auto-remove remove wget && \
     if [ "${HTTP_PROXY}" != ""  ]; then rm -f /etc/apt/apt.conf.d/proxy.conf; fi && \
     mkdir -p /opt/ontop/input && \
     mkdir -p /opt/ontop/database && \
diff --git a/remoting/src/main/docker/Dockerfile b/remoting/src/main/docker/Dockerfile
index b5a5de80..5c9effba 100644
--- a/remoting/src/main/docker/Dockerfile
+++ b/remoting/src/main/docker/Dockerfile
@@ -92,6 +92,7 @@ RUN	mkdir -p /var/rdf4j/server/conf && \
     rm /usr/local/tomcat/conf/web.xml && \
     chown -R tomcat:tomcat /var/rdf4j /usr/local/tomcat && \
     apt-get -y --auto-remove remove unzip && \
+    apt-get -y --auto-remove remove wget && \
 	chmod 775 /usr/local/tomcat /usr/local/tomcat/bin /usr/local/tomcat/bin/catalina.sh /var/rdf4j/server 
 
 COPY --from=build /opt/lib/*.jar /usr/local/tomcat/webapps/rdf4j-server/WEB-INF/lib/