From f7c7ddc4831dedf75cfa1e50f97451a0a962953d Mon Sep 17 00:00:00 2001
From: Alexey Pustovalov <alexey.pustovalov@zabbix.com>
Date: Sun, 24 Mar 2024 20:15:18 +0900
Subject: [PATCH] Security update for curl actions

---
 Dockerfiles/agent/rhel/Dockerfile             | 2 +-
 Dockerfiles/agent2/rhel/Dockerfile            | 2 +-
 Dockerfiles/build-base/rhel/Dockerfile        | 2 +-
 Dockerfiles/proxy-mysql/rhel/Dockerfile       | 2 +-
 Dockerfiles/proxy-sqlite3/rhel/Dockerfile     | 2 +-
 Dockerfiles/server-mysql/rhel/Dockerfile      | 2 +-
 Dockerfiles/web-nginx-mysql/rhel/Dockerfile   | 2 +-
 Dockerfiles/web-nginx-mysql/ubuntu/Dockerfile | 2 +-
 Dockerfiles/web-nginx-pgsql/ubuntu/Dockerfile | 2 +-
 Dockerfiles/web-service/rhel/Dockerfile       | 2 +-
 10 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/Dockerfiles/agent/rhel/Dockerfile b/Dockerfiles/agent/rhel/Dockerfile
index b54be8fb7..38ae81eb3 100644
--- a/Dockerfiles/agent/rhel/Dockerfile
+++ b/Dockerfiles/agent/rhel/Dockerfile
@@ -59,7 +59,7 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
             pcre2 \
             libmodbus \
             libcurl" && \
-    curl --tlsv1.2 -sSf -L -o /tmp/epel-release-latest-8.noarch.rpm https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm && \
+    curl --tlsv1.2 -sSf -L https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm -o /tmp/epel-release-latest-8.noarch.rpm && \
     rpm -ivh /tmp/epel-release-latest-8.noarch.rpm && \
     rm -rf /tmp/epel-release-latest-8.noarch.rpm && \
     microdnf -y install \
diff --git a/Dockerfiles/agent2/rhel/Dockerfile b/Dockerfiles/agent2/rhel/Dockerfile
index 1ce61484c..7143bc1c7 100644
--- a/Dockerfiles/agent2/rhel/Dockerfile
+++ b/Dockerfiles/agent2/rhel/Dockerfile
@@ -65,7 +65,7 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
             smartmontools \
             sudo \
             libcurl" && \
-    curl --tlsv1.2 -sSf -L -o /tmp/epel-release-latest-8.noarch.rpm https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm && \
+    curl --tlsv1.2 -sSf -L https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm -o /tmp/epel-release-latest-8.noarch.rpm && \
     rpm -ivh /tmp/epel-release-latest-8.noarch.rpm && \
     rm -rf /tmp/epel-release-latest-8.noarch.rpm && \
     microdnf -y install \
diff --git a/Dockerfiles/build-base/rhel/Dockerfile b/Dockerfiles/build-base/rhel/Dockerfile
index 935fae6a8..3377d1c75 100644
--- a/Dockerfiles/build-base/rhel/Dockerfile
+++ b/Dockerfiles/build-base/rhel/Dockerfile
@@ -56,7 +56,7 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
             git \
             gettext \
             unixODBC-devel" && \
-    curl -sSL -o /tmp/epel-release-latest-8.noarch.rpm https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm && \
+    curl --tlsv1.2 -sSf -L https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm -o /tmp/epel-release-latest-8.noarch.rpm && \
     rpm -ivh /tmp/epel-release-latest-8.noarch.rpm && \
     rm -rf /tmp/epel-release-latest-8.noarch.rpm && \
     microdnf -y module enable mysql && \
diff --git a/Dockerfiles/proxy-mysql/rhel/Dockerfile b/Dockerfiles/proxy-mysql/rhel/Dockerfile
index b72b6ad51..a7ca19ba0 100644
--- a/Dockerfiles/proxy-mysql/rhel/Dockerfile
+++ b/Dockerfiles/proxy-mysql/rhel/Dockerfile
@@ -74,7 +74,7 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
             pcre2 \
             gzip \
             unixODBC" && \
-    curl --tlsv1.2 -sSf -L -o /tmp/epel-release-latest-8.noarch.rpm https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm && \
+    curl --tlsv1.2 -sSf -L https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm -o /tmp/epel-release-latest-8.noarch.rpm && \
     rpm -ivh /tmp/epel-release-latest-8.noarch.rpm && \
     rm -rf /tmp/epel-release-latest-8.noarch.rpm && \
     microdnf -y module enable mysql && \
diff --git a/Dockerfiles/proxy-sqlite3/rhel/Dockerfile b/Dockerfiles/proxy-sqlite3/rhel/Dockerfile
index c0eec7736..e8b3cf1a0 100644
--- a/Dockerfiles/proxy-sqlite3/rhel/Dockerfile
+++ b/Dockerfiles/proxy-sqlite3/rhel/Dockerfile
@@ -71,7 +71,7 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
             pcre2 \
             sqlite-libs \
             unixODBC" && \
-    curl --tlsv1.2 -sSf -L -o /tmp/epel-release-latest-8.noarch.rpm https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm && \
+    curl --tlsv1.2 -sSf -L https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm -o /tmp/epel-release-latest-8.noarch.rpm && \
     rpm -ivh /tmp/epel-release-latest-8.noarch.rpm && \
     rm -rf /tmp/epel-release-latest-8.noarch.rpm && \
     microdnf -y install \
diff --git a/Dockerfiles/server-mysql/rhel/Dockerfile b/Dockerfiles/server-mysql/rhel/Dockerfile
index c7961de6a..8c3cd6c15 100644
--- a/Dockerfiles/server-mysql/rhel/Dockerfile
+++ b/Dockerfiles/server-mysql/rhel/Dockerfile
@@ -75,7 +75,7 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
             pcre2 \
             gzip \
             unixODBC" && \
-    curl --tlsv1.2 -sSf -L -o /tmp/epel-release-latest-8.noarch.rpm https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm && \
+    curl --tlsv1.2 -sSf -L https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm -o /tmp/epel-release-latest-8.noarch.rpm && \
     rpm -ivh /tmp/epel-release-latest-8.noarch.rpm && \
     rm -rf /tmp/epel-release-latest-8.noarch.rpm && \
     microdnf -y module enable mysql && \
diff --git a/Dockerfiles/web-nginx-mysql/rhel/Dockerfile b/Dockerfiles/web-nginx-mysql/rhel/Dockerfile
index 1ad6e3af7..b6beb6df5 100644
--- a/Dockerfiles/web-nginx-mysql/rhel/Dockerfile
+++ b/Dockerfiles/web-nginx-mysql/rhel/Dockerfile
@@ -66,7 +66,7 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
             php-mbstring \
             php-mysqlnd \
             php-xml" && \
-    curl --tlsv1.2 -sSf -L -o /tmp/epel-release-latest-8.noarch.rpm https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm && \
+    curl --tlsv1.2 -sSf -L https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm -o /tmp/epel-release-latest-8.noarch.rpm && \
     rpm -ivh /tmp/epel-release-latest-8.noarch.rpm && \
     rm -rf /tmp/epel-release-latest-8.noarch.rpm && \
     microdnf -y module enable mysql && \
diff --git a/Dockerfiles/web-nginx-mysql/ubuntu/Dockerfile b/Dockerfiles/web-nginx-mysql/ubuntu/Dockerfile
index 994da030f..80b43240a 100644
--- a/Dockerfiles/web-nginx-mysql/ubuntu/Dockerfile
+++ b/Dockerfiles/web-nginx-mysql/ubuntu/Dockerfile
@@ -58,7 +58,7 @@ RUN --mount=type=cache,target=/var/lib/apt/,sharing=locked \
             --no-install-recommends install \
         ${INSTALL_TEMP_PKGS} && \
     GNUPGHOME="$(mktemp -d)"; export GNUPGHOME && \
-    curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor > /etc/apt/trusted.gpg.d/nginx.gpg && \
+    curl --tlsv1.2 -sSf -L https://nginx.org/keys/nginx_signing.key | gpg --dearmor > /etc/apt/trusted.gpg.d/nginx.gpg && \
     gpg --dry-run --quiet --import --import-options import-show /etc/apt/trusted.gpg.d/nginx.gpg && \
     DISTRIB_CODENAME=$(/bin/bash -c 'source /etc/lsb-release && echo $DISTRIB_CODENAME') && \
     echo "deb https://nginx.org/packages/ubuntu $DISTRIB_CODENAME nginx" > /etc/apt/sources.list.d/nginx.list && \
diff --git a/Dockerfiles/web-nginx-pgsql/ubuntu/Dockerfile b/Dockerfiles/web-nginx-pgsql/ubuntu/Dockerfile
index 82b63f3d2..622aebaa3 100644
--- a/Dockerfiles/web-nginx-pgsql/ubuntu/Dockerfile
+++ b/Dockerfiles/web-nginx-pgsql/ubuntu/Dockerfile
@@ -58,7 +58,7 @@ RUN --mount=type=cache,target=/var/lib/apt/,sharing=locked \
             --no-install-recommends install \
         ${INSTALL_TEMP_PKGS} && \
     GNUPGHOME="$(mktemp -d)"; export GNUPGHOME && \
-    curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor > /etc/apt/trusted.gpg.d/nginx.gpg && \
+    curl --tlsv1.2 -sSf -L https://nginx.org/keys/nginx_signing.key | gpg --dearmor > /etc/apt/trusted.gpg.d/nginx.gpg && \
     gpg --dry-run --quiet --import --import-options import-show /etc/apt/trusted.gpg.d/nginx.gpg && \
     DISTRIB_CODENAME=$(/bin/bash -c 'source /etc/lsb-release && echo $DISTRIB_CODENAME') && \
     echo "deb https://nginx.org/packages/ubuntu $DISTRIB_CODENAME nginx" > /etc/apt/sources.list.d/nginx.list && \
diff --git a/Dockerfiles/web-service/rhel/Dockerfile b/Dockerfiles/web-service/rhel/Dockerfile
index 392629900..b96a3db19 100644
--- a/Dockerfiles/web-service/rhel/Dockerfile
+++ b/Dockerfiles/web-service/rhel/Dockerfile
@@ -54,7 +54,7 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
     INSTALL_PKGS="bash \
             shadow-utils \
             chromium-headless" && \
-    curl --tlsv1.2 -sSf -L -o /tmp/epel-release-latest-8.noarch.rpm https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm && \
+    curl --tlsv1.2 -sSf -L https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm -o /tmp/epel-release-latest-8.noarch.rpm && \
     rpm -ivh /tmp/epel-release-latest-8.noarch.rpm && \
     rm -rf /tmp/epel-release-latest-8.noarch.rpm && \
     microdnf -y install \