packages/docker
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

docker:fix CVE-2024-36623

Browse Source 
(cherry picked from commit bac17d509e0e29a47e18ba9950b23a4069b3713b)
This commit is contained in:
zhongjiawei 2024-12-06 11:08:58 +08:00 committed by openeuler-sync-bot
parent dcaac72b52
commit 96638540d5
6 changed files with 59 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
VERSION-vendor
View File

@ -1 +1 @@
18.09.0.344 18.09.0.345

8
docker.spec
View File

@ -1,6 +1,6 @@
Name: docker-engine Name: docker-engine
Version: 18.09.0 Version: 18.09.0
Release: 344 Release: 345
Epoch: 2 Epoch: 2
Summary: The open-source application container engine Summary: The open-source application container engine
Group: Tools/Docker Group: Tools/Docker
@ -225,6 +225,12 @@ fi
%endif %endif
%changelog %changelog
* Fri Dec 06 2024 zhongjiawei<zhongjiawei1@huawei.com> - 2:18.09.0-345
- Type:CVE
- CVE:CVE-2024-36623
- SUG:NA
- DESC:fix CVE-2024-36623
* Mon Dec 02 2024 zhongjiawei<zhongjiawei1@huawei.com> - 2:18.09.0-344 * Mon Dec 02 2024 zhongjiawei<zhongjiawei1@huawei.com> - 2:18.09.0-344
- Type:CVE - Type:CVE
- CVE:CVE-2024-36621 - CVE:CVE-2024-36621

2
git-commit
View File

@ -1 +1 @@
9da17b5107496bcb8d817baadfacf7b82a032262 760d2ff23dc93f97e0066748ab1e8050e3aaaa25

0
patch/0281-docker-builder-next-fix-missing-lock-in-ensurelayer.patch → patch/0281-backport-fix-CVE-2024-36621.patch
View File

48
patch/0282-backport-fix-CVE-2024-36623.patch Normal file
View File

@ -0,0 +1,48 @@
From 5e02d7625ef0472e0be29acb30e47255546ced58 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pawe=C5=82=20Gronowski?= <pawel.gronowski@docker.com>
Date: Thu, 22 Feb 2024 18:01:40 +0100
Subject: [PATCH] pkg/streamformatter: Make `progressOutput` concurrency safe
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Sync access to the underlying `io.Writer` with a mutex.
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
---
components/engine/pkg/streamformatter/streamformatter.go | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/components/engine/pkg/streamformatter/streamformatter.go b/components/engine/pkg/streamformatter/streamformatter.go
index 04917d49ab..eaa82e1010 100644
--- a/components/engine/pkg/streamformatter/streamformatter.go
+++ b/components/engine/pkg/streamformatter/streamformatter.go
@@ -5,6 +5,7 @@ import (
"encoding/json"
"fmt"
"io"
+ "sync"
"github.com/docker/docker/pkg/jsonmessage"
"github.com/docker/docker/pkg/progress"
@@ -109,6 +110,7 @@ type progressOutput struct {
sf formatProgress
out io.Writer
newLines bool
+ mu sync.Mutex
}
// WriteProgress formats progress information from a ProgressReader.
@@ -120,6 +122,9 @@ func (out *progressOutput) WriteProgress(prog progress.Progress) error {
jsonProgress := jsonmessage.JSONProgress{Current: prog.Current, Total: prog.Total, HideCounts: prog.HideCounts, Units: prog.Units}
formatted = out.sf.formatProgress(prog.ID, prog.Action, &jsonProgress, prog.Aux)
}
+
+ out.mu.Lock()
+ defer out.mu.Unlock()
_, err := out.out.Write(formatted)
if err != nil {
return err
--
2.33.0

3
series.conf
View File

@ -278,5 +278,6 @@ patch/0277-backport-fix-CVE-2024-41110.patch
patch/0278-docker-add-clone3-seccomp-whitelist-for-arm64.patch patch/0278-docker-add-clone3-seccomp-whitelist-for-arm64.patch
patch/0279-docker-try-to-reconnect-when-containerd-grpc-return-.patch patch/0279-docker-try-to-reconnect-when-containerd-grpc-return-.patch
patch/0280-docker-support-calling-clone-when-clone3-is-not-supp.patch patch/0280-docker-support-calling-clone-when-clone3-is-not-supp.patch
patch/0281-docker-builder-next-fix-missing-lock-in-ensurelayer.patch patch/0281-backport-fix-CVE-2024-36621.patch
patch/0282-backport-fix-CVE-2024-36623.patch
#end #end