packages/docker
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2021-41089

Browse Source 
fix #I5CA8X
This commit is contained in:
zjw 2022-06-29 09:54:58 +08:00
parent 2b2be77fce
commit 9d4f69f055
5 changed files with 63 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
VERSION-openeuler
View File

@ -1 +1 @@
18.09.0.303 18.09.0.304

8
docker.spec
View File

@ -1,6 +1,6 @@
Name: docker-engine Name: docker-engine
Version: 18.09.0 Version: 18.09.0
Release: 303 Release: 304
Summary: The open-source application container engine Summary: The open-source application container engine
Group: Tools/Docker Group: Tools/Docker
@ -212,6 +212,12 @@ fi
%endif %endif
%changelog %changelog
* Wed Jun 29 2022 zjw<zhongjiawei1@huawei.com> - 18.09.0-304
- Type:CVE
- CVE:CVE-2021-41089
- SUG:NA
- DESC:fix CVE-2021-41089
* Wed Jun 29 2022 zjw<zhongjiawei1@huawei.com> - 18.09.0-303 * Wed Jun 29 2022 zjw<zhongjiawei1@huawei.com> - 18.09.0-303
- Type:bugfix - Type:bugfix
- CVE:NA - CVE:NA

2
git-commit
View File

@ -1 +1 @@
7e7815ae0b96872d235f46c6624cc4b695d04dfa 3dc987a07f741fc5043f8bc5ee3dc326418e9437

53
patch/0226-docker-chrootarchive-don-t-create-parent-dirs-outside-of-ch.patch Normal file
View File

@ -0,0 +1,53 @@
From 80f1169eca587305759829e626cebd2a434664f6 Mon Sep 17 00:00:00 2001
From: Tonis Tiigi <tonistiigi@gmail.com>
Date: Wed, 19 May 2021 16:51:35 -0700
Subject: [PATCH] chrootarchive: don't create parent dirsoutside of chroot
If chroot is used with a special root directory then create
destination directory within chroot. This works automatically
already due to extractor creating parent paths and is only
used currently with cp where parent paths are actually required
and error will be shown to user before reaching this point.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
(cherry picked from commit 52d285184068998c22632bfb869f6294b5613a58)
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Conflict:NA
Reference:https://github.com/moby/moby/commit/bce32e5c93be4caf1a592582155b9cb837fc129a
---
components/engine/pkg/chrootarchive/archive.go | 16 ++++++++++------
1 file changed, 10 insertions(+), 6 deletions(-)
diff --git a/components/engine/pkg/chrootarchive/archive.go b/components/engine/pkg/chrootarchive/archive.go
index 6ff61e6a7..9926b63b8 100644
--- a/components/engine/pkg/chrootarchive/archive.go
+++ b/components/engine/pkg/chrootarchive/archive.go
@@ -65,13 +65,17 @@ func untarHandler(tarArchive io.Reader, dest string, options *archive.TarOptions
options.ExcludePatterns = []string{}
}
- idMapping := idtools.NewIDMappingsFromMaps(options.UIDMaps, options.GIDMaps)
- rootIDs := idMapping.RootPair()
+ // If dest is inside a root then directory is created within chroot by extractor.
+ // This case is only currently used by cp.
+ if dest == root {
+ idMapping := idtools.NewIDMappingsFromMaps(options.UIDMaps, options.GIDMaps)
+ rootIDs := idMapping.RootPair()
- dest = filepath.Clean(dest)
- if _, err := os.Stat(dest); os.IsNotExist(err) {
- if err := idtools.MkdirAllAndChownNew(dest, 0755, rootIDs); err != nil {
- return err
+ dest = filepath.Clean(dest)
+ if _, err := os.Stat(dest); os.IsNotExist(err) {
+ if err := idtools.MkdirAllAndChownNew(dest, 0755, rootIDs); err != nil {
+ return err
+ }
}
}
--
2.30.0

1
series.conf
View File

@ -223,4 +223,5 @@ patch/0222-docker-Use-original-process-spec-for-execs.patch
patch/0223-docker-fix-CVE-2022-24769.patch patch/0223-docker-fix-CVE-2022-24769.patch
patch/0224-fix-rwlayer-umountd-after-container-restart.patch patch/0224-fix-rwlayer-umountd-after-container-restart.patch
patch/0225-docker-close-channel-in-write-side-to-avoid-panic-in.patch patch/0225-docker-close-channel-in-write-side-to-avoid-panic-in.patch
patch/0226-docker-chrootarchive-don-t-create-parent-dirs-outside-of-ch.patch
#end #end