docker:sync some patches
(cherry picked from commit d4cbc6b9cb46f6932e34abf7dfa15257379f762a)
This commit is contained in:
zhongjiawei
openeuler-sync-bot
parent
56bf09d198
commit
a8f31ed0bf
@ -1 +1 @@
|
|||||||
18.09.0.345
|
18.09.0.346
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
Name: docker-engine
|
Name: docker-engine
|
||||||
Version: 18.09.0
|
Version: 18.09.0
|
||||||
Release: 345
|
Release: 346
|
||||||
Epoch: 2
|
Epoch: 2
|
||||||
Summary: The open-source application container engine
|
Summary: The open-source application container engine
|
||||||
Group: Tools/Docker
|
Group: Tools/Docker
|
||||||
@ -225,6 +225,12 @@ fi
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Sat Feb 22 2025 zhongjiawei<zhongjiawei1@huawei.com> - 2:18.09.0-346
|
||||||
|
- Type:bugfix
|
||||||
|
- CVE:NA
|
||||||
|
- SUG:NA
|
||||||
|
- DESC:sync some patches
|
||||||
|
|
||||||
* Fri Dec 06 2024 zhongjiawei<zhongjiawei1@huawei.com> - 2:18.09.0-345
|
* Fri Dec 06 2024 zhongjiawei<zhongjiawei1@huawei.com> - 2:18.09.0-345
|
||||||
- Type:CVE
|
- Type:CVE
|
||||||
- CVE:CVE-2024-36623
|
- CVE:CVE-2024-36623
|
||||||
|
|||||||
@ -1 +1 @@
|
|||||||
760d2ff23dc93f97e0066748ab1e8050e3aaaa25
|
270f89013d2ad9993ff863c5b5636cc1c9e17ae1
|
||||||
|
|||||||
30
patch/0283-docker-check-containerd-sock-legality.patch
Normal file
30
patch/0283-docker-check-containerd-sock-legality.patch
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
From 66f64ce2f18d1051f19f342c8fcf98c5066f00a6 Mon Sep 17 00:00:00 2001
|
||||||
|
From: zhongjiawei <zhongjiawei1@huawei.com>
|
||||||
|
Date: Mon, 13 Jan 2025 16:35:53 +0800
|
||||||
|
Subject: [PATCH] docker:check containerd.sock legality
|
||||||
|
|
||||||
|
---
|
||||||
|
components/engine/cmd/dockerd/daemon.go | 7 +++++--
|
||||||
|
1 file changed, 5 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/components/engine/cmd/dockerd/daemon.go b/components/engine/cmd/dockerd/daemon.go
|
||||||
|
index 89fa9245a..f703765be 100644
|
||||||
|
--- a/components/engine/cmd/dockerd/daemon.go
|
||||||
|
+++ b/components/engine/cmd/dockerd/daemon.go
|
||||||
|
@@ -759,8 +759,11 @@ func validateAuthzPlugins(requestedPlugins []string, pg plugingetter.PluginGette
|
||||||
|
}
|
||||||
|
|
||||||
|
func systemContainerdRunning() bool {
|
||||||
|
- _, err := os.Lstat(containerddefaults.DefaultAddress)
|
||||||
|
- return err == nil
|
||||||
|
+ fileInfo, err := os.Stat(containerddefaults.DefaultAddress)
|
||||||
|
+ if err != nil {
|
||||||
|
+ return false
|
||||||
|
+ }
|
||||||
|
+ return fileInfo.Mode()&os.ModeSocket == os.ModeSocket
|
||||||
|
}
|
||||||
|
|
||||||
|
func (cli *DaemonCli) setRuntimeStartTimeout() error {
|
||||||
|
--
|
||||||
|
2.33.0
|
||||||
|
|
||||||
25
patch/0284-docker-modify-hostconfig.json-perm-640.patch
Normal file
25
patch/0284-docker-modify-hostconfig.json-perm-640.patch
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
From 432ab009827f6bc84fb07d424d95d10328b4b185 Mon Sep 17 00:00:00 2001
|
||||||
|
From: zhongjiawei <zhongjiawei1@huawei.com>
|
||||||
|
Date: Fri, 21 Feb 2025 11:00:10 +0800
|
||||||
|
Subject: [PATCH] docker:modify hostconfig.json perm to 640
|
||||||
|
|
||||||
|
---
|
||||||
|
components/engine/container/container.go | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/components/engine/container/container.go b/components/engine/container/container.go
|
||||||
|
index 3dcfdaefa..6eaee714e 100644
|
||||||
|
--- a/components/engine/container/container.go
|
||||||
|
+++ b/components/engine/container/container.go
|
||||||
|
@@ -262,7 +262,7 @@ func (container *Container) WriteHostConfig() (*containertypes.HostConfig, error
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
- f, err := ioutils.NewAtomicFileWriter(pth, 0644)
|
||||||
|
+ f, err := ioutils.NewAtomicFileWriter(pth, 0640)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.33.0
|
||||||
|
|
||||||
@ -0,0 +1,26 @@
|
|||||||
|
From a002e6e5309209cd7aa90cde3c1168328fc654d7 Mon Sep 17 00:00:00 2001
|
||||||
|
From: zhongjiawei <zhongjiawei1@huawei.com>
|
||||||
|
Date: Sat, 22 Feb 2025 09:58:59 +0800
|
||||||
|
Subject: [PATCH] docker:change rand random number library to generate seeds
|
||||||
|
using Nano time
|
||||||
|
|
||||||
|
---
|
||||||
|
.../engine/vendor/github.com/docker/libnetwork/resolver.go | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/components/engine/vendor/github.com/docker/libnetwork/resolver.go b/components/engine/vendor/github.com/docker/libnetwork/resolver.go
|
||||||
|
index 0e44352d7..b898c38f9 100644
|
||||||
|
--- a/components/engine/vendor/github.com/docker/libnetwork/resolver.go
|
||||||
|
+++ b/components/engine/vendor/github.com/docker/libnetwork/resolver.go
|
||||||
|
@@ -98,7 +98,7 @@ type resolver struct {
|
||||||
|
}
|
||||||
|
|
||||||
|
func init() {
|
||||||
|
- rand.Seed(time.Now().Unix())
|
||||||
|
+ rand.Seed(time.Now().UnixNano())
|
||||||
|
}
|
||||||
|
|
||||||
|
// NewResolver creates a new instance of the Resolver
|
||||||
|
--
|
||||||
|
2.33.0
|
||||||
|
|
||||||
@ -280,4 +280,7 @@ patch/0279-docker-try-to-reconnect-when-containerd-grpc-return-.patch
|
|||||||
patch/0280-docker-support-calling-clone-when-clone3-is-not-supp.patch
|
patch/0280-docker-support-calling-clone-when-clone3-is-not-supp.patch
|
||||||
patch/0281-backport-fix-CVE-2024-36621.patch
|
patch/0281-backport-fix-CVE-2024-36621.patch
|
||||||
patch/0282-backport-fix-CVE-2024-36623.patch
|
patch/0282-backport-fix-CVE-2024-36623.patch
|
||||||
|
patch/0283-docker-check-containerd-sock-legality.patch
|
||||||
|
patch/0284-docker-modify-hostconfig.json-perm-640.patch
|
||||||
|
patch/0285-docker-change-rand-random-number-library-to-generate.patch
|
||||||
#end
|
#end
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user