packages/docker
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!110 docker: fix CVE-2022-36109

Browse Source 
From: @jackchan8 
Reviewed-by: @duguhaotian, @zhangsong234 
Signed-off-by: @duguhaotian
This commit is contained in:
openeuler-ci-bot 2022-09-15 07:03:35 +00:00 committed by Gitee
commit b0813e64ca
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
5 changed files with 42 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
VERSION-openeuler
View File

@ -1 +1 @@
18.09.0.308 18.09.0.309

8
docker.spec
View File

@ -1,6 +1,6 @@
Name: docker-engine Name: docker-engine
Version: 18.09.0 Version: 18.09.0
Release: 308 Release: 309
Summary: The open-source application container engine Summary: The open-source application container engine
Group: Tools/Docker Group: Tools/Docker
@ -212,6 +212,12 @@ fi
%endif %endif
%changelog %changelog
* Thu Sep 15 2022 chenjiankun<chenjiankun1@huawei.com> - 18.09.0-309
- Type:CVE
- CVE:CVE-2022-36109
- SUG:NA
- DESC:fix CVE-2022-36109
* Tue Sep 13 2022 chenjiankun<chenjiankun1@huawei.com> - 18.09.0-308 * Tue Sep 13 2022 chenjiankun<chenjiankun1@huawei.com> - 18.09.0-308
- Type:bugfix - Type:bugfix
- CVE:NA - CVE:NA

2
git-commit
View File

@ -1 +1 @@
385c3a952ec017d7fadb9ec83983f8284bb35eb2 1f53e790e570d524f6ebf5b81c914ddda97f0924

32
patch/0231-docker-AdditionalGids-must-include-effective-group-I.patch Normal file
View File

@ -0,0 +1,32 @@
From 7f4258e2b8b9b769beab23246d27984ada539ac9 Mon Sep 17 00:00:00 2001
From: chenjiankun <chenjiankun1@huawei.com>
Date: Thu, 15 Sep 2022 10:33:12 +0800
Subject: [PATCH] docker: AdditionalGids must include effective group ID
otherwise this one won't be considered for permission checks
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
Conflict:daemon/oci_linux.go
Reference:https://github.com/moby/moby/commit/de7af816e76a7fd3fbf06bffa6832959289fba32
---
components/engine/daemon/oci_linux.go | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/components/engine/daemon/oci_linux.go b/components/engine/daemon/oci_linux.go
index 6d3bc165..2b803955 100644
--- a/components/engine/daemon/oci_linux.go
+++ b/components/engine/daemon/oci_linux.go
@@ -201,7 +201,7 @@ func getUser(c *container.Container, username string) (uint32, uint32, []uint32,
uid := uint32(execUser.Uid)
gid := uint32(execUser.Gid)
sgids := append(execUser.Sgids, addGroups...)
- var additionalGids []uint32
+ additionalGids := []uint32{gid}
for _, g := range sgids {
additionalGids = append(additionalGids, uint32(g))
}
--
2.23.0

1
series.conf
View File

@ -228,4 +228,5 @@ patch/0227-docker-Lock-down-docker-root-dir-perms.patch
patch/0228-docker-registry-ensure-default-auth-config-has-address.patch patch/0228-docker-registry-ensure-default-auth-config-has-address.patch
patch/0229-docker-fix-terminal-abnormal-after-docker-run.patch patch/0229-docker-fix-terminal-abnormal-after-docker-run.patch
patch/0230-docker-Add-an-ExitPid-field-for-State-struct-to-reco.patch patch/0230-docker-Add-an-ExitPid-field-for-State-struct-to-reco.patch
patch/0231-docker-AdditionalGids-must-include-effective-group-I.patch
#end #end