diff --git a/docker.spec b/docker.spec index 7f8eca5ea3990e85b3b8d1d06a1aec98c536de2c..8548336cd1ca95e5419b9e423944465e7d0681ba 100644 --- a/docker.spec +++ b/docker.spec @@ -1,12 +1,12 @@ Name: docker-engine Version: 18.09.0 -Release: 323 +Release: 324 Epoch: 2 Summary: The open-source application container engine Group: Tools/Docker License: ASL 2.0 -Source0: https://github.com/docker/docker-ce/archive/v18.09.0.tar.gz +Source0: v%{version}.tar.gz Source1: patch.tar.gz Source2: apply-patches Source3: git-commit @@ -17,6 +17,7 @@ Source6: gen-commit.sh Source7: net.tar.gz Source8: sys.tar.gz %endif +Patch0: fix-clang.patch URL: https://mobyproject.org @@ -56,14 +57,16 @@ cp %{SOURCE2} . cp %{SOURCE3} . cp %{SOURCE4} . cp %{SOURCE5} . +sh ./apply-patches +%patch0 -p1 %build -sh ./apply-patches - # for golang 1.17.3, we need set GO111MODULE=off export GO111MODULE=off - +%if "%toolchain" == "clang" +export LDFLAGS='' +%endif # build docker engine WORKDIR=$(pwd) export VERSION=$(cat VERSION) @@ -130,7 +133,7 @@ install -p -m 644 components/engine/contrib/udev/80-docker.rules $RPM_BUILD_ROOT # add init scripts install -d $RPM_BUILD_ROOT/etc/sysconfig install -d $RPM_BUILD_ROOT/%{_initddir} -install -p -m 644 components/engine/contrib/init/sysvinit-redhat/docker.sysconfig $RPM_BUILD_ROOT/etc/sysconfig/docker +install -p -m 644 components/engine/contrib/init/sysvinit-redhat/docker.sysconfig $RPM_BUILD_ROOT/etc/sysconfig/docker install -p -m 644 components/engine/contrib/init/sysvinit-redhat/docker-network $RPM_BUILD_ROOT/etc/sysconfig/docker-network install -p -m 644 components/engine/contrib/init/sysvinit-redhat/docker-storage $RPM_BUILD_ROOT/etc/sysconfig/docker-storage @@ -229,6 +232,12 @@ fi %endif %changelog +* Tue Mar 12 2024 KingYen - 18.09.0-324 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:sync the fix-clang.patch + * Thu Apr 06 2023 zhongjiawei - 18.09.0-323 - Type:CVE - CVE:CVE-2023-28840,CVE-2023-28841,CVE-2023-28842 diff --git a/fix-clang.patch b/fix-clang.patch new file mode 100644 index 0000000000000000000000000000000000000000..bb5c2fb34df8be0a6beecebe648c13fb405e40d1 --- /dev/null +++ b/fix-clang.patch @@ -0,0 +1,23 @@ +diff -u -r BUILD/components/cli/scripts/build/dynbinary BUILD/components/cli/scripts/build/dynbinary +--- docker-ce-18.09.0/components/cli/scripts/build/dynbinary 2023-05-25 21:31:06.000000000 +0800 ++++ docker-ce-18.09.0/components/cli/scripts/build/dynbinary 2023-05-25 21:34:27.000000000 +0800 +@@ -17,6 +17,6 @@ + ASM_FLAGS="-asmflags=-trimpath=$GOPATH" + + set -x +-go build $GC_FLAGS $ASM_FLAGS -o "${TARGET}" -tags pkcs11 --ldflags " -buildid=IdByIsula -extldflags=-zrelro -extldflags=-znow $BEP_FLAGS ${LDFLAGS}" -buildmode=pie "${SOURCE}" ++go build $GC_FLAGS $ASM_FLAGS -o "${TARGET}" -tags pkcs11 --ldflags " -buildid=IdByIsula -extldflags=-Wl,-z,relro,-z,now $BEP_FLAGS ${LDFLAGS}" -buildmode=pie "${SOURCE}" + + ln -sf "$(basename "${TARGET}")" build/docker +diff -u -r BUILD/components/engine/hack/make/.binary BUILD/components/engine/hack/make/.binary +--- docker-ce-18.09.0/components/engine/hack/make/.binary 2023-05-25 21:31:07.000000000 +0800 ++++ docker-ce-18.09.0/components/engine/hack/make/.binary 2023-05-25 21:36:34.000000000 +0800 +@@ -70,7 +70,7 @@ + -o "$DEST/$BINARY_FULLNAME" \ + "${BUILDFLAGS[@]}" \ + -ldflags " +- -buildid=IdByIsula -extldflags=-zrelro -extldflags=-znow $BEP_FLAGS ++ -buildid=IdByIsula -extldflags=-Wl,-z,relro,-z,now $BEP_FLAGS + $LDFLAGS + $LDFLAGS_STATIC_DOCKER + $DOCKER_LDFLAGS