From e3ce58da5a2816f591865a51b8bc73f449a8857f Mon Sep 17 00:00:00 2001 From: mgb01105731 Date: Tue, 13 May 2025 22:51:40 -0400 Subject: [PATCH] add patch to fix CVE-2024-36623 --- 0002-fix-CVE-2024-36623.patch | 42 +++++++++++++++++++++++++++++++++++ docker.spec | 8 ++++++- 2 files changed, 49 insertions(+), 1 deletion(-) create mode 100644 0002-fix-CVE-2024-36623.patch diff --git a/0002-fix-CVE-2024-36623.patch b/0002-fix-CVE-2024-36623.patch new file mode 100644 index 0000000..112fc9e --- /dev/null +++ b/0002-fix-CVE-2024-36623.patch @@ -0,0 +1,42 @@ +From 9298e25e8460bc2ef5cfb666005982b04732a618 Mon Sep 17 00:00:00 2001 +From: mgb01105731 +Date: Tue, 13 May 2025 22:47:37 -0400 +Subject: [PATCH 1/1] fix CVE-2024-36623 + +--- + moby-24.0.9/pkg/streamformatter/streamformatter.go | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/moby-24.0.9/pkg/streamformatter/streamformatter.go b/moby-24.0.9/pkg/streamformatter/streamformatter.go +index b0456e58..098df6b5 100644 +--- a/moby-24.0.9/pkg/streamformatter/streamformatter.go ++++ b/moby-24.0.9/pkg/streamformatter/streamformatter.go +@@ -5,6 +5,7 @@ import ( + "encoding/json" + "fmt" + "io" ++ "sync" + + "github.com/docker/docker/pkg/jsonmessage" + "github.com/docker/docker/pkg/progress" +@@ -109,6 +110,7 @@ type progressOutput struct { + sf formatProgress + out io.Writer + newLines bool ++ mu sync.Mutex + } + + // WriteProgress formats progress information from a ProgressReader. +@@ -120,6 +122,9 @@ func (out *progressOutput) WriteProgress(prog progress.Progress) error { + jsonProgress := jsonmessage.JSONProgress{Current: prog.Current, Total: prog.Total, HideCounts: prog.HideCounts, Units: prog.Units} + formatted = out.sf.formatProgress(prog.ID, prog.Action, &jsonProgress, prog.Aux) + } ++ ++ out.mu.Lock() ++ defer out.mu.Unlock() + _, err := out.out.Write(formatted) + if err != nil { + return err +-- +2.41.0 + diff --git a/docker.spec b/docker.spec index 0bcf118..97d7d86 100644 --- a/docker.spec +++ b/docker.spec @@ -1,4 +1,4 @@ -%define anolis_release 4 +%define anolis_release 5 %global _origversion 24.0.9 %global _version %{_origversion} %global _gitcommit_moby fca702d @@ -20,6 +20,8 @@ Patch001:moby-24.0.9-modify-tini-to-local.patch Patch002:moby-24.0.9-vendor-cilium-ebpf-support-loongarch64.patch # https://github.com/moby/moby/commit/7ff423cc1c991d8dc0a7b5d1d93e1cf3efaac169 Patch003:0001-fix-CVE-2024-41110.patch +# https://github.com/moby/moby/commit/8e3bcf19748838b30e34d612832d1dc9d90363b8 +Patch004:0002-fix-CVE-2024-36623.patch Summary: The open-source application container engine Group: Tools/Docker License: ASL 2.0 @@ -99,6 +101,7 @@ Docker client binary and related utilities %patch001 -p1 %patch002 -p1 %patch003 -p1 +%patch004 -p1 %build set AUTO_GOPATH=1 @@ -192,6 +195,9 @@ fi %systemd_postun_with_restart docker.service %changelog +* Wed May 14 2025 mgb01105731 - 24.0.9-5 +- Add patch to fix CVE-2024-36623 + * Tue May 13 2025 mgb01105731 - 24.0.9-4 - Add patch to fix CVE-2024-41110 -- Gitee