diff --git a/005-bugfix-for-CVE-2024-36620.patch b/005-bugfix-for-CVE-2024-36620.patch new file mode 100644 index 0000000000000000000000000000000000000000..6f914bab77362ec37457021c09438997b92c2b32 --- /dev/null +++ b/005-bugfix-for-CVE-2024-36620.patch @@ -0,0 +1,32 @@ +From ab570ab3d62038b3d26f96a9bb585d0b6095b9b4 Mon Sep 17 00:00:00 2001 +From: Christopher Petito <47751006+krissetto@users.noreply.github.com> +Date: Fri, 19 Apr 2024 10:44:30 +0000 +Subject: [PATCH] nil dereference fix on image history Created value + +Issue was caused by the changes here https://github.com/moby/moby/pull/45504 +First released in v25.0.0-beta.1 + +Signed-off-by: Christopher Petito <47751006+krissetto@users.noreply.github.com> + moby-24.0.9/daemon/images/image_history.go | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/daemon/images/image_history.go b/daemon/images/image_history.go +index 1617f8be62906..f621ceae13bc6 100644 +--- a/moby-24.0.9/daemon/images/image_history.go ++++ b/moby-24.0.9/daemon/images/image_history.go +@@ -42,9 +42,14 @@ func (i *ImageService) ImageHistory(ctx context.Context, name string) ([]*image. + layerCounter++ + } + ++ var created int64 ++ if h.Created != nil { ++ created = h.Created.Unix() ++ } ++ + history = append([]*image.HistoryResponseItem{{ + ID: "", +- Created: h.Created.Unix(), ++ Created: created, + CreatedBy: h.CreatedBy, + Comment: h.Comment, + Size: layerSize, diff --git a/docker.spec b/docker.spec index e2006eac351ae33f939f90174ffbdb31790130e7..3bb5ff88ba42841182bc87cf316f2c560d51d7eb 100644 --- a/docker.spec +++ b/docker.spec @@ -1,4 +1,4 @@ -%define anolis_release 7 +%define anolis_release 8 %global _origversion 24.0.9 %global _version %{_origversion} %global _gitcommit_moby fca702d @@ -22,6 +22,7 @@ Patch002:moby-24.0.9-vendor-cilium-ebpf-support-loongarch64.patch Patch003:0001-fix-CVE-2024-41110.patch # https://github.com/moby/moby/commit/8e3bcf19748838b30e34d612832d1dc9d90363b8 Patch004:0002-fix-CVE-2024-36623.patch +Patch005:005-bugfix-for-CVE-2024-36620.patch Summary: The open-source application container engine Group: Tools/Docker License: ASL 2.0 @@ -103,6 +104,7 @@ Docker client binary and related utilities %setup -q -c -n src -D -a 3 %patch001 -p1 %patch002 -p1 +%patch005 -p1 %build set AUTO_GOPATH=1 @@ -197,6 +199,9 @@ fi %systemd_postun_with_restart docker.service %changelog +* Thu Jul 24 2025 tomcruiseqi - 3:24.0.9-8 +- Fix CVE-2024-36620 + * Wed Jun 18 2025 Yihao Yan - 24.0.9-7 - add support for riscv build when cmake >= 3.30