From d4cbc6b9cb46f6932e34abf7dfa15257379f762a Mon Sep 17 00:00:00 2001 From: zhongjiawei Date: Sat, 22 Feb 2025 15:23:36 +0800 Subject: [PATCH] docker:sync some patches --- VERSION-vendor | 2 +- docker.spec | 8 ++++- git-commit | 2 +- ...ocker-check-containerd-sock-legality.patch | 30 +++++++++++++++++++ ...cker-modify-hostconfig.json-perm-640.patch | 25 ++++++++++++++++ ...nd-random-number-library-to-generate.patch | 26 ++++++++++++++++ series.conf | 3 ++ 7 files changed, 93 insertions(+), 3 deletions(-) create mode 100644 patch/0283-docker-check-containerd-sock-legality.patch create mode 100644 patch/0284-docker-modify-hostconfig.json-perm-640.patch create mode 100644 patch/0285-docker-change-rand-random-number-library-to-generate.patch diff --git a/VERSION-vendor b/VERSION-vendor index f875d93..bf31dd9 100644 --- a/VERSION-vendor +++ b/VERSION-vendor @@ -1 +1 @@ -18.09.0.345 +18.09.0.346 diff --git a/docker.spec b/docker.spec index c3d5ea5..dccec69 100644 --- a/docker.spec +++ b/docker.spec @@ -1,6 +1,6 @@ Name: docker-engine Version: 18.09.0 -Release: 345 +Release: 346 Epoch: 2 Summary: The open-source application container engine Group: Tools/Docker @@ -225,6 +225,12 @@ fi %endif %changelog +* Sat Feb 22 2025 zhongjiawei - 2:18.09.0-346 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:sync some patches + * Fri Dec 06 2024 zhongjiawei - 2:18.09.0-345 - Type:CVE - CVE:CVE-2024-36623 diff --git a/git-commit b/git-commit index 95b46e0..5d01789 100644 --- a/git-commit +++ b/git-commit @@ -1 +1 @@ -760d2ff23dc93f97e0066748ab1e8050e3aaaa25 +270f89013d2ad9993ff863c5b5636cc1c9e17ae1 diff --git a/patch/0283-docker-check-containerd-sock-legality.patch b/patch/0283-docker-check-containerd-sock-legality.patch new file mode 100644 index 0000000..190dc33 --- /dev/null +++ b/patch/0283-docker-check-containerd-sock-legality.patch @@ -0,0 +1,30 @@ +From 66f64ce2f18d1051f19f342c8fcf98c5066f00a6 Mon Sep 17 00:00:00 2001 +From: zhongjiawei +Date: Mon, 13 Jan 2025 16:35:53 +0800 +Subject: [PATCH] docker:check containerd.sock legality + +--- + components/engine/cmd/dockerd/daemon.go | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/components/engine/cmd/dockerd/daemon.go b/components/engine/cmd/dockerd/daemon.go +index 89fa9245a..f703765be 100644 +--- a/components/engine/cmd/dockerd/daemon.go ++++ b/components/engine/cmd/dockerd/daemon.go +@@ -759,8 +759,11 @@ func validateAuthzPlugins(requestedPlugins []string, pg plugingetter.PluginGette + } + + func systemContainerdRunning() bool { +- _, err := os.Lstat(containerddefaults.DefaultAddress) +- return err == nil ++ fileInfo, err := os.Stat(containerddefaults.DefaultAddress) ++ if err != nil { ++ return false ++ } ++ return fileInfo.Mode()&os.ModeSocket == os.ModeSocket + } + + func (cli *DaemonCli) setRuntimeStartTimeout() error { +-- +2.33.0 + diff --git a/patch/0284-docker-modify-hostconfig.json-perm-640.patch b/patch/0284-docker-modify-hostconfig.json-perm-640.patch new file mode 100644 index 0000000..7e8774e --- /dev/null +++ b/patch/0284-docker-modify-hostconfig.json-perm-640.patch @@ -0,0 +1,25 @@ +From 432ab009827f6bc84fb07d424d95d10328b4b185 Mon Sep 17 00:00:00 2001 +From: zhongjiawei +Date: Fri, 21 Feb 2025 11:00:10 +0800 +Subject: [PATCH] docker:modify hostconfig.json perm to 640 + +--- + components/engine/container/container.go | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/components/engine/container/container.go b/components/engine/container/container.go +index 3dcfdaefa..6eaee714e 100644 +--- a/components/engine/container/container.go ++++ b/components/engine/container/container.go +@@ -262,7 +262,7 @@ func (container *Container) WriteHostConfig() (*containertypes.HostConfig, error + return nil, err + } + +- f, err := ioutils.NewAtomicFileWriter(pth, 0644) ++ f, err := ioutils.NewAtomicFileWriter(pth, 0640) + if err != nil { + return nil, err + } +-- +2.33.0 + diff --git a/patch/0285-docker-change-rand-random-number-library-to-generate.patch b/patch/0285-docker-change-rand-random-number-library-to-generate.patch new file mode 100644 index 0000000..371bd00 --- /dev/null +++ b/patch/0285-docker-change-rand-random-number-library-to-generate.patch @@ -0,0 +1,26 @@ +From a002e6e5309209cd7aa90cde3c1168328fc654d7 Mon Sep 17 00:00:00 2001 +From: zhongjiawei +Date: Sat, 22 Feb 2025 09:58:59 +0800 +Subject: [PATCH] docker:change rand random number library to generate seeds + using Nano time + +--- + .../engine/vendor/github.com/docker/libnetwork/resolver.go | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/components/engine/vendor/github.com/docker/libnetwork/resolver.go b/components/engine/vendor/github.com/docker/libnetwork/resolver.go +index 0e44352d7..b898c38f9 100644 +--- a/components/engine/vendor/github.com/docker/libnetwork/resolver.go ++++ b/components/engine/vendor/github.com/docker/libnetwork/resolver.go +@@ -98,7 +98,7 @@ type resolver struct { + } + + func init() { +- rand.Seed(time.Now().Unix()) ++ rand.Seed(time.Now().UnixNano()) + } + + // NewResolver creates a new instance of the Resolver +-- +2.33.0 + diff --git a/series.conf b/series.conf index cadbf6c..385915d 100644 --- a/series.conf +++ b/series.conf @@ -280,4 +280,7 @@ patch/0279-docker-try-to-reconnect-when-containerd-grpc-return-.patch patch/0280-docker-support-calling-clone-when-clone3-is-not-supp.patch patch/0281-backport-fix-CVE-2024-36621.patch patch/0282-backport-fix-CVE-2024-36623.patch +patch/0283-docker-check-containerd-sock-legality.patch +patch/0284-docker-modify-hostconfig.json-perm-640.patch +patch/0285-docker-change-rand-random-number-library-to-generate.patch #end -- Gitee