diff --git a/0009-Use-golang-library-instead-of-mklink.patch b/0009-Use-golang-library-instead-of-mklink.patch new file mode 100644 index 0000000000000000000000000000000000000000..8e265b961de4d6bee461b91dfd27e15f5dc6e394 --- /dev/null +++ b/0009-Use-golang-library-instead-of-mklink.patch @@ -0,0 +1,42 @@ +From 2d9128116b6a7fd93126217aa0efd7d9272adacb Mon Sep 17 00:00:00 2001 +From: James Sturtevant +Date: Thu, 5 Oct 2023 18:23:55 +0000 +Subject: [PATCH] Use golang library instead of mklink + +Signed-off-by: James Sturtevant +--- + staging/src/k8s.io/mount-utils/mount_windows.go | 11 ++++++----- + 1 file changed, 6 insertions(+), 5 deletions(-) + +diff --git a/staging/src/k8s.io/mount-utils/mount_windows.go b/staging/src/k8s.io/mount-utils/mount_windows.go +index 02a963b1b1fca..be714646ec133 100644 +--- a/staging/src/k8s.io/mount-utils/mount_windows.go ++++ b/staging/src/k8s.io/mount-utils/mount_windows.go +@@ -150,12 +150,12 @@ func (mounter *Mounter) MountSensitive(source string, target string, fstype stri + mklinkSource = mklinkSource + "\\" + } + +- output, err := exec.Command("cmd", "/c", "mklink", "/D", target, mklinkSource).CombinedOutput() ++ err := os.Symlink(mklinkSource, target) + if err != nil { +- klog.Errorf("mklink failed: %v, source(%q) target(%q) output: %q", err, mklinkSource, target, string(output)) ++ klog.Errorf("symlink failed: %v, source(%q) target(%q)", err, mklinkSource, target) + return err + } +- klog.V(2).Infof("mklink source(%q) on target(%q) successfully, output: %q", mklinkSource, target, string(output)) ++ klog.V(2).Infof("symlink source(%q) on target(%q) successfully", mklinkSource, target) + + return nil + } +@@ -219,8 +219,9 @@ func removeSMBMapping(remotepath string) (string, error) { + func (mounter *Mounter) Unmount(target string) error { + klog.V(4).Infof("Unmount target (%q)", target) + target = NormalizeWindowsPath(target) +- if output, err := exec.Command("cmd", "/c", "rmdir", target).CombinedOutput(); err != nil { +- klog.Errorf("rmdir failed: %v, output: %q", err, string(output)) ++ ++ if err := os.Remove(target); err != nil { ++ klog.Errorf("removing directory %s failed: %v", target, err) + return err + } + return nil diff --git a/kubernetes.spec b/kubernetes.spec index 12e4d51e474f22971c71193ce766a2ed8a6c0920..53636e2be7925973eb1a132fa080da8b8ac18abf 100644 --- a/kubernetes.spec +++ b/kubernetes.spec @@ -3,7 +3,7 @@ Name: kubernetes Version: 1.25.3 -Release: 3 +Release: 4 Summary: Container cluster management License: ASL 2.0 URL: https://k8s.io/kubernetes @@ -32,6 +32,8 @@ Patch0005: 0005-Validate-etcd-paths.patch Patch0006: 0006-fix-node-address-validation.patch Patch0007: 0007-Add-ephemeralcontainer-to-imagepolicy-securityaccoun.patch Patch1000: 1000-add-riscv-support.patch +# CVE-2023-5528 +Patch0009: 0009-Use-golang-library-instead-of-mklink.patch %description Container cluster management. @@ -263,6 +265,12 @@ getent passwd kube >/dev/null || useradd -r -g kube -d / -s /sbin/nologin \ %systemd_postun kubelet kube-proxy %changelog +* Wed Nov 15 2023 lwg K - 1.25.3-4 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:fix CVE-2023-5528 + * Mon Sep 25 2023 misaka00251 - 1.25.3-3 - Fix add riscv64 support patch