From 6c801ffce6a76c8c3a37187be57430b7c421a26d Mon Sep 17 00:00:00 2001
From: lwg K <liweiganga@uniontech.com>
Date: Wed, 15 Nov 2023 18:32:51 +0800
Subject: [PATCH] fix CVE-2023-5528

---
 ...Use-golang-library-instead-of-mklink.patch | 42 +++++++++++++++++++
 kubernetes.spec                               | 12 +++++-
 2 files changed, 52 insertions(+), 2 deletions(-)
 create mode 100644 0016-Use-golang-library-instead-of-mklink.patch

diff --git a/0016-Use-golang-library-instead-of-mklink.patch b/0016-Use-golang-library-instead-of-mklink.patch
new file mode 100644
index 0000000..7a3ec93
--- /dev/null
+++ b/0016-Use-golang-library-instead-of-mklink.patch
@@ -0,0 +1,42 @@
+From 2d9128116b6a7fd93126217aa0efd7d9272adacb Mon Sep 17 00:00:00 2001
+From: James Sturtevant <jstur@microsoft.com>
+Date: Thu, 5 Oct 2023 18:23:55 +0000
+Subject: [PATCH] Use golang library instead of mklink
+
+Signed-off-by: James Sturtevant <jstur@microsoft.com>
+---
+ staging/src/k8s.io/mount-utils/mount_windows.go | 11 ++++++-----
+ 1 file changed, 6 insertions(+), 5 deletions(-)
+
+diff --git a/staging/src/k8s.io/mount-utils/mount_windows.go b/staging/src/k8s.io/mount-utils/mount_windows.go
+index 02a963b1b1fca..be714646ec133 100644
+--- a/staging/src/k8s.io/mount-utils/mount_windows.go
++++ b/staging/src/k8s.io/mount-utils/mount_windows.go
+@@ -149,12 +149,12 @@ func (mounter *Mounter) MountSensitive(source string, target string, fstype stri
+ 		mklinkSource = mklinkSource + "\\"
+ 	}
+ 
+-	output, err := exec.Command("cmd", "/c", "mklink", "/D", target, mklinkSource).CombinedOutput()
++	err := os.Symlink(mklinkSource, target)
+ 	if err != nil {
+-		klog.Errorf("mklink failed: %v, source(%q) target(%q) output: %q", err, mklinkSource, target, string(output))
++		klog.Errorf("symlink failed: %v, source(%q) target(%q)", err, mklinkSource, target)
+ 		return err
+ 	}
+-	klog.V(2).Infof("mklink source(%q) on target(%q) successfully, output: %q", mklinkSource, target, string(output))
++	klog.V(2).Infof("symlink source(%q) on target(%q) successfully", mklinkSource, target)
+ 
+ 	return nil
+ }
+@@ -218,8 +218,9 @@ func removeSMBMapping(remotepath string) (string, error) {
+ func (mounter *Mounter) Unmount(target string) error {
+ 	klog.V(4).Infof("azureMount: Unmount target (%q)", target)
+ 	target = NormalizeWindowsPath(target)
+-	if output, err := exec.Command("cmd", "/c", "rmdir", target).CombinedOutput(); err != nil {
+-		klog.Errorf("rmdir failed: %v, output: %q", err, string(output))
++
++	if err := os.Remove(target); err != nil {
++		klog.Errorf("removing directory %s failed: %v", target, err)
+ 		return err
+ 	}
+ 	return nil
diff --git a/kubernetes.spec b/kubernetes.spec
index 1411703..cf2fd1b 100644
--- a/kubernetes.spec
+++ b/kubernetes.spec
@@ -3,7 +3,7 @@
 
 Name:         kubernetes
 Version:      1.20.2
-Release:      20
+Release:      21
 Summary:      Container cluster management
 License:      ASL 2.0
 URL:          https://k8s.io/kubernetes
@@ -39,6 +39,8 @@ Patch6011: 0012-Return-error-for-localhost-seccomp-type-with-no-loca.patch
 Patch6012: 0013-Validate-etcd-paths.patch
 Patch6013: 0014-fix-node-address-validation.patch
 Patch6014: 0015-Add-ephemeralcontainer-to-imagepolicy-securityaccoun.patch
+# CVE-2023-5528
+Patch6015: 0016-Use-golang-library-instead-of-mklink.patch
 
 %description
 Container cluster management.
@@ -270,6 +272,12 @@ getent passwd kube >/dev/null || useradd -r -g kube -d / -s /sbin/nologin \
 %systemd_postun kubelet kube-proxy
 
 %changelog
+* Wed Nov 15 2023 lwg K <weigangli99@gmail.com> - 1.20.2-21
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:fix CVE-2023-5528
+
 * Tue Jul 04 2023 zhangxiaoyu <zhangxiaoyu58@huawei.com> - 1.20.2-20
 - Type:bugfix
 - CVE:NA
@@ -342,7 +350,7 @@ getent passwd kube >/dev/null || useradd -r -g kube -d / -s /sbin/nologin \
 * Mon Mar 22 2021 wangfengtu <wangfengtu@huawei.com> - 1.20.2-4
 - Fix compile options
 
-* The Feb 09 2021 lixiang <lixiang172@huawei.com> - 1.20.2-3
+* Thu Feb 09 2021 lixiang <lixiang172@huawei.com> - 1.20.2-3
 - Remove go-md2man build require since it's no longer provided
 
 * Thu Feb 2 2021 gaohuatao <gaohuatao@huawei.com> - 1.20.2-2
-- 
Gitee