packages/docker
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
94 Commits 1 Branch 0 Tags
Commit Graph

24 Commits

Author SHA1 Message Date
zhongjiawei
abacd389f5 docker:fix CVE-2024-36623 2024-12-06 11:53:22 +08:00
zhongjiawei
55fdf9507e docker:fix missing lock in ensurelayer 2024-12-02 14:53:28 +08:00
zhongjiawei
9b709e7616 docker:try to reconnect when containerd grpc return unexpected EOF 2024-08-31 09:47:22 +08:00
zhongjiawei
2cca788b8c docker:add clone3 seccomp whitelist for arm64 2024-08-02 16:55:15 +08:00
zhongjiawei
d71095775f docker:fix CVE-2024-41110 2024-07-26 17:06:11 +08:00
chenjiankun
37420d9b14 docker: Ignore SIGURG on Linux 
fix #IA9T8K
 2024-07-15 17:27:40 +08:00
chenjiankun
e9b3122db7 backport: fix CVE-2024-32473 
fix #I9HX2H

(cherry picked from commit 5543a47ad1906dfe98d2721d6f1a9343d4764499)
 2024-05-08 17:10:48 +08:00
zhongjiawei
9a50eeaaec docker:fix CVE-2024-29018 
(cherry picked from commit adb48fa1c7bf5be06a8e553a9352dc2fce8143ce)
 2024-04-12 15:25:51 +08:00
chenjiankun
29cae17262 backport: fix CVE-2024-24557 
fix #I90KVB

(cherry picked from commit f051d4a9ea3df9c4e9cd21ad5272f67b86970ea8)
 2024-03-19 19:54:19 +08:00
chenjiankun
c4fa88b3f5 docker: sync patches from upstream 
Sync patches from upstream, including:
b033961a82
2a8341f252
cae76642b6
f43f820a8c
b1d05350ec
7a24e475b3
f89fd3df7d
76e4260141
b92585a470
 2024-03-19 20:26:27 +08:00
zhongjiawei
bae0837aef docker:sync two patches 2023-10-25 16:46:21 +08:00
flyflyflypeng
027945c03a docker: remove useless mount point dir 
fix #I7UQ2Y

Signed-off-by: flyflyflypeng <jiangpengfei9@huawei.com>
(cherry picked from commit 7179c48dbcd22d05fa3c84d6bcc15dad0bda9ecf)
 2023-08-28 15:12:15 +08:00
jingxiaolu
e5ee0a0ce1 docker: define a dummy hostname to use for local connections 
For local communications (npipe://, unix://), the hostname is not used,
but we need valid and meaningful hostname.

The current code used the client's `addr` as hostname in some cases, which
could contain the path for the unix-socket (`/var/run/docker.sock`), which
gets rejected by go1.20.6 and go1.19.11 because of a security fix for
[CVE-2023-29406 ][1], which was implemented in  https://go.dev/issue/60374.

Prior versions go Go would clean the host header, and strip slashes in the
process, but go1.20.6 and go1.19.11 no longer do, and reject the host
header.

This patch introduces a `DummyHost` const, and uses this dummy host for
cases where we don't need an actual hostname.

Signed-off-by: jingxiaolu <lujingxiao@huawei.com>
(cherry picked from commit eedae47681500c0f38752cd3c0bf3d08d7b3c7fc)
 2023-08-03 16:16:02 +08:00
zhongjiawei
c3b88b8cfc docker:remove invalid libcgroup dependencies 
(cherry picked from commit 40e5353324d08f405630f329c10f441d3c1f4a49)
 2023-08-03 10:28:46 +08:00
chenjiankun
4ea1d4e164 docker: repalce unix.Rmdir with os.RemoveAll when remove mount point dir 
fix #I7G1LL

(cherry picked from commit 3bd8a5e5db07f799b66ccaee5f84665632ff00a4)
 2023-08-02 16:02:13 +08:00
chenjiankun
f4b7deed86 docker: fix blockThreshold full bug 
Reference:dcfe23a038
(cherry picked from commit 0a4d9fd935beba53895f650ab233538f15f579db)
 2023-06-29 15:29:20 +08:00
zhongjiawei
ea96e880ad docker:thinpool full because docker daemon restart when docker pull 
(cherry picked from commit b2a0f1208e3496beda2021d6d88132421faa3f6f)
 2023-06-09 10:58:35 +08:00
zhongjiawei
1f59c513a7 docker:fix CVE-2023-28840 CVE-2023-28841 CVE-2023-28842 
(cherry picked from commit 89d75b17a59db0e702af8b015d43fdcc150810db)
 2023-04-06 20:00:12 +08:00
zhongjiawei
7470010764 docker:sync some patches 
(cherry picked from commit 2e6b7fad8e6f9c3d6b654059eaa2dbebd9e16914)
 2023-03-30 10:02:39 +08:00
zhongjiawei
52284b74eb docker:try http for docker manifest insecure 
(cherry picked from commit 32b9a9fdb012d226da909b3249f7b8b4df7278b5)
 2023-03-16 14:36:24 +08:00
JackChan8
63617251b6 docker: fix container missing after restarting dockerd twice 
fix #I6MJ4X

(cherry picked from commit c449de66430e0546323a3b63f1ba78c449b077da)
 2023-03-15 10:04:07 +08:00
chenjiankun
638e17af84 docker: set freezer.state to Thawed to increase freeze chances 
fix #I6EOOP

docker pause/unpause with parallel docker exec can lead to freezing
state, set freezer.state to Thawed to increase freeze chances

(cherry picked from commit 6b695c68f87ef189c79797e95698ced4bf669f9d)
 2023-02-17 16:52:28 +08:00
zhongjiawei
99fc560004 docker:do not stop health check before sending signal 
(cherry picked from commit 44b62dc88af07cc91a6cb523fa8cd3037c3c66be)
 2022-12-01 16:28:40 +08:00
chenjiankun
05606411e0 docker: using VERSION-vendor to record version 
(cherry picked from commit 7847f38213109046bc356616b236865ef5dc708f)
 2022-11-24 14:31:55 +08:00