diff --git a/0002-Fix-CVE-2022-23471.patch b/0002-Fix-CVE-2022-23471.patch new file mode 100644 index 0000000000000000000000000000000000000000..016b034f2b18933d4e1a74100519fe8a5116ec38 --- /dev/null +++ b/0002-Fix-CVE-2022-23471.patch @@ -0,0 +1,59 @@ +From 0550bb17949c1793e0da20270d3793d0e7583b1e Mon Sep 17 00:00:00 2001 +From: bwzhang +Date: Fri, 15 Mar 2024 09:33:45 +0800 +Subject: [PATCH] Fix CVE-2022-23471 + +--- + pkg/cri/streaming/remotecommand/httpstream.go | 15 ++++++++++++--- + 1 file changed, 12 insertions(+), 3 deletions(-) + +diff --git a/pkg/cri/streaming/remotecommand/httpstream.go b/pkg/cri/streaming/remotecommand/httpstream.go +index 0417a1a..9177fa7 100644 +--- a/pkg/cri/streaming/remotecommand/httpstream.go ++++ b/pkg/cri/streaming/remotecommand/httpstream.go +@@ -33,6 +33,7 @@ limitations under the License. + package remotecommand + + import ( ++ gocontext "context" + "encoding/json" + "errors" + "fmt" +@@ -132,7 +133,7 @@ func createStreams(req *http.Request, w http.ResponseWriter, opts *Options, supp + + if ctx.resizeStream != nil { + ctx.resizeChan = make(chan remotecommand.TerminalSize) +- go handleResizeEvents(ctx.resizeStream, ctx.resizeChan) ++ go handleResizeEvents(req.Context(), ctx.resizeStream, ctx.resizeChan) + } + + return ctx, true +@@ -425,7 +426,7 @@ WaitForStreams: + // supportsTerminalResizing returns false because v1ProtocolHandler doesn't support it. + func (*v1ProtocolHandler) supportsTerminalResizing() bool { return false } + +-func handleResizeEvents(stream io.Reader, channel chan<- remotecommand.TerminalSize) { ++func handleResizeEvents(ctx gocontext.Context, stream io.Reader, channel chan<- remotecommand.TerminalSize) { + defer runtime.HandleCrash() + defer close(channel) + +@@ -435,7 +436,15 @@ func handleResizeEvents(stream io.Reader, channel chan<- remotecommand.TerminalS + if err := decoder.Decode(&size); err != nil { + break + } +- channel <- size ++ ++ select { ++ case channel <- size: ++ case <-ctx.Done(): ++ // To avoid leaking this routine, exit if the http request finishes. This path ++ // would generally be hit if starting the process fails and nothing is started to ++ // ingest these resize events. ++ return ++ } + } + } + +-- +2.20.1 + diff --git a/k3s-containerd.spec b/k3s-containerd.spec index 6008e1cef690b02a1cf42907979b45cad6a4828b..71c3f795ab0865a660036b1b6444a76994fed7d9 100644 --- a/k3s-containerd.spec +++ b/k3s-containerd.spec @@ -3,7 +3,7 @@ %global version_suffix k3s1 Version: 1.6.6 Name: k3s-containerd -Release: 7 +Release: 8 Summary: An industry-standard container runtime License: Apache-2.0 URL: https://github.com/k3s-io/containerd @@ -13,6 +13,7 @@ Source1: sys.tar.gz Patch0: bbolt-add-loong64-support.patch Patch0001: 0001-Fix-CVE-2023-25153.patch +Patch0002: 0002-Fix-CVE-2022-23471.patch BuildRequires: golang glibc-static make btrfs-progs-devel @@ -77,6 +78,12 @@ cp -rf %{_builddir}/containerd-%{version}-%{version_suffix}/. %{buildroot}%{_lib %changelog +* Fri Mar 15 2024 zhangbowei - 1.6.6-k3s1-8 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC: fix CVE-2022-23471 + * Wed Mar 13 2024 zhangbowei - 1.6.6-k3s1-7 - Type:bugfix - CVE:NA