Sophie

Sophie

distrib > Mageia > 7 > armv7hl > by-pkgid > 0ec1ec6b740d9d3992d7ca25cd2ff96e > files > 7

docker-18.09.9-1.2.mga7.src.rpm

Description: Improve fetch function and add tests for it.
Origin: https://lists.cncf.io/g/containerd-security-announce/files/1.2-cve-2020-15157.patch
--- docker.io-18.09.7.orig/components/cli/vendor/github.com/containerd/containerd/remotes/docker/fetcher.go
+++ docker.io-18.09.7/components/cli/vendor/github.com/containerd/containerd/remotes/docker/fetcher.go
@@ -56,6 +56,23 @@ func (r dockerFetcher) Fetch(ctx context
 	}
 
 	return newHTTPReadSeeker(desc.Size, func(offset int64) (io.ReadCloser, error) {
+		if len(desc.URLs) > 0 {
+			db := *r.dockerBase
+			db.useBasic = false // do not authenticate
+			nr := dockerFetcher{
+				dockerBase: &db,
+			}
+			for _, u := range desc.URLs {
+				log.G(ctx).WithField("url", u).Debug("trying alternative url")
+				rc, err := nr.open(ctx, u, desc.MediaType, offset)
+				if err != nil {
+					log.G(ctx).WithField("error", err).Debug("error trying url")
+					continue // try one of the other urls.
+				}
+
+				return rc, nil
+			}
+		}
 		for _, u := range urls {
 			rc, err := r.open(ctx, u, desc.MediaType, offset)
 			if err != nil {
@@ -142,14 +159,6 @@ func (r dockerFetcher) open(ctx context.
 func (r *dockerFetcher) getV2URLPaths(ctx context.Context, desc ocispec.Descriptor) ([]string, error) {
 	var urls []string
 
-	if len(desc.URLs) > 0 {
-		// handle fetch via external urls.
-		for _, u := range desc.URLs {
-			log.G(ctx).WithField("url", u).Debug("adding alternative url")
-			urls = append(urls, u)
-		}
-	}
-
 	switch desc.MediaType {
 	case images.MediaTypeDockerSchema2Manifest, images.MediaTypeDockerSchema2ManifestList,
 		images.MediaTypeDockerSchema1Manifest,
--- docker.io-18.09.7.orig/components/engine/vendor/github.com/containerd/containerd/remotes/docker/fetcher.go
+++ docker.io-18.09.7/components/engine/vendor/github.com/containerd/containerd/remotes/docker/fetcher.go
@@ -56,6 +56,23 @@ func (r dockerFetcher) Fetch(ctx context
 	}
 
 	return newHTTPReadSeeker(desc.Size, func(offset int64) (io.ReadCloser, error) {
+		if len(desc.URLs) > 0 {
+			db := *r.dockerBase
+			db.auth = nil // do not authenticate
+			nr := dockerFetcher{
+				dockerBase: &db,
+			}
+			for _, u := range desc.URLs {
+				log.G(ctx).WithField("url", u).Debug("trying alternative url")
+				rc, err := nr.open(ctx, u, desc.MediaType, offset)
+				if err != nil {
+					log.G(ctx).WithField("error", err).Debug("error trying url")
+					continue // try one of the other urls.
+				}
+
+				return rc, nil
+			}
+		}
 		for _, u := range urls {
 			rc, err := r.open(ctx, u, desc.MediaType, offset)
 			if err != nil {
@@ -142,14 +159,6 @@ func (r dockerFetcher) open(ctx context.
 func (r *dockerFetcher) getV2URLPaths(ctx context.Context, desc ocispec.Descriptor) ([]string, error) {
 	var urls []string
 
-	if len(desc.URLs) > 0 {
-		// handle fetch via external urls.
-		for _, u := range desc.URLs {
-			log.G(ctx).WithField("url", u).Debug("adding alternative url")
-			urls = append(urls, u)
-		}
-	}
-
 	switch desc.MediaType {
 	case images.MediaTypeDockerSchema2Manifest, images.MediaTypeDockerSchema2ManifestList,
 		images.MediaTypeDockerSchema1Manifest,

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional