CVE-2024-2365x: update buildkit to include CVE patches

- moby/buildkit#4638 - moby/buildkit#4639 - moby/buildkit#4640 - Backported versions of the various CVE-2024-23650 patches. additionally change the version in builder/builder-next/worker/worker.go and adjust calls to NewGatewayFrontend() in builder/builder-next (Worker is no longer implementing the correct interface). Fixes: CVE-2024-23650 CVE-2024-23651 CVE-2024-23652 CVE-2024-23653 Signed-off-by: Dan Čermák <[email protected]> Signed-off-by: Aleksa Sarai <[email protected]>
SUSE · Dec 18, 2024 · b7be22b · b7be22b
1 parent fc60c5b
commit b7be22b
Show file tree

Hide file tree

Showing 33 changed files with 740 additions and 609 deletions.
diff --git a/builder/builder-next/controller.go b/builder/builder-next/controller.go
@@ -116,8 +116,8 @@ func newSnapshotterController(ctx context.Context, rt http.RoundTripper, opt Opt
 		return nil, err
 	}
 	frontends := map[string]frontend.Frontend{
-		"dockerfile.v0": forwarder.NewGatewayForwarder(wc, dockerfile.Build),
-		"gateway.v0":    gateway.NewGatewayFrontend(wc),
+		"dockerfile.v0": forwarder.NewGatewayForwarder(wc.Infos(), dockerfile.Build),
+		"gateway.v0":    gateway.NewGatewayFrontend(wc.Infos()),
 	}
 
 	return control.NewController(control.Opt{
@@ -338,8 +338,8 @@ func newGraphDriverController(ctx context.Context, rt http.RoundTripper, opt Opt
 	wc.Add(w)
 
 	frontends := map[string]frontend.Frontend{
-		"dockerfile.v0": forwarder.NewGatewayForwarder(wc, dockerfile.Build),
-		"gateway.v0":    gateway.NewGatewayFrontend(wc),
+		"dockerfile.v0": forwarder.NewGatewayForwarder(wc.Infos(), dockerfile.Build),
+		"gateway.v0":    gateway.NewGatewayFrontend(wc.Infos()),
 	}
 
 	return control.NewController(control.Opt{

diff --git a/builder/builder-next/worker/worker.go b/builder/builder-next/worker/worker.go
@@ -50,7 +50,7 @@ import (
 )
 
 func init() {
-	version.Version = "v0.11.7+435cb77e369c"
+	version.Version = "v0.11.7+cd804dd86389"
 }
 
 const labelCreatedAt = "buildkit/createdat"

diff --git a/vendor.mod b/vendor.mod
@@ -98,6 +98,9 @@ require (
 	resenje.org/singleflight v0.3.0
 )
 
+// github.com/SUSE/buildkit suse-stable-v24.0.9
+replace github.com/moby/buildkit => github.com/SUSE/buildkit v0.0.0-20241218053907-cd804dd86389
+
 require (
 	cloud.google.com/go v0.102.1 // indirect
 	github.com/agext/levenshtein v1.2.3 // indirect

diff --git a/vendor.sum b/vendor.sum
diff --git a/vendor/github.com/moby/buildkit/control/control.go b/vendor/github.com/moby/buildkit/control/control.go
diff --git a/vendor/github.com/moby/buildkit/executor/executor.go b/vendor/github.com/moby/buildkit/executor/executor.go
diff --git a/vendor/github.com/moby/buildkit/executor/oci/spec.go b/vendor/github.com/moby/buildkit/executor/oci/spec.go
diff --git a/vendor/github.com/moby/buildkit/executor/oci/spec_linux.go b/vendor/github.com/moby/buildkit/executor/oci/spec_linux.go
diff --git a/vendor/github.com/moby/buildkit/executor/oci/spec_non_linux.go b/vendor/github.com/moby/buildkit/executor/oci/spec_non_linux.go
diff --git a/vendor/github.com/moby/buildkit/executor/oci/spec_windows.go b/vendor/github.com/moby/buildkit/executor/oci/spec_windows.go
diff --git a/vendor/github.com/moby/buildkit/executor/stubs.go b/vendor/github.com/moby/buildkit/executor/stubs.go
diff --git a/vendor/github.com/moby/buildkit/exporter/containerimage/exptypes/parse.go b/vendor/github.com/moby/buildkit/exporter/containerimage/exptypes/parse.go
diff --git a/vendor/github.com/moby/buildkit/exporter/containerimage/writer.go b/vendor/github.com/moby/buildkit/exporter/containerimage/writer.go
diff --git a/vendor/github.com/moby/buildkit/frontend/frontend.go b/vendor/github.com/moby/buildkit/frontend/frontend.go