[AUTO-CHERRYPICK] [AUTOPATCHER-CORE] Upgrade docker-cli to 25.0.7 to fix CVE-2023-45288 [High] - branch 3.0-dev (#12498)

CBL-Mariner-Bot · web-flow · commit 812dd2150f18 · 2025-02-25T11:43:34.000-05:00
diff --git a/SPECS/docker-cli/CVE-2024-36623.patch b/SPECS/docker-cli/CVE-2024-36623.patch
diff --git a/SPECS/docker-cli/docker-cli.signatures.json b/SPECS/docker-cli/docker-cli.signatures.json
@@ -1,6 +1,6 @@
 {
- "Signatures": {
-  "docker-cli-25.0.3.tar.gz": "04ad0cea992a65db20cb1b0dbf6d1ce32c705ce879de51b22095fe8d28030815",
-  "docker-cli-25.0.3-govendor-v1.tar.gz": "c35a637cedebb192ffd4021d146680be196ce8cf2a6de14e04ea08e7996942f2"
- }
+  "Signatures": {
+    "docker-cli-25.0.7.tar.gz": "95b57af62273f9c069141b78360f0e39c5662447d63de2a6a257d59750b8d5ac",
+    "docker-cli-25.0.7-govendor-v1.tar.gz": "41a6f00be23ee3d6a3f32c59b1cb9f2472ced402b9c994a6291cb371a13ad755"
+  }
 }
diff --git a/SPECS/docker-cli/docker-cli.spec b/SPECS/docker-cli/docker-cli.spec
@@ -2,8 +2,8 @@
 %define OUR_GOPATH  %{_topdir}/.gopath
 Summary:        The open-source application container engine client.
 Name:           docker-cli
-Version:        25.0.3
-Release:        3%{?dist}
+Version:        25.0.7
+Release:        1%{?dist}
 License:        ASL 2.0
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -13,7 +13,6 @@ Source0:        https://github.com/docker/cli/archive/v%{version}.tar.gz#/%{name
 Source1:        %{name}-%{version}-govendor-v1.tar.gz
 Patch0:         disable_manpage_vendor.patch
 Patch1:         CVE-2024-24786.patch
-Patch2:         CVE-2024-36623.patch
 BuildRequires:  git
 BuildRequires:  go-md2man
 BuildRequires:  golang
@@ -82,6 +81,10 @@ install -p -m 644 contrib/completion/fish/docker.fish %{buildroot}%{_datadir}/fi
 %{_datadir}/fish/vendor_completions.d/docker.fish
 
 %changelog
+* Sat Feb 15 2025 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 25.0.7-1
+- Auto-upgrade to 25.0.7 - to fix CVE-2023-45288 [High]
+- Remove patch for CVE-2024-36623
+
 * Tue Dec 10 2024 Sudipta Pandit <sudpandit@microsoft.com> - 25.0.3-3
 - Fix CVE-2024-36623 with patch
 
diff --git a/cgmanifest.json b/cgmanifest.json
@@ -2868,8 +2868,8 @@
         "type": "other",
         "other": {
           "name": "docker-cli",
-          "version": "25.0.3",
-          "downloadUrl": "https://github.com/docker/cli/archive/v25.0.3.tar.gz"
+          "version": "25.0.7",
+          "downloadUrl": "https://github.com/docker/cli/archive/v25.0.7.tar.gz"
         }
       }
     },

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`		`- "Signatures": {`
`3`		`- "docker-cli-25.0.3.tar.gz": "04ad0cea992a65db20cb1b0dbf6d1ce32c705ce879de51b22095fe8d28030815",`
`4`		`- "docker-cli-25.0.3-govendor-v1.tar.gz": "c35a637cedebb192ffd4021d146680be196ce8cf2a6de14e04ea08e7996942f2"`
`5`		`- }`
	`2`	`+ "Signatures": {`
	`3`	`+ "docker-cli-25.0.7.tar.gz": "95b57af62273f9c069141b78360f0e39c5662447d63de2a6a257d59750b8d5ac",`
	`4`	`+ "docker-cli-25.0.7-govendor-v1.tar.gz": "41a6f00be23ee3d6a3f32c59b1cb9f2472ced402b9c994a6291cb371a13ad755"`
	`5`	`+ }`
`6`	`6`	`}`
Original file line number	Diff line number	Diff line change
`@@ -2868,8 +2868,8 @@`
`2868`	`2868`	`"type": "other",`
`2869`	`2869`	`"other": {`
`2870`	`2870`	`"name": "docker-cli",`
`2871`		`- "version": "25.0.3",`
`2872`		`- "downloadUrl": "https://github.com/docker/cli/archive/v25.0.3.tar.gz"`
	`2871`	`+ "version": "25.0.7",`
	`2872`	`+ "downloadUrl": "https://github.com/docker/cli/archive/v25.0.7.tar.gz"`
`2873`	`2873`	`}`
`2874`	`2874`	`}`
`2875`	`2875`	`},`