Accepting request 1057017 from devel:microos

- added patch 0001-fix-upstream-CVE-2021-38561.patch for [bsc#1206711]

- Update to version 1.1.2:
  * Fix successfully unmarshalled nil raw result
  * spec: fix format
  * invoke: if Result CNIVersion is empty use netconf CNIVersion
  * cnitool: address golint error
  * libcni: handle empty version when parsing version
  * Switch to ginkgo/v2
  * add security heading to README
  * Maintainers: add Mike Zappa
  * introduce hybridnet to thrid-party plugins
  * Fix incorrect pointer inputs to `json.Unmarshal`
  * fix version of cni v0.8.1 does not have a directory of github.com/containernetworking/cni/pkg/types/100 refer to https://github.com/containernetworking/cni/tree/v0.8.1/pkg/types
  * Spec: Container runtime shall tear down namespaces
  * Update README.md
  * Updated README.md to include Netlox loxilight CNI
  * documentation: update Multus link in README.md to point to the k8snetworkplumbingwg repository
  * [exec-plugins]: support plugin lists
  * skel: remove superfluous err nil check in (*dispatcher).pluginMain
  * Remove Gabe Rosenhouse as maintainer
  * skel: print out CNI versions supported in help text.

OBS-URL: https://build.opensuse.org/request/show/1057017
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cni?expand=0&rev=17

0001-fix-upstream-CVE-2021-38561.patch

@@ -0,0 +1,167 @@
+From 383b2e75a7a4198c42f8f87833eefb772868a56f Mon Sep 17 00:00:00 2001
+From: Russ Cox <rsc@golang.org>
+Date: Mon, 9 Aug 2021 15:09:12 -0400
+Subject: [PATCH] language: turn parsing panics into ErrSyntax
+
+We keep finding new panics in the language parser.
+Limit the damage by reporting those inputs as syntax errors.
+
+Change-Id: I786fe127c3df7e4c8e042d15095d3acf3c4e4a50
+Reviewed-on: https://go-review.googlesource.com/c/text/+/340830
+Trust: Russ Cox <rsc@golang.org>
+Run-TryBot: Russ Cox <rsc@golang.org>
+TryBot-Result: Go Bot <gobot@golang.org>
+Reviewed-by: Roland Shoemaker <roland@golang.org>
+---
+ internal/language/language.go | 43 +++++++++++++++++++++++++++++++----
+ internal/language/parse.go    |  7 ++++++
+ language/parse.go             | 22 ++++++++++++++++++
+ 3 files changed, 68 insertions(+), 4 deletions(-)
+
+diff --git a/internal/language/language.go b/internal/language/language.go
+index f41aedcfc..6105bc7fa 100644
+--- a/internal/language/language.go
++++ b/internal/language/language.go
+@@ -251,6 +251,13 @@ func (t Tag) Parent() Tag {
+ 
+ // ParseExtension parses s as an extension and returns it on success.
+ func ParseExtension(s string) (ext string, err error) {
++	defer func() {
++		if recover() != nil {
++			ext = ""
++			err = ErrSyntax
++		}
++	}()
++
+ 	scan := makeScannerString(s)
+ 	var end int
+ 	if n := len(scan.token); n != 1 {
+@@ -461,7 +468,14 @@ func (t Tag) findTypeForKey(key string) (start, sep, end int, hasExt bool) {
+ // ParseBase parses a 2- or 3-letter ISO 639 code.
+ // It returns a ValueError if s is a well-formed but unknown language identifier
+ // or another error if another error occurred.
+-func ParseBase(s string) (Language, error) {
++func ParseBase(s string) (l Language, err error) {
++	defer func() {
++		if recover() != nil {
++			l = 0
++			err = ErrSyntax
++		}
++	}()
++
+ 	if n := len(s); n < 2 || 3 < n {
+ 		return 0, ErrSyntax
+ 	}
+@@ -472,7 +486,14 @@ func ParseBase(s string) (Language, error) {
+ // ParseScript parses a 4-letter ISO 15924 code.
+ // It returns a ValueError if s is a well-formed but unknown script identifier
+ // or another error if another error occurred.
+-func ParseScript(s string) (Script, error) {
++func ParseScript(s string) (scr Script, err error) {
++	defer func() {
++		if recover() != nil {
++			scr = 0
++			err = ErrSyntax
++		}
++	}()
++
+ 	if len(s) != 4 {
+ 		return 0, ErrSyntax
+ 	}
+@@ -489,7 +510,14 @@ func EncodeM49(r int) (Region, error) {
+ // ParseRegion parses a 2- or 3-letter ISO 3166-1 or a UN M.49 code.
+ // It returns a ValueError if s is a well-formed but unknown region identifier
+ // or another error if another error occurred.
+-func ParseRegion(s string) (Region, error) {
++func ParseRegion(s string) (r Region, err error) {
++	defer func() {
++		if recover() != nil {
++			r = 0
++			err = ErrSyntax
++		}
++	}()
++
+ 	if n := len(s); n < 2 || 3 < n {
+ 		return 0, ErrSyntax
+ 	}
+@@ -578,7 +606,14 @@ type Variant struct {
+ 
+ // ParseVariant parses and returns a Variant. An error is returned if s is not
+ // a valid variant.
+-func ParseVariant(s string) (Variant, error) {
++func ParseVariant(s string) (v Variant, err error) {
++	defer func() {
++		if recover() != nil {
++			v = Variant{}
++			err = ErrSyntax
++		}
++	}()
++
+ 	s = strings.ToLower(s)
+ 	if id, ok := variantIndex[s]; ok {
+ 		return Variant{id, s}, nil
+diff --git a/internal/language/parse.go b/internal/language/parse.go
+index c696fd0bd..47ee0fed1 100644
+--- a/internal/language/parse.go
++++ b/internal/language/parse.go
+@@ -232,6 +232,13 @@ func Parse(s string) (t Tag, err error) {
+ 	if s == "" {
+ 		return Und, ErrSyntax
+ 	}
++	defer func() {
++		if recover() != nil {
++			t = Und
++			err = ErrSyntax
++			return
++		}
++	}()
+ 	if len(s) <= maxAltTaglen {
+ 		b := [maxAltTaglen]byte{}
+ 		for i, c := range s {
+diff --git a/language/parse.go b/language/parse.go
+index 11acfd885..59b041008 100644
+--- a/language/parse.go
++++ b/language/parse.go
+@@ -43,6 +43,13 @@ func Parse(s string) (t Tag, err error) {
+ // https://www.unicode.org/reports/tr35/#Unicode_Language_and_Locale_Identifiers.
+ // The resulting tag is canonicalized using the canonicalization type c.
+ func (c CanonType) Parse(s string) (t Tag, err error) {
++	defer func() {
++		if recover() != nil {
++			t = Tag{}
++			err = language.ErrSyntax
++		}
++	}()
++
+ 	tt, err := language.Parse(s)
+ 	if err != nil {
+ 		return makeTag(tt), err
+@@ -79,6 +86,13 @@ func Compose(part ...interface{}) (t Tag, err error) {
+ // tag is returned after canonicalizing using CanonType c. If one or more errors
+ // are encountered, one of the errors is returned.
+ func (c CanonType) Compose(part ...interface{}) (t Tag, err error) {
++	defer func() {
++		if recover() != nil {
++			t = Tag{}
++			err = language.ErrSyntax
++		}
++	}()
++
+ 	var b language.Builder
+ 	if err = update(&b, part...); err != nil {
+ 		return und, err
+@@ -142,6 +156,14 @@ var errInvalidWeight = errors.New("ParseAcceptLanguage: invalid weight")
+ // Tags with a weight of zero will be dropped. An error will be returned if the
+ // input could not be parsed.
+ func ParseAcceptLanguage(s string) (tag []Tag, q []float32, err error) {
++	defer func() {
++		if recover() != nil {
++			tag = nil
++			q = nil
++			err = language.ErrSyntax
++		}
++	}()
++
+ 	var entry string
+ 	for s != "" {
+ 		if entry, s = split(s, ','); entry == "" {

_service

@@ -5,7 +5,7 @@
     <param name="filename">cni</param>
     <param name="exclude">.git</param>
     <param name="versionformat">@PARENT_TAG@</param>
-    <param name="revision">v1.0.1</param>
+    <param name="revision">v1.1.2</param>
     <param name="versionrewrite-pattern">v(.*)</param>
     <param name="changesgenerate">enable</param>
   </service>

_servicedata

@@ -1,4 +1,4 @@
 <servicedata>
 <service name="tar_scm">
                 <param name="url">https://github.com/containernetworking/cni.git</param>
-              <param name="changesrevision">c7f5f70554d026e7a3bc5a0ab52280576a2379d1</param></service></servicedata>
+              <param name="changesrevision">3363d143688bb83ca18489ac8b9dc204c1d49c4a</param></service></servicedata>

cni.changes

@@ -1,3 +1,32 @@
+-------------------------------------------------------------------
+Fri Dec 30 11:08:28 UTC 2022 - Andrea Manzini <andrea.manzini@suse.com>
+
+- added patch 0001-fix-upstream-CVE-2021-38561.patch for [bsc#1206711]
+
+-------------------------------------------------------------------
+Thu Dec 29 14:06:02 UTC 2022 - andrea.manzini@suse.com
+
+- Update to version 1.1.2:
+  * Fix successfully unmarshalled nil raw result
+  * spec: fix format
+  * invoke: if Result CNIVersion is empty use netconf CNIVersion
+  * cnitool: address golint error
+  * libcni: handle empty version when parsing version
+  * Switch to ginkgo/v2
+  * add security heading to README
+  * Maintainers: add Mike Zappa
+  * introduce hybridnet to thrid-party plugins
+  * Fix incorrect pointer inputs to `json.Unmarshal`
+  * fix version of cni v0.8.1 does not have a directory of github.com/containernetworking/cni/pkg/types/100 refer to https://github.com/containernetworking/cni/tree/v0.8.1/pkg/types
+  * Spec: Container runtime shall tear down namespaces
+  * Update README.md
+  * Updated README.md to include Netlox loxilight CNI
+  * documentation: update Multus link in README.md to point to the k8snetworkplumbingwg repository
+  * [exec-plugins]: support plugin lists
+  * skel: remove superfluous err nil check in (*dispatcher).pluginMain
+  * Remove Gabe Rosenhouse as maintainer
+  * skel: print out CNI versions supported in help text.
+
 -------------------------------------------------------------------
 Thu Nov 10 14:06:19 UTC 2022 - Andrea Manzini <andrea.manzini@suse.com>
 

cni.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package cni
 #
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -31,6 +31,8 @@ URL:            https://github.com/containernetworking/cni
 Source0:        %{name}-%{version}.tar.gz
 Source1:        99-loopback.conf
 Source2:        vendor.tar.gz
+# PATCH-FIX-UPSTREAM bsc#1206711
+Patch0:         0001-fix-upstream-CVE-2021-38561.patch
 BuildRequires:  golang-packaging
 BuildRequires:  shadow
 BuildRequires:  systemd-rpm-macros
@@ -49,7 +51,10 @@ the container is deleted. Because of this focus, CNI has a wide
 range of support and the specification is simple to implement.
 
 %prep
-%autosetup -a2
+%autosetup -a2 -N
+pushd vendor/golang.org/x/text
+%autopatch -p1
+popd
 
 %build
 export GOFLAGS=-mod=vendor