Accepting request 1045814 from home:amanzini:branches:devel:microos
- added patch for https://bugzilla.suse.com/show_bug.cgi?id=1206711 - Update to version 1.1.2: * Fix successfully unmarshalled nil raw result * spec: fix format * invoke: if Result CNIVersion is empty use netconf CNIVersion * cnitool: address golint error * libcni: handle empty version when parsing version * Switch to ginkgo/v2 * add security heading to README * Maintainers: add Mike Zappa * introduce hybridnet to thrid-party plugins * Fix incorrect pointer inputs to `json.Unmarshal` * fix version of cni v0.8.1 does not have a directory of github.com/containernetworking/cni/pkg/types/100 refer to https://github.com/containernetworking/cni/tree/v0.8.1/pkg/types * Spec: Container runtime shall tear down namespaces * Update README.md * Updated README.md to include Netlox loxilight CNI * documentation: update Multus link in README.md to point to the k8snetworkplumbingwg repository * [exec-plugins]: support plugin lists * skel: remove superfluous err nil check in (*dispatcher).pluginMain * Remove Gabe Rosenhouse as maintainer * skel: print out CNI versions supported in help text. OBS-URL: https://build.opensuse.org/request/show/1045814 OBS-URL: https://build.opensuse.org/package/show/devel:microos/cni?expand=0&rev=8
This commit is contained in:
parent
0166fb634a
commit
f8b08f7f57
167
0001-fix-upstream-CVE-2021-38561.patch
Normal file
167
0001-fix-upstream-CVE-2021-38561.patch
Normal file
@ -0,0 +1,167 @@
|
||||
From 383b2e75a7a4198c42f8f87833eefb772868a56f Mon Sep 17 00:00:00 2001
|
||||
From: Russ Cox <rsc@golang.org>
|
||||
Date: Mon, 9 Aug 2021 15:09:12 -0400
|
||||
Subject: [PATCH] language: turn parsing panics into ErrSyntax
|
||||
|
||||
We keep finding new panics in the language parser.
|
||||
Limit the damage by reporting those inputs as syntax errors.
|
||||
|
||||
Change-Id: I786fe127c3df7e4c8e042d15095d3acf3c4e4a50
|
||||
Reviewed-on: https://go-review.googlesource.com/c/text/+/340830
|
||||
Trust: Russ Cox <rsc@golang.org>
|
||||
Run-TryBot: Russ Cox <rsc@golang.org>
|
||||
TryBot-Result: Go Bot <gobot@golang.org>
|
||||
Reviewed-by: Roland Shoemaker <roland@golang.org>
|
||||
---
|
||||
internal/language/language.go | 43 +++++++++++++++++++++++++++++++----
|
||||
internal/language/parse.go | 7 ++++++
|
||||
language/parse.go | 22 ++++++++++++++++++
|
||||
3 files changed, 68 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/internal/language/language.go b/internal/language/language.go
|
||||
index f41aedcfc..6105bc7fa 100644
|
||||
--- a/internal/language/language.go
|
||||
+++ b/internal/language/language.go
|
||||
@@ -251,6 +251,13 @@ func (t Tag) Parent() Tag {
|
||||
|
||||
// ParseExtension parses s as an extension and returns it on success.
|
||||
func ParseExtension(s string) (ext string, err error) {
|
||||
+ defer func() {
|
||||
+ if recover() != nil {
|
||||
+ ext = ""
|
||||
+ err = ErrSyntax
|
||||
+ }
|
||||
+ }()
|
||||
+
|
||||
scan := makeScannerString(s)
|
||||
var end int
|
||||
if n := len(scan.token); n != 1 {
|
||||
@@ -461,7 +468,14 @@ func (t Tag) findTypeForKey(key string) (start, sep, end int, hasExt bool) {
|
||||
// ParseBase parses a 2- or 3-letter ISO 639 code.
|
||||
// It returns a ValueError if s is a well-formed but unknown language identifier
|
||||
// or another error if another error occurred.
|
||||
-func ParseBase(s string) (Language, error) {
|
||||
+func ParseBase(s string) (l Language, err error) {
|
||||
+ defer func() {
|
||||
+ if recover() != nil {
|
||||
+ l = 0
|
||||
+ err = ErrSyntax
|
||||
+ }
|
||||
+ }()
|
||||
+
|
||||
if n := len(s); n < 2 || 3 < n {
|
||||
return 0, ErrSyntax
|
||||
}
|
||||
@@ -472,7 +486,14 @@ func ParseBase(s string) (Language, error) {
|
||||
// ParseScript parses a 4-letter ISO 15924 code.
|
||||
// It returns a ValueError if s is a well-formed but unknown script identifier
|
||||
// or another error if another error occurred.
|
||||
-func ParseScript(s string) (Script, error) {
|
||||
+func ParseScript(s string) (scr Script, err error) {
|
||||
+ defer func() {
|
||||
+ if recover() != nil {
|
||||
+ scr = 0
|
||||
+ err = ErrSyntax
|
||||
+ }
|
||||
+ }()
|
||||
+
|
||||
if len(s) != 4 {
|
||||
return 0, ErrSyntax
|
||||
}
|
||||
@@ -489,7 +510,14 @@ func EncodeM49(r int) (Region, error) {
|
||||
// ParseRegion parses a 2- or 3-letter ISO 3166-1 or a UN M.49 code.
|
||||
// It returns a ValueError if s is a well-formed but unknown region identifier
|
||||
// or another error if another error occurred.
|
||||
-func ParseRegion(s string) (Region, error) {
|
||||
+func ParseRegion(s string) (r Region, err error) {
|
||||
+ defer func() {
|
||||
+ if recover() != nil {
|
||||
+ r = 0
|
||||
+ err = ErrSyntax
|
||||
+ }
|
||||
+ }()
|
||||
+
|
||||
if n := len(s); n < 2 || 3 < n {
|
||||
return 0, ErrSyntax
|
||||
}
|
||||
@@ -578,7 +606,14 @@ type Variant struct {
|
||||
|
||||
// ParseVariant parses and returns a Variant. An error is returned if s is not
|
||||
// a valid variant.
|
||||
-func ParseVariant(s string) (Variant, error) {
|
||||
+func ParseVariant(s string) (v Variant, err error) {
|
||||
+ defer func() {
|
||||
+ if recover() != nil {
|
||||
+ v = Variant{}
|
||||
+ err = ErrSyntax
|
||||
+ }
|
||||
+ }()
|
||||
+
|
||||
s = strings.ToLower(s)
|
||||
if id, ok := variantIndex[s]; ok {
|
||||
return Variant{id, s}, nil
|
||||
diff --git a/internal/language/parse.go b/internal/language/parse.go
|
||||
index c696fd0bd..47ee0fed1 100644
|
||||
--- a/internal/language/parse.go
|
||||
+++ b/internal/language/parse.go
|
||||
@@ -232,6 +232,13 @@ func Parse(s string) (t Tag, err error) {
|
||||
if s == "" {
|
||||
return Und, ErrSyntax
|
||||
}
|
||||
+ defer func() {
|
||||
+ if recover() != nil {
|
||||
+ t = Und
|
||||
+ err = ErrSyntax
|
||||
+ return
|
||||
+ }
|
||||
+ }()
|
||||
if len(s) <= maxAltTaglen {
|
||||
b := [maxAltTaglen]byte{}
|
||||
for i, c := range s {
|
||||
diff --git a/language/parse.go b/language/parse.go
|
||||
index 11acfd885..59b041008 100644
|
||||
--- a/language/parse.go
|
||||
+++ b/language/parse.go
|
||||
@@ -43,6 +43,13 @@ func Parse(s string) (t Tag, err error) {
|
||||
// https://www.unicode.org/reports/tr35/#Unicode_Language_and_Locale_Identifiers.
|
||||
// The resulting tag is canonicalized using the canonicalization type c.
|
||||
func (c CanonType) Parse(s string) (t Tag, err error) {
|
||||
+ defer func() {
|
||||
+ if recover() != nil {
|
||||
+ t = Tag{}
|
||||
+ err = language.ErrSyntax
|
||||
+ }
|
||||
+ }()
|
||||
+
|
||||
tt, err := language.Parse(s)
|
||||
if err != nil {
|
||||
return makeTag(tt), err
|
||||
@@ -79,6 +86,13 @@ func Compose(part ...interface{}) (t Tag, err error) {
|
||||
// tag is returned after canonicalizing using CanonType c. If one or more errors
|
||||
// are encountered, one of the errors is returned.
|
||||
func (c CanonType) Compose(part ...interface{}) (t Tag, err error) {
|
||||
+ defer func() {
|
||||
+ if recover() != nil {
|
||||
+ t = Tag{}
|
||||
+ err = language.ErrSyntax
|
||||
+ }
|
||||
+ }()
|
||||
+
|
||||
var b language.Builder
|
||||
if err = update(&b, part...); err != nil {
|
||||
return und, err
|
||||
@@ -142,6 +156,14 @@ var errInvalidWeight = errors.New("ParseAcceptLanguage: invalid weight")
|
||||
// Tags with a weight of zero will be dropped. An error will be returned if the
|
||||
// input could not be parsed.
|
||||
func ParseAcceptLanguage(s string) (tag []Tag, q []float32, err error) {
|
||||
+ defer func() {
|
||||
+ if recover() != nil {
|
||||
+ tag = nil
|
||||
+ q = nil
|
||||
+ err = language.ErrSyntax
|
||||
+ }
|
||||
+ }()
|
||||
+
|
||||
var entry string
|
||||
for s != "" {
|
||||
if entry, s = split(s, ','); entry == "" {
|
2
_service
2
_service
@ -5,7 +5,7 @@
|
||||
<param name="filename">cni</param>
|
||||
<param name="exclude">.git</param>
|
||||
<param name="versionformat">@PARENT_TAG@</param>
|
||||
<param name="revision">v1.0.1</param>
|
||||
<param name="revision">v1.1.2</param>
|
||||
<param name="versionrewrite-pattern">v(.*)</param>
|
||||
<param name="changesgenerate">enable</param>
|
||||
</service>
|
||||
|
@ -1,4 +1,4 @@
|
||||
<servicedata>
|
||||
<service name="tar_scm">
|
||||
<param name="url">https://github.com/containernetworking/cni.git</param>
|
||||
<param name="changesrevision">c7f5f70554d026e7a3bc5a0ab52280576a2379d1</param></service></servicedata>
|
||||
<param name="changesrevision">3363d143688bb83ca18489ac8b9dc204c1d49c4a</param></service></servicedata>
|
BIN
cni-1.1.2.tar.gz
(Stored with Git LFS)
BIN
cni-1.1.2.tar.gz
(Stored with Git LFS)
Binary file not shown.
29
cni.changes
29
cni.changes
@ -1,3 +1,32 @@
|
||||
-------------------------------------------------------------------
|
||||
Fri Dec 30 11:08:28 UTC 2022 - Andrea Manzini <andrea.manzini@suse.com>
|
||||
|
||||
- added patch for https://bugzilla.suse.com/show_bug.cgi?id=1206711
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Dec 29 14:06:02 UTC 2022 - andrea.manzini@suse.com
|
||||
|
||||
- Update to version 1.1.2:
|
||||
* Fix successfully unmarshalled nil raw result
|
||||
* spec: fix format
|
||||
* invoke: if Result CNIVersion is empty use netconf CNIVersion
|
||||
* cnitool: address golint error
|
||||
* libcni: handle empty version when parsing version
|
||||
* Switch to ginkgo/v2
|
||||
* add security heading to README
|
||||
* Maintainers: add Mike Zappa
|
||||
* introduce hybridnet to thrid-party plugins
|
||||
* Fix incorrect pointer inputs to `json.Unmarshal`
|
||||
* fix version of cni v0.8.1 does not have a directory of github.com/containernetworking/cni/pkg/types/100 refer to https://github.com/containernetworking/cni/tree/v0.8.1/pkg/types
|
||||
* Spec: Container runtime shall tear down namespaces
|
||||
* Update README.md
|
||||
* Updated README.md to include Netlox loxilight CNI
|
||||
* documentation: update Multus link in README.md to point to the k8snetworkplumbingwg repository
|
||||
* [exec-plugins]: support plugin lists
|
||||
* skel: remove superfluous err nil check in (*dispatcher).pluginMain
|
||||
* Remove Gabe Rosenhouse as maintainer
|
||||
* skel: print out CNI versions supported in help text.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Nov 10 14:06:19 UTC 2022 - Andrea Manzini <andrea.manzini@suse.com>
|
||||
|
||||
|
7
cni.spec
7
cni.spec
@ -31,6 +31,8 @@ URL: https://github.com/containernetworking/cni
|
||||
Source0: %{name}-%{version}.tar.gz
|
||||
Source1: 99-loopback.conf
|
||||
Source2: vendor.tar.gz
|
||||
# PATCH-FIX-UPSTREAM bsc#1206711
|
||||
Patch0: 0001-fix-upstream-CVE-2021-38561.patch
|
||||
BuildRequires: golang-packaging
|
||||
BuildRequires: shadow
|
||||
BuildRequires: systemd-rpm-macros
|
||||
@ -49,7 +51,10 @@ the container is deleted. Because of this focus, CNI has a wide
|
||||
range of support and the specification is simple to implement.
|
||||
|
||||
%prep
|
||||
%autosetup -a2
|
||||
%autosetup -a2 -N
|
||||
pushd vendor/golang.org/x/text
|
||||
%autopatch -p1
|
||||
popd
|
||||
|
||||
%build
|
||||
export GOFLAGS=-mod=vendor
|
||||
|
BIN
vendor.tar.gz
(Stored with Git LFS)
BIN
vendor.tar.gz
(Stored with Git LFS)
Binary file not shown.
Loading…
Reference in New Issue
Block a user