From 342328a62e77d8a5474ce266ffae47e606a6ffe38aae6f7891681aa62a68374e Mon Sep 17 00:00:00 2001 From: Dirk Mueller Date: Sat, 16 Dec 2023 19:15:44 +0000 Subject: [PATCH 1/2] Accepting request 1133379 from home:dancermak:branches:devel:microos New upstream release 2.1.9 OBS-URL: https://build.opensuse.org/request/show/1133379 OBS-URL: https://build.opensuse.org/package/show/devel:microos/conmon?expand=0&rev=21 --- _service | 8 ++++---- conmon-2.1.8.tar.xz | 3 --- conmon-2.1.9.tar.xz | 3 +++ conmon.changes | 14 ++++++++++++++ conmon.spec | 2 +- 5 files changed, 22 insertions(+), 8 deletions(-) delete mode 100644 conmon-2.1.8.tar.xz create mode 100644 conmon-2.1.9.tar.xz diff --git a/_service b/_service index 0a7754b..518240e 100644 --- a/_service +++ b/_service @@ -1,17 +1,17 @@ - + https://github.com/containers/conmon git @PARENT_TAG@ [v]?([^\+]+)(.*) -v2.1.8 +v2.1.9 disable - + conmon-*.tar xz - + conmon diff --git a/conmon-2.1.8.tar.xz b/conmon-2.1.8.tar.xz deleted file mode 100644 index fd02900..0000000 --- a/conmon-2.1.8.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:229bed08c810956c25d1f1a67d4a17221e21cf1b9cb181ce0fedc9a68e8973e5 -size 102828 diff --git a/conmon-2.1.9.tar.xz b/conmon-2.1.9.tar.xz new file mode 100644 index 0000000..0bcab21 --- /dev/null +++ b/conmon-2.1.9.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:01adf76b2d4b96b99b21faaa300808aa61a34db20f4f634fd4deb63fc9799145 +size 103136 diff --git a/conmon.changes b/conmon.changes index 60ddab7..52d4732 100644 --- a/conmon.changes +++ b/conmon.changes @@ -1,3 +1,17 @@ +------------------------------------------------------------------- +Fri Dec 15 09:54:35 UTC 2023 - Dan Čermák + +- New upstream release 2.1.9 + + ### Bug fixes + * fix some issues flagged by SAST scan + * src: fix write after end of buffer + * src: open all files with O_CLOEXEC + * oom-score: restore oom score before running exit command + ### Features + * Forward more messages on the sd-notify socket + * logging: -l passthrough accepts TTYs + ------------------------------------------------------------------- Thu Sep 28 16:02:58 UTC 2023 - Valentin Lefebvre diff --git a/conmon.spec b/conmon.spec index 5acb563..4ba2b03 100644 --- a/conmon.spec +++ b/conmon.spec @@ -17,7 +17,7 @@ Name: conmon -Version: 2.1.8 +Version: 2.1.9 Release: 0 Summary: An OCI container runtime monitor License: Apache-2.0 From 2be36a56e69b98ef6c0d63d8437f961f2e3a187640a1931ed8071c5072608173 Mon Sep 17 00:00:00 2001 From: Dirk Mueller Date: Mon, 18 Dec 2023 09:13:37 +0000 Subject: [PATCH 2/2] Accepting request 1133810 from home:dancermak:branches:devel:microos Add fix-incorrect-free-in-conn_sock.patch OBS-URL: https://build.opensuse.org/request/show/1133810 OBS-URL: https://build.opensuse.org/package/show/devel:microos/conmon?expand=0&rev=22 --- conmon.changes | 8 +++++++ conmon.spec | 1 + fix-incorrect-free-in-conn_sock.patch | 31 +++++++++++++++++++++++++++ 3 files changed, 40 insertions(+) create mode 100644 fix-incorrect-free-in-conn_sock.patch diff --git a/conmon.changes b/conmon.changes index 52d4732..084f4bb 100644 --- a/conmon.changes +++ b/conmon.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Mon Dec 18 09:02:52 UTC 2023 - Dan Čermák + +- Add fix-incorrect-free-in-conn_sock.patch + This fixes a regression in 2.1.9 + (https://github.com/containers/conmon/issues/475 and + https://github.com/containers/conmon/issues/477) + ------------------------------------------------------------------- Fri Dec 15 09:54:35 UTC 2023 - Dan Čermák diff --git a/conmon.spec b/conmon.spec index 4ba2b03..b7895e7 100644 --- a/conmon.spec +++ b/conmon.spec @@ -24,6 +24,7 @@ License: Apache-2.0 Group: System/Management URL: https://github.com/containers/conmon Source0: %{name}-%{version}.tar.xz +Patch0: https://github.com/containers/conmon/pull/476.patch#./fix-incorrect-free-in-conn_sock.patch BuildRequires: pkgconfig BuildRequires: golang(API) >= 1.20 BuildRequires: pkgconfig(glib-2.0) diff --git a/fix-incorrect-free-in-conn_sock.patch b/fix-incorrect-free-in-conn_sock.patch new file mode 100644 index 0000000..b414942 --- /dev/null +++ b/fix-incorrect-free-in-conn_sock.patch @@ -0,0 +1,31 @@ +From 8557c117bcab03e3c16e40ffb7bd450d697f72c7 Mon Sep 17 00:00:00 2001 +From: Dominique Martinet +Date: Fri, 15 Dec 2023 12:44:03 +0900 +Subject: [PATCH] Fix incorrect free in conn_sock + +Earlier commit freed socket_parent_dir()'s result which is correct in +the case it returns a path from g_build_filename, but when it returns +opt_bundle_path the string should not be freed. + +Make the function always return an allocated string that can be freed + +Fixes: #475 +Fixes: fad6bac8e65f ("fix some issues flagged by SAST scan") +Signed-off-by: Dominique Martinet +--- + src/conn_sock.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/conn_sock.c b/src/conn_sock.c +index 62a02266..3b854e33 100644 +--- a/src/conn_sock.c ++++ b/src/conn_sock.c +@@ -314,7 +314,7 @@ char *socket_parent_dir(gboolean use_full_attach_path, size_t desired_len) + { + /* if we're to use the full path, ignore the socket path and only use the bundle_path */ + if (use_full_attach_path) +- return opt_bundle_path; ++ return strdup(opt_bundle_path); + + char *base_path = g_build_filename(opt_socket_path, opt_cuuid, NULL); +