From 19d886159b3ca0092b7ecc217fb3291761ce1bc6 Mon Sep 17 00:00:00 2001 From: Jacob Wang Date: Thu, 27 Mar 2025 14:16:02 +0800 Subject: [PATCH 1/2] [CVE]update to podman-4.9.4-20.src.rpm to #IBWP47 update to podman-4.9.4-20.src.rpm for CVE-2025-22869 Project: TC2024080204 Signed-off-by: Jacob Wang --- 1000-add-loong64-support-for-podman.patch | 39 ----------------------- download | 2 +- podman.spec | 14 ++++---- 3 files changed, 8 insertions(+), 47 deletions(-) delete mode 100644 1000-add-loong64-support-for-podman.patch diff --git a/1000-add-loong64-support-for-podman.patch b/1000-add-loong64-support-for-podman.patch deleted file mode 100644 index 6550e70..0000000 --- a/1000-add-loong64-support-for-podman.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 7e279d30758acb332d4cd8d23457c7b360569421 Mon Sep 17 00:00:00 2001 -From: rpm-build -Date: Wed, 14 Aug 2024 13:35:59 +0800 -Subject: [PATCH] add loong64 support for podman - -Signed-off-by: rpm-build ---- - .../vendor/github.com/u-root/uio/ubinary/little_endian.go | 2 +- - vendor/github.com/cilium/ebpf/internal/endian_le.go | 4 ++-- - 2 files changed, 3 insertions(+), 3 deletions(-) - -diff --git a/gvisor-tap-vsock-c62637db4d1417408b84340cbe993843a4984b92/vendor/github.com/u-root/uio/ubinary/little_endian.go b/gvisor-tap-vsock-c62637db4d1417408b84340cbe993843a4984b92/vendor/github.com/u-root/uio/ubinary/little_endian.go -index 317bb91..c0779ef 100644 ---- a/gvisor-tap-vsock-c62637db4d1417408b84340cbe993843a4984b92/vendor/github.com/u-root/uio/ubinary/little_endian.go -+++ b/gvisor-tap-vsock-c62637db4d1417408b84340cbe993843a4984b92/vendor/github.com/u-root/uio/ubinary/little_endian.go -@@ -2,7 +2,7 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --// +build 386 amd64 arm arm64 mipsle mips64le ppc64le riscv riscv64 -+// +build 386 amd64 arm arm64 mipsle mips64le ppc64le riscv riscv64 loong64 - - package ubinary - -diff --git a/vendor/github.com/cilium/ebpf/internal/endian_le.go b/vendor/github.com/cilium/ebpf/internal/endian_le.go -index 41a6822..62480fb 100644 ---- a/vendor/github.com/cilium/ebpf/internal/endian_le.go -+++ b/vendor/github.com/cilium/ebpf/internal/endian_le.go -@@ -1,5 +1,5 @@ --//go:build 386 || amd64 || amd64p32 || arm || arm64 || mipsle || mips64le || mips64p32le || ppc64le || riscv64 --// +build 386 amd64 amd64p32 arm arm64 mipsle mips64le mips64p32le ppc64le riscv64 -+//go:build 386 || amd64 || amd64p32 || arm || arm64 || mipsle || mips64le || mips64p32le || ppc64le || riscv64 || loong64 -+// +build 386 amd64 amd64p32 arm arm64 mipsle mips64le mips64p32le ppc64le riscv64 loong64 - - package internal - --- -2.43.0 - diff --git a/download b/download index 5428114..50bfced 100644 --- a/download +++ b/download @@ -1,4 +1,4 @@ 38ec1fc4dd55a482cc197d58f315104e dnsname-bdc4ab8.tar.gz 369f4f472bdd335722c9aa1e6090b160 gvisor-tap-vsock-c62637db4d1417408b84340cbe993843a4984b92.tar.gz 4e88a5a12a13ec1787eb6b301e839d65 v0.1.7.tar.gz -866794b226e05fa6b46620da88d7d8d7 v4.9-rhel-bfdd4c2.tar.gz +b2e4b257e54fdbac8aad9e10ff0b0a5b v4.9-rhel-0e11f82.tar.gz diff --git a/podman.spec b/podman.spec index a1816c6..97a1c6d 100644 --- a/podman.spec +++ b/podman.spec @@ -1,4 +1,3 @@ -%define anolis_release .0.1 %global with_check 0 %global _find_debuginfo_dwz_opts %{nil} @@ -9,7 +8,7 @@ GO111MODULE=off go build -buildmode pie -compiler gc -tags="rpm_crashtraceback $ %global import_path github.com/containers/podman %global branch v4.9-rhel -%global commit0 bfdd4c21124d25f33969e2a755c062ac94e6009d +%global commit0 0e11f820f48e52ab129fcb42ba8e137b7ce4816c %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) %global cataver 0.1.7 %global commit_dnsname bdc4ab85266ade865a7c398336e98721e62ef6b2 @@ -21,7 +20,7 @@ GO111MODULE=off go build -buildmode pie -compiler gc -tags="rpm_crashtraceback $ Epoch: 4 Name: podman Version: 4.9.4 -Release: 19%{anolis_release}%{?dist} +Release: 20%{?dist} Summary: Manage Pods, Containers and Container Images License: Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND ISC AND MIT AND MPL-2.0 URL: https://%{name}.io/ @@ -34,7 +33,6 @@ Source1: https://github.com/openSUSE/catatonit/archive/v%{cataver}.tar.gz #Source2: https://github.com/containers/dnsname/archive/v%%{dnsnamever}.tar.gz Source2: https://github.com/containers/dnsname/archive/%{commit_dnsname}/dnsname-%{shortcommit_dnsname}.tar.gz Source4: https://github.com/containers/gvisor-tap-vsock/archive/%{commit_gvproxy}/gvisor-tap-vsock-%{commit_gvproxy}.tar.gz -Source1000: 1000-add-loong64-support-for-podman.patch # https://fedoraproject.org/wiki/PackagingDrafts/Go#Go_Language_Architectures ExclusiveArch: %{go_arches} Provides: %{name}-manpages = %{epoch}:%{version}-%{release} @@ -190,7 +188,6 @@ sed -i '$d' configure.ac popd tar fx %{SOURCE2} tar fx %{SOURCE4} -patch -p1 < %{SOURCE1000} # this is shipped by skopeo: containers-common subpackage rm -rf docs/source/markdown/containers-mounts.conf.5.md @@ -426,8 +423,11 @@ fi %{_libexecdir}/%{name}/gvproxy %changelog -* Fri Feb 14 2025 Wenlong Zhang - 4:4.9.4-19.0.1 -- add loong64 support for podman +* Mon Mar 17 2025 Jindrich Novy - 4:4.9.4-20 +- update to the latest content of https://github.com/containers/podman/tree/v4.9-rhel + (https://github.com/containers/podman/commit/0e11f82) +- fixes "CVE-2025-22869 container-tools:rhel8/podman: Potential denial of service in golang.org/x/crypto [rhel-8.10.z]" +- Resolves: RHEL-81299 * Fri Jan 24 2025 Jindrich Novy - 4:4.9.4-19 - update to the latest content of https://github.com/containers/podman/tree/v4.9-rhel -- Gitee From f6e3d48c7184d10455a326fbcb7cc8c8be08ba6c Mon Sep 17 00:00:00 2001 From: Zhao Hang Date: Wed, 14 Aug 2024 13:40:01 +0800 Subject: [PATCH 2/2] add loong64 support for podman Signed-off-by: Zhao Hang --- 1000-add-loong64-support-for-podman.patch | 39 +++++++++++++++++++++++ podman.spec | 8 ++++- 2 files changed, 46 insertions(+), 1 deletion(-) create mode 100644 1000-add-loong64-support-for-podman.patch diff --git a/1000-add-loong64-support-for-podman.patch b/1000-add-loong64-support-for-podman.patch new file mode 100644 index 0000000..6550e70 --- /dev/null +++ b/1000-add-loong64-support-for-podman.patch @@ -0,0 +1,39 @@ +From 7e279d30758acb332d4cd8d23457c7b360569421 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Wed, 14 Aug 2024 13:35:59 +0800 +Subject: [PATCH] add loong64 support for podman + +Signed-off-by: rpm-build +--- + .../vendor/github.com/u-root/uio/ubinary/little_endian.go | 2 +- + vendor/github.com/cilium/ebpf/internal/endian_le.go | 4 ++-- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/gvisor-tap-vsock-c62637db4d1417408b84340cbe993843a4984b92/vendor/github.com/u-root/uio/ubinary/little_endian.go b/gvisor-tap-vsock-c62637db4d1417408b84340cbe993843a4984b92/vendor/github.com/u-root/uio/ubinary/little_endian.go +index 317bb91..c0779ef 100644 +--- a/gvisor-tap-vsock-c62637db4d1417408b84340cbe993843a4984b92/vendor/github.com/u-root/uio/ubinary/little_endian.go ++++ b/gvisor-tap-vsock-c62637db4d1417408b84340cbe993843a4984b92/vendor/github.com/u-root/uio/ubinary/little_endian.go +@@ -2,7 +2,7 @@ + // Use of this source code is governed by a BSD-style + // license that can be found in the LICENSE file. + +-// +build 386 amd64 arm arm64 mipsle mips64le ppc64le riscv riscv64 ++// +build 386 amd64 arm arm64 mipsle mips64le ppc64le riscv riscv64 loong64 + + package ubinary + +diff --git a/vendor/github.com/cilium/ebpf/internal/endian_le.go b/vendor/github.com/cilium/ebpf/internal/endian_le.go +index 41a6822..62480fb 100644 +--- a/vendor/github.com/cilium/ebpf/internal/endian_le.go ++++ b/vendor/github.com/cilium/ebpf/internal/endian_le.go +@@ -1,5 +1,5 @@ +-//go:build 386 || amd64 || amd64p32 || arm || arm64 || mipsle || mips64le || mips64p32le || ppc64le || riscv64 +-// +build 386 amd64 amd64p32 arm arm64 mipsle mips64le mips64p32le ppc64le riscv64 ++//go:build 386 || amd64 || amd64p32 || arm || arm64 || mipsle || mips64le || mips64p32le || ppc64le || riscv64 || loong64 ++// +build 386 amd64 amd64p32 arm arm64 mipsle mips64le mips64p32le ppc64le riscv64 loong64 + + package internal + +-- +2.43.0 + diff --git a/podman.spec b/podman.spec index 97a1c6d..2275fc8 100644 --- a/podman.spec +++ b/podman.spec @@ -1,3 +1,4 @@ +%define anolis_release .0.1 %global with_check 0 %global _find_debuginfo_dwz_opts %{nil} @@ -20,7 +21,7 @@ GO111MODULE=off go build -buildmode pie -compiler gc -tags="rpm_crashtraceback $ Epoch: 4 Name: podman Version: 4.9.4 -Release: 20%{?dist} +Release: 20%{anolis_release}%{?dist} Summary: Manage Pods, Containers and Container Images License: Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND ISC AND MIT AND MPL-2.0 URL: https://%{name}.io/ @@ -33,6 +34,7 @@ Source1: https://github.com/openSUSE/catatonit/archive/v%{cataver}.tar.gz #Source2: https://github.com/containers/dnsname/archive/v%%{dnsnamever}.tar.gz Source2: https://github.com/containers/dnsname/archive/%{commit_dnsname}/dnsname-%{shortcommit_dnsname}.tar.gz Source4: https://github.com/containers/gvisor-tap-vsock/archive/%{commit_gvproxy}/gvisor-tap-vsock-%{commit_gvproxy}.tar.gz +Source1000: 1000-add-loong64-support-for-podman.patch # https://fedoraproject.org/wiki/PackagingDrafts/Go#Go_Language_Architectures ExclusiveArch: %{go_arches} Provides: %{name}-manpages = %{epoch}:%{version}-%{release} @@ -188,6 +190,7 @@ sed -i '$d' configure.ac popd tar fx %{SOURCE2} tar fx %{SOURCE4} +patch -p1 < %{SOURCE1000} # this is shipped by skopeo: containers-common subpackage rm -rf docs/source/markdown/containers-mounts.conf.5.md @@ -423,6 +426,9 @@ fi %{_libexecdir}/%{name}/gvproxy %changelog +* Thu Mar 27 2025 Wenlong Zhang - 4:4.9.4-20.0.1 +- add loong64 support for podman + * Mon Mar 17 2025 Jindrich Novy - 4:4.9.4-20 - update to the latest content of https://github.com/containers/podman/tree/v4.9-rhel (https://github.com/containers/podman/commit/0e11f82) -- Gitee