From 97e5bcb72df104b767615add225580f0e6774e11 Mon Sep 17 00:00:00 2001 From: Jacob Wang Date: Wed, 9 Jul 2025 11:00:30 +0800 Subject: [PATCH 1/2] [CVE]update to podman-4.9.4-22 to #ICKZBP update to podman-4.9.4-22 for CVE-2025-22871 CVE-2025-6032 Project: TC2024080204 Signed-off-by: Jacob Wang --- 1000-add-loong64-support-for-podman.patch | 39 ----------------------- download | 2 +- podman.spec | 20 ++++++++---- 3 files changed, 14 insertions(+), 47 deletions(-) delete mode 100644 1000-add-loong64-support-for-podman.patch diff --git a/1000-add-loong64-support-for-podman.patch b/1000-add-loong64-support-for-podman.patch deleted file mode 100644 index 6550e70..0000000 --- a/1000-add-loong64-support-for-podman.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 7e279d30758acb332d4cd8d23457c7b360569421 Mon Sep 17 00:00:00 2001 -From: rpm-build -Date: Wed, 14 Aug 2024 13:35:59 +0800 -Subject: [PATCH] add loong64 support for podman - -Signed-off-by: rpm-build ---- - .../vendor/github.com/u-root/uio/ubinary/little_endian.go | 2 +- - vendor/github.com/cilium/ebpf/internal/endian_le.go | 4 ++-- - 2 files changed, 3 insertions(+), 3 deletions(-) - -diff --git a/gvisor-tap-vsock-c62637db4d1417408b84340cbe993843a4984b92/vendor/github.com/u-root/uio/ubinary/little_endian.go b/gvisor-tap-vsock-c62637db4d1417408b84340cbe993843a4984b92/vendor/github.com/u-root/uio/ubinary/little_endian.go -index 317bb91..c0779ef 100644 ---- a/gvisor-tap-vsock-c62637db4d1417408b84340cbe993843a4984b92/vendor/github.com/u-root/uio/ubinary/little_endian.go -+++ b/gvisor-tap-vsock-c62637db4d1417408b84340cbe993843a4984b92/vendor/github.com/u-root/uio/ubinary/little_endian.go -@@ -2,7 +2,7 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --// +build 386 amd64 arm arm64 mipsle mips64le ppc64le riscv riscv64 -+// +build 386 amd64 arm arm64 mipsle mips64le ppc64le riscv riscv64 loong64 - - package ubinary - -diff --git a/vendor/github.com/cilium/ebpf/internal/endian_le.go b/vendor/github.com/cilium/ebpf/internal/endian_le.go -index 41a6822..62480fb 100644 ---- a/vendor/github.com/cilium/ebpf/internal/endian_le.go -+++ b/vendor/github.com/cilium/ebpf/internal/endian_le.go -@@ -1,5 +1,5 @@ --//go:build 386 || amd64 || amd64p32 || arm || arm64 || mipsle || mips64le || mips64p32le || ppc64le || riscv64 --// +build 386 amd64 amd64p32 arm arm64 mipsle mips64le mips64p32le ppc64le riscv64 -+//go:build 386 || amd64 || amd64p32 || arm || arm64 || mipsle || mips64le || mips64p32le || ppc64le || riscv64 || loong64 -+// +build 386 amd64 amd64p32 arm arm64 mipsle mips64le mips64p32le ppc64le riscv64 loong64 - - package internal - --- -2.43.0 - diff --git a/download b/download index 50bfced..d54f770 100644 --- a/download +++ b/download @@ -1,4 +1,4 @@ 38ec1fc4dd55a482cc197d58f315104e dnsname-bdc4ab8.tar.gz 369f4f472bdd335722c9aa1e6090b160 gvisor-tap-vsock-c62637db4d1417408b84340cbe993843a4984b92.tar.gz 4e88a5a12a13ec1787eb6b301e839d65 v0.1.7.tar.gz -b2e4b257e54fdbac8aad9e10ff0b0a5b v4.9-rhel-0e11f82.tar.gz +ababded2e979fc75e877b0ab19f1db29 v4.9-rhel-6cc8283.tar.gz diff --git a/podman.spec b/podman.spec index 2275fc8..cf3652f 100644 --- a/podman.spec +++ b/podman.spec @@ -1,4 +1,3 @@ -%define anolis_release .0.1 %global with_check 0 %global _find_debuginfo_dwz_opts %{nil} @@ -9,7 +8,7 @@ GO111MODULE=off go build -buildmode pie -compiler gc -tags="rpm_crashtraceback $ %global import_path github.com/containers/podman %global branch v4.9-rhel -%global commit0 0e11f820f48e52ab129fcb42ba8e137b7ce4816c +%global commit0 6cc828330733766991e0ed7ef16fb2a624f6eb88 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) %global cataver 0.1.7 %global commit_dnsname bdc4ab85266ade865a7c398336e98721e62ef6b2 @@ -21,7 +20,7 @@ GO111MODULE=off go build -buildmode pie -compiler gc -tags="rpm_crashtraceback $ Epoch: 4 Name: podman Version: 4.9.4 -Release: 20%{anolis_release}%{?dist} +Release: 22%{?dist} Summary: Manage Pods, Containers and Container Images License: Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND ISC AND MIT AND MPL-2.0 URL: https://%{name}.io/ @@ -34,7 +33,6 @@ Source1: https://github.com/openSUSE/catatonit/archive/v%{cataver}.tar.gz #Source2: https://github.com/containers/dnsname/archive/v%%{dnsnamever}.tar.gz Source2: https://github.com/containers/dnsname/archive/%{commit_dnsname}/dnsname-%{shortcommit_dnsname}.tar.gz Source4: https://github.com/containers/gvisor-tap-vsock/archive/%{commit_gvproxy}/gvisor-tap-vsock-%{commit_gvproxy}.tar.gz -Source1000: 1000-add-loong64-support-for-podman.patch # https://fedoraproject.org/wiki/PackagingDrafts/Go#Go_Language_Architectures ExclusiveArch: %{go_arches} Provides: %{name}-manpages = %{epoch}:%{version}-%{release} @@ -190,7 +188,6 @@ sed -i '$d' configure.ac popd tar fx %{SOURCE2} tar fx %{SOURCE4} -patch -p1 < %{SOURCE1000} # this is shipped by skopeo: containers-common subpackage rm -rf docs/source/markdown/containers-mounts.conf.5.md @@ -426,8 +423,17 @@ fi %{_libexecdir}/%{name}/gvproxy %changelog -* Thu Mar 27 2025 Wenlong Zhang - 4:4.9.4-20.0.1 -- add loong64 support for podman +* Wed Jun 25 2025 Jindrich Novy - 4:4.9.4-22 +- update to the latest content of https://github.com/containers/podman/tree/v4.9-rhel + (https://github.com/containers/podman/commit/6cc8283) +- fixes "CVE-2025-6032 container-tools:rhel8/podman: podman missing TLS verification [rhel-8.10.z]" +- Resolves: RHEL-96702 + +* Tue Jun 24 2025 Jindrich Novy - 4:4.9.4-21 +- update to the latest content of https://github.com/containers/podman/tree/v4.9-rhel + (https://github.com/containers/podman/commit/97e91b5) +- fixes "Terminate healthcheck command upon reaching timeout. [rhel-8.10.z]" +- Resolves: RHEL-96914 * Mon Mar 17 2025 Jindrich Novy - 4:4.9.4-20 - update to the latest content of https://github.com/containers/podman/tree/v4.9-rhel -- Gitee From 06987e2f6c2cab0567ddd06cd7790846b9f1689b Mon Sep 17 00:00:00 2001 From: Zhao Hang Date: Wed, 14 Aug 2024 13:40:01 +0800 Subject: [PATCH 2/2] add loong64 support for podman Signed-off-by: Zhao Hang --- 1000-add-loong64-support-for-podman.patch | 39 +++++++++++++++++++++++ podman.spec | 8 ++++- 2 files changed, 46 insertions(+), 1 deletion(-) create mode 100644 1000-add-loong64-support-for-podman.patch diff --git a/1000-add-loong64-support-for-podman.patch b/1000-add-loong64-support-for-podman.patch new file mode 100644 index 0000000..6550e70 --- /dev/null +++ b/1000-add-loong64-support-for-podman.patch @@ -0,0 +1,39 @@ +From 7e279d30758acb332d4cd8d23457c7b360569421 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Wed, 14 Aug 2024 13:35:59 +0800 +Subject: [PATCH] add loong64 support for podman + +Signed-off-by: rpm-build +--- + .../vendor/github.com/u-root/uio/ubinary/little_endian.go | 2 +- + vendor/github.com/cilium/ebpf/internal/endian_le.go | 4 ++-- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/gvisor-tap-vsock-c62637db4d1417408b84340cbe993843a4984b92/vendor/github.com/u-root/uio/ubinary/little_endian.go b/gvisor-tap-vsock-c62637db4d1417408b84340cbe993843a4984b92/vendor/github.com/u-root/uio/ubinary/little_endian.go +index 317bb91..c0779ef 100644 +--- a/gvisor-tap-vsock-c62637db4d1417408b84340cbe993843a4984b92/vendor/github.com/u-root/uio/ubinary/little_endian.go ++++ b/gvisor-tap-vsock-c62637db4d1417408b84340cbe993843a4984b92/vendor/github.com/u-root/uio/ubinary/little_endian.go +@@ -2,7 +2,7 @@ + // Use of this source code is governed by a BSD-style + // license that can be found in the LICENSE file. + +-// +build 386 amd64 arm arm64 mipsle mips64le ppc64le riscv riscv64 ++// +build 386 amd64 arm arm64 mipsle mips64le ppc64le riscv riscv64 loong64 + + package ubinary + +diff --git a/vendor/github.com/cilium/ebpf/internal/endian_le.go b/vendor/github.com/cilium/ebpf/internal/endian_le.go +index 41a6822..62480fb 100644 +--- a/vendor/github.com/cilium/ebpf/internal/endian_le.go ++++ b/vendor/github.com/cilium/ebpf/internal/endian_le.go +@@ -1,5 +1,5 @@ +-//go:build 386 || amd64 || amd64p32 || arm || arm64 || mipsle || mips64le || mips64p32le || ppc64le || riscv64 +-// +build 386 amd64 amd64p32 arm arm64 mipsle mips64le mips64p32le ppc64le riscv64 ++//go:build 386 || amd64 || amd64p32 || arm || arm64 || mipsle || mips64le || mips64p32le || ppc64le || riscv64 || loong64 ++// +build 386 amd64 amd64p32 arm arm64 mipsle mips64le mips64p32le ppc64le riscv64 loong64 + + package internal + +-- +2.43.0 + diff --git a/podman.spec b/podman.spec index cf3652f..5cc7383 100644 --- a/podman.spec +++ b/podman.spec @@ -1,3 +1,4 @@ +%define anolis_release .0.1 %global with_check 0 %global _find_debuginfo_dwz_opts %{nil} @@ -20,7 +21,7 @@ GO111MODULE=off go build -buildmode pie -compiler gc -tags="rpm_crashtraceback $ Epoch: 4 Name: podman Version: 4.9.4 -Release: 22%{?dist} +Release: 22%{anolis_release}%{?dist} Summary: Manage Pods, Containers and Container Images License: Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND ISC AND MIT AND MPL-2.0 URL: https://%{name}.io/ @@ -33,6 +34,7 @@ Source1: https://github.com/openSUSE/catatonit/archive/v%{cataver}.tar.gz #Source2: https://github.com/containers/dnsname/archive/v%%{dnsnamever}.tar.gz Source2: https://github.com/containers/dnsname/archive/%{commit_dnsname}/dnsname-%{shortcommit_dnsname}.tar.gz Source4: https://github.com/containers/gvisor-tap-vsock/archive/%{commit_gvproxy}/gvisor-tap-vsock-%{commit_gvproxy}.tar.gz +Source1000: 1000-add-loong64-support-for-podman.patch # https://fedoraproject.org/wiki/PackagingDrafts/Go#Go_Language_Architectures ExclusiveArch: %{go_arches} Provides: %{name}-manpages = %{epoch}:%{version}-%{release} @@ -188,6 +190,7 @@ sed -i '$d' configure.ac popd tar fx %{SOURCE2} tar fx %{SOURCE4} +patch -p1 < %{SOURCE1000} # this is shipped by skopeo: containers-common subpackage rm -rf docs/source/markdown/containers-mounts.conf.5.md @@ -423,6 +426,9 @@ fi %{_libexecdir}/%{name}/gvproxy %changelog +* Wed Jul 09 2025 Wenlong Zhang - 4:4.9.4-22.0.1 +- add loong64 support for podman + * Wed Jun 25 2025 Jindrich Novy - 4:4.9.4-22 - update to the latest content of https://github.com/containers/podman/tree/v4.9-rhel (https://github.com/containers/podman/commit/6cc8283) -- Gitee