diff --git a/0001-do-not-mkdir-of-isulad-if-no-controller-found.patch b/0001-do-not-mkdir-of-isulad-if-no-controller-found.patch index ccc2ca2faf3208856a097467a6ac70e8eea9e93f..0cbea86dfedd7e2b0e0a2c23f6a1f81ee4d05fbe 100644 --- a/0001-do-not-mkdir-of-isulad-if-no-controller-found.patch +++ b/0001-do-not-mkdir-of-isulad-if-no-controller-found.patch @@ -1,7 +1,7 @@ From 9837be14200fecb32db0337652e60532f1adb7be Mon Sep 17 00:00:00 2001 From: WangFengTu Date: Mon, 23 May 2022 17:06:19 +0800 -Subject: [PATCH 1/4] do not mkdir of isulad if no controller found +Subject: [PATCH 01/12] do not mkdir of isulad if no controller found If selinux disable the capibility DAC_OVERRIDE, mkdir isulad may fail when run container. diff --git a/0002-fix-install-error-when-android.patch b/0002-fix-install-error-when-android.patch index 5cfaede808723f79cc40196579f979cbc22f82d9..2893e532fdb4a94bdd9071ae0465b9a88d6c142d 100644 --- a/0002-fix-install-error-when-android.patch +++ b/0002-fix-install-error-when-android.patch @@ -1,7 +1,7 @@ From 426a282802b8b81c66e6857857a745583f816c0a Mon Sep 17 00:00:00 2001 From: WangFengTu Date: Tue, 24 May 2022 16:51:02 +0800 -Subject: [PATCH 2/4] fix install error when android +Subject: [PATCH 02/12] fix install error when android Signed-off-by: WangFengTu --- diff --git a/0003-imp-fuzz-for-pw-gr-parser.patch b/0003-imp-fuzz-for-pw-gr-parser.patch index 34f71fbd06fd924daf894c86a89bdbb0a7721e59..8fd8e822f7a36a49e57a3b319da8ed64478fe3c0 100644 --- a/0003-imp-fuzz-for-pw-gr-parser.patch +++ b/0003-imp-fuzz-for-pw-gr-parser.patch @@ -1,7 +1,7 @@ From 9ccb30fa430c7b98ecab4406dabe8498c74db8c3 Mon Sep 17 00:00:00 2001 From: chegJH Date: Thu, 12 May 2022 16:40:41 +0800 -Subject: [PATCH 3/4] imp fuzz for pw gr parser +Subject: [PATCH 03/12] imp fuzz for pw gr parser Signed-off-by: chegJH --- diff --git a/0004-improve-fuzz-test.patch b/0004-improve-fuzz-test.patch index 70276ab48feb8d0deaf2f88ce0c39cf7509e9583..62c90891751b82b435c758f75be9d54ac98ed071 100644 --- a/0004-improve-fuzz-test.patch +++ b/0004-improve-fuzz-test.patch @@ -1,7 +1,7 @@ From 31a92265a6bd29dc8f98179947406f1bb56ac5a8 Mon Sep 17 00:00:00 2001 From: haozi007 Date: Thu, 26 May 2022 13:53:09 +0100 -Subject: [PATCH 4/4] improve fuzz test +Subject: [PATCH 04/12] improve fuzz test Signed-off-by: haozi007 --- diff --git a/0005-Seccomp-optimization.patch b/0005-Seccomp-optimization.patch index 687c286fae3c16c7c1987f5646fcbc27bc8db169..8ebf1bbdd35a8a3b5fb42f244ccb4b5a3190f82e 100644 --- a/0005-Seccomp-optimization.patch +++ b/0005-Seccomp-optimization.patch @@ -1,7 +1,7 @@ From 02167555e702316fe14cc963f9e978e9f66f59ba Mon Sep 17 00:00:00 2001 From: chengzrz Date: Fri, 24 Dec 2021 10:47:31 +0800 -Subject: [PATCH] Seccomp optimization +Subject: [PATCH 05/12] Seccomp optimization Signed-off-by: chengzrz --- @@ -258,5 +258,5 @@ index a647f7bc..278a72c5 100644 free(tmp_variant); tmp_variant = NULL; -- -2.25.1 +2.20.1 diff --git a/0006-fix-different-type-convert.patch b/0006-fix-different-type-convert.patch index 9c9659e4251118cab350be14fb0db60aaa070c6d..56f9220dd62dc823f0818f343e11b75023c23b5e 100644 --- a/0006-fix-different-type-convert.patch +++ b/0006-fix-different-type-convert.patch @@ -1,7 +1,7 @@ From 1db2941da2eba089f3ed07c59f4925c857860023 Mon Sep 17 00:00:00 2001 From: haozi007 Date: Tue, 31 May 2022 03:33:16 +0100 -Subject: [PATCH 6/8] fix different type convert +Subject: [PATCH 06/12] fix different type convert Signed-off-by: haozi007 --- @@ -260,5 +260,5 @@ index 5ea1677c..37475b33 100644 size_t ssize, dsize; -- -2.25.1 +2.20.1 diff --git a/0007-add-pointer-parameters-NULL-check.patch b/0007-add-pointer-parameters-NULL-check.patch index e01a26bd587eec9c8ef1aa16a5d2b847b1f8e851..09525e0c9c1a01c953d479d438306c3417037b97 100644 --- a/0007-add-pointer-parameters-NULL-check.patch +++ b/0007-add-pointer-parameters-NULL-check.patch @@ -1,7 +1,7 @@ From 17b6015d5abe3500a5a89d171af79698e57545f2 Mon Sep 17 00:00:00 2001 From: zhangxiaoyu Date: Tue, 31 May 2022 19:35:35 +0800 -Subject: [PATCH 7/8] add pointer parameters NULL check +Subject: [PATCH 07/12] add pointer parameters NULL check Signed-off-by: zhangxiaoyu Signed-off-by: haozi007 @@ -222,5 +222,5 @@ index 7f43ae57..6276a586 100644 if (ret < 0) { return -1; -- -2.25.1 +2.20.1 diff --git a/0008-add-check-to-arguments.patch b/0008-add-check-to-arguments.patch index 825a6d9a494f5721ab6763d6c24276902c037251..073250a50f0f19fbe64637a27bae86a1e5904d09 100644 --- a/0008-add-check-to-arguments.patch +++ b/0008-add-check-to-arguments.patch @@ -1,7 +1,7 @@ From 56c2a6a98d51ea893939079cc31e3a7897fa5aba Mon Sep 17 00:00:00 2001 From: haozi007 Date: Tue, 31 May 2022 12:53:10 +0100 -Subject: [PATCH 8/8] add check to arguments +Subject: [PATCH 08/12] add check to arguments Signed-off-by: haozi007 --- @@ -529,5 +529,5 @@ index ce6dcc08..0068ecb4 100644 free(resolvedpath); resolvedpath = nullptr; -- -2.25.1 +2.20.1 diff --git a/0009-remove-static-of-strlncat.patch b/0009-remove-static-of-strlncat.patch new file mode 100644 index 0000000000000000000000000000000000000000..9fa8b0ce1299d4cead893b8700fdcfb08597f74c --- /dev/null +++ b/0009-remove-static-of-strlncat.patch @@ -0,0 +1,26 @@ +From 9133e2159e9e69434b41e9649762f8eaed191f37 Mon Sep 17 00:00:00 2001 +From: zhangxiaoyu +Date: Tue, 31 May 2022 22:39:44 +0800 +Subject: [PATCH 09/12] remove static of strlncat + +Signed-off-by: zhangxiaoyu +--- + src/utils/http/parser.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/utils/http/parser.c b/src/utils/http/parser.c +index 0e0e603b..12df2435 100644 +--- a/src/utils/http/parser.c ++++ b/src/utils/http/parser.c +@@ -47,7 +47,7 @@ + #include "utils.h" + #include "isula_libutils/log.h" + +-static size_t strlncat(char *dststr, size_t size, const char *srcstr, size_t nsize) ++size_t strlncat(char *dststr, size_t size, const char *srcstr, size_t nsize) + { + size_t ssize, dsize; + +-- +2.20.1 + diff --git a/0010-remove-check-parameter-label_opts-in-init_label.patch b/0010-remove-check-parameter-label_opts-in-init_label.patch new file mode 100644 index 0000000000000000000000000000000000000000..6617504d953a5a8738fcf1be46bd4dc8df329f39 --- /dev/null +++ b/0010-remove-check-parameter-label_opts-in-init_label.patch @@ -0,0 +1,26 @@ +From 60715b192de2cb1b4e8fe9ce48ddf081a6d2be53 Mon Sep 17 00:00:00 2001 +From: zhangxiaoyu +Date: Wed, 1 Jun 2022 09:50:03 +0800 +Subject: [PATCH 10/12] remove check parameter label_opts in init_label + +Signed-off-by: zhangxiaoyu +--- + src/daemon/common/selinux_label.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/daemon/common/selinux_label.c b/src/daemon/common/selinux_label.c +index 533393a6..52422970 100644 +--- a/src/daemon/common/selinux_label.c ++++ b/src/daemon/common/selinux_label.c +@@ -782,7 +782,7 @@ int init_label(const char **label_opts, size_t label_opts_len, char **dst_proces + return 0; + } + +- if (label_opts == NULL || dst_process_label == NULL || dst_mount_label == NULL) { ++ if (dst_process_label == NULL || dst_mount_label == NULL) { + ERROR("Empty arguments"); + return -1; + } +-- +2.20.1 + diff --git a/0011-update-seccomp-to-Linux-5.10-syscall-list.patch b/0011-update-seccomp-to-Linux-5.10-syscall-list.patch new file mode 100644 index 0000000000000000000000000000000000000000..da41787208304f3e4c4663794a3c6a5d10c68562 --- /dev/null +++ b/0011-update-seccomp-to-Linux-5.10-syscall-list.patch @@ -0,0 +1,191 @@ +From 55a4f57232c42a9c2d36a41de5d743ee9ebbe88e Mon Sep 17 00:00:00 2001 +From: vegbir +Date: Wed, 1 Jun 2022 13:44:37 +0800 +Subject: [PATCH 11/12] update seccomp to Linux 5.10 syscall list + +Signed-off-by: yangjiaqi +--- + src/contrib/config/seccomp_default.json | 39 +++++++++++++++++++++++-- + 1 file changed, 36 insertions(+), 3 deletions(-) + +diff --git a/src/contrib/config/seccomp_default.json b/src/contrib/config/seccomp_default.json +index 7218b99c..7b2fcad3 100644 +--- a/src/contrib/config/seccomp_default.json ++++ b/src/contrib/config/seccomp_default.json +@@ -31,10 +31,16 @@ + "chmod", + "chown", + "chown32", ++ "clock_adjtime", ++ "clock_adjtime64", + "clock_getres", ++ "clock_getres_time64", + "clock_gettime", ++ "clock_gettime64", + "clock_nanosleep", ++ "clock_nanosleep_time64", + "close", ++ "close_range", + "connect", + "copy_file_range", + "creat", +@@ -46,6 +52,7 @@ + "epoll_ctl", + "epoll_ctl_old", + "epoll_pwait", ++ "epoll_pwait2", + "epoll_wait", + "epoll_wait_old", + "eventfd", +@@ -55,6 +62,7 @@ + "exit", + "exit_group", + "faccessat", ++ "faccessat2", + "fadvise64", + "fadvise64_64", + "fallocate", +@@ -83,6 +91,7 @@ + "ftruncate", + "ftruncate64", + "futex", ++ "futex_time64", + "futimesat", + "getcpu", + "getcwd", +@@ -128,10 +137,15 @@ + "ioctl", + "io_destroy", + "io_getevents", ++ "io_pgetevents", ++ "io_pgetevents_time64", + "ioprio_get", + "ioprio_set", + "io_setup", + "io_submit", ++ "io_uring_enter", ++ "io_uring_register", ++ "io_uring_setup", + "ipc", + "kill", + "lchown", +@@ -149,6 +163,7 @@ + "lstat", + "lstat64", + "madvise", ++ "membarrier", + "memfd_create", + "mincore", + "mkdir", +@@ -165,7 +180,9 @@ + "mq_notify", + "mq_open", + "mq_timedreceive", ++ "mq_timedreceive_time64", + "mq_timedsend", ++ "mq_timedsend_time64", + "mq_unlink", + "mremap", + "msgctl", +@@ -181,17 +198,22 @@ + "_newselect", + "open", + "openat", ++ "openat2", + "pause", ++ "pidfd_open", ++ "pidfd_send_signal", + "pipe", + "pipe2", + "poll", + "ppoll", ++ "ppoll_time64", + "prctl", + "pread64", + "preadv", + "preadv2", + "prlimit64", + "pselect6", ++ "pselect6_time64", + "pwrite64", + "pwritev", + "pwritev2", +@@ -203,6 +225,7 @@ + "recv", + "recvfrom", + "recvmmsg", ++ "recvmmsg_time64", + "recvmsg", + "remap_file_pages", + "removexattr", +@@ -211,6 +234,7 @@ + "renameat2", + "restart_syscall", + "rmdir", ++ "rseq", + "rt_sigaction", + "rt_sigpending", + "rt_sigprocmask", +@@ -218,6 +242,7 @@ + "rt_sigreturn", + "rt_sigsuspend", + "rt_sigtimedwait", ++ "rt_sigtimedwait_time64", + "rt_tgsigqueueinfo", + "sched_getaffinity", + "sched_getattr", +@@ -226,6 +251,7 @@ + "sched_get_priority_min", + "sched_getscheduler", + "sched_rr_get_interval", ++ "sched_rr_get_interval_time64", + "sched_setaffinity", + "sched_setattr", + "sched_setparam", +@@ -237,6 +263,7 @@ + "semget", + "semop", + "semtimedop", ++ "semtimedop_time64", + "send", + "sendfile", + "sendfile64", +@@ -279,6 +306,7 @@ + "sigaltstack", + "signalfd", + "signalfd4", ++ "sigprocmask", + "sigreturn", + "socket", + "socketcall", +@@ -300,12 +328,16 @@ + "time", + "timer_create", + "timer_delete", +- "timerfd_create", +- "timerfd_gettime", +- "timerfd_settime", + "timer_getoverrun", + "timer_gettime", ++ "timer_gettime64", + "timer_settime", ++ "timer_settime64", ++ "timerfd_create", ++ "timerfd_gettime", ++ "timerfd_gettime64", ++ "timerfd_settime", ++ "timerfd_settime64", + "times", + "tkill", + "truncate", +@@ -317,6 +349,7 @@ + "unlinkat", + "utime", + "utimensat", ++ "utimensat_time64", + "utimes", + "vfork", + "vmsplice", +-- +2.20.1 + diff --git a/0012-fix-invalid-convert-and-format.patch b/0012-fix-invalid-convert-and-format.patch new file mode 100644 index 0000000000000000000000000000000000000000..7a16a750dbb01c4c98f533281d3f9e1c98b91e3f --- /dev/null +++ b/0012-fix-invalid-convert-and-format.patch @@ -0,0 +1,319 @@ +From 8dcad172ea0241f35cdd464029523253ada7e99f Mon Sep 17 00:00:00 2001 +From: haozi007 +Date: Wed, 1 Jun 2022 12:53:56 +0100 +Subject: [PATCH 12/12] fix invalid convert and format + +1. invalid convert; +2. error print format; +3. unuse marco; + +Signed-off-by: haozi007 +--- + src/cmd/isula/base/create.h | 3 +-- + src/cmd/isula/information/inspect.c | 1 - + src/cmd/isula/information/ps.c | 1 - + src/cmd/isulad/isulad_commands.h | 3 +-- + src/cmd/isulad/main.c | 2 +- + src/daemon/modules/runtime/shim/shim_rt_ops.c | 11 ++++++----- + src/daemon/modules/service/service_container.c | 6 +++--- + src/daemon/modules/spec/specs_namespace.c | 8 +++++--- + src/utils/cutils/utils.c | 2 +- + src/utils/cutils/utils_aes.c | 7 +------ + src/utils/cutils/utils_aes.h | 1 - + src/utils/cutils/utils_file.c | 1 - + src/utils/cutils/utils_network.c | 11 +++++++++-- + 13 files changed, 28 insertions(+), 29 deletions(-) + +diff --git a/src/cmd/isula/base/create.h b/src/cmd/isula/base/create.h +index 36c0dc9e..467fefe8 100644 +--- a/src/cmd/isula/base/create.h ++++ b/src/cmd/isula/base/create.h +@@ -414,8 +414,7 @@ extern "C" { + "health-start-period", \ + 0, \ + &(cmdargs).custom_conf.health_start_period, \ +- "Start period for the container to initialize before starting health-retries countdown (ms|s|m|h) " \ +- "(default 0s)", \ ++ "Start period for the container to initialize before starting health-retries countdown (ms|s|m|h) (default 0s)", \ + command_convert_nanoseconds }, \ + { CMD_OPT_TYPE_BOOL, \ + false, \ +diff --git a/src/cmd/isula/information/inspect.c b/src/cmd/isula/information/inspect.c +index 30b228a0..5058fb95 100644 +--- a/src/cmd/isula/information/inspect.c ++++ b/src/cmd/isula/information/inspect.c +@@ -639,7 +639,6 @@ out: + return ret_string; + } + +-#define MATCH_NUM 1 + #define CHECK_FAILED (-1) + #ifdef __ANDROID__ + #define JSON_ARGS "^[ \t\r\n\v\f]*\\{[ \t\r\n\v\f]*\\{[ \t\r\n\v\f]*(json)?[ \t\r\n\v\f]+[^ \t\r\n\v\f]+[ \t\r\n\v\f]*.*\\}[ \t\r\n\v\f]*\\}[ \t\r\n\v\f]*$" +diff --git a/src/cmd/isula/information/ps.c b/src/cmd/isula/information/ps.c +index 45296fad..74c2f94a 100644 +--- a/src/cmd/isula/information/ps.c ++++ b/src/cmd/isula/information/ps.c +@@ -765,7 +765,6 @@ static int get_header_field(const char *patten, struct filters *ff) + + static int format_field_check(const char *source, const char *patten) + { +-#define MATCH_NUM 1 + #define CHECK_FAILED (-1) + int status = 0; + +diff --git a/src/cmd/isulad/isulad_commands.h b/src/cmd/isulad/isulad_commands.h +index e989466f..ad8ba9e5 100644 +--- a/src/cmd/isulad/isulad_commands.h ++++ b/src/cmd/isulad/isulad_commands.h +@@ -182,8 +182,7 @@ int command_default_ulimit_append(command_option_t *option, const char *arg); + "pod-sandbox-image", \ + 0, \ + &(cmdargs)->json_confs->pod_sandbox_image, \ +- "The image whose network/ipc namespaces containers in each pod will use. " \ +- "(default \"pause-${machine}:3.0\")", \ ++ "The image whose network/ipc namespaces containers in each pod will use. (default \"pause-${machine}:3.0\")", \ + NULL }, \ + { CMD_OPT_TYPE_STRING_DUP, \ + false, \ +diff --git a/src/cmd/isulad/main.c b/src/cmd/isulad/main.c +index 9801c245..e644b16d 100644 +--- a/src/cmd/isulad/main.c ++++ b/src/cmd/isulad/main.c +@@ -707,7 +707,7 @@ static int update_graph_for_userns_remap(struct service_arguments *args) + goto out; + } + +- nret = snprintf(graph, sizeof(graph), "%s/%d.%d", args->json_confs->graph, host_uid, host_gid); ++ nret = snprintf(graph, sizeof(graph), "%s/%u.%u", args->json_confs->graph, host_uid, host_gid); + if (nret < 0 || (size_t)nret >= sizeof(graph)) { + ERROR("Path is too long"); + ret = -1; +diff --git a/src/daemon/modules/runtime/shim/shim_rt_ops.c b/src/daemon/modules/runtime/shim/shim_rt_ops.c +index 346e6f48..21d339e5 100644 +--- a/src/daemon/modules/runtime/shim/shim_rt_ops.c ++++ b/src/daemon/modules/runtime/shim/shim_rt_ops.c +@@ -30,8 +30,6 @@ + #include "err_msg.h" + #include "engine.h" + +-#define SHIM_LOG_SIZE ((BUFSIZ-100)/2) +-#define PID_WAIT_TIME 120 + #define EXIT_SIGNAL_OFFSET_X 128 + + static void copy_process(shim_client_process_state *p, defs_process *dp) +@@ -112,7 +110,7 @@ static int shim_bin_v2_create(const char *runtime, const char *id, const char *w + int err_fd[2] = {-1, -1}; + int out_fd[2] = {-1, -1}; + char exec_buff[BUFSIZ + 1] = {0}; +- char stdout_buff[BUFSIZ + 1] = {0}; ++ char stdout_buff[PATH_MAX] = {0}; + char stderr_buff[BUFSIZ + 1] = {0}; + + +@@ -177,7 +175,10 @@ static int shim_bin_v2_create(const char *runtime, const char *id, const char *w + (void)dprintf(exec_fd[1], "close inherited fds failed"); + } + +- setenv("EXIT_FIFO_DIR", exit_fifo_dir, 1); ++ if (setenv("EXIT_FIFO_DIR", exit_fifo_dir, 1) != 0) { ++ (void)dprintf(exec_fd[1], "%s: failed to set env for process %d", id, getpid()); ++ exit(EXIT_FAILURE); ++ } + + execvp(binary, (char * const *)params); + (void)dprintf(exec_fd[1], "exec failed: %s", strerror(errno)); +@@ -379,7 +380,7 @@ int rt_shim_rm(const char *id, const char *runtime, const rt_rm_params_t *params + } + + nret = snprintf(libdir, sizeof(libdir), "%s/%s", params->rootpath, id); +- if (nret < 0 && nret >= sizeof(libdir)) { ++ if (nret < 0 || nret >= sizeof(libdir)) { + ERROR("failed to get shim workdir"); + ret = -1; + goto out; +diff --git a/src/daemon/modules/service/service_container.c b/src/daemon/modules/service/service_container.c +index 64219423..c3c4fc1c 100644 +--- a/src/daemon/modules/service/service_container.c ++++ b/src/daemon/modules/service/service_container.c +@@ -1233,7 +1233,7 @@ static int send_signal_to_process(pid_t pid, unsigned long long start_time, uint + return 0; + } + +-static int container_stop_signal(container_t *cont) ++static uint32_t container_stop_signal(container_t *cont) + { + int signal = 0; + +@@ -1245,7 +1245,7 @@ static int container_stop_signal(container_t *cont) + signal = SIGTERM; + } + +- return signal; ++ return (uint32_t)signal; + } + + static int kill_with_signal(container_t *cont, uint32_t signal) +@@ -1253,7 +1253,7 @@ static int kill_with_signal(container_t *cont, uint32_t signal) + int ret = 0; + int nret = 0; + const char *id = cont->common_config->id; +- int stop_signal = container_stop_signal(cont); ++ uint32_t stop_signal = container_stop_signal(cont); + bool need_unpause = container_is_paused(cont->state); + rt_resume_params_t params = { 0 }; + char annotations[EVENT_EXTRA_ANNOTATION_MAX] = { 0 }; +diff --git a/src/daemon/modules/spec/specs_namespace.c b/src/daemon/modules/spec/specs_namespace.c +index e9f98d00..3888f556 100644 +--- a/src/daemon/modules/spec/specs_namespace.c ++++ b/src/daemon/modules/spec/specs_namespace.c +@@ -191,7 +191,7 @@ int get_network_namespace_path(const host_config *host_spec, + const container_config_v2_common_config_network_settings *network_settings, + const char *type, char **dest_path) + { +- int index; ++ size_t index = 0; + int ret = -1; + struct get_netns_path_handler handler_jump_table[] = { + { SHARE_NAMESPACE_NONE, handle_get_path_from_none }, +@@ -200,11 +200,13 @@ int get_network_namespace_path(const host_config *host_spec, + { SHARE_NAMESPACE_FILE, handle_get_path_from_file }, + }; + size_t jump_table_size = sizeof(handler_jump_table) / sizeof(handler_jump_table[0]); +- const char *network_mode = host_spec->network_mode; ++ const char *network_mode = NULL; + +- if (network_mode == NULL || dest_path == NULL) { ++ if (host_spec == NULL || network_mode == NULL || dest_path == NULL) { ++ ERROR("Invalid input"); + return -1; + } ++ network_mode = host_spec->network_mode; + + for (index = 0; index < jump_table_size; ++index) { + if (strncmp(network_mode, handler_jump_table[index].mode, strlen(handler_jump_table[index].mode)) == 0) { +diff --git a/src/utils/cutils/utils.c b/src/utils/cutils/utils.c +index 30ff629f..a47c5644 100644 +--- a/src/utils/cutils/utils.c ++++ b/src/utils/cutils/utils.c +@@ -1549,7 +1549,7 @@ out: + int convert_v2_runtime(const char *runtime, char *binary) + { + char **parts = NULL; +- int parts_len = 0; ++ size_t parts_len = 0; + char buf[PATH_MAX] = {0}; + int ret = 0; + +diff --git a/src/utils/cutils/utils_aes.c b/src/utils/cutils/utils_aes.c +index 5dc822a2..dec1e8bc 100644 +--- a/src/utils/cutils/utils_aes.c ++++ b/src/utils/cutils/utils_aes.c +@@ -28,8 +28,6 @@ + #include "openssl/evp.h" + #include "utils_file.h" + +-#define AES_256_CFB_IV_LEN 16 +- + int util_aes_key(char *key_file, bool create, unsigned char *aeskey) + { + char *key_dir = NULL; +@@ -83,7 +81,6 @@ int util_aes_key(char *key_file, bool create, unsigned char *aeskey) + + out: + free(key_dir); +- key_dir = NULL; + if (fd != 0) { + close(fd); + } +@@ -97,7 +94,7 @@ size_t util_aes_decode_buf_len(size_t len) + return len; + } + +- return (len / AES_BLOCK_SIZE * AES_BLOCK_SIZE) + AES_BLOCK_SIZE; ++ return (len / AES_BLOCK_SIZE) * AES_BLOCK_SIZE + AES_BLOCK_SIZE; + } + + size_t util_aes_encode_buf_len(size_t len) +@@ -179,7 +176,6 @@ int util_aes_encode(unsigned char *aeskey, unsigned char *bytes, size_t len, uns + + out: + EVP_CIPHER_CTX_free(ctx); +- ctx = NULL; + if (ret != 0) { + free(*out); + *out = NULL; +@@ -262,7 +258,6 @@ int util_aes_decode(unsigned char *aeskey, unsigned char *bytes, size_t len, uns + + out: + EVP_CIPHER_CTX_free(ctx); +- ctx = NULL; + if (ret != 0) { + free(*out); + *out = NULL; +diff --git a/src/utils/cutils/utils_aes.h b/src/utils/cutils/utils_aes.h +index 2bfe3ea6..d429c9e0 100644 +--- a/src/utils/cutils/utils_aes.h ++++ b/src/utils/cutils/utils_aes.h +@@ -17,7 +17,6 @@ + #define UTILS_CUTILS_UTILS_AES_H + + #include +-#include + #include + #include + +diff --git a/src/utils/cutils/utils_file.c b/src/utils/cutils/utils_file.c +index 45e4842b..00f586f1 100644 +--- a/src/utils/cutils/utils_file.c ++++ b/src/utils/cutils/utils_file.c +@@ -1619,7 +1619,6 @@ static int do_check_args(const char *path) + + char *util_read_content_from_file(const char *path) + { +-#define FILE_MODE 0640 + char *buf = NULL; + char rpath[PATH_MAX + 1] = { 0 }; + int fd = -1; +diff --git a/src/utils/cutils/utils_network.c b/src/utils/cutils/utils_network.c +index 1ca901ea..5192d06f 100644 +--- a/src/utils/cutils/utils_network.c ++++ b/src/utils/cutils/utils_network.c +@@ -27,6 +27,7 @@ + #include + #include + ++#include "utils.h" + #include "utils_fs.h" + #include "utils_file.h" + #include "constants.h" +@@ -67,10 +68,16 @@ out: + + static void* mount_netns(void *netns_path) + { +- int *ecode = (int *)malloc(sizeof(int)); ++ int *ecode = NULL; + char fullpath[PATH_MAX] = { 0x00 }; + int ret = 0; + ++ ecode = (int *)util_common_calloc_s(sizeof(int)); ++ if (ecode == NULL) { ++ ERROR("Out of memory"); ++ return NULL; ++ } ++ + if (unshare(CLONE_NEWNET) != 0) { + ERROR("Failed to unshare"); + goto err_out; +@@ -102,7 +109,7 @@ int util_mount_namespace(const char *netns_path) + int ret = 0; + void *status = NULL; + +- ret = pthread_create(&newns_thread, NULL, (void *)&mount_netns, (void *)netns_path); ++ ret = pthread_create(&newns_thread, NULL, mount_netns, (void *)netns_path); + if (ret != 0) { + ERROR("Failed to create thread"); + return -1; +-- +2.20.1 + diff --git a/iSulad.spec b/iSulad.spec index 540372c136925622003e0aa188d01c2fabe9d8ce..1f90c62d779d4d56d4f8938c0a35f5ee38eb823b 100644 --- a/iSulad.spec +++ b/iSulad.spec @@ -1,5 +1,5 @@ %global _version 2.0.14 -%global _release 6 +%global _release 7 %global is_systemd 1 %global enable_shimv2 1 %global is_embedded 1 @@ -21,6 +21,10 @@ Patch0005: 0005-Seccomp-optimization.patch Patch0006: 0006-fix-different-type-convert.patch Patch0007: 0007-add-pointer-parameters-NULL-check.patch Patch0008: 0008-add-check-to-arguments.patch +Patch0009: 0009-remove-static-of-strlncat.patch +Patch0010: 0010-remove-check-parameter-label_opts-in-init_label.patch +Patch0011: 0011-update-seccomp-to-Linux-5.10-syscall-list.patch +Patch0012: 0012-fix-invalid-convert-and-format.patch %ifarch x86_64 aarch64 Provides: libhttpclient.so()(64bit) @@ -248,6 +252,12 @@ fi %endif %changelog +* Wed Jun 1 2022 haozi007 - 2.0.14-7 +- Type: bugfix +- ID: NA +- SUG: NA +- DESC: fix type convert, add null pointer check, remove unuse macro + * Tue May 31 2022 zhangxiaoyu - 2.0.14-6 - Type: enhancement - ID: NA