packages/cri-o
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:26a8e95f89eb5e96b073100209b03ef6d4f518b3
Branches Tags
packages:main
..
compare: packages:ddb5be2c63d9a8b2ecc34b3f4f1110af4cb08b09
Branches Tags
packages:main

10 Commits
26a8e95f89 ... ddb5be2c63

Author SHA1 Message Date
openeuler-ci-bot
ddb5be2c63
!59 开启 RISCV 构建 
From: @Jingwiw 
Reviewed-by: @jianminw 
Signed-off-by: @jianminw
 2024-05-25 03:32:03 +00:00
Jingwiw
54f048261c add riscv64 arch 2024-05-25 00:02:34 +08:00
openeuler-ci-bot
87371f7c5f
!51 Fix CVE-2024-28180 
From: @northgarden 
Reviewed-by: @duyiwei7w 
Signed-off-by: @duyiwei7w
 2024-04-02 09:40:48 +00:00
bwzhang
4fca04c3ff fix CVE-2024-28180 2024-04-02 16:26:14 +08:00
openeuler-ci-bot
c463ef785a
!41 Fix CVE-2023-48795 
From: @northgarden 
Reviewed-by: @duyiwei7w 
Signed-off-by: @duyiwei7w
 2024-04-01 03:12:28 +00:00
bwzhang
abb8433f91 fix CVE-2023-48795 2024-04-01 09:28:56 +08:00
openeuler-ci-bot
290deacf47
!40 Fix CVE-2024-24786 
From: @northgarden 
Reviewed-by: @duyiwei7w 
Signed-off-by: @duyiwei7w
 2024-03-29 09:13:18 +00:00
bwzhang
6db3db03ba fix CVE-2024-24786 2024-03-29 14:51:24 +08:00
openeuler-ci-bot
a8d6713f40
!10 Update cri-o to 1.29.2 
From: @ccdxx 
Reviewed-by: @jianli-97 
Signed-off-by: @jianli-97
 2024-03-01 01:08:18 +00:00
chendexi
f8d19c6ca6 Update cri-o to 1.29.2 2024-02-28 09:00:19 +00:00
7 changed files with 469 additions and 18 deletions
Show Stats Expand all files Collapse all files

59
0001-fix-CVE-2024-24786.patch Normal file
View File

@ -0,0 +1,59 @@
From 171172b7a8a24104415f1d461da7a839dd9933a3 Mon Sep 17 00:00:00 2001
From: bwzhang <zhangbowei@kylinos.cn>
Date: Mon, 25 Mar 2024 10:47:11 +0800
Subject: [PATCH] fix CVE-2024-24786
encoding/protojson, internal/encoding/json: handle missing object values
In internal/encoding/json, report an error when encountering a }
when we are expecting an object field value. For example, the input
now correctly results in an error at the closing } token.
In encoding/protojson, check for an unexpected EOF token in
skipJSONValue. This is redundant with the check in internal/encoding/json,
but adds a bit more defense against any other similar bugs that
might exist.
Fixes CVE-2024-24786
Change-Id: I03d52512acb5091c8549e31ca74541d57e56c99d
Reviewed-on: https://go-review.googlesource.com/c/protobuf/+/569356
TryBot-Bypass: Damien Neil <dneil@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Commit-Queue: Damien Neil <dneil@google.com>
---
.../protobuf/encoding/protojson/well_known_types.go | 4 ++++
.../protobuf/internal/encoding/json/decode.go | 2 +-
2 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go b/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go
index 72924a9..d3825ba 100644
--- a/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go
+++ b/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go
@@ -328,6 +328,10 @@ func (d decoder) skipJSONValue() error {
if err := d.skipJSONValue(); err != nil {
return err
}
+ case json.EOF:
+ // This can only happen if there's a bug in Decoder.Read.
+ // Avoid an infinite loop if this does happen.
+ return errors.New("unexpected EOF")
}
}
diff --git a/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go b/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go
index b13fd29..b2be4e8 100644
--- a/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go
+++ b/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go
@@ -121,7 +121,7 @@ func (d *Decoder) Read() (Token, error) {
case ObjectClose:
if len(d.openStack) == 0 ||
- d.lastToken.kind == comma ||
+ d.lastToken.kind&(Name|comma) != 0 ||
d.openStack[len(d.openStack)-1] != ObjectOpen {
return Token{}, d.newSyntaxError(tok.pos, unexpectedFmt, tok.RawString())
}
--
2.20.1

271
0002-fix-CVE-2023-48795.patch Normal file
View File

@ -0,0 +1,271 @@
From e5fb0cbe2c404b584a0631ebb94ca0d82574132f Mon Sep 17 00:00:00 2001
From: bwzhang <zhangbowei@kylinos.cn>
Date: Tue, 26 Mar 2024 11:09:13 +0800
Subject: [PATCH] fix CVE-2023-48795
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
ssh: implement strict KEX protocol changes
Implement the "strict KEX" protocol changes, as described in section
1.9 of the OpenSSH PROTOCOL file (as of OpenSSH version 9.6/9.6p1).
Namely this makes the following changes:
* Both the server and the client add an additional algorithm to the
initial KEXINIT message, indicating support for the strict KEX mode.
* When one side of the connection sees the strict KEX extension
algorithm, the strict KEX mode is enabled for messages originating
from the other side of the connection. If the sequence number for
the side which requested the extension is not 1 (indicating that it
has already received non-KEXINIT packets), the connection is
terminated.
* When strict kex mode is enabled, unexpected messages during the
handshake are considered fatal. Additionally when a key change
occurs (on the receipt of the NEWKEYS message) the message sequence
numbers are reset.
Thanks to Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk from Ruhr
University Bochum for reporting this issue.
Fixes CVE-2023-48795
Fixes golang/go#64784
Change-Id: I96b53afd2bd2fb94d2b6f2a46a5dacf325357604
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/550715
Reviewed-by: Nicola Murino <nicola.murino@gmail.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Roland Shoemaker <roland@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
---
vendor/golang.org/x/crypto/ssh/handshake.go | 56 +++++++++++++++++++--
vendor/golang.org/x/crypto/ssh/transport.go | 32 ++++++++++--
2 files changed, 79 insertions(+), 9 deletions(-)
diff --git a/vendor/golang.org/x/crypto/ssh/handshake.go b/vendor/golang.org/x/crypto/ssh/handshake.go
index 49bbba7..bb2099c 100644
--- a/vendor/golang.org/x/crypto/ssh/handshake.go
+++ b/vendor/golang.org/x/crypto/ssh/handshake.go
@@ -35,6 +35,16 @@ type keyingTransport interface {
// direction will be effected if a msgNewKeys message is sent
// or received.
prepareKeyChange(*algorithms, *kexResult) error
+
+ // setStrictMode sets the strict KEX mode, notably triggering
+ // sequence number resets on sending or receiving msgNewKeys.
+ // If the sequence number is already > 1 when setStrictMode
+ // is called, an error is returned.
+ setStrictMode() error
+
+ // setInitialKEXDone indicates to the transport that the initial key exchange
+ // was completed
+ setInitialKEXDone()
}
// handshakeTransport implements rekeying on top of a keyingTransport
@@ -100,6 +110,10 @@ type handshakeTransport struct {
// The session ID or nil if first kex did not complete yet.
sessionID []byte
+
+ // strictMode indicates if the other side of the handshake indicated
+ // that we should be following the strict KEX protocol restrictions.
+ strictMode bool
}
type pendingKex struct {
@@ -209,7 +223,10 @@ func (t *handshakeTransport) readLoop() {
close(t.incoming)
break
}
- if p[0] == msgIgnore || p[0] == msgDebug {
+ // If this is the first kex, and strict KEX mode is enabled,
+ // we don't ignore any messages, as they may be used to manipulate
+ // the packet sequence numbers.
+ if !(t.sessionID == nil && t.strictMode) && (p[0] == msgIgnore || p[0] == msgDebug){
continue
}
t.incoming <- p
@@ -441,6 +458,11 @@ func (t *handshakeTransport) readOnePacket(first bool) ([]byte, error) {
return successPacket, nil
}
+const (
+ kexStrictClient = "kex-strict-c-v00@openssh.com"
+ kexStrictServer = "kex-strict-s-v00@openssh.com"
+)
+
// sendKexInit sends a key change message.
func (t *handshakeTransport) sendKexInit() error {
t.mu.Lock()
@@ -454,7 +476,6 @@ func (t *handshakeTransport) sendKexInit() error {
}
msg := &kexInitMsg{
- KexAlgos: t.config.KeyExchanges,
CiphersClientServer: t.config.Ciphers,
CiphersServerClient: t.config.Ciphers,
MACsClientServer: t.config.MACs,
@@ -464,6 +485,13 @@ func (t *handshakeTransport) sendKexInit() error {
}
io.ReadFull(rand.Reader, msg.Cookie[:])
+ // We mutate the KexAlgos slice, in order to add the kex-strict extension algorithm,
+ // and possibly to add the ext-info extension algorithm. Since the slice may be the
+ // user owned KeyExchanges, we create our own slice in order to avoid using user
+ // owned memory by mistake.
+ msg.KexAlgos = make([]string, 0, len(t.config.KeyExchanges)+2) // room for kex-strict and ext-info
+ msg.KexAlgos = append(msg.KexAlgos, t.config.KeyExchanges...)
+
isServer := len(t.hostKeys) > 0
if isServer {
for _, k := range t.hostKeys {
@@ -488,17 +516,24 @@ func (t *handshakeTransport) sendKexInit() error {
msg.ServerHostKeyAlgos = append(msg.ServerHostKeyAlgos, keyFormat)
}
}
+
+ if t.sessionID == nil {
+ msg.KexAlgos = append(msg.KexAlgos, kexStrictServer)
+ }
} else {
msg.ServerHostKeyAlgos = t.hostKeyAlgorithms
// As a client we opt in to receiving SSH_MSG_EXT_INFO so we know what
// algorithms the server supports for public key authentication. See RFC
// 8308, Section 2.1.
+ //
+ // We also send the strict KEX mode extension algorithm, in order to opt
+ // into the strict KEX mode.
if firstKeyExchange := t.sessionID == nil; firstKeyExchange {
- msg.KexAlgos = make([]string, 0, len(t.config.KeyExchanges)+1)
- msg.KexAlgos = append(msg.KexAlgos, t.config.KeyExchanges...)
msg.KexAlgos = append(msg.KexAlgos, "ext-info-c")
+ msg.KexAlgos = append(msg.KexAlgos, kexStrictClient)
}
+
}
packet := Marshal(msg)
@@ -604,6 +639,13 @@ func (t *handshakeTransport) enterKeyExchange(otherInitPacket []byte) error {
return err
}
+ if t.sessionID == nil && ((isClient && contains(serverInit.KexAlgos, kexStrictServer)) || (!isClient && contains(clientInit.KexAlgos, kexStrictClient))) {
+ t.strictMode = true
+ if err := t.conn.setStrictMode(); err != nil {
+ return err
+ }
+ }
+
// We don't send FirstKexFollows, but we handle receiving it.
//
// RFC 4253 section 7 defines the kex and the agreement method for
@@ -679,6 +721,12 @@ func (t *handshakeTransport) enterKeyExchange(otherInitPacket []byte) error {
return unexpectedMessageError(msgNewKeys, packet[0])
}
+ if firstKeyExchange {
+ // Indicates to the transport that the first key exchange is completed
+ // after receiving SSH_MSG_NEWKEYS.
+ t.conn.setInitialKEXDone()
+ }
+
return nil
}
diff --git a/vendor/golang.org/x/crypto/ssh/transport.go b/vendor/golang.org/x/crypto/ssh/transport.go
index da01580..0424d2d 100644
--- a/vendor/golang.org/x/crypto/ssh/transport.go
+++ b/vendor/golang.org/x/crypto/ssh/transport.go
@@ -49,6 +49,9 @@ type transport struct {
rand io.Reader
isClient bool
io.Closer
+
+ strictMode bool
+ initialKEXDone bool
}
// packetCipher represents a combination of SSH encryption/MAC
@@ -74,6 +77,18 @@ type connectionState struct {
pendingKeyChange chan packetCipher
}
+func (t *transport) setStrictMode() error {
+ if t.reader.seqNum != 1 {
+ return errors.New("ssh: sequence number != 1 when strict KEX mode requested")
+ }
+ t.strictMode = true
+ return nil
+}
+
+func (t *transport) setInitialKEXDone() {
+ t.initialKEXDone = true
+}
+
// prepareKeyChange sets up key material for a keychange. The key changes in
// both directions are triggered by reading and writing a msgNewKey packet
// respectively.
@@ -112,11 +127,12 @@ func (t *transport) printPacket(p []byte, write bool) {
// Read and decrypt next packet.
func (t *transport) readPacket() (p []byte, err error) {
for {
- p, err = t.reader.readPacket(t.bufReader)
+ p, err = t.reader.readPacket(t.bufReader, t.strictMode)
if err != nil {
break
}
- if len(p) == 0 || (p[0] != msgIgnore && p[0] != msgDebug) {
+ // in strict mode we pass through DEBUG and IGNORE packets only during the initial KEX
+ if len(p) == 0 || (t.strictMode && !t.initialKEXDone) || (p[0] != msgIgnore && p[0] != msgDebug) {
break
}
}
@@ -127,7 +143,7 @@ func (t *transport) readPacket() (p []byte, err error) {
return p, err
}
-func (s *connectionState) readPacket(r *bufio.Reader) ([]byte, error) {
+func (s *connectionState) readPacket(r *bufio.Reader, strictMode bool) ([]byte, error) {
packet, err := s.packetCipher.readCipherPacket(s.seqNum, r)
s.seqNum++
if err == nil && len(packet) == 0 {
@@ -140,6 +156,9 @@ func (s *connectionState) readPacket(r *bufio.Reader) ([]byte, error) {
select {
case cipher := <-s.pendingKeyChange:
s.packetCipher = cipher
+ if strictMode {
+ s.seqNum = 0
+ }
default:
return nil, errors.New("ssh: got bogus newkeys message")
}
@@ -170,10 +189,10 @@ func (t *transport) writePacket(packet []byte) error {
if debugTransport {
t.printPacket(packet, true)
}
- return t.writer.writePacket(t.bufWriter, t.rand, packet)
+ return t.writer.writePacket(t.bufWriter, t.rand, packet, t.strictMode)
}
-func (s *connectionState) writePacket(w *bufio.Writer, rand io.Reader, packet []byte) error {
+func (s *connectionState) writePacket(w *bufio.Writer, rand io.Reader, packet []byte, strictMode bool) error {
changeKeys := len(packet) > 0 && packet[0] == msgNewKeys
err := s.packetCipher.writeCipherPacket(s.seqNum, w, rand, packet)
@@ -188,6 +207,9 @@ func (s *connectionState) writePacket(w *bufio.Writer, rand io.Reader, packet []
select {
case cipher := <-s.pendingKeyChange:
s.packetCipher = cipher
+ if strictMode {
+ s.seqNum = 0
+ }
default:
panic("ssh: no key material for msgNewKeys")
}
--
2.20.1

89
0003-fix-CVE-2024-28180.patch Normal file
View File

@ -0,0 +1,89 @@
From d1aef6461e6fff7afce01fa6aa832914cb0f26a8 Mon Sep 17 00:00:00 2001
From: bwzhang <zhangbowei@kylinos.cn>
Date: Thu, 28 Mar 2024 16:30:28 +0800
Subject: [PATCH] fix CVE-2024-28180
---
.../github.com/go-jose/go-jose/v3/crypter.go | 6 ++++++
.../github.com/go-jose/go-jose/v3/encoding.go | 21 +++++++++++++++----
2 files changed, 23 insertions(+), 4 deletions(-)
diff --git a/vendor/github.com/go-jose/go-jose/v3/crypter.go b/vendor/github.com/go-jose/go-jose/v3/crypter.go
index 6901137..34d4e1f 100644
--- a/vendor/github.com/go-jose/go-jose/v3/crypter.go
+++ b/vendor/github.com/go-jose/go-jose/v3/crypter.go
@@ -406,6 +406,9 @@ func (ctx *genericEncrypter) Options() EncrypterOptions {
// Decrypt and validate the object and return the plaintext. Note that this
// function does not support multi-recipient, if you desire multi-recipient
// decryption use DecryptMulti instead.
+//
+// Automatically decompresses plaintext, but returns an error if the decompressed
+// data would be >250kB or >10x the size of the compressed data, whichever is larger.
func (obj JSONWebEncryption) Decrypt(decryptionKey interface{}) ([]byte, error) {
headers := obj.mergedHeaders(nil)
@@ -471,6 +474,9 @@ func (obj JSONWebEncryption) Decrypt(decryptionKey interface{}) ([]byte, error)
// with support for multiple recipients. It returns the index of the recipient
// for which the decryption was successful, the merged headers for that recipient,
// and the plaintext.
+//
+// Automatically decompresses plaintext, but returns an error if the decompressed
+// data would be >250kB or >3x the size of the compressed data, whichever is larger.
func (obj JSONWebEncryption) DecryptMulti(decryptionKey interface{}) (int, Header, []byte, error) {
globalHeaders := obj.mergedHeaders(nil)
diff --git a/vendor/github.com/go-jose/go-jose/v3/encoding.go b/vendor/github.com/go-jose/go-jose/v3/encoding.go
index 968a424..c378031 100644
--- a/vendor/github.com/go-jose/go-jose/v3/encoding.go
+++ b/vendor/github.com/go-jose/go-jose/v3/encoding.go
@@ -21,6 +21,7 @@ import (
"compress/flate"
"encoding/base64"
"encoding/binary"
+ "fmt"
"io"
"math/big"
"strings"
@@ -85,7 +86,7 @@ func decompress(algorithm CompressionAlgorithm, input []byte) ([]byte, error) {
}
}
-// Compress with DEFLATE
+// deflate compresses the input.
func deflate(input []byte) ([]byte, error) {
output := new(bytes.Buffer)
@@ -97,15 +98,27 @@ func deflate(input []byte) ([]byte, error) {
return output.Bytes(), err
}
-// Decompress with DEFLATE
+// inflate decompresses the input.
+//
+// Errors if the decompressed data would be >250kB or >10x the size of the
+// compressed data, whichever is larger
func inflate(input []byte) ([]byte, error) {
output := new(bytes.Buffer)
reader := flate.NewReader(bytes.NewBuffer(input))
- _, err := io.Copy(output, reader)
- if err != nil {
+ maxCompressedSize := 10 * int64(len(input))
+ if maxCompressedSize < 250000 {
+ maxCompressedSize = 250000
+ }
+
+ limit := maxCompressedSize + 1
+ n, err := io.CopyN(output, reader, limit)
+ if err != nil && err != io.EOF {
return nil, err
}
+ if n == limit {
+ return nil, fmt.Errorf("uncompressed data would be too large (>%d bytes)", maxCompressedSize)
+ }
err = reader.Close()
return output.Bytes(), err
--
2.20.1

66
cri-o.spec
View File

@ -2,9 +2,9 @@
%define gobuild(o:) %{expand:
%global _dwz_low_mem_die_limit 0
%ifnarch ppc64
go build -buildmode pie -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-}%{?currentgoldflags} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '-Wl,-z,relro -Wl,-z,now' -compressdwarf=false" -a -v -x %{?**};
go build -buildmode pie -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "${BASE_LDFLAGS:-}%{?currentgoldflags} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '%__global_ldflags %{?__golang_extldflags}' -compressdwarf=false" -a -v -x %{?**};
%else
go build -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-}%{?currentgoldflags} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '-Wl,-z,relro -Wl,-z,now' -compressdwarf=false" -a -v -x %{?**};
go build -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "${BASE_LDFLAGS:-}%{?currentgoldflags} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '%__global_ldflags %{?__golang_extldflags}' -compressdwarf=false" -a -v -x %{?**};
%endif
}
%bcond_with check
@ -16,22 +16,28 @@
%global built_tag_strip %(b=%{built_tag}; echo ${b:1})
%global crio_release_tag %(echo %{built_tag_strip} | cut -f1,2 -d'.')
%global service_name crio
%global commit0 63ca93845d5fe05cdca826367afcb601ece8d7ad
%global commit0 d317b5dc918bbfbc78481072a0d93e572aa8d0e8
Name: cri-o
Version: 1.23.2
Version: 1.29.2
Epoch: 0
Release: 1
Release: 5
Summary: Open Container Initiative-based implementation of Kubernetes Container Runtime Interface
License: ASL 2.0
URL: https://github.com/cri-o/cri-o
Source0: %{url}/archive/v%{version}/%{name}-%{version}.tar.gz
Source1: https://github.com/cpuguy83/go-md2man/archive/v1.0.10.tar.gz
ExclusiveArch: %{?go_arches:%{go_arches}}%{!?go_arches:%{ix86} x86_64 aarch64 %{arm}}
BuildRequires: golang >= 1.17, git-core, glib2-devel, glibc-static, openEuler-rpm-config
Source0: https://github.com/cri-o/cri-o/archive/refs/tags/v%{version}.tar.gz
Source1: https://github.com/cpuguy83/go-md2man/archive/refs/tags/v2.0.3.tar.gz
Patch0001: 0001-fix-CVE-2024-24786.patch
Patch0002: 0002-fix-CVE-2023-48795.patch
Patch0003: 0003-fix-CVE-2024-28180.patch
ExclusiveArch: %{?go_arches:%{go_arches}}%{!?go_arches:%{ix86} x86_64 aarch64 %{arm} riscv64}
BuildRequires: btrfs-progs-devel device-mapper-devel go-srpm-macros
BuildRequires: golang >= 1.21, git-core, glib2-devel, glibc-static, openEuler-rpm-config
BuildRequires: gpgme-devel, libassuan-devel, libseccomp-devel, systemd-devel, make
Requires: container-selinux, containers-common >= 1:0.1.31-14, docker-runc >= 1.0.0-16
Requires: containernetworking-plugins >= 0.7.5-1, conmon >= 2.0.2-1, socat
Requires: container-selinux, containers-common >= 1:0.1.31-14, runc >= 1.0.0-16
Requires: containernetworking-plugins >= 1.0.0-1, conmon >= 2.0.2-1, socat
Obsoletes: ocid <= 0.3
Provides: ocid = %{epoch}:%{version}-%{release}
Provides: %{service_name} = %{epoch}:%{version}-%{release}
@ -69,7 +75,7 @@ $(hack/libdm_no_deferred_remove_tag.sh)
$(hack/seccomp_tag.sh)
$(hack/selinux_tag.sh)"
export LDFLAGS="-X %{goipath}/internal/pkg/criocli.DefaultsPath=%{criocli_path}
export BASE_LDFLAGS="-X %{goipath}/internal/pkg/criocli.DefaultsPath=%{criocli_path}
-X %{goipath}/internal/version.buildDate=%{build_timestamp}
-X %{goipath}/internal/version.gitCommit=%{commit0}
-X %{goipath}/internal/version.version=%{version}
@ -99,8 +105,8 @@ install -p -m 755 bin/%{service_name} %{buildroot}%{_bindir}
# install conf files
install -dp %{buildroot}%{_sysconfdir}/cni/net.d
install -p -m 644 contrib/cni/10-crio-bridge.conf %{buildroot}%{_sysconfdir}/cni/net.d/100-crio-bridge.conf
install -p -m 644 contrib/cni/99-loopback.conf %{buildroot}%{_sysconfdir}/cni/net.d/200-loopback.conf
install -p -m 644 contrib/cni/10-crio-bridge.conflist %{buildroot}%{_sysconfdir}/cni/net.d/100-crio-bridge.conflist
install -p -m 644 contrib/cni/99-loopback.conflist %{buildroot}%{_sysconfdir}/cni/net.d/200-loopback.conflist
install -dp %{buildroot}%{_sysconfdir}/%{service_name}
install -dp %{buildroot}%{_datadir}/containers/oci/hooks.d
@ -132,14 +138,13 @@ install -dp %{buildroot}%{_sharedstatedir}/containers
%doc docs code-of-conduct.md tutorial.md ADOPTERS.md CONTRIBUTING.md README.md
%doc awesome.md transfer.md
%{_bindir}/%{service_name}
%{_bindir}/%{service_name}-status
%{_bindir}/pinns
%{_mandir}/man5/%{service_name}.conf*5*
%{_mandir}/man8/%{service_name}*.8*
%dir %{_sysconfdir}/%{service_name}
%config(noreplace) %{_sysconfdir}/%{service_name}/%{service_name}.conf
%config(noreplace) %{_sysconfdir}/cni/net.d/100-%{service_name}-bridge.conf
%config(noreplace) %{_sysconfdir}/cni/net.d/200-loopback.conf
%config(noreplace) %{_sysconfdir}/cni/net.d/100-%{service_name}-bridge.conflist
%config(noreplace) %{_sysconfdir}/cni/net.d/200-loopback.conflist
%config(noreplace) %{_sysconfdir}/crictl.yaml
%dir %{_libexecdir}/%{service_name}
%{_unitdir}/%{service_name}.service
@ -156,6 +161,33 @@ install -dp %{buildroot}%{_sharedstatedir}/containers
%{_datadir}/zsh/site-functions/_%{service_name}*
%changelog
* Fri May 24 2024 Jingwiw <wangjingwei@iscas.ac.cn> - 0:1.29.2-5
- Type:enhancement
- CVE:NA
- SUG:NA
- DESC: enable riscv64
* Tue Apr 2 2024 zhangbowei <zhangbowei@kylinos.cn> - 0:1.29.2-4
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC: CVE-2024-28180
* Mon Apr 1 2024 zhangbowei <zhangbowei@kylinos.cn> - 0:1.29.2-3
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC: fix CVE-2023-48795
* Fri Mar 29 2024 zhangbowei <zhangbowei@kylinos.cn> - 0:1.29.2-2
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC: fix CVE-2024-24786
* Wed Feb 28 2024 chendexi <chendexi@kylinos.cn> - 0:1.29.2-1
- Update cri-o to 1.29.2
* Tue Jun 07 2022 fushanqing <fushanqing@kylinos.cn> - 0:1.23.2-1
- Update cri-o to 1.23.2

BIN
v1.0.10.tar.gz
View File

Binary file not shown.

BIN
cri-o-1.23.2.tar.gz → v1.29.2.tar.gz
View File

Binary file not shown.

BIN
v2.0.3.tar.gz Normal file
View File

Binary file not shown.