!24 开启 RISCV 构建

From: @Jingwiw 
Reviewed-by: @jianminw 
Signed-off-by: @jianminw

0001-fix-CVE-2024-24786.patch

@@ -0,0 +1,59 @@
+From 171172b7a8a24104415f1d461da7a839dd9933a3 Mon Sep 17 00:00:00 2001
+From: bwzhang <zhangbowei@kylinos.cn>
+Date: Mon, 25 Mar 2024 10:47:11 +0800
+Subject: [PATCH] fix CVE-2024-24786
+
+encoding/protojson, internal/encoding/json: handle missing object values
+
+In internal/encoding/json, report an error when encountering a }
+when we are expecting an object field value. For example, the input
+ now correctly results in an error at the closing } token.
+
+In encoding/protojson, check for an unexpected EOF token in
+skipJSONValue. This is redundant with the check in internal/encoding/json,
+but adds a bit more defense against any other similar bugs that
+might exist.
+
+Fixes CVE-2024-24786
+
+Change-Id: I03d52512acb5091c8549e31ca74541d57e56c99d
+Reviewed-on: https://go-review.googlesource.com/c/protobuf/+/569356
+TryBot-Bypass: Damien Neil <dneil@google.com>
+Reviewed-by: Roland Shoemaker <roland@golang.org>
+Commit-Queue: Damien Neil <dneil@google.com>
+---
+ .../protobuf/encoding/protojson/well_known_types.go           | 4 ++++
+ .../protobuf/internal/encoding/json/decode.go                 | 2 +-
+ 2 files changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go b/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go
+index 72924a9..d3825ba 100644
+--- a/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go
++++ b/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go
+@@ -328,6 +328,10 @@ func (d decoder) skipJSONValue() error {
+ 				if err := d.skipJSONValue(); err != nil {
+ 					return err
+ 				}
++			case json.EOF:
++				// This can only happen if there's a bug in Decoder.Read.
++				// Avoid an infinite loop if this does happen.
++				return errors.New("unexpected EOF")
+ 			}
+ 		}
+ 
+diff --git a/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go b/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go
+index b13fd29..b2be4e8 100644
+--- a/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go
++++ b/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go
+@@ -121,7 +121,7 @@ func (d *Decoder) Read() (Token, error) {
+ 
+ 	case ObjectClose:
+ 		if len(d.openStack) == 0 ||
+-			d.lastToken.kind == comma ||
++			d.lastToken.kind&(Name|comma) != 0 ||
+ 			d.openStack[len(d.openStack)-1] != ObjectOpen {
+ 			return Token{}, d.newSyntaxError(tok.pos, unexpectedFmt, tok.RawString())
+ 		}
+-- 
+2.20.1
+

cri-tools.spec

@@ -12,14 +12,17 @@
 %global built_tag v%{version}
 
 Name:          cri-tools
-Version:       1.22.0
+Version:       1.29.0
-Release:       2
+Release:       3
 Summary:       CLI and validation tools for Container Runtime Interface
 License:       ASL 2.0
 URL:           https://%{goipath}
-Source0:       %{url}/archive/v%{version}/%{name}-%{version}.tar.gz
+Source0:       https://github.com/kubernetes-sigs/cri-tools/archive/refs/tags/v%{version}.tar.gz
-Source1:       https://github.com/cpuguy83/go-md2man/archive/v1.0.10.tar.gz
+Source1:       https://github.com/cpuguy83/go-md2man/archive/refs/tags/v2.0.3.tar.gz
-ExclusiveArch: %{?go_arches:%{go_arches}}%{!?go_arches:%{ix86} x86_64 aarch64 %{arm} ppc64le s390x}
+
+Patch0001:     0001-fix-CVE-2024-24786.patch
+
+ExclusiveArch: %{?go_arches:%{go_arches}}%{!?go_arches:%{ix86} x86_64 aarch64 %{arm} ppc64le s390x riscv64}
 BuildRequires: golang, glibc-static, git
 Provides:      crictl = %{version}-%{release}
 
@@ -27,7 +30,7 @@ Provides:      crictl = %{version}-%{release}
 %{summary}
 
 %prep
-%setup -q
+%autosetup -p1 -n %{name}-%{version}
 tar -xf %SOURCE1
 
 %build
@@ -39,6 +42,7 @@ cp ../_build/bin/go-md2man $GO_MD2MAN_PATH/go-md2man
 export PATH=$GO_MD2MAN_PATH:$PATH
 cd -
 
+export LDFLAGS='-X %{goipath}/pkg/version.Version=v%{version}'
 %gobuild -o bin/crictl %{goipath}/cmd/crictl
 go-md2man -in docs/crictl.md -out docs/crictl.1
 
@@ -59,6 +63,27 @@ install -p -m 644 docs/crictl.1 %{buildroot}%{_mandir}/man1
 %{_mandir}/man1/crictl*
 
 %changelog
+* Fri May 24 2024 Jingwiw <wangjingwei@iscas.ac.cn> - 1.29.0-3
+- Type:enhancement
+- CVE:NA
+- SUG:NA
+- DESC: enable riscv64
+
+* Wed Apr 10 2024 zhangbowei <zhangbowei@kylinos.cn> - 1.29.0-2
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC: fix CVE-2024-24786
+
+* Wed Feb 28 2024 lijian <lijian2@kylinos.cn> - 1.29.0-1
+- update to 1.29.0
+
+* Tue Nov 21 2023 suoxiaocong <suoxiaocong@kylinos.cn> - 1.24.2-2
+- fix bug unknown version
+
+* Sat Jul 30 2022 tianlijing <tianlijing@kylinos.cn> - 1.24.2-1
+- update to 1.24.2
+
 * Tue Jun 07 2022 fushanqing <fushanqing@kylinos.cn> - 1.22.0-2
 - update Source0